QADR: A Scalable, Quantum-Resistant Protocol for Anonymous Data Reporting

TL;DR

QADR tackles the challenge of privacy for long-lived IoT data under Harvest Now, Decrypt Later by combining information-theoretic foundations from Quantum Key Distribution with a scalable, quantum-secure data reporting protocol. It introduces two slot-reservation modes: a high-throughput collision-based approach with a quantified leakage, and a verifiable oblivious shuffle variant for stronger anonymity, both built atop a Bulk Transfer Protocol. The security analysis formalizes sender anonymity and unlinkability, quantifies the reservation-stage leak, and presents a mitigation with provable privacy guarantees. Performance analysis shows the core data submission costs scale as $O(n^2)$, a substantial improvement over quantum-native alternatives that scale as $O(n^4)$, establishing QADR as a high-performance benchmark for future quantum-secured anonymity in large-scale IoT networks.

Abstract

The security of future large-scale IoT networks is critically threatened by the ``Harvest Now, Decrypt Later'' (HNDL) attack paradigm. Securing the massive, long-lived data streams from these systems requires protocols that are both quantum-resistant and highly scalable. Existing solutions are insufficient: post-quantum classical protocols rely on computational assumptions that may not hold for decades, while purely quantum protocols are too resource-intensive for the sheer scale of IoT. This paper introduces the Quantum Anonymous Data Reporting (QADR) protocol, a hybrid framework that provides a theoretical benchmark and high-performance architecture for this challenge, designed for future fully-connected quantum networks. The protocol achieves scalable, quantum-resistant anonymity through a hybrid security model; it leverages information-theoretically secure keys from Quantum Key Distribution (QKD) to seed a quantum-secure pseudorandom function (QS-PRF), grounding its long-term data protection in well-established computational hardness assumptions. We also propose and analyze an automated slot reservation mechanism by making a deliberate trade-off: achieving high performance by accepting a quantifiable information leak during the anonymous slot reservation phase while maintaining strong unlinkability for the final data submission. Our security analysis formally quantifies the anonymity reduction caused by the leak and discusses pathways to fully mitigate it at a significant performance cost. We prove the protocol's critical advantage as a performance benchmark: its primary communication cost scales as $O(n^2)$, a dramatic improvement over quantum-native alternatives ($O(n^4)$), establishing a high-performance goal for future quantum-secured anonymity systems.

Figures (4)

• Figure 1: System Architecture. Participants ($P_i$) establish pairwise QKD keys ($S_{ij}$) and submit masked data to the Server (SP).
• Figure 2: Simulation results showing the average number of collisions per round (top) and the probability of full resolution (bottom). A higher $\gamma$ leads to faster resolution.
• Figure 3: To determine optimal parameters, the slot reservation phase was simulated 1000 times. Our analysis identifies a slot-to-participant ratio of $\gamma=3$ as the most efficient configuration, requiring an average of $r=3$ rounds for successful resolution. These values are therefore adopted for all subsequent cost calculations.
• Figure 4: Plot comparing the resource cost scaling of APMT ($O(n^4)$) and QADR ($O(n^2)$) for N messages. Parameters: $\beta=16$, $\lambda = 256$ bits, $l_{\text{mes}} = 1024$ bits, $\gamma=3$, and an average of $r=3$ rounds

Theorems & Definitions (2)

• Definition 1: Sender Anonymity
• Definition 2: Unlinkability