Mobile Energy Requirements of the Upcoming NIST Post-Quantum Cryptography Standards
This addresses the challenge of implementing post-quantum cryptography on resource-constrained mobile and IoT systems, providing practical metrics and guidelines, though it is incremental as it builds on existing standardization efforts.
The study analyzed the energy requirements of NIST post-quantum cryptography candidates on a mobile platform, finding that computational and data transmission costs vary by orders of magnitude, impacting battery life and protocol design, with structured-lattice schemes recommended for cloud-connected mobile devices.
Standardization of Post-Quantum Cryptography (PQC) was started by NIST in 2016 and has proceeded to its second elimination round. The upcoming standards are intended to replace (or supplement) current RSA and Elliptic Curve Cryptography (ECC) on all targets, including lightweight, embedded, and mobile systems. We present an energy requirement analysis based on extensive measurements of PQC candidate algorithms on a Cortex M4 - based reference platform. We relate computational (energy) costs of PQC algorithms to their data transmission costs which are expected to increase with new types of public keys and ciphertext messages. The energy, bandwidth, and latency needs of PQC algorithms span several orders of magnitude, which is substantial enough to impact battery life, user experience, and application protocol design. We propose metrics and guidelines for PQC algorithm usage in IoT and mobile systems based on our findings. Our evidence supports the view that fast structured-lattice PQC schemes are the preferred choice for cloud-connected mobile devices in most use cases, even when per-bit data transmission energy cost is relatively high.