PQ-Lattice: A Lattice-Based Post-Quantum Authentication Protocol for Decentralized IoT Systems

Abstract

Conventional Asymmetrical RSA and ECC chord cryptosystems have the horns of a dilemma due to the advent of quantum computers. In this paper, we introduce PQ-Lattice-a decentralized lattice-based postquantum authenticated key exchange protocol for IoT. The protocol uses CRYSTALS-Kyber for key encapsulationand CRYSTALS-Dilithium for digital signatures in a blockchain empowered identity management framework providing decentralization, mutual authentication and fine grained revocation without the dependence on trusted authority. Extensive performance evaluation on an ARM Cortex-M4 device shows that PQ-Lattice has the average computation time of 32.4 ms, communication overhead of 3.5 KB andstorage cost of 44 KB, which consumes around 28 mJ for a single authentication round. This result has demonstrated the feasibility in terms of power consumption for the constrained IoT nodes compared with traditional ECC and RSA, where latency is reduced up to 45% while energy efficiency increases by 47%. Security proof under the hardness of Module-LWE is given showing resilience against classical, as well asquantum attacks (replay, impersonation and Sybil). The presented PQ-Lattice architecture is therefore an efficient (in terms of scalability, and energy consumption) quantum-resilient authentication answer tailored to the next generation IoT platform.

Author Biography

Mahmood A. Al-Shareeda, Department of Electronic Technologies, Basra Technical Institute, Southern Technical University, Basra, 61001, Iraq

Department of Electronic Technologies, Basra Technical Institute, Southern Technical University, Basra, 61001, Iraq

References

X. Mu and M. F. Antwi-Afari, “The applications

of internet of things (iot) in industrial manage-

ment: a science mapping review,” International

Journal of Production Research, vol. 62, no. 5,

pp. 1928–1952, 2024.

K. Sharma and S. K. Shivandu, “Integrating ar-

tificial intelligence and internet of things (iot)

for enhanced crop monitoring and management

in precision agriculture,” Sensors International,

vol. 5, p. 100292, 2024.

Q. A. Al-Haija and A. Droos, “A comprehensive

survey on deep learning-based intrusion detection

systems in internet of things (iot),” Expert Sys-

tems, vol. 42, no. 2, p. e13726, 2025.

S. Cherbal, A. Zier, S. Hebal, L. Louail, and

B. Annane, “Security in internet of things: a

review on approaches based on blockchain, ma-

chine learning, cryptography, and quantum com-

puting,” The Journal of Supercomputing, vol. 80,

no. 3, pp. 3738–3816, 2024.

A. E. Adeniyi, R. G. Jimoh, and J. B. Awotunde,

“A systematic review on elliptic curve cryptogra-

phy algorithm for internet of things: Categoriza-

tion, application areas, and security,” Computers

and Electrical Engineering, vol. 118, p. 109330,

Authors

  • Hayder Ali Hameed
  • Huda J. Swadi Alhamedi
  • Wurood Fadhil Abbas
  • Huda Mohammed Alsayednoor
  • Mahmood A. Al-Shareeda Department of Electronic Technologies, Basra Technical Institute, Southern Technical University, Basra, 61001, Iraq
  • Mohammed Almaayah
  • Rami Shehab

DOI:

https://doi.org/10.31449/inf.v49i35.12156

Downloads

Published

12/16/2025

How to Cite

Hameed, H. A., Swadi Alhamedi, H. J., Abbas, W. F., Alsayednoor, H. M., Al-Shareeda, M. A., Almaayah, M., & Shehab, R. (2025). PQ-Lattice: A Lattice-Based Post-Quantum Authentication Protocol for Decentralized IoT Systems. Informatica, 49(35). https://doi.org/10.31449/inf.v49i35.12156

Issue

Vol. 49 No. 35 (2025): Online-only issue

Section

Online-only

License

I assign to Informatica, An International Journal of Computing and Informatics ("Journal") the copyright in the manuscript identified above and any additional material (figures, tables, illustrations, software or other information intended for publication) submitted as part of or as a supplement to the manuscript ("Paper") in all forms and media throughout the world, in all languages, for the full term of copyright, effective when and if the article is accepted for publication. This transfer includes the right to reproduce and/or to distribute the Paper to other journals or digital libraries in electronic and online forms and systems.

I understand that I retain the rights to use the pre-prints, off-prints, accepted manuscript and published journal Paper for personal use, scholarly purposes and internal institutional use.

In certain cases, I can ask for retaining the publishing rights of the Paper. The Journal can permit or deny the request for publishing rights, to which I fully agree.

I declare that the submitted Paper is original, has been written by the stated authors and has not been published elsewhere nor is currently being considered for publication by any other journal and will not be submitted for such review while under review by this Journal.  The Paper contains no material that violates proprietary rights of any other person or entity. I have obtained written permission from copyright owners for any excerpts from copyrighted works that are included and have credited the sources in my article. I have informed the co-author(s) of the terms of this publishing agreement.


Copyright ©  Slovenian Society Informatika