Project overview

This project relates to digital vulnerabilities and post quantum resilience. Establishing the potential for an ongoing future collaborative relationship between Dr Arnab Kumar Biswas (from Centre for Secure Information Technologies) who is an expert in secure architectural solutions, and CryptoQuantique who are a leading provider of PUF based solutions for Internet-of-Things.

Specifically, the project concerns the design and implementation of a hash based post-quantum signature scheme using PUF. The aim is to use CryptoQuantique’s existing PUF solution to design a post-quantum signature scheme. The PUF being used to generate or refresh keys and TRNG-generated random numbers thereby enhancing the signature scheme.

Activities

Instead of fully focusing on the signature implementation using PUF, we started to design an authentication protocol which consists of Initialization, registration, and mutual authentication. We could not finish it within March, but significant progress was made.

We started to design a lightweight authentication protocol that remains secure against quantum computing threats by using hash-based post-quantum cryptographic signatures (SPHINCS+).

We integrated Physical Unclonable Functions (PUFs) into the authentication protocol to verify device identities uniquely and securely, ensuring that each node has a tamper-resistant hardware fingerprint.

Impact

Achieving Post-Quantum Security through Hash-Based Cryptography

One of the findings of the project is the demonstration that conventional authentication protocols, which rely on number-theoretic assumptions such as the discrete logarithm or integer factorization, are no longer secure in the presence of quantum computing. To address this, we are developing an authentication protocol utilizing SPHINCS+, a hash-based digital signature algorithm selected by NIST for post-quantum standardization. SPHINCS+ offers strong cryptographic guarantees without relying on mathematical problems known to be vulnerable to quantum algorithms.

Significance: This ensures that the system is not only secure against today's classical threats but also resilient to future quantum capable adversaries. The adoption of such post-quantum methods supports long-term data protection and aligns with global cybersecurity policy shifts toward quantum resistant standards.

Enhancing Device Trust with Physical Unclonable Functions (PUFs)

The integration of Physical Unclonable Functions introduces a major advancement in hardware-level security. PUFs provide each device with a unique and unclonable physical identity based on microscopic manufacturing variations. In the protocol, PUFs are used to generate responses to authentication challenges that cannot be reproduced, even by attackers with physical access to the device. The response is further combined with time-stamped information to prevent forgery and ensure freshness.

Significance: This approach significantly strengthens device authentication and reduces the risk of identity spoofing or tampering. Since PUFs cannot be copied or simulated, they offer a high-assurance security primitive that complements cryptographic protection, making the system robust against both physical and remote attacks.

Future work

CryptoQuantique and CSIT are working towards a partnership which will seek future grant funding to stimulate innovative research to addresses post-quantum security challenges. Seeking to grow the knowledge base in post quantum technologies it is envisaged that resulting projects will target the commercial exploitation of the technology providing future reputational, societal, and economic benefit. Apart from this, there is a plan to allow Arnab’s doctoral student to work as a summer intern next year at CryptoQuantique.

Outcomes/outputs

We have one conference paper accepted at SoCC 2025, and we are also planning to complete the protocol design and prepare an additional publication.

Presentation at the SPRITE+ 2025 Showcase: