Large quantum computers have the potential to break many cryptographic systems, e.g., Rivest–Shamir–Adleman, Diffie–Hellman key exchange, and the elliptical curve cryptosystem. The Department of Defense (DoD) is aware of this threat, and the National Institute of Standards and Technology is preparing a set of approved encryption and signature schemes that are not susceptible to these attacks by quantum computers, the so-called Post-Quantum Cryptography (PQC). The task of substituting older encryption and signature schemes raises a number of questions, to which there are not yet clear answers. In this research, we investigate the transition to PQC on existing networks, explain the approved PQC schemes, describe the likely path to an adaptation of PQC, and offer forward guidance on challenges and threats that may be encountered in the process of transition to PQC. This paper discusses the impacts of the new PQC schemes on network performance and speculates on possible side-channel attacks on the new encryption scheme. This paper offers hardware/software solutions based on the Split-protocol.

This paper reviews the impacts of post-quantum cryptosystems on the network. Cryptography refers to a range of techniques used to secure information at rest or in transit that existed even before computers were invented. It applies to symmetric keys, which are those that are used to both encrypt and decode communications. Public/private key pairs, sometimes known as asymmetric keys, have been described. Public/private key pairs can take the form of secret/public key pairs, in which the private key is kept secret and the public key can be known to all parties with whom they have a chance to communicate and exchange information.1 There is a jungle of private and public key cryptography. However, we will directly jump to the most popular and widely used public or private cryptography techniques recommended by the National Institute of Standards and Technology (NIST).2–4 NIST recommends Federal Information Processing Standards (FIPS) approved algorithms.4 These cryptographic methods must go through extensive security testing and analysis to achieve acceptable security. Using larger keys is frequently an option when higher security is required.

Our contributions are as follows:

  1. Simplifying PQC: This paper aims to demystify post-quantum cryptography (PQC) for a broader audience.

  2. Network and Security Impact: We survey the effects of PQC on existing network and security configurations.

  3. Performance Analysis: Providing an in-depth performance analysis of PQC techniques.

  4. Challenges in Aerial Mobile Networks: Identifying challenges specific to aerial mobile networks.

  5. Quantum-Safe Enhancement: Proposing an approach to enhance the current widely used public key cryptographic systems to be quantum-safe.

The rest of this paper is organized as follows: Sec. II provides the related work. Section III presents several types of cryptography schemes. Section IV discusses motivations for the community to consider post-quantum cryptography. Section V presents the current widely used cryptosystems. Section VI describes the post-quantum cryptosystem recommended by NIST. Section VII introduces our approach for PQC. Section VIII presents the impact of PQC on network and vehicular communications. Section IX presents a security challenge with PQC. Section X presents software/hardware solutions with Split-protocol. Section XI finally concludes the paper.

Quantum computing holds the potential to perform tasks that are infeasible using classical computers. At the present time, the range of quantum applications is expanding from a few specific fields to every aspect of our lives. However, we still need to determine how diverse the applications of massively parallel computing will be. The generalized swap test serves as the quantum component of the hybrid quantum–classical framework for measuring them presented by Zeng et al.5 Rawal et al. highlighted several quantum safe cryptosystems and suggested high-performance integration of the central processing unit (CPU), graphics processing unit (GPU), and quantum processing unit (QPU) cloud.6,7

Current research has focused on quantum cloud architectures that support multitenant as current classical cloud architectures do while still maintaining a quantum state between quantum processors8 and leveraging machine learning to optimize routing.9,10 This cloud architecture will, by necessity, require both physical cloud quantum infrastructure and associated quantum simulators.11 As such, there will need to be a way to benchmark these platforms’ ability to execute quantum algorithms.12 The authors reported Ring-LWE in Refs. 13 and 14 for a ring with rank n = 1024. Some have questioned the capacity of dimension 512 to guarantee post-quantum security. In other words, overall efforts to maximize error recovery and its analysis have led to improved security while simultaneously increasing efficiency. Although significant obstacles are preventing the extension of similar attacks to Ring-LWE at this time, it appears prudent to take this precaution until lattice cryptanalysis stabilizes.15 With two data processing units (DPUs) connected, Aguilera et al.16 introduced the first quantum robust, secure end-to-end communication link based on PQC algorithms. In order to handle the computationally demanding cryptographic building blocks—in this example, CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for a digital signature scheme combined with an advanced encryption standard using a 256-bit key—both data processing units use on-board ARM processors.

NIST has worked on a list of modern cryptography that includes block ciphers, cryptographic hash algorithms, key establishment, post-quantum cryptography, lightweight cryptography, privacy-enhancing encrypted communication, digital signatures, and random bit generators. Digital signatures are digital prints that ensure that the supposedly authorized signatory really signed and that data were not altered after the signature was obtained.17 

Figure 1 shows the pictorial representation of symmetric encryption techniques.

FIG. 1.

Symmetric cryptography schemes.

FIG. 1.

Symmetric cryptography schemes.

Close modal

AES is a widely used symmetric encryption algorithm that comes in three key sizes: AES-128, AES-192, and AES-256.

Triple Data Encryption Algorithm (TDEA/Triple DES): The Data Encryption Standard (DES) algorithm is used three times in a row with distinct keys in a symmetric encryption process.

Safe Hash Algorithm (SHA): The cryptographic hash algorithms SHA-1, SHA-128, SHA-256, SHA-384, and SHA-512 are part of the family.

The Message Digest (MD) algorithm is a family of cryptographic hash functions that includes the MD2, MD4, and MD5 hash functions (however, MD5 is regarded as weak and is not advised for new applications).

Keyed-hash-based message authentication codes (HMACs): A technique that enables message integrity and authentication through the integration of a cryptographic hash function (such as SHA) with a secret key.

A symmetric block cipher called the National Data Encryption Algorithm (IDEA) was created to take the place of the Data Encryption Standard (DES).

Skipjack: A symmetric block cipher created for the government’s key escrow mechanism, the Clipper chip.

Hash-based functions (HMACs) are symmetric cryptosystems.

An asymmetric cryptosystem is considered more secure because we do not have to share our private key or reveal it to a third party. Figure 2 shows the asymmetric cryptography scheme.

FIG. 2.

Asymmetric cryptography scheme.

FIG. 2.

Asymmetric cryptography scheme.

Close modal

Elliptic curve digital signature algorithm (ECDSA) is a digital signature algorithm.

Rivest–Shamir–Adleman (RSA) is a public-key cryptosystem.

Menezes–Qu–Vanstone (MQV) is an authentication scheme for key agreements based on the Diffie–Hellman scheme.

Hash-based cryptosystems depend solely on cryptographic hash functions rather than additional cryptographic assumptions such as number-theory-based hardness. As a result, the opportunity for cryptanalysis is limited. This lessens the system’s overall complexity. In order to attain the desired performance, the hash-based scheme must be flexible in the hash function it chooses because it is intrinsically dependent on the application-specific environment. This technique protects the application from numerous assaults thanks to the collision resistance, pre-image resistance, and second-pre-image resistance properties of hash functions.19,20 Numerous characteristics of the hash-based scheme that are advantageous to the IoT environment are identified by Bernstein et al.21 There are lightweight hash function variants that give IoT applications the choice of appropriate device parameters for resource-constrained devices, which improves network performance. Since the hash functions in hash-based schemes only work in one direction, they are secure with both backward and forward secrecy.22 Buchmann, Dahmen, and Szydlo introduced various hash-based signature schemes.23 The following are the hash-based algorithms: XMSS, Leighton–Micali Signature (LMS), SPHINCS, and BPQS schemes. In this category, NIST selected only SPHINCS+ as the signature scheme.24 

Key length matters for cybersecurity; the longer the key, the more secure it is. In a similar way, the longer the process cycle, the more secure it is. However, due to both cases’ extreme ends, they hinder speed and performance. As shown in Fig. 3, SPHINCS+ schemes suffer from large signature and verification cycles (4.67 × 109 cycles).

FIG. 3.

Hash-based scheme SPHINCS with 32-byte PK.24 

FIG. 3.

Hash-based scheme SPHINCS with 32-byte PK.24 

Close modal

In this system, the one-way function employs error-correcting C code and computes a condition related to the parity check matrix of C.25 A Goppa code is an error-correcting code built around modular algebra, which is the process that occurs when a series of integers increases to a given number and then returns to zero once attained.26 The classic McEliece cryptosystem is one of the cryptosystems that were successful until the third round of NIST’ PQC selection—Matrix Equivalence Digital Signature (MEDS). McEliece’s original PKE was not designed to resist chosen-ciphertext attacks, but the KEM Classic McEliece possesses IND-CCA2 security, which is believed to provide the strongest security for PKI. Figures 4 and 5 show code-based cryptography at NIST levels 1 and 5, respectively. At NIST level-1, we can notice that the public key sizes for the classic McEliece and Wave schemes are 29.5 and 8 MB, respectively. The signature and verification cycles for Wave are 8.1 × 109 and 7.5 × 109, respectively. At NIST level-5 for Wave, the public key size is 109 MB, signature cycles are 7 × 109, and verification cycles are 8.1 × 109.

FIG. 4.

Code-based cryptography at NIST level-1.24 

FIG. 4.

Code-based cryptography at NIST level-1.24 

Close modal
FIG. 5.

Code-based cryptography at NIST level-5.24 

FIG. 5.

Code-based cryptography at NIST level-5.24 

Close modal

Figures 6 and 7 show lattice based cryptosystems at NIST levels 1 and 5, respectively. We can see that the public key size is the lowest at 987 bytes for Falcon and the highest at 1 059 000 bytes for the HuFu scheme. The security of the HuFu digital signature technique is predicated on the difficulty of typical worst-case situations on generic lattices.

FIG. 6.

Lattice based cryptosystems at NIST level-1.24 

FIG. 6.

Lattice based cryptosystems at NIST level-1.24 

Close modal
FIG. 7.

Lattice based cryptosystems at NIST level-5.24 

FIG. 7.

Lattice based cryptosystems at NIST level-5.24 

Close modal

In comparison with CRYSTALS-Dilithium, HuFu has a somewhat different architecture in addition to not using structured lattices. At NIST level-1, lattice based cryptosystems, the EHTv3/EHTv4 have a large signature cycle of 89.5 × 106 and verification of 2.5 × 106, respectively. On the other hand, at NIST level-5, Raccoon has a large signature cycle of 135 × 106 and verification of 4.5 × 106, respectively.

A lattice is a set of points in n-dimensional space with a cyclic arrangement. Figure 8 shows a two-dimensional lattice.

FIG. 8.

Two-dimensional lattice.

FIG. 8.

Two-dimensional lattice.

Close modal

Formally, given n-linearly independent vectors b1, …, bn, C Rn, the lattice generated by them is a set of vectors.23 L (b1, …, bn) = {Σxibi(i = 1, n) : xi ϵ Z}.

The LWE-based cryptosystem: It is considered the most efficient lattice-based cryptosystem to date, supported by a theoretical proof of security.13,26

Below is a simplified example of a GGH lattice-based cryptosystem.

Let the two-dimensional lattice L ∈ R2 with basis S and V,
with hash function collision resistance, pre-image resistance, and second-pre-image resistance properties V = 2335 and V − 1 = 5332

Transpose VT = SV = 14192115.

Let the message vector be M = (3, −7) and the small error vector be (1, 0).

Encryption:

The ciphertext can be expressed as C = MST +e = (−104, −79).

Decryption:

To decrypt, we can compute CS − 1 = (−104/7, −79/3) = (−15.285 71, −26.333 33); lattice values are integers; after rounding, we get (−15, −26). M = (−15, −26) V − 1 = (3, −7).

It has a security-based, worst-case scenario connection. Lattice-based cryptosystems provide lower computational costs for encryption and decryption than common integer-based cryptosystems. The random key generation process requires hard problems.23 

For different applications, different block cipher modes are utilized. Depending on the type of application, security levels may vary and can be divided into high, medium, and low.27,28 National security communication requires high security; chatrooms and social networking software may work with medium security. For low security priority applications, the speed of data is more important. We can increase security simply by increasing block size, key size, or the number of rounds. In addition, by compressing data, we can minimize data loss.27 Data compression is handled before the encryption process.

Shor discovered quantum algorithm factoring and discrete log functions in 1994. This algorithm has the capability of damaging the most widely used public key exchange cryptosystems. The development of the Grover method demonstrated that quantum computers outperform conventional computers in exploring databases by a square root factor.29 If quantum computers become widely available, there will be a requirement to protect information recorded before the quantum era.30 Grover’s algorithm reduces the time required quadratically. Doubling the key size restores the security level.

Shor’s algorithms can break the following cryptosystems: RSA, Diffie–Hellman key exchange, elliptical curve cryptosystem, Buchmann–William’s key exchange, and algebraic homomorphic encryption.

When are we expecting the availability of large quantum computers? 10, 15, or 20 years, depending on the speed of technological advancements.

Why do we have to act now?

  1. Development and standardization take time.

  2. Improvement also takes time.

  3. It takes time to build confidence in PQC.

  4. It takes time to improve the usability of PQC.

  5. In 2022, NIST announced the list of PQC.

The following cryptography algorithms have not been broken by quantum computing techniques yet: Advanced Encryption Scheme (AES), the recent version of SHA, McEliece public key-encryption, NTRU public key-encryption, and lattice-based public key-encryption.

In addition, there are some additional recently developed cryptosystems and less popularly used cryptosystems.

Here, we give a brief overview of two popular asymmetric cryptosystems: AES and RSA.

The AES encryption steps are shown in Fig. 9. Initiate the process by generating a random secret key, add it to the plaintext, and perform nine rounds of the following steps: (1) substitute byte, (2) shift rows, (3) mix columns, and (4) add round key. In the final tenth round, we only execute the following three steps: (1) substitute byte, (2) shift rows, and (4) add round key.

FIG. 9.

AES encryption cycle.

FIG. 9.

AES encryption cycle.

Close modal

The steps of the RSA algorithm are as follows:

  1. Selection of two fairly large prime numbers α and β (p ≠ q), for example, 300 digits.

  2. Calculate n = p * q.

  3. Calculate φ(n) = (p − 1) * (q − 1).

  4. Select e such that e is a co-prime to φ(η), i.e., (e, φ(n)) = 1 and 1 < e < φ(n).

  5. Calculate ed = 1 mod φ(n) or d = e−1 mod φ(n).

  6. Public key (e, n) and private key (d, n) (e is the encryption key, n is the block size, and d is the decryption key).

  7. Find out the ciphertext (C) using the following formula:

  8. C = αe mod (n).

  9. The plaintext (A) can be obtained using the following formula:

  10. A = C mod(n).

This algorithm works based on the assumption of a hard problem: if n is large enough, up to 300–400 digits, a regular computer will take years to factor out p and q from n.

RSA is good when you are sharing keys with a small number of users. While sharing a symmetric key with a large group, the possibility of exposure to an unauthorized user is higher. RSA is mainly used to share encryption keys, not for encrypting large data. One can use the key for symmetric encryption for large data. RSA is slower compared to a symmetric cryptosystem. Some implantation challenges are discussed in the following blogs to be reviewed.1,31

In 1976, Whitfield Diffie and Martin Hellman published their work on practical public key exchange for encrypting and decrypting, and now, it is in widespread use.32,33 Diffie–Hellman key exchange steps are reproduced as following Refs. 32 and 34. Figures 10 and 11 show a simple illustration of the key generation and decryption processes.

FIG. 10.

Key generation process.

FIG. 10.

Key generation process.

Close modal
FIG. 11.

Deriving of secret keys by users.

FIG. 11.

Deriving of secret keys by users.

Close modal

Select prime number q and α (α is the primitive root for q).

Alice’s key generation:

Select XA, XA < q.

Derive public YA.

YA = αXA mod q.

YA is shared with user B.

Bob’s key generation:

Select XB, XB < q.

Derive public YB.

YB = αXB mod q.

YB is shared with user A.

Derivation of the secret key by user A:

K = (YB)XA mod q.

Derivation of the secret key by user B:

K = (YA)XB mod q.

Recently, NIST has selected four cryptosystems: CRYSTALS-Kyber, CRYSTALS-Dilithium, CRYSTALS-Falcon, and SPHINCS+. CRYSTALS-Kyber is for use in general encryption. It offers several benefits, including the fact that two parties can exchange relatively modest encryption keys and maintain the required speed of operation. It is faster among cross-platforms, and it is designed for efficient constant time implementation with the same optimized routines across all parameter sets.

The term was introduced to describe Kyber resilience in post-quantum cryptography (PQC) (as disgusted in Ref. 35). This resilience ensures that it is impossible to create ciphertext and lawfully decrypt it using two different private keys. Fortunately,36 proof exists that a robust hybrid Public Key Encryption (PKE) scheme can be built by combining hyper-Khem with a suitable robust digital elevation model (DEM), as stated in Ref. 37. In other words, combining hyper-Khem with one strong suit, a random and resilient DEM can yield the post-quantum strongly anonymous and robust PKE.38 

The advance of Kyber originated from the seminal LWE-based crypto scheme of Regev. It is designed to provide secure encryption operations that are resistant to attacks from quantum computers. Here is an overview of how CRYSTALS-Kyber works:35,39

CRYSTALS-Kyber uses a set of parameters to define the security level and efficiency of the scheme. The parameters include the dimension of the underlying lattice, the number of rounds for the encryption algorithm, and the number of bits used for public keys, secret keys, and ciphertexts. The specific values of these parameters can be chosen based on the desired security level.

For a more detailed understanding, you can refer to the specific research papers or documentation related to CRYSTALS-Kyber.35 

CRYSTALS-Kyber = [A: public key] [s; secrete key] + [e: (α, β, θ) small error terms] = [t; public key].

V = tα + β + m.

U = Aα + θ.

D = V − sU.

Table I provides the different flavors of CRYSTALS-Kyber and the level of security.

TABLE I.

Types of Kyber implementation.

Namen (degree of polynomial)k (size of vector)q (coefficient mod)Security level
Kyber512 256 3329 AES-128 
Kyber768 256 3329 AES-192 
Kyber1024 256 3329 AES-256 
Namen (degree of polynomial)k (size of vector)q (coefficient mod)Security level
Kyber512 256 3329 AES-128 
Kyber768 256 3329 AES-192 
Kyber1024 256 3329 AES-256 

Figure 12 shows the comparison of the byte size of private key, public key, and ciphertext of Curve25519, RSA 3072, and Kyber 512.

FIG. 12.

Key size at medium security level.40 

FIG. 12.

Key size at medium security level.40 

Close modal

The elliptic curve Diffie–Hellman (ECDH) key agreement mechanism is intended to be used with curve 25 519 (ECC), which provides 128 bits of security (256-bit key size). Having no known pattern, it is one of the ECC curves that moves the fastest.41 

Figure 13 shows byte sizes for the highest security level. We can notice that BrainpoolIP12r1 outperforms RSA 5360 and Kyber 1024.

FIG. 13.

Key size at the highest security level.40 

FIG. 13.

Key size at the highest security level.40 

Close modal

Figure 14 shows the speed comparison among Curve25519, RSA 5360, and Kyber 1024. We can clearly see that Kyber 1024 outperforms the other two by many folds in terms of speed.

FIG. 14.

Speed comparison on the Platinum 8259 CPU@2.50 GHz.34 

FIG. 14.

Speed comparison on the Platinum 8259 CPU@2.50 GHz.34 

Close modal

Figure 15 illustrates the comparison of the size of a private key, a public key, and a ciphertext. We can notice that Kyber families have exceptionally large sizes.

FIG. 15.

Key size at comparisons.39 

FIG. 15.

Key size at comparisons.39 

Close modal

The security provided by Kyber is designed to correspond to that of AES. However, there is some disagreement in the security community about the actual level of security provided. We expect that these discussions will determine actual security levels.37 

Fernandez-Carames and Fraga-Lamas introduced the GPV framework in 2008.42 Falcon makes use of two major mathematical frameworks (NTRU lattices and fast Fourier sampling). Falcon is an abbreviation for fast Fourier lattice-based compact over NTRU.

The high-level GPV framework is reproduced here.42 The public key is a long basis of a q-array lattice.

The private key is (essentially) a short basis of the same lattice.

In the signing procedure, the signer does the following:

Generates a random value salt.

Computes a target c = H(msg||salt), where H is a hash function sending input to a random-looking point (on the grid).

Uses his knowledge of a short basis to compute a lattice point v close to the target c.

Outputs (salt, s), where s = c − v.

The verifier accepts the signature (salt, s) if and only if the following holds:

The vector s is short.

H(msg||salt) − s is a point on the lattice generated by his public key.

Falcon offers the following features:

Falcon employs a Gaussian sampler, which ensures that information leakage is minimal and signatures are far shorter than in any lattice-based signature technique. It is five to ten times quicker on standard PCs since it employs Fourier sampling. The discrete wavelet transform is also less computationally complex, taking O(N) time as compared to O(N log N) for an n degree polynomial. Falcon employs 30 kbytes of RAM, resulting in better RAM economy and speed. In terms of traditional security, Falcon-512 is basically equal to RSA-2048, whose signatures and public keys each occupy 256 bytes.43 

Figure 16 shows a lattice over the cyclotomic ring R, which is used for Falcon’s parameter calculations.

FIG. 16.

Lattice over cyclotomic ring R.

FIG. 16.

Lattice over cyclotomic ring R.

Close modal

The snapshot of the Falcon cryptosystem is reproduced here following Ref. 44.

Falcon works over the cyclotomic ring R = Z q[x]/(xn + 1).

Keygen (): Generate matrices A and B with coefficients in R such that

→ BA = 0

→ B has small coefficients

pk ← A

sk ← B

Sign (m, sk) (performed using FFT)

Compute c such that cA = H(m)

v ← “a vector in the lattice Λ(B), close to c”

s ← c − v

The signature sig is s = (s1, s2)

Verify (m, pk, sig)

Accept if:

s is short

sA = H(m)

The main design goal is compactness: to minimize |pk| + |sig|.

Falcon, too, has its limitations. These are implementation-related requirements that, strangely, only apply to the signer. Implementation is difficult. Falcon’s underlying challenge is that Fourier sampling is both difficult to understand and difficult to implement. When considering implementation on limited hardware, particularly those without a floating-point unit, a key limitation is arithmetic with floating points. It is uncertain how to defend against a side-channel assault. Falcon uses discrete Gaussian sampling over integers extensively.44 

The CRYSTALS (Cryptographic Suite for Algebraic Lattices) family of algorithms contains the CRYSTALS-Dilithium digital signature technique, and its difficulty in discovering short vectors inside lattices is dependent on how difficult it is to detect short vectors within lattices.4 It makes use of the complexity of the (LWE) issue.39 When compared to other digital-signature algorithms, its key creation, signature generation, and signature verification are all evenly distributed. As a result, optimizing CRYSTALS-Dilithium’s NTT-based polynomial multiplication algorithm45 is critical.

The template for the CRYSTALS-Dilithium signature scheme is reproduced here.33 

Gen

A ← Rq(k × l)

(s1, s2) ← Slη × Skη

t ≔ As1 + s2

return (pk = (A, t), sk = (A, t, s1, s2))

Sign(sk, M)

z ≔ ⊥

While z = ⊥ do

y ← Slγ1 − 1

w1 ≔ HighBits(Ay, 2γ2)

c ∈ B60 ≔ H(M‖w1)

z ≔ y + cs1

ifzγ1βorLowBits(Aycs2,2γ2)γ2β,thenz:=

return σ = (z, c)

Verify (pk, M, σ = (z, c))

w′1 ≔ HighBits(Az − ct, 2γ2)

if return [‖z‖∞ < γ1 − β] and [c = H(M‖w′1)]

SPHINCS+ cryptography, which utilizes FTS schemes. This method uses a so-called hyper-tree to authenticate a large number of key pairs with few-time signatures. Signature schemes known as “few-time signatures” enable a key pair to generate a limited quantity of signatures. For every new communication, a pseudo-random FTS key pair is chosen to sign it. The FTS signature and the authentication data for that FTS key pair make up the signature. A hyper-tree signature, or a signature using the certification tree of a Merkle tree signature, represents the authentication information. Figure 17 shows the comparison of key size with Falcon for security level 1.

FIG. 17.

Key size analysis security level 1.28 

FIG. 17.

Key size analysis security level 1.28 

Close modal

Section VI D reviewed the primary methods through the NIST body. Other methods are being developed, without yet having been vetted by NIST. Our own approach using NS and NRE is reviewed here, with further details given in Refs. 28, 46, and 47.

We reproduce a quick overview of the NS sequence here.28,47 If any element cannot be represented as a sum of any subset in a given set, this sequence can be termed an NS sequence. Each of its elements cannot be equated to the sum of any combinations of the other non-repeated elements in the sequence, where any element is a positive number. The NS sequence reproduced here could be mathematically represented as given in the following equation:41 
(1)
where α, α + 1, α + 2, …, 2 α is the 1st set, NV1,α,NV1,α+1,NV1,α+2,,NV1,α+α2 is the 2nd set, and generally, the i-th set is {NVβ,α,NVβ,α+1,NVβ,α+2,, NVβ, α + α − 2}.

In addition, α is the value of the first element in this sequence, and α > 2. When α = 1, 2 are the special cases, it is straightforward to form the sequence with the formulas below, respectively.

Period: Its period is defined as the number of elements over which it leaps once.

Ps = α + 1 for the 1st set of elements, and otherwise α − 1. It is observed that the period depends on the initial value α.
  • Amplitude: Its amplitude measures how intensively it leaps, which is defined as given in the following equation:

(2)
The amplitude depends on the initial value α of the first element. For example, if the first element is fixed at 3, then the amplitude will be computed as 1.
  • First node: The value of the first node is obtained as per the following equation:

(3)
The β-th node: The elements of the NS sequence are called nodes. In order to fetch the full sequence, nodes are computed. The following formula is used to calculate the node values:
(4)
where β is the index for the βth node and β > 0 and α is the initial value of the first element in the NS sequence and α > 2.
Node index β and offset γ: When given the number of elements n, the following formula can be used to calculate the node index β in the sequence:
(5)
where [] represents a floor function. For example, [2.1] = 2. The offset γ can be calculated as per the following equation:
(6)
where γ is the offset from the β-th node and 0 < γ < α − 1.
Computation of the record: To compute any record whose index is n in the NS when given the initial value α of the first element. From (2) and (6), any element can be computed via node value and offset as given in the following equation:
(7)
where n is the index of the n-th element of the sequence. Once α is known, the above sequence, Eq. (1), is known through straightforward calculation with (2)(7). To reduce the size of the public key,48 introduce some simple algorithms that extract “higher-order” and “lower-order” bits of elements in Zq.
The typical sequence has the following elements: b1, b11, b11, b111+, …, bn 1111111111, …, n, where e, b, and n are positive integers and
To express the series S=a(b{10(k1)+10(k2)++101+100}) using summation notation, we can rewrite it as
This notation represents the summation of the terms 10(k − i), where i takes the values from 0 to k – 1, is multiplied by b, and finally raised to the power of a.
Alternatively, if you want to represent the exponentiation part using summation notation as well, you can express it as
This notation represents the summation of the terms a(b*(10(k − i))), where i takes the values from 0 to k − 1. Each term is calculated by raising a to the power of b times 10 raised to the power of (k − i).

From Sec. VII B, the public key is (e, n) and the private key is (d, n) (e is the encryption key, n is the block size, and d is the decryption key).

We will hide the public key using NS sequences.

Let us assume that the original public key is (3, 17).

The new public key is (7.609 880 231 320 6 × 10158, 12 028). When we start the NS sequence with 3, we get the value 1336, and in our case, we will get as the 17th element 12 028. In practice, RSA e = 65 537 is a fixed value.

NRE:
(8)
where Ci is the coefficient (frequency), b is the base of an exponential function, and
(9)
Coefficient is C = 1.

NRE sequence {33, 333, 3333, 33333}.

First element: 33, second: 333, and third: 3333.

3333 = 7.609 880 231 320 6 × 10158.

In this process, the NRE sequence will be used to identify the starting point of the NS sequence, and from the value of the NS sequence (12 028), the position of the element in the NS sequence will be determined. In this case, value (12 028) is the 17th element of the NS sequence, whose starting value is 3. The starting value of the NS sequence is always the base of the NRE sequence (Table II).

TABLE II.

First 20 elements of the NS sequence.49 

16 
17 
49 
50 
148 
10 149 
11 445 
12 446 
13 1336 
14 1337 
15 4009 
16 4010 
17 12 028 
18 12 029 
19 36 085 
20 36 086 
16 
17 
49 
50 
148 
10 149 
11 445 
12 446 
13 1336 
14 1337 
15 4009 
16 4010 
17 12 028 
18 12 029 
19 36 085 
20 36 086 

(The first one million elements of the sequence can be shared with the source code upon request.)

PQC has a larger key size and less mature hardware than classical cryptography methods. This is what can cause latency issues. In addition, as we noticed in the performance section, PQC needs billions of cycles for encryption and verification. The encryption and decryption of PQC will impact vehicles moving at a higher speed and connecting with different communication towers. For example, if the handshake process is initiated with one tower and the vehicle moves out to the range of another tower due to a delay in the encryption and decryption, i.e., before the protocol handshake is completed, the original connection will be terminated. Current public key cryptography might be replaced with CRYSTALS-Kyber, which offers robust, standardized security at the expense of larger keys. Larger key sizes, used, in particular, in authentication, could create higher traffic and high storage needs.50 Some challenges were mentioned in earlier sections of this paper.

Initial planning: It takes time to migrate to PQC successfully. It is recommended that organizations get ready right now.

Cybercriminals might target data that have to be protected in the future, so early action is necessary.51 

Updating legacy cryptographic products: A large number of cryptographic protocols, products, and services (including RSA, ECDH, and ECDSA) rely on public key algorithms. It will be necessary to update, swap out, or modify these in order to use quantum resistant PQC algorithms.52 

The PQC transition goes beyond generic networks.

Legacy systems and critical national infrastructure (CNI) are also impacted. Using cryptography on devices with limited resources is one challenge.53 

To resolve this problem in such a scenario, each communicating tower has to broadcast neighboring tower TCB records along with the routing information.54  Figures 1820 illustrate four instances where a delay in communication with aerial vehicles, such as satellites, might lead to calamity.9 

FIG. 18.

VCN illustration with different V2X communication modes.

FIG. 18.

VCN illustration with different V2X communication modes.

Close modal
FIG. 19.

VCN communication scenario when the wireless tower is overloaded.

FIG. 19.

VCN communication scenario when the wireless tower is overloaded.

Close modal
FIG. 20.

VCN communication scenario when there is a huge obstacle between two entities.

FIG. 20.

VCN communication scenario when there is a huge obstacle between two entities.

Close modal

The ground network is severely congested, as depicted in Fig. 19, and the only communication options are high-seep aerial vehicles such as jet planes. The loss of connectivity can be brought on by errors in encryption and decryption.

In addition, in situations such as the big mountain depicted in Fig. 20, vehicles connecting with the ground may take longer than expected to give the proper direction to people on the ground.

IoT networks use a security protocol that uses considerably smaller key sizes (normally 128–4096 bits), while PQC key sizes range from a couple of thousand KB to MB, which will demand a higher computing power. It will be challenging to process on resource-constrained devices, such as IoT devices.

  1. There is a possibility of implementation error by the software developer due to the complex mathematical algorithm involved.

  2. There exist challenges for real time computing services to synchronize communication with software and hardware.

  3. There is a need to redesign the QoS standard for resource constrained devices.

  4. Since quantum algorithms consume resources and energy and add delays, there is a possibility of challenge in optimizing real time communication systems, which require high accuracy and faster key exchange, whether public-key or digital signature.

  5. There is a need for new agreed-upon distributed network architectures that help loop optimization and register optimization techniques.

Figure 21 presents the types of side channel attacks. Side channel attacks can be divided into two major classes: invasive and non-invasive.

FIG. 21.

Side channel attack.

FIG. 21.

Side channel attack.

Close modal

Non-invasive attacks could be logical, remote, and physical proximity. A non-invasive side-channel attack does not physically meddle with the device in question but instead causes harm via employing timing assaults, power analysis, electromagnetic attacks, and other techniques. In this attack, the attacker exploits weaknesses in implementation or environment rather than mathematical structures.55–57 

According to Kocher, timing attacks are carried out on RSA, DSS, Deffie–Hellman, and other cryptosystems. In addition, Burmuley and Bonech state that timing attacks are still in practice. In addition, the researchers mentioned key recovery timing attacks on post-quantum primitives.58 

Figure 22 shows an architecture for splitting tasks into two clone servers. The technical details are explained in the published paper.54 

FIG. 22.

Splitting the ht tp request into two servers.

FIG. 22.

Splitting the ht tp request into two servers.

Close modal

Figure 22 presents the high level dual NIC card architecture, where the C port handles only cryptographic functions and the D port handles the data part. Cryptominers are specialized in hashing functions and can offer 8.3 Exa hashes/s.59 Since both NIC cards are connected to the same devices, there will be a negligible delay in communication (Fig. 23).

FIG. 23.

Splitting the PQC handshake application.

FIG. 23.

Splitting the PQC handshake application.

Close modal

Figure 24 shows the registration process for receivers and senders.

FIG. 24.

Registration process.

FIG. 24.

Registration process.

Close modal

Figure 25 shows the uploading ciphertext and downloading plaintext wrapped within quantum safe crypto with the help of the PQCShare system.

FIG. 25.

Uploading/downloading files through PQCShare.

FIG. 25.

Uploading/downloading files through PQCShare.

Close modal

Figure 26 shows the NRES deciphering process at the receiver’s end.

FIG. 26.

NRES data exchange process.

FIG. 26.

NRES data exchange process.

Close modal

It is too early to draw a conclusion since we are in the preliminary stages of exploration and standardization, but we observed in PQC that great security comes with an increase in key length, which could delay the handshake process and have an impact on the performance of the system. In addition, we expect the hardware to scale in performance and speed. We can see that several solutions exist to overcome the large key sizes, software and hardware faults, and malfunctions due to the complex implementation of PQC.

We proposed other cryptographic primitives to make the most popular cryptosystems quantum safe. We suggest adding additional security for smaller lattice based PQC systems so that our current network system can handle them without significant delays.

We thank Lodewijk Brand and David Bate for the helpful discussion on various topics of high-performance computing and quantum cryptography and for the detailed reviews and proofreading of the paper. This work was supported by NIWC and ONR’s summer fellowship program.

The authors have no conflicts to disclose.

Bharat S. Rawal: Conceptualization (equal); Formal analysis (equal); Investigation (equal); Validation (equal); Writing – original draft (equal); Writing – review & editing (equal). Peter J. Curry: Formal analysis (equal); Investigation (equal); Supervision (equal); Writing – original draft (equal); Writing – review & editing (equal).

The data that support the findings of this study are available within the article.

1.
A.
Valentijn
, “
Goppa codes and their use in the McEliece cryptosystems
,” (unpublished) (
2015
).
2.
Post-Quantum Cryptography, CSRC,
2017
, https://csrc.nist.gov/projects/post-quantum-cryptography.
3.
See
https://www.cryptomathic.com/news-events/blog/summary-of-cryptographic-algorithms-according-to-nist
for a summary about cryptographic algorithms according to NIST
.
4.
D. P.
Joseph
,
M.
Krishna
, and
K.
Arun
, “
Cognitive analytics and comparison of symmetric and asymmetric cryptography algorithms
,”
Int. J. Adv. Res. Comput. Sci.
6
(
3
),
51
56
(
2015
).
5.
P.
Zeng
,
Y.
Zhou
, and
Z.
Liu
, “
Quantum gate verification and its application in property testing
,”
Phys. Rev. Res.
2
(
2
),
023306
(
2020
).
6.
B. S.
Rawal
, “
Quantum integrated (C+G+Q)PU split architecture
,” in
2023 International Wireless Communications and Mobile Computing (IWCMC)
(
IEEE
,
Marrakesh, Morocco
,
2023
), pp.
1466
1471
.
7.
B.
Rawal
and
A.
Peter
, “
Quantum-safe cryptography and security
,” in
Implementing and Leveraging Blockchain Programming
(
Springer
,
2022
), pp.
35
51
.
8.
J.
Wang
,
M.
Zhang
,
J.-S.
Lai
,
W.-Y.
Zhao
, and
H.-Y.
Zhang
, “
Analysis on noise impact in algorithm-based quantum computing benchmark
,” in
2022 20th International Conference on Optical Communications and Networks (ICOCN)
(
IEEE
,
2022
), pp.
1
3
.
9.
S.
Zhang
,
J.
Chen
,
F.
Lyu
,
N.
Cheng
,
W.
Shi
, and
X.
Shen
, “
Vehicular communication networks in the automated driving era
,”
IEEE Commun. Mag.
56
(
9
),
26
32
(
2018
).
10.
R.
Wang
,
O.
Alia
,
M. J.
Clark
,
S.
Bahrani
,
S. K.
Joshi
,
D.
Aktas
,
G. T.
Kanellos
et al, “
A dynamic multi-protocol entanglement distribution quantum network
,” in
2022 Optical Fiber Communications Conference and Exhibition (OFC)
(
IEEE
,
2022
), pp.
1
3
.
11.
R.
Nejabati
,
R.
Wang
, and
D.
Simeonidou
, “
Dynamic quantum network: From quantum data centre to quantum cloud computing
,” in
2022 Optical Fiber Communications Conference and Exhibition (OFC)
(
IEEE
,
2022
), pp.
1
3
.
12.
S.
Ioannidis
,
A. D.
Keromytis
,
S. M.
Bellovin
, and
J. M.
Smith
, “
Implementing a distributed firewall
,” in
Proceedings of the 7th ACM Conference on Computer and Communications
Security (ACM
,
2000
), pp.
190
199
.
13.
J. W.
Bos
,
C.
Costello
,
M.
Naehrig
, and
D.
Stebila
, “
Post-quantum key exchange for the TLS protocol from the ring learning with errors problem
,” in
2015 IEEE Symposium on Security and Privacy
(
IEEE
,
2015
), pp.
553
570
.
14.
R.
de Clercq
,
S. S.
Roy
,
F.
Vercauteren
, and
I.
Verbauwhede
, “
Efficient software implementation of ring-LWE encryption
,” in
Proceedings of the 2015 Design, Automation and Test in Europe Conference and Exhibition
(
EDA Consortium
,
2015
), pp.
339
344
; https://eprint.iacr.org/2014/725.
15.
M.
Albrecht
,
S.
Bai
, and
L.
Ducas
, “
A subfield lattice attack on overstretched NTRU assumptions
,” IACR Cryptology ePrint Archive report 2016/127,
2016
; https://eprint.iacr.org/2016/127.
16.
A. C.
Aguilera
,
X.
Arnal i Clemente
,
D. C.
Lawo
,
I. T.
Monroy
, and
J. J.
Vegas Olmos
, “
First end-to-end PQC protected DPU-to-DPU communications
,”
Electron. Lett.
59
(
17
),
e12901
(
2023
).
17.
D. J.
Bernstein
, “
Curve25519: New Diffie-Hellman speed records
,” in
Public Key Cryptography-PKC 2006: 9th International Conference on Theory and Practice in Public-Key Cryptography, New York, NY, USA, April 24–26, 2006. Proceedings 9
(
Springer
,
Berlin, Heidelberg
,
2006
), pp.
207
228
.
18.
J.
Moon
,
I. Y.
Jung
, and
J. H.
Park
, “
IoT application protection against power analysis attack
,”
Comput. Electr. Eng.
67
,
566
578
(
2018
).
19.
A.
Kumar
,
C.
Ottaviani
,
S. S.
Gill
, and
R.
Buyya
, “
Securing the future Internet of things with post-quantum cryptography
,”
Secur. Privacy
5
(
2
),
e200
(
2022
).
20.
S.
Suhail
,
R.
Hussain
,
A.
Khan
, and
C. S.
Hong
, “
On the role of hash-based signatures in quantum-safe internet of things: Current solutions and future directions
,”
IEEE Internet Things J.
8
(
1
),
1
17
(
2020
).
21.
D. J.
Bernstein
,
J.
Buchmann
, and
E.
Dahemen
,
Introduction to Post-Quantum Cryptography
(
Springer Nature
,
2017
).
22.
P. C.
Sajimon
,
K.
Jain
, and
P.
Krishnan
, “
Analysis of post-quantum cryptography for internet of things
,” in
2022 6th International Conference on Intelligent Computing and Control Systems (ICICCS)
(
IEEE
,
2022
), pp.
387
394
.
23.
C.
Peikert
, “
Public-key cryptosystems from the worst-case shortest vector problem
,” in
Proceedings of the Forty First Annual ACM Symposium on Theory and Computing
(
ACM
,
2009
), pp.
333
342
.
24.
See
https://pqshield.github.io/nist-sigs-zoo/wide.html
for information about post-quantum signatures zoo
.
25.
R.
Overbeck
and
N.
Sendrier
, “
Code-based cryptography
,” in
Post-Quantum Cryptography
(
Springer
,
Berlin, Heidelberg
,
2009
), pp.
95
145
.
26.
P.
Elias
, “
Universal codeword sets and representations of the integers
,”
IEEE Trans. Inf. Theory
21
(
2
),
194
203
(
1975
).
27.
NISTIR 8105 Report on Post-Quantum Cryptography 10, https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf; accessed July 05, 2023.
28.
B. S.
Rawal
and
A.
Biswas
, “
A comprehensive survey of post-quantum cryptography and its implications
,”
Eng. Sci. Technol.
5
(
2
),
256
269
(
2024
).
31.
Y.
Yang
,
Z.
Wang
,
J.
Ye
,
J.
Fan
,
S.
Chen
,
H.
Li
,
X.
Li
, and
Y.
Cao
, “
Chosen ciphertext correlation power analysis on Kyber
,”
Integration
91
,
10
22
(
2023
).
33.
See
https://cryptobook.nakov.com/key-exchange/diffie-hellman-key-exchange
for information about Diffie–Hellman Key Exchange
.
34.
P.
Kampanakis
and
D.
Sikeridis
, “
Two post-quantum signature use-cases: Non-issues, challenges, and potential solutions
,” in
Proceedings of the 7th ETSI/IQC Quantum Safe Cryptography Workshop,
Seattle, WA, USA
(ETSI,
2019
), Vol. 3.
36.
P.
Grubbs
,
V.
Maram
, and
K. G.
Paterson
, “
Anonymous, robust post-quantum public key encryption
,” in
EUROCRYPT 2022, Part III
(
Springer
,
2022
), pp.
402
432
.
37.
P.
Farshim
,
C.
Orlandi
, and
R.
Rosie
, “
Security of symmetric primitives under incorrect usage of keys
,”
IACR Trans. Symmetric Cryptology
2017
(
1
),
449
473
.
38.
V.
Maram
and
K.
Xagawa
, “
Post-quantum anonymity of Kyber
,” in
IACR International Conference on Public-Key Cryptography
(
Springer Nature Switzerland
,
Cham
,
2023
), pp.
3
35
.
39.
G.
Pope
, “
CRYSTALS-Kyber python implementation
,” https://giacomopope.com/projects/.
40.
https://cryptopedia.dev/posts/kyber/; accessed December 28, 2023.
41.
B. S.
Rawal
,
S.
Liang
,
S.
Gautam
,
H. K.
Kalutarage
, and
P.
Vijayakumar
, “
Nth order binary encoding with split-protocol
,”
Int. J. Rough Sets Data Anal.
5
(
2
),
95
118
(
2018
).
42.
T. M.
Fernandez-Carames
and
P.
Fraga-Lamas
, “
Towards post-quantum blockchain: A review on blockchain cryptography resistant to quantum computing attacks
,”
IEEE Access
8
,
21091
21116
(
2020
).
44.
R.
Sedar
,
C.
Kalalas
,
F.
Vázquez-Gallego
,
L.
Alonso
, and
J.
Alonso-Zarate
, “
A comprehensive survey of v2x cybersecurity mechanisms and future research paths
,”
IEEE Open J. Commun. Soc.
4
,
325
391
(
2023
).
45.
B.
Shi
,
D.
Leo
,
E.
Kiltz
et al, “
Crystals-dilithium algorithm specifications and supporting documentation
,”
2020
, https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions.
46.
B. S.
Rawal
and
M.
Gunasekaran
, “
Implementation of a secure multi-cloud storage framework with next-generation cryptosystems and split-protocol
,” in
2021 International Symposium on Networks, Computers, and Communications (ISNCC)
(
IEEE
,
2021
), pp.
1
6
.
47.
B. S.
Rawal
and
T. G.
Sai
, “
No-sum IPsec Lite: Simplified and lightweight Internet security protocol for IoT devices
,” in
2021 8th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2021 7th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)
(
IEEE
,
2021
), pp.
4
9
.
48.
L.
Ducas
,
E.
Kiltz
,
T.
Lepoint
,
V.
Lyubashevsky
,
P.
Schwabe
,
G.
Seiler
, and
D.
Stehlé
, “
CRYSTALS-Dilithium: A lattice-based digital signature scheme
,”
IACR Trans. Cryptographic Hardware Embedded Syst.
2018
,
238
268
.
49.
B. S.
Rawal
and
J.
Shah
, “
SUDP: The Frontier tool for security in 5G and beyond wired or wireless communication
,” in
2021 IEEE Globecom Workshops (GC Wkshps), Madrid, Spain
(
IEEE
,
2021
), pp.
1
6
.
51.
53.
54.
B. S.
Rawal
,
R. K.
Karne
, and
A. L.
Wijesinha
, “
Splitting HTTP requests on two servers
,” in
2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011)
(
IEEE
,
2011
), pp.
1
8
.
55.
N.
Ilic
, “
The Ekert protocol
,”
J. Phys.
334
(
1
),
22
24
(
2007
).
56.
Y.
Shoukry
,
P.
Martin
,
P.
Tabuada
, and
M.
Srivastava
, “
Non-invasive spoofing attacks for anti-lock braking systems
,” in
Cryptographic Hardware and Embedded Systems-CHES 2013: 15th International Workshop, Santa Barbara, CA, USA, August 20–23, 2013. Proceedings 15
(
Springer Berlin Heidelberg
,
2013
), pp.
55
72
.
58.
A.
Karbasi
,
S.
Atani
, and
R.
Atani
, “
PairTRU: Pairwise non-commutative extension of the NTRU publickey cryptosystem
,”
Int. J. Inf. Secur. Sci.
7
(
1
),
11
19
(
2018
).
59.
See
https://cointelegraph.com/news/controlling-17-of-btc-hash-rate-report-on-publicly-listed-mining-firms
for institutional-grade research on blockchain and digital asset
.