Complexity of Post-Quantum Cryptography in Embedded Systems and Its Optimization Strategies
Omar Alnaseri, Yassine Himeur, Shadi Atalla, Wathiq Mansoor
TL;DR
The paper addresses the challenge of deploying post-quantum cryptography in embedded systems by classifying PQC algorithms into lattice-based, code-based, hash-based, and multivariate/isogeny-based families and analyzing their hardware complexity. It proposes optimization strategies—pipelining, parallelization, and high-level synthesis (HLS)—alongside algorithmic tweaks such as hybrid approaches, signature lifting, and quantum-inspired techniques, to boost throughput and energy efficiency. A detailed complexity analysis compares CRYSTALS-Kyber and McEliece, presenting operation-level costs like $O(k^2 n)$ and $O(n^3)$ for key generation, and highlights that Kyber typically offers smaller keys and lower computation, while McEliece yields smaller ciphertexts but much larger keys. Numerical results illustrate the stark differences in key and ciphertext sizes and FLOP counts across security levels, guiding deployment choices for constrained devices. Overall, the work provides a framework to balance security, performance, and memory usage for PQC in embedded contexts and points to memory and efficiency improvements as quantum threats mature.
Abstract
With the rapid advancements in quantum computing, traditional cryptographic schemes like Rivest-Shamir-Adleman (RSA) and elliptic curve cryptography (ECC) are becoming vulnerable, necessitating the development of quantum-resistant algorithms. The National Institute of Standards and Technology (NIST) has initiated a standardization process for PQC algorithms, and several candidates, including CRYSTALS-Kyber and McEliece, have reached the final stages. This paper first provides a comprehensive analysis of the hardware complexity of post-quantum cryptography (PQC) in embedded systems, categorizing PQC algorithms into families based on their underlying mathematical problems: lattice-based, code-based, hash-based and multivariate / isogeny-based schemes. Each family presents distinct computational, memory, and energy profiles, making them suitable for different use cases. To address these challenges, this paper discusses optimization strategies such as pipelining, parallelization, and high-level synthesis (HLS), which can improve the performance and energy efficiency of PQC implementations. Finally, a detailed complexity analysis of CRYSTALS-Kyber and McEliece, comparing their key generation, encryption, and decryption processes in terms of computational complexity, has been conducted.