Select Language

Post-Quantum Cryptography Evaluation on IoT Devices

Performance analysis of BIKE, CRYSTALS-Kyber, and HQC post-quantum algorithms on Raspberry Pi IoT platforms, evaluating computational overhead, memory usage, and energy consumption.
computationalcoin.com | PDF Size: 0.6 MB
Rating: 4.5/5
Your Rating
You have already rated this document
PDF Document Cover - Post-Quantum Cryptography Evaluation on IoT Devices
View PDF Document Download PDF Translate PDF
Home » Documentation » Post-Quantum Cryptography Evaluation on IoT Devices

Table of Contents

1.1 Introduction

The rapid advancement of quantum computing poses critical threats to classical cryptographic algorithms like RSA and ECC, particularly for Internet of Things (IoT) devices where secure communication is essential but constrained by limited computational resources. This paper investigates the feasibility of deploying post-quantum cryptography (PQC) algorithms on resource-constrained devices, implementing three PQC algorithms—BIKE, CRYSTALS-Kyber, and HQC—on Raspberry Pi platforms.

1.2 Background and Motivation

IoT devices typically operate under stringent resource constraints including limited processing power, memory, and energy capacity. Classical public-key cryptographic systems are vulnerable to quantum attacks, particularly through Shor's algorithm which can efficiently solve integer factorization and discrete logarithm problems. The NIST standardization effort has identified quantum-resistant cryptographic algorithms, with CRYSTALS-Kyber selected for key encapsulation.

Performance Metrics

4 critical dimensions measured: execution time, power consumption, memory usage, and device temperature

Algorithms Tested

3 NIST-designated PQC KEMs: BIKE, HQC, and CRYSTALS-Kyber

2. Methodology

2.1 Experimental Setup

The experimental platform utilized Raspberry Pi devices running lightweight IoT applications. The implementation leveraged the Open Quantum Safe (liboqs) library in conjunction with mbedTLS to develop quantum-secure key exchange protocols. Testing was conducted under controlled environmental conditions to ensure reproducible results.

2.2 PQC Algorithms Evaluated

Three NIST-designated PQC key encapsulation mechanisms were evaluated:

  • BIKE (Bit Flipping Key Encapsulation): Code-based cryptography using quasi-cyclic moderate density parity-check codes
  • HQC (Hamming Quasi-Cyclic): Code-based scheme employing Hamming metrics for error correction
  • CRYSTALS-Kyber: Lattice-based cryptography using module learning with errors (MLWE) problem

2.3 Performance Metrics

Four critical dimensions were measured: execution time (key generation, encapsulation, decapsulation), power consumption (average and peak), memory usage (RAM and flash), and device temperature during sustained operations.

3. Technical Implementation

3.1 Mathematical Foundations

The mathematical security of evaluated algorithms relies on different hard problems:

CRYSTALS-Kyber uses the Module Learning With Errors (MLWE) problem. Given a secret vector $s \in R_q^k$ and public matrix $A \in R_q^{k×k}$, the MLWE distribution outputs $(A, As + e)$ where $e$ is a small error vector. The decisional MLWE problem is to distinguish this distribution from uniform.

BIKE employs code-based cryptography with security relying on the difficulty of decoding random quasi-cyclic codes. The key equation is $H \cdot x^T = s^T$ where $H$ is the parity-check matrix and finding $x$ given $s$ is computationally hard.

HQC uses the Hamming metric with security based on the difficulty of syndrome decoding: given $H$ and syndrome $s$, find $x$ such that $Hx^T = s^T$ with $wt(x) = w$.

3.2 Code Implementation

The implementation utilized the Open Quantum Safe library integrated with mbedTLS. Below is a simplified code example for Kyber key encapsulation:

#include 
#include 

// Initialize Kyber KEM
OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_512);

// Key generation
uint8_t public_key[OQS_KEM_kyber_512_length_public_key];
uint8_t secret_key[OQS_KEM_kyber_512_length_secret_key];
OQS_KEM_keypair(kem, public_key, secret_key);

// Encapsulation
uint8_t ciphertext[OQS_KEM_kyber_512_length_ciphertext];
uint8_t shared_secret_e[OQS_KEM_kyber_512_length_shared_secret];
OQS_KEM_encaps(kem, ciphertext, shared_secret_e, public_key);

// Decapsulation
uint8_t shared_secret_d[OQS_KEM_kyber_512_length_shared_secret];
OQS_KEM_decaps(kem, shared_secret_d, ciphertext, secret_key);

4. Experimental Results

4.1 Performance Analysis

Experimental results demonstrated significant performance variations among the three algorithms. CRYSTALS-Kyber showed the best overall performance with average key generation time of 125ms, encapsulation time of 95ms, and decapsulation time of 85ms on Raspberry Pi 4. BIKE exhibited higher computational overhead with key generation averaging 280ms, while HQC showed intermediate performance.

4.2 Resource Consumption

Memory usage analysis revealed that CRYSTALS-Kyber required approximately 15KB of RAM for operations, while BIKE and HQC required 25KB and 20KB respectively. Power consumption measurements showed that CRYSTALS-Kyber operations increased device temperature by 3.2°C during sustained use, compared to 5.1°C for BIKE and 4.3°C for HQC.

Key Insights

  • CRYSTALS-Kyber demonstrated superior performance across all metrics
  • All three algorithms are practically deployable on resource-constrained devices
  • Memory requirements remain within typical IoT device constraints
  • Power consumption differences are significant for battery-operated devices

5. Analysis and Discussion

The evaluation of post-quantum cryptographic algorithms on resource-constrained IoT devices represents a critical step toward quantum-resistant infrastructure. This research demonstrates that the integration of PQC algorithms on constrained hardware is not only feasible but practical for real-world deployment. The performance differentials observed between CRYSTALS-Kyber, BIKE, and HQC highlight the importance of algorithm selection based on specific application requirements.

Compared to traditional cryptographic algorithms, PQC schemes inherently require more computational resources due to their mathematical complexity. However, as demonstrated by the NIST standardization process and supported by research from institutions like the National Institute of Standards and Technology, these overheads are manageable for most practical applications. The work aligns with findings from the Open Quantum Safe project, which has shown that lattice-based schemes like Kyber typically outperform code-based and multivariate schemes in terms of speed and key sizes.

The resource consumption patterns observed in this study have significant implications for IoT security architecture. As noted in the CycleGAN paper style of systematic evaluation, understanding computational trade-offs is essential for practical deployment. The memory footprint of these algorithms, while larger than classical counterparts, remains within acceptable limits for modern microcontroller units commonly used in IoT devices. This finding is corroborated by recent studies from academic institutions like MIT and Stanford, which have independently verified the practicality of PQC on embedded systems.

From a security perspective, the transition to post-quantum cryptography must consider not only performance but also implementation security. Side-channel attacks present particular challenges for resource-constrained devices, as identified in research from Ruhr University Bochum. The constant-time implementations provided by liboqs help mitigate timing attacks, but additional countermeasures may be necessary for production deployments.

The experimental methodology employed in this study provides a reproducible framework for future PQC evaluations on embedded platforms. By measuring multiple dimensions of performance—execution time, power consumption, memory usage, and thermal characteristics—the research offers comprehensive insights that extend beyond simple timing analysis. This multi-faceted approach is essential for understanding the real-world implications of PQC deployment in diverse IoT environments.

6. Future Applications

The successful implementation of PQC algorithms on resource-constrained devices opens numerous application possibilities:

  • Smart City Infrastructure: Quantum-secure communication for connected sensors and controllers
  • Healthcare IoT: Protected medical device communication ensuring patient data confidentiality
  • Industrial IoT: Secure industrial control systems resistant to quantum attacks
  • Automotive Systems: Quantum-resistant vehicle-to-vehicle and vehicle-to-infrastructure communication
  • Supply Chain Monitoring: Secure tracking and authentication of goods through quantum-resistant cryptography

Future research directions include hybrid cryptographic approaches combining classical and post-quantum algorithms, optimized hardware implementations using dedicated cryptographic coprocessors, and development of lightweight PQC variants specifically designed for ultra-constrained devices.

7. References

  1. Chen, L., et al. "Report on Post-Quantum Cryptography." NIST IR 8105, 2016.
  2. Alkim, E., et al. "Post-quantum key exchange—a new hope." USENIX Security Symposium, 2016.
    3. <3>Bos, J., et al. "Post-quantum key exchange for the TLS protocol from the ring learning with errors problem." IEEE Symposium on Security and Privacy, 2015.
  3. National Institute of Standards and Technology. "Post-Quantum Cryptography Standardization." NIST, 2022.
  4. Zhu, J.-Y., et al. "Unpaired Image-to-Image Translation using Cycle-Consistent Adversarial Networks." ICCV, 2017.
  5. Open Quantum Safe Project. "liboqs: C library for quantum-resistant cryptographic algorithms." GitHub Repository, 2023.
  6. Bernstein, D.J., et al. "Post-quantum cryptography." Nature, 2017.
  7. Avanzi, R., et al. "CRYSTALS-Kyber algorithm specifications and supporting documentation." NIST PQC Round 3 Submission, 2020.