https://symbolic.software/blog/2023-12-19-kyberk2sovariablet...
And here is Mullvad, using two quantum algorithms together, presumably on top of classical cryptography.
> We use two quantum-secure key encapsulation mechanisms (Kyber and Classic McEliece) and mix the secrets from both. This means that both algorithms must have exploitable vulnerabilities before the security of the VPN tunnel can become affected.
I'd need to see some extraordinary evidence for that claim.
If an additional layer of symmetric-key crypto is required (for, say, post-quantum resistance), WireGuard also supports an optional pre-shared key that is mixed into the public key cryptography. When pre-shared key mode is not in use, the pre-shared key value used below is assumed to be an all-zero string of 32 bytes.