Qers Achieves Universal Post-Quantum Cryptography Resilience Scoring for IoT and IIoT Systems

Researchers are increasingly focused on securing Internet of Things (IoT) and Industrial IoT (IIoT) systems against quantum-enabled attacks, but current evaluation methods often fall short by concentrating on individual performance aspects! Jonatan Rassekhnia from Lulea University of Technology, alongside his colleagues, addresses this gap with a novel framework called QERS (Quantum Encryption Resilience Score)! This innovative approach moves beyond isolated metrics, integrating cryptographic performance, system limitations and multi-criteria decision analysis to provide a holistic assessment of post-quantum cryptography (PQC) readiness across diverse environments! By combining normalised metrics, weighted aggregation and machine learning, QERS delivers interpretable resilience scores, empowering informed design choices and facilitating smoother migration planning for computer, IoT and IIoT systems , a crucial step as we prepare for a post-quantum future!

The research team achieved a universal measurement framework capable of quantifying the impact of PQC on resource-constrained devices, addressing a significant gap in current evaluation methodologies. QERS combines normalized metrics, weighted aggregation, and machine learning-assisted analysis to generate interpretable resilience scores applicable across diverse devices and communication protocols, ultimately supporting informed design and migration planning!

This work introduces a practical evaluation instrument designed to quantify the operational cost of deploying PQC in challenging environments. QERS integrates six key metrics, latency, packet reliability, CPU load, energy use, signal strength, and key size, into a unified, normalized score, providing a comprehensive assessment of PQC impact. Three complementary scoring formulas are implemented: Basic, for rapid comparisons; Tuned, for environment-specific weighting; and Fusion, which combines normalized performance and security sub-scores into a single composite indicator. The study unveils a reproducible instrument for assessing PQC readiness, enabling engineers to make data-driven decisions regarding feasibility and deployment costs at scale.
Experiments were conducted using an ESP32C6-Devkit testbed to evaluate five prominent PQC algorithms, Kyber, Dilithium, Falcon, SPHINCS+, and NTRU, under varying wireless conditions. The results demonstrate that QERS effectively exposes performance-security trade-offs often obscured by isolated benchmarks, providing a nuanced understanding of each algorithm’s suitability for different applications. This breakthrough reveals that the framework can accurately assess PQC readiness in resource-limited environments, offering a valuable tool for both researchers and practitioners. The research establishes a foundation for future work, with extended statistical validation planned as part of ongoing graduate research!

The team’s contributions include a modular scoring instrument supporting three analysis modes, a normalization and weighting methodology integrating heterogeneous metrics, and a practical implementation on ESP32 hardware. Furthermore, the empirical evaluation across diverse wireless scenarios and the creation of a reproducible, extensible framework solidify QERS as a significant advancement in PQC evaluation. The research team engineered a modular scoring instrument supporting Basic, Tuned, and Fusion modes for progressively deeper analysis of PQC algorithms! To quantify PQC impact, researchers employed a normalization and weighting methodology, integrating latency, CPU usage, signal reliability, key size, packet behaviour, and energy metrics into performance and security sub-scores!

Experiments utilized ESP32 hardware, avoiding purely simulated environments and enabling real-world testing of PQC algorithms under varying wireless scenarios. The study meticulously measured energy behaviour, Key-Bytes, CPU usage, Received Signal Strength Indicator (RSSI), and packet-level communication characteristics to provide a holistic assessment of PQC performance. The team conducted an empirical evaluation of five PQC algorithms, Kyber, Dilithium, Falcon, SPHINCS+, and NTRU, comparing their trade-offs between efficiency and security levels, as summarised in Table I! Kyber, a Key Encapsulation Mechanism (KEM) based on Module-LWE, demonstrated key sizes ranging from 800 to 1500 Bytes and ciphertext sizes from 768 to 1088 Bytes.

Dilithium, a signature scheme also leveraging Module-LWE, exhibited key sizes from 1312 to 2544 Bytes and signature sizes from 2420 to 3500 Bytes, while Falcon, another signature scheme based on NTRU lattices, showed key sizes between 897 and 1280 Bytes and signature sizes from 690 to 1024 Bytes! This work pioneers a reproducible and extensible framework designed to support future PQC testing, comparison, and migration towards quantum-resilient systems in resource-limited environments! The approach enables comparative evaluation of PQC schemes under realistic resource constraints, supporting informed design and migration planning, and the framework’s modularity facilitates the integration of new algorithms and metrics as the field evolves. Experiments utilized an ESP32C6-Devkit testbed to rigorously evaluate five PQC algorithms, Kyber, Dilithium, Falcon, SPHINCS+, and NTRU, under varying wireless conditions, revealing crucial performance-security trade-offs. The team measured latency, packet loss, CPU load, signal strength, energy use, and key size, consolidating these heterogeneous metrics into a unified, normalized score!

Results demonstrate that QERS successfully exposes performance and security trade-offs often obscured by traditional, isolated benchmarks. The framework introduces three complementary scoring formulas: Basic, for rapid comparisons; Tuned, for environment-specific weighting; and Fusion, combining normalized performance and security sub-scores into a composite indicator. Specifically, the Basic mode facilitates quick assessment of PQC impact across different communication protocols, while the Tuned mode allows for prioritization based on unique deployment needs. Data shows that the Fusion mode delivers a comprehensive readiness indicator by integrating both performance and security considerations, offering a nuanced understanding of PQC suitability.

Scientists recorded comprehensive data across all five PQC algorithms, providing a reproducible instrument for assessing PQC readiness in resource-limited environments. The ESP32-based testbed enabled practical experimentation, avoiding reliance on purely simulated environments and ensuring the relevance of findings to real-world deployments. Measurements confirm that QERS effectively integrates latency, CPU usage, signal reliability, key size, packet behavior, and energy metrics into performance and security sub-scores. This layered approach allows for progressively deeper analysis, from rapid comparisons to detailed, environment-aware evaluations.

The breakthrough delivers a modular scoring instrument supporting Basic, Tuned, and Fusion modes, enabling flexible and adaptable PQC assessment. Tests prove that QERS provides a reproducible and extensible framework designed to support future PQC testing, comparison, and migration towards quantum-resilient systems. Researchers demonstrated QERS using a testbed based on ESP32 devices, collecting continuous measurements across various PQC algorithms and wireless distances ! The results reveal performance and reliability trade-offs that are often obscured by single-metric analysis, offering valuable insights for informed design and migration planning in IoT deployments.

QERS combines normalized metrics, weighted aggregation, and machine learning to generate interpretable resilience scores, accounting for factors like latency, CPU load, signal quality, and key size. The authors acknowledge that the current work is presented as a preprint, with plans for extended statistical validation through ongoing graduate research ! A limitation is the scope of environmental indicators currently included; future work will incorporate additional real-world factors such as packet loss, temperature, and latency variance to further refine the framework’s accuracy and applicability. Extending QERS to diverse IoT platforms is also planned, aiming to establish a reproducible, explainable, and hardware-aware methodology for selecting PQC algorithms that balance security, efficiency, and operational stability in real-world IoT deployments.