skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


This content will become publicly available on June 1, 2027

Title: Post-Quantum Cryptography for Integrated Space-Aerial-Terrestrial Networks: Current State, Challenges and Trends
Emerging satellite networks integrated with terrestrial and aerial systems form a key part of next-generation infrastructures supporting the Internet of Everything (IoE). This chapter outlines the current status of PQC-based authentication in integrated Space-Aerial-Terrestrial Networks (SATIN), highlighting the technical challenges in achieving quantum-resilient security within constrained and complex environments. While quantum computing necessitates migration to post-quantum cryptography (PQC), existing standards often demand resources that are unsuited for SATIN’s limited hardware and fragile links. We analyze leading NIST PQC signature and key encapsulation schemes in the SATIN context, evaluating trade-offs in computational cost, signature size, and protocol compatibility. Emerging directions, including broader algorithm evaluations, advanced protocol integrations (e.g., EMSS and NIST-PQC with terrestrial backbone, PQ group key management), and some alternative PQ technologies are discussed. Addressing these challenges requires advanced simulation and experimental frameworks to enable scalable, practical, and quantum-resilient secure communications in future integrated networks.  more » « less
Award ID(s):
2444615
PAR ID:
10653273
Author(s) / Creator(s):
;
Editor(s):
Lenders, V; Blezinger, E; Jang-Jaccard; J; Mulder, V; Mermoud, A
Publisher / Repository:
Springer Cham
Date Published:
Subject(s) / Keyword(s):
Satellite Networks post-quantum cryptography network security
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, ACM Transactions on Multimedia Computing, Communications, and Applications)
    Digital Twins (DT) virtually model cyber-physical objects via sensory inputs by simulating or monitoring their behavior. Therefore, DTs usually harbor vast quantities of Internet of Things (IoT) components (e.g., sensors) that gather, process, and offload sensitive information (e.g., healthcare) to the cloud. It is imperative to ensure the trustworthiness of such sensitive information with long-term and compromise-resilient security guarantees. Digital signatures provide scalable authentication and integrity with non-repudiation and are vital tools for DTs. Post-quantum cryptography (PQC) and forward-secure signatures are two fundamental tools to offer long-term security and breach resiliency. However, NIST-PQC signature standards are exorbitantly costly for embedded DT components and are infeasible when forward-security is also considered. Moreover, NIST-PQC signatures do not admit aggregation, which is a highly desirable feature to mitigate the heavy storage and transmission burden in DTs. Finally, NIST recommends hybrid PQ solutions to enable cryptographic agility and transitional security. Yet, there is a significant gap in the state of the art in the achievement of all these advanced features simultaneously. Therefore, there is a significant need for lightweight digital signatures that offer compromise resiliency and compactness while permitting transitional security into the PQ era for DTs. We create a series of highly lightweight digital signatures called Hardware-ASisted Efficient Signature (HASES) that meets the above requirements. The core ofHASES is a hardware-assisted cryptographic commitment construct oracle (CCO) that permits verifiers to obtain expensive commitments without signer interaction. We created threeHASES schemes:PQ-HASES is a forward-secure PQ signature,LA-HASES is an efficient aggregate Elliptic-Curve signature, andHY-HASES is a novel hybrid scheme that combinesPQ-HASES andLA-HASES with novel strong nesting and sequential aggregation.HASES does not require a secure-hardware on the signer. We prove thatHASES schemes are secure and implemented them on commodity hardware and and 8-bit AVR ATmega2560. Our experiments confirm thatPQ-HASES andLA-HASES are two magnitudes of times more signer efficient than their PQ and conventional-secure counterparts, respectively.HY-HASES outperforms NIST PQC and conventional signature combinations, offering a standard-compliant transitional solution for emerging DTs. We open-sourceHASES schemes for public-testing and adaptation. 
    more » « less
  2. ; ; (, IEEE Access)
    The rapid proliferation of resource-constrained IoT devices across sectors like healthcare, industrial automation, and finance introduces major security challenges. Traditional digital signatures, though foundational for authentication, are often infeasible for low-end devices with limited computational, memory, and energy resources. Also, the rise of quantum computing necessitates post-quantum (PQ) secure alternatives. However, NIST-standardized PQ signatures impose substantial overhead, limiting their practicality in energy-sensitive applications such as wearables, where signer-side efficiency is critical. To address these challenges, we present LightQSign (LiteQS), a novel lightweight PQ signature that achieves near-optimal signature generation efficiency with only a small, constant number of hash operations per signing. Its core innovation enables verifiers to obtain one-time hash-based public keys without interacting with signers or third parties through secure computation. We formally prove the security of LiteQS in the random oracle model and evaluate its performance on commodity hardware and a resource-constrained 8-bit AtMega128A1 microcontroller. Experimental results show that LiteQS outperforms NIST PQ standards with lower computational overhead, minimal memory usage, and compact signatures. On an 8-bit microcontroller, it achieves up to 1.5–24×higher energy efficiency and 1.7–22×shorter signatures than PQ counterparts, and 56–76×better energy efficiency than conventional standards–enabling longer device lifespans and scalable, quantum-resilient authentication. 
    more » « less
  3. ; ; ; (, Network and Distributed System Security Symposium (NDSS 2024))
    We tackle the atypical challenge of supporting postquantum cryptography (PQC) and its significant overhead in safety-critical vehicle-to-vehicle (V2V) communications, dealing with strict overhead and latency restrictions within the limited radio spectrum for V2V. For example, we show that the current use of spectrum to support signature verification in V2V makes it nearly impossible to adopt PQC. Accordingly, we propose a scheduling technique for message signing certificate transmissions (which we find are currently up to 93% redundant) that learns to adaptively reduce the use of radio spectrum. In combination, we design the first integration of PQC and V2V, which satisfies the above stringent constraints given the available spectrum. Specifically, we analyze the three PQ signature algorithms selected for standardization by NIST, as well as XMSS (RFC 8391), and propose a Partially Hybrid authentication protocol—a tailored fusion of classical cryptography and PQC—for use in the V2V ecosystem during the nascent transition period we outline towards fully PQ V2V. Our provably secure protocol efficiently balances security and performance, as demonstrated experimentally with software-defined radios (USRPs), commercial V2V devices, and road traffic and V2V simulators. We show our joint transmission scheduling optimization and Partially Hybrid design are scalable and reliable under realistic conditions, adding a negligible average delay (0.39 ms per message) against the current state-of-the-art. 
    more » « less
  4. ; ; (, 2021 International Conference on Field-Programmable Technology (ICFPT))
    Many currently deployed public-key cryptosystems are based on the difficulty of the discrete logarithm and integer factorization problems. However, given an adequately sized quantum computer, these problems can be solved in polynomial time as a function of the key size. Due to the future threat of quantum computing to current cryptographic standards, alternative algorithms that remain secure under quantum computing are being evaluated for future use. One such algorithm is CRYSTALS-Dilithium, a lattice-based digital signature scheme, which is a finalist in the NIST Post Quantum Cryptography (PQC) competition. As a part of this evaluation, high-performance implementations of these algorithms must be investigated. This work presents a high-performance implementation of CRYSTALS-Dilithium targeting FPGAs. In particular, we present a design that achieves the best latency for an FPGA implementation to date. We also compare our results with the most-relevant previous work on hardware implementations of NIST Round 3 post-quantum digital signature candidates. 
    more » « less
  5. ; ; ; (, IACR Transactions on Cryptographic Hardware and Embedded Systems)
    This work presents the first hardware realisation of the Syndrome-Decodingin-the-Head (SDitH) signature scheme, which is a candidate in the NIST PQC process for standardising post-quantum secure digital signature schemes. SDitH’s hardness is based on conservative code-based assumptions, and it uses the Multi-Party-Computation-in-the-Head (MPCitH) construction. This is the first hardware design of a code-based signature scheme based on traditional decoding problems and only the second for MPCitH constructions, after Picnic. This work presents optimised designs to achieve the best area efficiency, which we evaluate using the Time-Area Product (TAP) metric. This work also proposes a novel hardware architecture by dividing the signature generation algorithm into two phases, namely offline and online phases for optimising the overall clock cycle count. The hardware designs for key generation, signature generation, and signature verification are parameterised for all SDitH parameters, including the NIST security levels, both syndrome decoding base fields (GF256 and GF251), and thus conforms to the SDitH specifications. The hardware design further supports secret share splitting, and the hypercube optimisation which can be applied in this and multiple other NIST PQC candidates. The results of this work result in a hardware design with a drastic reducing in clock cycles compared to the optimised AVX2 software implementation, in the range of 2-4x for most operations. Our key generation outperforms software drastically, giving a 11-17x reduction in runtime, despite the significantly faster clock speed. On Artix 7 FPGAs we can perform key generation in 55.1 Kcycles, signature generation in 6.7 Mcycles, and signature verification in 8.6 Mcycles for NIST L1 parameters, which increase for GF251, and for L3 and L5 parameters. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email