A Framework for Simulating Post-Quantum Cryptography in Embedded Systems
Paper in progress »
Mauro Conti
·
Francesco Marchiori
·
Sebastiano Matarazzo
·
Marco Rubin
Table of Contents
The rapid development of quantum computers threatens traditional cryptographic schemes, prompting the need for Post-Quantum Cryptography (PQC). Although the NIST standardization process has accelerated the development of such algorithms, their application in resource-constrained environments such as embedded systems remains a challenge. Automotive systems relying on the Controller Area Network (CAN) bus for communication are particularly vulnerable due to their limited computational capabilities, high traffic, and need for real-time response. These constraints raise concerns about the feasibility and implementability of PQC in automotive environments, where legacy hardware and bitrate limitations must also be considered. In this paper, we introduce PQ-CAN, a modular framework for simulating the performance and overhead of PQC algorithms in embedded systems. We consider the automotive domain as our case study, testing a variety of PQC schemes under different scenarios. Our simulation enables the adjustment of embedded system computational capabilities and CAN bus bitrate constraints. We also provide insights into the trade-offs involved by analyzing each algorithm's security level and overhead for key encapsulation and digital signature. By evaluating the performance of these algorithms, we provide insights into their feasibility and identify the strengths and limitations of PQC in securing automotive communications in the post-quantum era.
If you haven't already downloaded the submodules, run
git submodule update --inithqc: HQC comes from the 4th round sumbission.mceliece: Classic McEliece comes from the 4th round submission.falcon: FALCON comes from the 3rd round submission.sphincs+: SPHINCS+ comes from the 3rd round submission.
The KAT directories have been removed, as they are not used in this project.
Build the Docker image from the root of the repository with
docker build -t pq-can .A Docker Compose file is provided. If you need to limit the CPU time of a container with respect to a clock frequency of 1.3 GHz, run
sh make_compose.sh <freq in MHz>
Note: if you do not need to prepare your processor to run at a specific frequency, comment the last lines in setup.sh.
After having run docker compose up, set up the network and the clock frequency with
sh setup.sh <CAN bus bit rate>The CAN bus bit rate is set by tc of the iproute2 suite. For the admissible values of <CAN bus bit rate>, see "Rates" in the "Parameters" section of tc(8).
The steps above are done by run_tests.sh. Run the tests with
sh run_tests.sh <ID of this test run> <number of test iterations>Results will be saved in the tests directory.