Integrating Post-Quantum Cryptography for Internet Security: Challenges and Advancements

(1)

International Journal of Communication Networks and Information Security

xxxx, xx(x), xxx

ISSN: 2073-607X,2076-0930 https://ijcnis.org/

Recent Trends in Integrating Post-Quantum Cryptography for Internet Security Stack

1^st Author first and last name ^1*, 2^nd Author’s first name and last name ²

1 Title, Department, Institution, City, Country 2 Title, Department, Institution, City, Country

*Corresponding Author: [email protected]

Citation: P. xxx and J. B. yyy, “The role of xxxxxxx,” International Journal of Communication Networks and Information Security (IJCNIS), vol. xx, no x, pp. yyy, xx. xxx.

ARTICLE INFO ABSTRACT

Received:

Accepted:

The urgency of the threat posed by quantum computers necessitates the adoption of post-quantum cryptography (PQC), specifically designed to resist quantum attacks, in securing digital communications. Despite various proposals for hybrid cryptographic solutions and optimization strategies to address these challenges, growing concerns about their adoption are widespread and still exist. This study explores the current advancements in integrating PQC into the widely used Internet security stack. It mainly focuses on the challenges associated with larger key sizes and the increased computational demands of PQC algorithms, which can affect performance, compatibility, and interoperability. In this paper, we emphasize the need for ongoing research into lightweight PQC algorithms and improved interoperability to guarantee secure and efficient digital communications in a quantum era. Furthermore, future efforts should aim to reduce performance impacts and enable a seamless transition from traditional cryptography to PQC, ensuring robust protection of digital infrastructure against emerging quantum threats.

Keywords: Post Quantum Cryptography, Quantum Era, Internet Security Protocols, Digital Communication, Hybrid Cryptographic Systems.

INTRODUCTION

The fundamental cryptographic systems that secure digital communications on the Internet are becoming increasingly vulnerable with the upcoming development of quantum computing. Current cryptographic systems, especially those based on RSA(Rivest–Shamir–Adleman), ECC(Elliptic Curve Cryptography), and DH (Diffie-Hellman), which depend on the computational difficulty of factoring large numbers or solving discrete logarithms, are seriously threatened by the potential of quantum computers. The current threat requires a shift towards post-quantum cryptography (PQC) that is able to resist threats from both traditional and quantum computing.

The latest progress in quantum technology has led to a significant increase in research that explores the implementation of PQC into crucial Internet protocols. Secure Shell (SSH), Transport Layer Security (TLS), and Internet Protocol Security (IPsec) are vital for ensuring the confidentiality, integrity, and availability of communications on the Internet. Integrating PQC into these protocols is crucial for ensuring they remain robust against potential quantum attacks. Most of the explored studies have explored the feasibility of migrating from traditional cryptography to

Copyright © 2024 by Author/s and Licensed by IJCNIS. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Research Article

(2)

PQC. Sikeridis et al. [1] demonstrated that PQC can result in a significant increase in handshake latency for TLS by up to 300% and for SSH by up to 50%, depending on the specific post-quantum algorithms used. Furthermore, they examined the impact of the initial TCP window size on the performance of post- quantum TLS and SSH protocols. Based on their findings, a slight increase in size can effectively mitigate the slowing down caused by post-quantum effects, resulting in a 50%

reduction. In addition, Pazienza, A. et al. [2] analyzed key exchange protocols in the post-quantum era, and provided the requirements for a secure key exchange protocol.

The implementation of PQC presents significant challenges. PQC algorithms typically require larger cryptographic keys and more computational resources, leading to increased latency and reduced efficiency in protocol operations. This poses difficulties when integrating PQC into existing internet protocols, as it can substantially affect the performance of network communications and the overall user experience. For example, increased handshake latencies in protocols like TLS and SSH can impact a range of activities, from simple web browsing to secure remote server access. Nethen NV. et al.[3] have outlined a process for managing the migration from traditional to PQC cryptography, emphasizing the importance of a well structured transition plan to mitigate these challenges. Furthermore, Crockett, E. et al. [4] demonstrated that the adoption of PQC could lead to noticeable increases in handshake latencies for TLS and SSH protocols. This increase in latency could potentially degrade the user experience, highlighting the need for careful consideration and optimization during the migration to PQC.

The National Institute of Standards and Technology (NIST) is actively pursuing the standardization of quantum resistant cryptographic schemes, with ongoing projects since 2016 [5].

Furthermore, initiatives like Open Quantum Safe (OQS) are creating open source libraries to develop PQC prototyping [6]. While OQS provides quantum safe cryptography for these protocols through its OpenSSL and OpenSSH forks and other integrations, there has been no mention of a specific implementation for IPsec integration in their documentation. As quantum computing continues to evolve, the necessity for crypto agility and the early integration of PQC into vital Internet protocols becomes increasingly complex [7]. The implementation of these quantum resistant algorithms necessitates an in depth review of the current protocol stack, as outlined by Illiano et al. [8]. In this paper, we review the challenges faced and the solutions proposed in the current state of research on the implementation of PQC into Internet protocols. It also provides an overview of the various studies, findings, and developmental projects that aim to secure the Internet against the quantum computing era. As we delve into the complex challenges of implementing PQC, the survey seeks to provide valuable insights into how these critical protocols can be altered to guarantee a secure digital future.

The remainder of this paper is structured as follows. In section 2, we introduce the quantum threats to the Internet protocol stack. Section 3 describes the overview of the Internet Protocol Stack and section 4 provides the standardization of PQC Algorithms. Finally, section 5 presents and discusses our findings from the study of integrating PQC into SSH, TLS, and IPsec, while section 6 concludes our work.

The Quantum Threats to the Internet Protocol Stack

Quantum computing uses the principles of quantum mechanics to perform com putations at speeds that cannot be accomplished using traditional computers. The timeline for the development of a quantum computer remains uncertain. However, if it is successfully developed, it will pose significant problems to the security of connectivity to the internet. Public key cryptography mechanisms, such as RSA, ECC, and symmetric key algorithms (e.g., AES), currently secure protocols like SSH, TLS, and IPsec. These mechanisms ensure data confidential ity, integrity, and authenticity across various applications of internet communi cations.

The vulnerability of symmetric algorithms to quantum computing is due to Grover’s algorithm [ 9] in 1996. While it offers a quadratic speedup for brute force searching, which can be the efficiency of attempting all possible numerical keys or hash values to identify the correct one. This vulnerability could be countered by doubling the length of the key or using alternative hash functions that are currently provided. On the other hand, Shor’s algorithm [10] has a polynomial time solution for factoring large integers and discrete logarithm problems, which are the mathematical foundations for most public key cryptography schemes, such as RSA, ECC, and DH.

The rapid advancements in quantum computing have raised significant concerns regarding the

(3)

security and integrity of the current Internet Protocol stack, which forms the backbone of modern digital communication and data exchange. Quantum computers, once developed to a sufficient scale, possess the potential to break virtually all widely used public key cryptographic systems, which underpin the security of various internet protocols such as SSL/TLS, IPsec, and SSH [11–13].

The presence of quantum computers is high concern due to their potential to jeopardize the confidentiality, integrity, and availability of vital data and systems that depend on these protocols [ 12]. This concern is worsened by the fact that adversaries currently have the ability to collect and store encrypted data, with the intention of decrypting it in the future using quantum computers [13 ]. To address these quantum threats, the research community and industry leaders have been actively exploring the development of PQC algorithms and tools that can withstand the computational power of quantum computers [11]. These efforts include the ongoing standardization process led by the National Institute of Standards and Technology in the United States and the European Telecommunications Standards Institute (ETSI).

PQC algorithms are designed to be resistant to quantum attacks. These algorithms are based on mathematical problems and are resistant to quantum computing capabilities. However, implementing optimal and quantum safe practical solutions remains a significant challenge. Many of the current PQC algorithms are more complex and require larger key sizes compared to the existing public key techniques, making them less suitable for resource constrained devices such as those found in the Internet of Things ecosystem [14].

Internet Protocol Stack Overview

The generic secure communication process is a conceptual framework that describes the typical steps involved in creating a secure communication channel using various security protocols such as TLS, SSH, and IPsec.

Fig. 1. Generic Procedure of SSH, TLS, and IPsec Protocol

As shown in Fig. 1, the process begins with initiation and negotiation, in which the client and server exchange protocol versions and achieve an agreement on the cryptographic methods to be used. Following this, authentication occurs, with the server typically validating its identity to the client via digital certificates or keys. In certain cases, the client may be asked to verify themselves. After authentication, the key exchange formation step generates a shared session key for both parties. This is often accomplished by methods such as the Diffie-Hellman exchange, which ensures that the key is not communicated directly and hence cannot be intercepted. During this phase, all further communication between the client and server is encrypted and authenticated with the session key.

This ensures that the data is kept confidential and its integrity is guaranteed. Client authentication is optional but important for safe remote access applications as it checks the client’s identity. To provide long term security during communication, cryptographic settings are regularly updated or

(4)

renegotiated to maintain ongoing session management. Finally, the procedure is completed with termination, which secures the session and disposes of the session keys to avoid potential reuse, reducing the chance of cryptographic assaults.

The TCP/IP model consists of five layers: Application, Transport, Network, Data Link, and Physical Layers. Each layer has its own specific set of protocols that support the transmission of data and the switching of packets across various nodes within a network [16].

Secure Shell (SSH)

SSH is a cryptographic network protocol that enables secure communication and data transfer over unsecured networks. SSH ensures secure communication over an unsecured network by using encryption to verify the identity of remote users and securely transmit information. It is commonly employed for the remote management of servers and secure transfer of files. Although SSH is mainly used in Unix and Linux environments, it can also be implemented in Windows and other operating systems.

SSH applies a combination of cryptographic algorithms for protecting remote communications. It utilizes symmetric encryption algorithms such as AES, ChaCha20, and 3DES to ensure data confidentiality. For secure key establishment with forward secrecy, SSH employs key exchange methods like ECDH and DH. To maintain data integrity, SSH uses MACs like HMAC-SHA-256 and HMAC-SHA-1. Additionally, SSH depends on public key algorithms such as RSA, ECDSA, and Ed25519 to authenticate users and establish secure connections. These techniques guarantee secure and encrypted communication between remote systems [7].

Transport Layer Security (TLS)

Transport Layer Security (TLS) is a cryptographic protocol specifically developed to ensure the security of communications over computer networks, with a particular focus on the internet. TLS guarantees that information exchanged between two entities is securely encoded and verified, thus e nsuring confidentiality and the integrity of the data. It is extensively employed in web browsers to ensure the security of HTTPS connections, in email servers for the encrypted transmission of emails, and in various other applications where secure communication is of utmost importance.

TLS 1.3 uses robust cryptographic algorithms to ensure secure communication. It utilizes symmetric encryption algorithms such as AES-GCM and ChaCha20-Poly1305 to maintain data confidentiality. For secure key establishment with forward secrecy, TLS 1.3 employs key exchange m ethods like ECDHE and DHE. To ensure data integrity, it utilizes hash functions like SHA-256.

Additionally, TLS 1.3 employs digital signature algorithms like ECDSA, RSA, and EdDSA for authenticating identities [15]. The HKDF key derivation function is used to securely derive keys from shared secrets, providing strong security, efficiency, and protection against various attacks.

Internet Protocol Security (IPsec)

IPsec is a collection of protocols that ensure the security of Internet Protocol (IP) communications. It achieves this by verifying the authenticity and encrypting each IP packet within a data stream. IPsec offers security services for IP packets transmitted over an IP network, operating specifically at the network layer of the OSI model. It is commonly used to create virtual private networks (VPNs), which allow secure connections for remote users or networks over the Internet. IPsec is a widely utilized protocol in corporate networks and for establishing secure connections to remote systems.

IPsec relies on a variety of cryptographic algorithms to protect data that is transmitted over networks. Confidentiality is guaranteed by encryption algorithms, including AES and 3DES.

Integrity algorithms, including HMAC with SHA-256 or SHA-512. The identities of communicating parties are verified by authentication algorithms, including ECDSA and RSA. Key exchange methods, including Diffie-Hellman and Elliptic Curve Diffie-Hellman, are used to securely exchange credentials. AES-GCM and ChaCha20-Poly1305, which are combined algorithms, offer encryption and authentication in a single operation, thereby improving security and performance [16].

(5)

Standardization of Post-Quantum Cryptography Algorithms

PQC algorithms is cryptographic algorithms designed to be secure against the potential threats posed by quantum computers. Quantum computers, which leverage principles of quantum mechanics, are expected to solve certain problems exponentially faster than traditional computers. To address these concerns, PQC algorithms that can resist quantum attacks are being developed and standardized. The NIST is a pioneer to standardize PQC algorithms that can withstand the attacks of quantum computers. These efforts involve evaluating and vetting a variety of candidate algorithms, to ensure their security and practicality for real world applications such as in M2M communication, vehicular communication, and IoT networks [18–20].

Family of PQC algorithms include lattice-based, hash-based, code-based, multivariate polynomial, and isogeny-based cryptography [12].

Lattice-based cryptography

Lattice-based cryptography, which includes algorithms like NTRU [25] and Kyber [26], relies on the hardness of problems related to lattice structures, such as the Learning With Errors (LWE) problem. These algorithms are considered promising for their efficiency and security against both traditional and quantum attacks.

Hash-based cryptography

Hash-based cryptographic algorithms, such as eXtended Merkle Signature Scheme (XMSS) [27 ] and SPHINCS+ [28], use hash functions to create secure digital signatures. These algorithms are highly secure and well understood, making them strong candidates for post-quantum digital signatures.

Code-based cryptography

Code-based cryptography, exemplified by the McEliece cryptosystem, relies on the hardness of decoding random linear codes [29]. Despite its large key sizes, it is highly secure and has been studied extensively over several decades.

Multivariate polynomial cryptography

Multivariate polynomial cryptography involves solving systems of multivariate polynomial equations [30]. The Rainbow signature scheme is a notable example, known for its strong security properties and efficiency.

Isogeny-based cryptography

Isogeny-based cryptography, such as the SIKE (Supersingular Isogeny Key Encapsulation) protocol [31], uses the hardness of finding isogenies between elliptic curves. These algorithms offer compact key sizes and strong security, making them attractive applications.

In 2016, NIST initiated a global call for proposals for quantum-resistant cryptographic algorithms, receiving 69 submissions for evaluation [17]. The evaluation process for PQC algorithms includes several rounds, each narrowing down the candidate algorithms based on various criteria such as security, performance, and implementation characteristics. The algorithms being considered for standardization cover a range of cryptographic functionalities, including digital signatures

[23] and key exchange mechanisms (KEM) [24]. PQC algorithms often have different performance characteristics compared to traditional algorithms. Factors such as key sizes, computational overhead, and efficiency are critical for practical implementation [32]. The study conducted by Nejatollahi et. al. [33] found that the majority of the current PQC algorithms are based on lattice schemes. Lattice-based schemes have smaller key sizes compared to some code-based and multivariate structures, which possess greater public key sizes.

(6)

Fig. 2. Three Final NIST Post-Quantum Cryptography Standards

A notable recent advancement is the finalization of PQC standards by NIST, as illustrated in Fig.

2. On 13 August 2024, NIST released the Federal Information Processing Standards (FIPS) documents that define official standards for PQC algorithms [34]:

NIST FIPS 203 defines the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), which is derived from the CRYSTALS-KYBER scheme and based on the computational hardness of the Module Learning With Errors (MLWE) problem. This algorithm offers three parameter sets

—ML- KEM-512, ML-KEM-768, and ML-KEM-1024—to enable varying levels of security. It is particularly ideal for applications requiring robust, long-term protection of critical data and communication channels.

NIST FIPS 204 defines the Module-Lattice-Based Digital Signature Algorithm (ML-DSA), a cryptographic standard that relies on the MLWE problem for secure digital signatures. ML-DSA, a derivative of the CRYSTALS- DILITHIUM scheme, is designed to provide strong defense against quantum computing threats. The standard identifies three security parameter sets (ML-DSA-44, ML- DSA-65, ML-DSA-87) to address diverse security needs.

NIST FIPS 205 provides the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA), derived from the SPHINCS+ scheme. This algorithm provides strong security against quantum computing threats. It offers various security levels, generating it suitable for applications requiring r obust data integrity and non-repudiation, including electronic communications, software distribution, and data storage.

Integrating PQC into SSH, TLS, and IPsec

In this section, we present an overview of the internet protocol stack’s challenges on the implementation of PQC. We also discuss the trade-offs of performance and security. Furthermore, we consider and present the practicality and deployment of adoption PQC. Finally, we elaborate on the future trends or directions.

The Challenges of PQC Implementation on the Internet Protocol Stack

The implementation of PQC introduces various performance degradation aspects that need to be carefully considered, especially as we transition into more advanced network technologies like 6G and broader IoT integration. These challenges primarily revolve around computational overhead, bandwidth requirements, and latency issues. Each of these areas impacts system performance in significant ways. Table 1 gives a summary of all the challenges of PQC implementation on the Internet Protocol Stack.

(7)

Table 1. The challenges of the implementation of PQC, highlighting the current solutions and relevant protocols.

Challenges Current Solutions TLS

1.2 TLS

1.3 IPse c SS Performance H

Overheads

and Optimization [35–38, 51]

Algorithm optimization, lightweight implementations, hardware acceleration

- V V V

Compatibility and Interoperability Issues [36, 39, 41, 40]

Hybrid cryptographic schemes, gradual transition strategies, modular libraries

V V V V

Key Size and Bandwidth

Requirements [42, 43, 2]

Compression techniques, protocol optimization, tailored algorithms

- V V -

Security and Robustness Concerns [37, 44–

46]

Continuous cryptographic analysis, flexible frameworks, hybrid models

- V V -

Standardization and Compliance [41, 44]

Collaboration with standards bodies, compliance guidelines

V V V -

Performance Overheads and Optimization: PQC algorithms can influence significant computational overhead, leading to increased latency in security protocols such as TLS 1.3, SSH, IKEv2, and IPsec. This is particularly challenging for resource-constrained devices in IoT and embedded systems. PQC algorithms are inherently more complex than traditional cryptography due to the nature of the mathematical problems they solve to ensure quantum resistance, as follows:

– Algorithm Complexity: Lattice-based cryptographic systems, one of the leading candidates for PQC [21], require operations on large, high dimensional lattices. These operations are computationally intensive because they involve complex algebraic structures and operations that are not typically found in traditional cryptographic algorithms.

– Processing Time: This complexity translates into longer processing times for key generation, encryption, and decryption processes [22]. On devices with limited computational resources, such as IoT devices or older infrastructure, this can lead to noticeable delays and reduced op- erational efficiency [50].

– Resource Utilization: Increased CPU and memory usage are common with PQC, impacting device performance and power consumption [70].

Techniques: Algorithm optimization, lightweight implementations, and hardware acceleration (e.g., using FPGA or GPU) can mitigate performance issues.

2. Compatibility and Interoperability Issues: Transitioning to PQC requires maintaining compatibility between new and legacy systems. Protocol modifications may be necessary, affecting interoperability. Techniques: Implementing hybrid cryptographic schemes, adopting gradual transition strategies, and developing modular cryptographic libraries.

3. Key Size and Bandwidth Requirements: PQC algorithms often have larger key sizes, impacting data transmission efficiency, especially in bandwidth-constrained environments.

– Transmission Efficiency: Many PQC schemes utilize keys that are significantly larger than those used in current cryptographic. For example, where a 2048-bit key is standard for RSA, some PQC schemes might require keys many times larger. Transmitting these larger keys over a network consumes more bandwidth [1, 36].

– Data Overhead: The increase in packet size due to larger keys and ciphertexts adds to

(8)

the network load, which can reduce the overall throughput of the network, particularly in scenarios where bandwidth is limited or highly contended, such as in mobile networks or dense IoT deployments [47].

Techniques: Utilizing compression techniques, optimizing protocols to handle larger keys, and selecting algorithms suitable for low-bandwidth environments.

4. Security and Robustness Concerns: Ensuring robust security against quantum and traditional attacks is crucial. Hybrid systems may introduce new vulnerabilities or new attack vectors, and cryptographic agility is needed to adapt to evolving threats. Techniques: Continuous cryptographic analysis, developing flexible frameworks for updates, and using hybrid models during the transition.

5. Standardization and Compliance: The lack of mature PQC standards creates uncertainty.

Aligning with regulatory and compliance requirements is challenging. Techniques: Collaborating with standards bodies like NIST and establishing compliance guidelines that adapt to evolving standards.

Performance and Security Trade-offs

The shift to PQC in communication protocols such as SSH, TLS, and IPsec within the 6G and IoT networks must be evaluated across these PQC algorithms. Table 2 includes representative PQC algorithms, their advantages and disadvantages used to evaluate their implementation:

Table 2. Trade-off Aspects from Implementing PQC in TLS, SSH, and IPsec Protocols.

Protocol

s PQC

Algorithms Advantages Disadvantages TLS [35] Kyber,

SPHINCS+

Strong security, Compatibility with existing systems

Higher

computationa l cost

TLS 1.3

& SSH [1]

Kyber, NewHo pe, NTRU

High security, Minimal modifications required

Increased overhead, Potential latency TLS 1.3

[36]

FrodoKEM, SIKE, SPHINCS+

Strong

authentication, Forward secrecy

Complex

implementation, Potentially larger keys

TLS 1.3 [49]

SIKE, Kyber, NTRU, XMSS, Falcon

Reduced bandwidth, CPU cycles,

Simplified implementation, Efficient post- quantum security

Weaker downgrade resilience, Complexity in transitioning IPsec

(IKEv2) [51]

Kyber, NTRU, Saber,

LAC, RLizard, and AKCN

Detailed performance

benchmarks, Trade- off analysis, Helps in selecting PQC algorithms

Higher computational cost, Larger packet sizes, Slower key exchange SSH [52]

Hybrid

MLKEM768x255 19,

MLKEM768nistp 256

MLKEM1024nist p384

Multiple chipher suites,

Gradual transition to PQC, Protocol- specific

optimizations

Timing attacks, Side-channel attacks

TLS 1.3

& IKEv2 [40]

Hybrid

(ECC & Kyber)

Improved security, Gradual transition to PQC, Protocol- specific

optimizations

Complex integration, Increased

overhead, Protocol redesign

Falcon, Hardware Larger key sizes,

(9)

IPsec [53] Dilithium, Kyber

acceleration, Feasible for both wired and wireless

Performance impacts require optimization IPsec [54]

Classic McEliece, Kyber, NTRU, Saber,

Dilithium, Falcon, Rainbow

Practical

implementation of multiple

NIST algorithms

Increased computational complexity, Potential performance degradation

It is noteworthy to specify a need for more detailed studies on the efficiency of hybrid systems that utilize both traditional and quantum-resistant algorithms, balancing security with performance.

This evaluation helps in understanding the trade-offs between enhanced security and potential performance degradation, en suring that the solutions are both secure against quantum threats and practical in terms of performance and resource consumption. While the transition to integrate PQC is essential for securing network communications against future quantum threats, the trade-offs in terms of increased computational overhead, bandwidth requirements, and latency must be carefully managed. Optimizations in algorithm design, hardware acceleration, or even hybrid cryptographic approaches that use both traditional and quantum-resistant algorithms might be necessary to balance security and performance effectively, especially as we edge closer to the widespread deployment of quantum computing technologies and more advanced network infrastructures like 6G.

Practicality and Deployment Considerations

As the threat of quantum computing looms, the need for robust cryptographic solutions capable of withstanding quantum attacks has become increasingly pressing. PQC has emerged as a promising approach to address this challenge, offering algorithms designed to be resistant to the computational power of quantum computers. However, the practicality of deploying PQC in real world scenarios involves a multitude of considerations, including performance, efficiency, key management, scalability, and interoperability.

In the context of resource constrained environments, the performance and efficiency of the algorithms are key factors to consider when implementing PQC [14]. Lattice-based cryptography (LBC) is considered one of the top candidates for cryptographic algorithms because of its superior performance characteristics and robust resistance against quantum attacks [55, 56]. Studies have shown that LBC offers an ideal combination of security and performance, making it suited to a range of applications, such as vehicular communications and secure cloud storage [57, 58].

Furthermore, integrating the application of PQC into current systems presents noteworthy obstacles. To ensure a smooth and secure transition from traditional cryptographic systems to PQC, extensive preparation and effective execution are necessary. This is crucial in order to prevent any potential security vulnerabilities that may arise during the migration process [59]. This transition is not primarily a software update; it involves evaluating the entire security architecture of systems to guarantee compatibility with PQC algorithms. During the transition phase, it may be necessary to use hybrid approaches that combine traditional and post-quantum algorithms in order to ensure security while gradually replacing vulnerable systems [60]. An additional crucial factor in implementing PQC is the requirement for robust key management procedures. The security of PQC systems is strongly dependent on the secure generation, distribution, and storage of cryptographic keys. The introduction of new algorithms contributes to an increase in the complexity of key management. Additionally, it is necessary to analyze the efficiency of key encapsulation mechanisms (KEMs) and digital signature schemes to guarantee that they comply with the practical demands of real world applications [61].

Besides performance and key management, the resilience of PQC algorithms against different attack vectors is of utmost importance. Recent research has identified flaws in specific lattice-based cryptographic schemes, specifically related to error sampling and the probability of decryption failure [55]. To tackle these vulnerabilities, ongoing studies and improvements are necessary to strengthen the resilience of PQC algorithms and ensure their ability to withstand attacks from both traditional and quantum computers [62]. Furthermore, the integration of PQC needs to take into account the possibility of side channel attacks, which could exploit vulnerabilities in the physical implementation of cryptographic algorithms [63].

(10)

Another crucial factor to consider is the scalability of PQC solutions. When organizations implement PQC, they need to make sure that the solutions can efficiently handle larger amounts of data and fulfill the increasing requirements of users. The issue of scalability is especially significant in cloud computing environments, where there is a rapidly expanding demand for secure storage and processing of data [58]. The development of scalable architecture is capable of performing PQC algorithms, while maintaining optimal performance is vital for achieving widespread adoption.

Moreover, the interoperability of PQC with existing protocols and standards is crucial for smooth integration into current systems. As the innovation and standardization of PQC algorithms progress, it is crucial to validate their compatibility with existing cryptographic protocols without causing any disruptions in multiple industries[64]. Moreover, interoperability concerns the PQC library used during integration. Post-quantum cryptographic libraries such as PQClean and libOQS are well known for their practicality and open source. PQClean integrates NIST-submitted algorithms into an API, offering minimal effort for future integrations, whereas libOQS is suitable for higher level developers. Alternative options are libpqcrypto, rustpq/pqcrypto, and pqm4[65].

Future Directions for Development

The field of post-quantum cryptography has gained significant attention in recent years as a response to the potential threat posed by the development of large scale quantum computers. These quantum computers could potentially break the widely-used public-key cryptographic algorithms that form the backbone of modern secure communications.

The development of PQC involves exploring and refining various cryptographic primitives, with lattice-based cryptography being a leading candidate due to its robustness and efficiency [55].

Schemes like CRYSTALS Kyber [66] offer secure key encapsulation mechanisms and digital signatures resistant to quantum attacks. Other cryptographic frameworks like code-based, multivariate, and hash-based cryptography are also being investigated [56], each with unique advantages and challenges. Code-based cryptography has shown promise in security but may face efficiency and implementation complexity challenges. Multivariate schemes require further research to optimize their performance in real world scenarios [67].

The hardware implementation of PQC algorithms is another vital area of focus and concern [48 ]. Field programmable gate arrays (FPGAs) [68] provide an ideal combination of scalability and efficiency, making them ideally suited for significant usage in limited resource contexts such as the IoT [14]. Hybrid techniques [69], which integrate both quantum and traditional systems, have the potential to enhance security by offering double protection against potential quantum risks. The integration of PQC into blockchain technology presents both challenges and opportunities.

Blockchain systems, reliant on cryptographic primitives, must adapt to maintain integrity in a post- quantum world, requiring effective implementation within decentralized architecture [71].

When integrating PQC, it is essential to consider the specific cryptographic library and its intended application to ensure optimal performance and robust security. OpenSSL is working on the Open Quantum Safe (OQS) project to add PQC. This will allow standard TLS implementations to use PQC algorithms that have been approved by NIST [72]. WolfSSL, popular for its scalability in embedded environments, is at the cutting edge of this area by integrating PQC algorithms such as Kyber and Dilithium. This supports the deployment of preliminary solutions for low-resource and Internet of Things devices that require securing SSH or TLS communications against quantum threats [73]. However, mbedTLS is planned to integrate lightweight quantum-resistant algorithms suit able for constrained environments, despite currently lacking native support for PQC [74]. It is essential to embrace transition and hybrid protocols capable of supporting both traditional and post- quantum cryptography while selecting suitable cryptographic primitives for each library and application to effectively implement post-quantum cryptography across the internet protocol stack.

CONLUSION

We are in a hazardous phase where PQC algorithms exist, yet numerous research gaps remain.

The progression of quantum computing presents a significant risk to current cryptographic systems, forcing a transition to PQC to guarantee secure digital communications in the quantum age.

(11)

Although NIST has published PQC standards, integrating these algorithms into widely used internet security protocols such as SSH, TLS, and IPsec poses several challenges. This includes performance consequences, compatibility and interoperability issues, key size and bandwidth requirements, along with regulatory and standards barriers. In context with these issues, hybrid approaches and performance optimization techniques highlight the feasibility of a gradual transition to PQC while maintaining compatibility with current systems. The work emphasizes that a collaborative strategy encompassing ongoing research, standardization, and practical deploying will be necessary for the successful implementation of PQC into the global internet security system. The next efforts must concentrate on developing lightweight PQC techniques, improving interoperability, and optimizing protocol performance to ensure the security and reliability of internet communications against quantum attacks.

Acknowledgements This research is funded by the scholarship from Technical University of Denmark,Ballerup, Denmark

REFERENCES

1. Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Assessing the overhead of post- quantum cryptography in TLS 1.3 and SSH. In: Proceedings of the 16th In- ternational Conference on emerging Networking EXperiments and Technologies (CoNEXT). Association for Computing Machinery, New York, NY, USA, 149–156 (2020). https://doi.org/10.1145/3386367.3431305 2. Pazienza, A., Lella, E., Noviello, P., and Vitulano, F.: Analysis of Network- level Key Exchange

Protocols in the Post-Quantum Era. 2022 IEEE 15th Work- shop on Low Temperature Electronics (WOLTE), Matera, Italy, 2022, pp. 1-4. https://doi.org/10.1109/WOLTE55422.2022.9882818 3. Nethen, NV., Wiesmaier, A., Alnahawi, N., Henrich, J.: PMMP - PQC Migration Management

Process. arXiv (2023) https://doi.org/10.48550/arXiv.2301.04491

4. Crockett, E., Paquin, C., Stebila, D. : Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH. IACR Cryptol. ePrint Arch. (2019) https://doi.org/ia.cr/2019/858 5. Chen, L., et. al : NISTIR 8105: Report on Post-Quantum Cryptography. NIST. (2016)

https://doi.org/10.6028/NIST.IR.8105

6. Stebila, D., Mosca, M.: Post-quantum key exchange for the internet and the open quantum safe project. Selected Areas in Cryptography–SAC 2016, 14–37. https://doi.org/10.1007/978-3-319- 69453-5_2

7. Baseri, Y. Chouhan, V., Hafid, A.,: Navigating quantum security risks in networked environments: A comprehensive study of quantum-safe network protocols, Comput- ers &

Security.(2024) https://doi.org/10.1016/j.cose.2024.103883

8. Illiano, J. and Caleffi, M., Manzalini, A and Cacciapuoti, AS.: Quantum Inter- net protocol stack: A comprehensive survey. Computer Networks, Elsevier BV, 213.(2022) https://doi.org/10.1016/j.comnet.2022.109092

9. Grover, L. K.: A fast quantum mechanical algorithm for database search. In: Pro- ceedings of the 28th Annual ACM Symposium on Theory of Computing. (1996) https://doi.org/10.1145/237814.237866

10. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In:

Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE (1994) https://doi.org/10.1016/j.comnet.2022.109092

11. Kumar, M.: Post-quantum cryptography Algorithm’s standardization and performance analysis. In: Array, Elsevier (2022) https://doi.org/10.1016/j.array.2022.100242

12. Barker, W., Polk, W., Souppaya, M: Getting ready for post- quantum cryptography: Explore challenges associated with adopting and using of post-quantum cryptographic algorithms.

NIST (2021) https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04282021.pdf

(12)

13. Campagna, M., LaMacchia, B., Ott, D.: Post Quantum Cryptogra- phy: Readiness Challenges and the Approaching Storm. arXiv (2021) https://doi.org/10.48550/arXiv.2101.01269

14. Fernández-Caramés, T.M.,: From Pre-Quantum to Post-Quantum IoT Secu- rity: A Survey on Quantum-Resistant Cryptosystems for the Internet of Things. In: IEEE Internet of Things Journal, vol. 7, no. 7, pp. 6457-6480. (2020) https://doi.org/10.1109/JIOT.2019.2958788

15. The TLS protocol version 1.3. RFC 8446.,

https://datatracker.ietf.org/doc/html/rfc8446. Last accessed 23 Aug 2024

16. Security Architecture for the Internet Protocol: RFC 4301., https://www.rfc- editor.org/rfc/rfc4301. Last accessed 23 Aug 2024

17. NIST Homepage: Post-Quantum Cryptography,

https://csrc.nist.gov/projects/post-quantum-cryptography. Last accessed 23 Aug 202418. Paul, S., Scheible, P.: Towards Post-Quantum Security for Cyber-Physical Systems:

Integrating PQC into Industrial M2M Communication . IACR Cryptol. ePrint Arch. (2020) https://doi.org/10.1007/978-3-030-59013-0_15

19. Shim, K.A.: A Survey on Post-Quantum Public-Key Signature Schem

for Secure Vehicular Communications. In: IEEE Transactions on Intel- ligent Transportation Systems, vol. 23, no. 9, pp. 14025-14042 (2022) https://doi.org/10.1109/TITS.2021.3131668

20. Paul, S., Schick, F., Seedorf, J.,: TPM-Based Post-Quantum Cryptography: A Case

Study on Quantum-Resistant and Mutually Authenticated TLS for IoT Environ- ments. In:

Proceedings of the 16th International Conference on Availability, Reli- ability and Security.

Association for Computing Machinery, New York, NY, USA, Article 3, 1–10. (2021) https://doi.org/10.1145/3465481.3465747

21. Alagic, G., et al.: Status report on the second round of the NIST post-quantum cryptography standardization process. US Department of Commerce, NIST (2020) 22. Bindel, N., et al. Hybrid Key Encapsulation Mechanisms and Authentica- tion

Protocols for Post-Quantum Cryptography. Cryptology ePrint Archive.

(2021)https://doi.org/10.1007/978-3-030-25510-7_12

23. Opiłka, F., Niemiec, M., Gagliardi, M., and Kourtis, M.A. Performance Analysis

of Post-Quantum Cryptography Algorithms for Digital Signature. Applied Sciences.

14(12):4994. (2024). https://doi.org/10.3390/app14124994

24. Bernstein, D., Lange, T. Post-quantum cryptography. Nature 549, 188–194 (2017).

https://doi.org/10.1038/nature23461

25. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In:

Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998).

https://doi.org/10.1007/BFb0054868

26. Bos, J., et al.: Crystals-Kyber: a CCA-secure module-lattice-based KEM. In: 2018

IEEE European Symposium on Security and Privacy (EuroS &P), pp. 353–367. IEEE (2018).

27. Kannwischer M.J., Genêt A., Butin D., Krämer J., Buchmann J. Differential power

analysis of XMSS and SPHINCS. In: International Workshop on Constructive Side- Channel Analysis and Secure Design, pp. 168-188, Springer (2018)

28. SPHINCS+ Homepage: Post-Quantum Cryptography, sphincs.org. Last accessed 23 Aug 2024

29. McEliece, R. J. A Public-Key Cryptosystem based on Algebraic Coding Theory. Deep Space Network Progress Report 42–44 (1978).

30. Matsumoto, T. & Imai, H. Public quadratic polynomial-tuples for efficient

signature-verification and message-encryption. In Advances in Cryptology, Proc.

Workshop on the Theory and Application of Cryptographic Techniques (EURO- CRYPT’88) (ed. Günther, C. G.) 419–453 (Springer, 1988)

31. Jao, D. & de Feo, L. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Post-Quantum Cryptography, Proc.4th International Workshop, Springer (ed. Yang, B.-Y.) 19–34 (2011)

32. Beullens, W., et al.: Post-quantum cryptography: current state and quantum mit- igation. ENISA (2021)

33. Nejatollahi, H., Dutt, N., Ray, S., Regazzoni, F., Banerjee, I., Cammarota, R.: Post- quantum lattice-based cryptography implementations: a survey. ACM Comput. Surv.

(CSUR) 51(6), 1–41 (2019)

34. National Institute of Standards and Technology (NIST). Federal Informa- tion Processing Standards (FIPS) Documents: NIST.FIPS.203, NIST.FIPS.204, NIST.FIPS.205.

https://csrc.nist.gov/publications/fips. Last accessed 23 Aug 2024

35. Bürstinghaus-Steinbach, K., Krauß, C., Niederhagen, R., Schneider, M.: Post- quantum TLS on embedded systems: integrating and evaluating Kyber and SPHINCS+ with mbed

(13)

TLS. In: Proceedings of the 13th ACM Conference on Se- curity and Privacy in Wireless and Mobile Networks (WiSec ’20), pp. 91–96. ACM, New York (2020) https://doi.org/10.1145/3320269.3384725

36. Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: A performance study. In: Network and Distributed Sys- tem Security (NDSS)

Symposium 2020. Internet Society, San Diego (2020).

https://doi.org/10.14722/ndss.2020.24203

37. Henrich, J., Heinemann, A., Wiesmaier, A., & Schmitt, N. (2023). Performance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics. Lec- ture Notes in Computer Science, 13969, 230–249. https://doi.org/10.1007/978-3- 031-49187-0_14 38. Marchsreiter, D., & Sepúlveda, J. Hybrid Post-Quantum Enhanced TLS 1.3 on Embedded

Devices. 25th Euromicro Conference on Digital System Design (DSD), 643–650. (2022).

https://doi.org/10.1109/DSD57027.2022.00127

39. Paul, S., Kuzovkova, Y., Lahr, N., & Niederhagen, R. Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 1109–1126.(2022).

https://doi.org/10.1145/3488932.3497755

40. Smyslov, V. Use of Hybrid Post-Quantum Key Exchange in Internet Pro- tocols. Journal of Network and Systems Management, 32(1), 15–28. (2024).

https://doi.org/10.1007/s11416-024-00515-3

41. Tjhai, C. J., Tomlinson, M., Bartlett, G., Fluhrer, S., Van Geest, D., Garcia- Morchon, O., et al. RFC 9370: Multiple Key Exchanges in the Internet Key Ex- change Protocol Version 2 (IKEv2). (2023). https://doi.org/10.17487/RFC9370

42. Tzinos, I., Limniotis, K., & Kolokotronis, N. Evaluating the Performance of Post- Quantum Secure Algorithms in the TLS Protocol. Journal of Surveillance, Security and Safety, 3(2), 54–67. (2022). https://doi.org/10.20517/jsss.2022.15

43. Giron, A. A., do Nascimento, J. P. A., Custódio, R., Perin, L. P., & Mateu,

V. Post-Quantum Hybrid KEMTLS Performance in Simulated and Real Net- work Environments. Lecture Notes in Computer Science, 13963, 229–246. (2023).

https://doi.org/10.1007/978-3-031-44469-2_15

44. Sosnowski, M., Wiedner, F., Hauser, E., Steger, L., Schoinianakis, D., Gal- lenmüller, S., &

Carle, G. The Performance of Post-Quantum TLS 1.3. Proceedings of the ACM SIGCOMM 2023 Conference, 503–516. (2023). https://doi.org/10.1145/3624354.3630585 45. Zheng, J., Zhu, H., Dong, Y., Song, Z., Zhang, Z., Yang, Y., & Zhao, Y. Faster Post- Quantum

TLS 1.3 Based on MLKEM: Implementation and Assessment. Lecture Notes in Computer Science, 14028, 125–142. (2024). https://doi.org/10.1007/978- 3-031-70890-9_7

46. Fluhrer, S., McGrew, D., Kampanakis, P., & Smyslov, V. Postquantum Pre- shared Keys for IKEv2. Internet Engineering Task Force (IETF) Draft. (2019).

https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-qr-ikev2-08

47. Alkim, E., Ducas, L., Pöppelmann, T., & Schwabe, P. Post-quantum key exchange - a new hope. Cryptology ePrint Archive, Report 2015/1092. (2015). https://ia.cr/2015/1092 48. Basu, K., Soni, D., Nabeel, M., & Karri, R. NIST Post-Quantum Cryptography- A Hardware

Evaluation Study. Cryptology ePrint Archive, Report 2019/047. (2019).

https://ia.cr/2019/047

49. Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures.

In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20), pp. 1461–1480. ACM, New York (2022).

https://doi.org/10.1145/3372297.3423350

50. Paquin, C., Stebila, D., & Tamvada, G. Benchmarking Post-Quantum Cryptogra- phy in TLS. Microsoft Research & University of Waterloo. (2020).

51. Bae, J., Kim, Y., Lee, S., Park, S., Kim, D., Hong, S.: A performance evaluation of IPsec with post-quantum cryptography. In: Proceedings of the International Confer- ence on Information Security and Cryptology (ICISC 2023), pp. 210–228. Springer, Cham (2023).

https://doi.org/10.1007/978-3-031-29371-9_13

52. Kampanakis, P.: draft-kampanakis-ssh-pq-ke. [Online]. Available:

https://raw.githubusercontent.com/csosto-pk/pq-ssh/master/draft-kampanakis- ssh-pq- ke.txt. Accessed: Sept. 23, 2024.

53. Lawo, D.: Wireless and fiber-based post-quantum-cryptography-secured IPsec tun- nel.

Future Internet 16(8), 300 (2024). https://doi.org/10.3390/fi16080300

54. Mirani, D., et al.: Implementation Of The NIST Algorithm For IPsec. In: IEEE North Karnataka Subsection Flagship International Conference (NKCon), Vijaypur, India (2022).

https://doi.org/10.1109/NKCon56289.2022.10126680

(14)

55. Khalid, A., Rafferty, C., Howe, J., Brannigan, S., Liu, W., & O’Neill, M. Error samplers for lattice-based cryptography - challenges, vulnerabilities, and solutions. In 2018 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS) (pp. 503-506). IEEE. (2018).

https://doi.org/10.1109/APCCAS.2018.8605725

56. Kerimbayeva, A. (2023). Analysis of existing approaches and algorithms of post- quantum cryptography. Revue d’Intelligence Artificielle, Vol. 37, No. 3, pp. 655-664.

https://doi.org/10.18280/ria.370314

57. Chen, A. The performance analysis of post-quantum cryptography for vehicular communications. Preprint. (2022).https://doi.org/10.31224/2633

58. Yang, Y., Huang, Q., & Chen, F. Secure cloud storage based on RLWE problem. IEEE Access, 7, 27604–27614.(2019). https://doi.org/10.1109/access.2018.2887135

59. Kefas, A. Illuminating the path of post-quantum cryptographic protocols: A survey of some recent literatures. Preprint. (2023). https://doi.org/10.21203/rs.3.rs- 3549187/v1 60. Sonko, S. Quantum cryptography and U.S. digital security: A comprehensive review:

Investigating the potential of quantum technologies in creating unbreakable encryption and their future in national security. Computer Science & IT Research Journal, 5(2), 390–

414.(2024). https://doi.org/10.51594/csitrj.v5i2.790

61. Farooq, S., Altaf, A., Iqbal, F., Thompson, E., Vargas, D., Díez, I., et al. Resilience optimization of post-quantum cryptography key encapsulation algorithms. Sensors, 23(12), 5379. (2023). https://doi.org/10.3390/s23125379

62. Liu, W., Ni, Z., Ni, J., Rafferty, C., & O’Neill, M. High performance modular multiplication for SIDH. IEEE Transactions on Computer- Aided Design of Integrated

Circuits and Systems, 39(10), 3118–3122.(2020).

https://doi.org/10.1109/tcad.2019.2960330

63. Bellizia, D., Mrabet, N., Fournaris, A., Pontié, S., Regazzoni, F., Standaert, F., et al. Post- quantum cryptography: Challenges and opportunities for robust and secure HW design.

Preprint.(2021). https://doi.org/10.1109/dft52944.2021.9568301

64. Bavdekar, R., Chopde, E. J., Agrawal, A., Bhatia, A., & Tiwari, K. Post Quantum Cryptography: A Review of Techniques, Challenges and Standardizations. In 2023 International Conference on Information Networking (ICOIN) (pp. 146–151). IEEE.

(2023).https://doi.org/10.1109/ICOIN56518.2023.10048976

65. Muzikant, P., Willemson, J. Deploying Post-quantum Algorithms in Existing Applications and Embedded Devices. In: Wang, G., Wang, H., Min, G., Geor- galas, N., Meng, W.

(eds) Ubiquitous Security. UbiSec 2023. Communications in Computer and Information Science, vol 2034. Springer, Singapore. (2024). https://doi.org/10.1007/978-981-97-1274- 8_10

66. Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J., et al. CRYSTALS - Kyber: A CCA-secure module-lattice-based KEM. In 2018 IEEE European Symposium on

Security and Privacy (EuroS&P) (pp. 353-367). IEEE.

(2018).https://doi.org/10.1109/EuroSP.2018.00032.

67. Ustimenko, V., Wroblewska, A., Extremal algebraic graphs, quadratic multivariate public keys and temporal rules. In Proceedings of the 18th Conference on Com- puter Science and Intelligence Systems, ACSIS, Vol. 35, pages 1173–1178 (2023) https://doi.org/10.15439/2023F1191

68. Zhang, C., et al. Towards efficient hardware implementation of NTT for Kyber on FPGAs. In 2021 IEEE International Symposium on Circuits and Systems (ISCAS) (pp. 1–5). IEEE.

(2021).https://doi.org/10.1109/ISCAS51556.2021.9401170

69. Fedorov, A. Deploying hybrid quantum-secured infrastructure for applications: When quantum and post-quantum can work together. Frontiers in Quantum Science and Technology, 2. (2023). https://doi.org/10.3389/frqst.2023.1164428

70. Liu, Z., Pöppelmann, T., Oder, T., Seo, H., Roy, S. S., Güneysu, T., et al. High- Performance Ideal Lattice-Based Cryptography on 8-Bit AVR Microcontrollers. ACM Transactions on

Embedded Computing Systems, 16(4), Article 117. (2017).

https://doi.org/10.1145/3092951

71. Arman, R.F., Masood, F., Thabet Shamsan, A.H., Luqman, M., & Salmony, M.Y.

"Blockchain in the quantum world", International Journal of Advanced Computer

Science and Applications, vol. 13, no. 1, (2022).

https://doi.org/10.14569/IJACSA.2022.0130167

72. OpenSSL. OpenSSL Documentation. OpenSSL Software Foundation. (2024).

https://www.openssl.org/docs. Last accessed 23 Aug 2024

73. WolfSSL. Post-Quantum Cryptography in wolfSSL. WolfSSL Inc. (2024).

https://www.wolfssl.com/docs. Last accessed 23 Aug 2024

(15)

74. ARM mbedTLS.mbedTLS Documentation. (2024).

https://github.com/ARMmbed/mbedtls. Last accessed 23 Aug 2024