Yihong Zhu,Wenping Zhu,Yi Ouyang,Junwen Sun,Min Zhu,Qi Zhao,Jinjiang Yang,Chen Chen,Qichao Tao,Guang Yang,Aoyang Zhang,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/ISSCC49657.2024.10454332

2024-01-01

Abstract:The migration towards post-quantum cryptography (PQC) is in progress to secure communications and transactions against the impending quantum threat, while three key-encapsulation mechanisms (KEM) and one digital signature (DS) scheme are being standardized by NIST [1]. This multi-year migration poses serious challenges to PQC implementations for compatibility and performance requirements in various scenarios and settings: 1) Performance limitations caused by diverse computation patterns and relatively higher computation costs. 2) Crypto-agility resulting from different mathematical problems, various security parameters, or even different standardization bodies. 3.) Domain-specific optimization to address the long-term security of the evolving algorithm families. However, most existing PQC accelerators [2, 3, 5] were only customized for specific algorithms based on unique mathematical problems. The latest configurable PQC processor [4] did not support Falcon and Sphincs+, which are being drafted for standardization. To address this issue, a versatile PQC processor fabricated in 28nm is presented with three key features: 1) task-clustering-based architecture for scalable processing with aggressive parallelism; 2) region-based task-path (TP) with dynamic update for agile cryptographic computing; 3) efficient PQC task-operators (TO), including hash/sample, format, floating-point/complex, encoding/decoding operators, for further improvements on throughput and energy-efficiency. Based on these contributions, the proposed chip supports all predominant schemes in NIST’s PQC standardization, while still delivering 44.6% and 10.3% improvements in the throughput and energy-delay product (EDP), respectively, relative to a state-of-the-art design [4].

Yihong Zhu,Wenping Zhu,Yi Ouyang,Junwen Sun,Qi Zhao,Min Zhu,Jinjiang Yang,Chen,Qichao Tao,Hanning Wang,Guang Yang,Shaojun Wei,Aoyang Zhang,Leibo Liu

DOI: https://doi.org/10.1109/jssc.2024.3476949

IF: 5.4

2024-01-01

IEEE Journal of Solid-State Circuits

Abstract:Post-quantum cryptography (PQC) is currently being standardized to replace the existing public-key cryptography for data security in the era of quantum computing. PQC algorithms exhibit considerable diversity in their underlying mathematical problems, storage requirements, and computational patterns, thus complicating unified PQC architecture design. To address this issue, a unified PQC domain-specific accelerator (DSA), post-quantum processing unit (PQPU), is proposed to address the trade-off between performance and flexibility at the algorithm, architecture, and circuit levels. First, a task-clustering-based framework is proposed to enable task-level parallel execution by utilizing the inherent parallelism and common functions across different PQC algorithms. Second, a region-based dynamically updated task path (TP) is constructed to facilitate automatic task-dependency management, with agile control flow and minimized overheads. Finally, algorithm-hardware co-optimizations are proposed in each task cluster to improve throughput and energy efficiency. Fabricated in a 28-nm process, PQPU has energy efficiency and throughput of 4.4 mu J/Op and 69.4 kOPS. The energy-delay product (EDP) and throughput achieved are 19.3% and 44.6% compared to the state-of-the-art design, respectively. To the best of our knowledge, PQPU is the first silicon-proven PQC accelerator that supports all valid schemes in NIST PQC standardization.

Yihong Zhu,Wenping Zhu,Chongyang Li,Min Zhu,Chenchen Deng,Chen Chen,Shuying Yin,Shouyi Yin,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.1109/jssc.2022.3216758

2022-12-31

Abstract:Post-quantum cryptography (PQC) is investigated to replace the classical public cryptography algorithms, which would be completely broken by large-scale quantum computers. However, current PQC schemes have completely different mathematical foundations and parameter sets, which makes the implementation of unified PQC processor extremely challenging. To address this issue, an agile PQC processor, RePQC, is proposed in this work to support schemes on multiple mathematical problems. First, the hierarchical calculation framework, ranging from algorithm level, task level, and coefficient level, is proposed to achieve desirable flexibility and energy efficiency. Second, a hybrid processing element array is built to support arithmetic and logical operations simultaneously, while algorithm-hardware co-design is utilized in task-level schedulers to further improve the algorithm-oriented energy efficiency. Finally, parallelism exploration and algorithm-level computation transformation is further utilized to optimize the configuration on RePQC for higher throughput. Fabricated in a 28-nm process, RePQC achieves the energy efficiency of 3.4 uJ/Op and the throughput of 48 kOPS, which is and higher than the state-of-the-art work, respectively. To the best of our knowledge, RePQC is the first silicon-proven PQC processor for different mathematical problems.

engineering, electrical & electronic

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li

DOI: https://doi.org/10.1109/cicc60959.2024.10528999

2024-01-01

Abstract:The migration to post-quantum cryptography (PQC) is accelerating with the release of three drafts of the 2023 PQC federal information processing standard (FIPS), of which Kyber is the only officially selected key encapsulation mechanism (KEM) as Figure 1. However, the migration from traditional cryptography to PQC still faces the following three challenges: 1) The significant increase in key size and encryption/decryption latency leads to performance degradation and resource overhead in existing information devices. Moreover, unauthorized access also raises privacy concerns. 2) More complex calculations and scheduling, as well as potential efficiency issues. 3) The risk of side channel attack (SCA) and the improvement of protection requirements faced by PQC hardware.

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/A-SSCC58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/a-sscc58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Aobo Li,Jiahao Lu,Dongsheng Liu,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang,Xiang Li

DOI: https://doi.org/10.1109/esserc62670.2024.10719541

2024-01-01

Abstract:Due to the existence of store-now-decrypt-later attack strategies, the world urgently needs alternative postquantum cryptographic (PQC) solutions. The lattice-based PQC algorithm CRYSTALS-KYBER (Kyber) is widely recognized as a standardization for its good performance and security. We propose a compact and efficient Kyber processor architecture for resource-constrained edge computing. Lightweight SHA-3 with half-fold keccak and samplers provide high-quality discrete distribution coefficient generation with energy-saving features. Modular arithmetic elements are configured as variable structures for different types of fast polynomial computations. The proposed architecture is fabricated under 40 nm process, and ASIC results show that the processor occupies $0.34 \mathrm{~mm}^{2}$ and 253 k equivalent gates with minimum 7 KB memory and the lowest power $273 \mu \mathrm{~W}$. Compared to similar works, we reduce the power by $50 \%$, improve the $6.1 \times$ energy optimization, $8 \times$ area and achieve state-of-the-art in energy efficiency.

Archisman Ghosh,Jose Maria Bermudo Mera,Angshuman Karmakar,Debayan Das,Santosh Ghosh,Ingrid Verbauwhede,Shreyas Sen

2023-05-18

Abstract:The hard mathematical problems that assure the security of our current public-key cryptography (RSA, ECC) are broken if and when a quantum computer appears rendering them ineffective for use in the quantum era. Lattice based cryptography is a novel approach to public key cryptography, of which the mathematical investigation (so far) resists attacks from quantum computers. By choosing a module learning with errors (MLWE) algorithm as the next standard, National Institute of Standard & Technology (NIST) follows this approach. The multiplication of polynomials is the central bottleneck in the computation of lattice based cryptography. Because public key cryptography is mostly used to establish common secret keys, focus is on compact area, power and energy budget and to a lesser extent on throughput or latency. While most other work focuses on optimizing number theoretic transform (NTT) based multiplications, in this paper we highly optimize a Toom-Cook based multiplier. We demonstrate that a memory-efficient striding Toom-Cook with lazy interpolation, results in a highly compact, low power implementation, which on top enables a very regular memory access scheme. To demonstrate the efficiency, we integrate this multiplier into a Saber post-quantum accelerator, one of the four NIST finalists. Algorithmic innovation to reduce active memory, timely clock gating and shift-add multiplier has helped to achieve 38% less power than state-of-the art PQC core, 4x less memory, 36.8% reduction in multiplier energy and 118x reduction in active power with respect to state-of-the-art Saber accelerator (not silicon verified). This accelerator consumes 0.158mm2 active area which is lowest reported till date despite process disadvantages of the state-of-the-art designs.

Cryptography and Security

Aobo Li,Dongsheng Liu,Xiang Li,Tianze Huang,Shuo Yang,Jiahao Lu,Ang Hu

DOI: https://doi.org/10.1109/a-sscc56115.2022.9980779

2022-01-01

Abstract:Post-quantum cryptography (PQC) uses novel difficult mathematical principles to defend the cracking of quantum computers which threaten the traditional crypto system such as Rivest–Shamir– Adleman (RSA) and elliptic curves cryptography (ECC). The lattice-based PQC schemes are currently the most potential candidates. The software methods of these schemes are usually low speed, and optimized dedicated hardware design can accelerate the algorithms. Saber and Kyber are two PQC algorithms which are based on difficult lattice problems of “Module Learning with Rounding” (M-LWR) and “Module Learning with Errors” (M-LWE). They have different modulus computing domains, which are $2 ^{13}$ and prime 3329 respectively. These characteristics lead to complicated solution and slow operation of conventional implementation, which is not conducive to resource efficiency and flexibility. In this work, we proposed a reconfigurable arithmetic unit with variable modulus domains, and combined with custom instruction-set architecture to design a flexible crypto processor for M-LWR and M-LWE. The work achieved the flexible implementation of variable parameters and instruction programming under the strategy of resource efficiency and performance trade-off, and verified on the FPGA platform.

Aobo Li,Dongsheng Liu,Cong Zhang,Xiang Li,Shuo Yang,Xingjie Liu,Jiahao Lu,Xuecheng Zou,Ang Hu,Tianming Ni

DOI: https://doi.org/10.1109/tii.2022.3195743

IF: 12.3

2022-12-17

IEEE Transactions on Industrial Informatics

Abstract:Progress of quantum computing technology seriously threaten the industrial information security based on traditional public-key cryptosystem. Thus, the cryptosystem with anti-quantum attack characteristics is gradually becoming a significant research in the security field. In this article, a flexible and high-performance secure coprocessor is designed for security in industrial processes, which can execute the post-quantum cryptographic algorithm Saber efficiently. Custom instruction set and arithmetic accelerators are proposed to effectively optimize the flexibility of system architecture, and improve the performance of calculation. The hardware implementation results show that the maximum operating frequency of the coprocessor can reach 345 MHz. Compared with related state-of-the-art works, it achieves the highest operating frequency on the same Xilinx UltraScale+ FPGA platform, performing the encryption and decryption operations within 13.5 and 15.4 μs, respectively. Meanwhile, this article achieves 1.7/3.1/5.9× area-time product improvements in look-up table flip-flop block memory storage with good flexibility.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jihye Lee,Whijin Kim,Ji-Hoon Kim

DOI: https://doi.org/10.3390/s23239408

IF: 3.9

2023-11-25

Sensors

Abstract:The advancement of quantum computing threatens the security of conventional public-key cryptosystems. Post-quantum cryptography (PQC) was introduced to ensure data confidentiality in communication channels, and various algorithms are being developed. The National Institute of Standards and Technology (NIST) has initiated PQC standardization, and the selected algorithms for standardization and round 4 candidates were announced in 2022. Due to the large memory footprint and highly repetitive operations, there have been numerous attempts to accelerate PQC on both hardware and software. This paper introduces the RISC-V instruction set extension for NIST PQC standard algorithms and round 4 candidates. The proposed programmable crypto-processor can support a wide range of PQC algorithms with the extended RISC-V instruction set and demonstrates significant reductions in code size, the number of executed instructions, and execution cycle counts of target operations in PQC algorithms of up to 79%, 92%, and 87%, respectively, compared to RV64IM with optimization level 3 (-O3) in the GNU toolchain.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shuai Wang,Jun Han,Yang Li,Yifan Bo,Xiaoyang Zeng

DOI: https://doi.org/10.1109/CICC.2013.6658438

2013-01-01

Abstract:The wireless access point (AP) devices of the next generation demand low-latency, high-security, and flexible authentication and authorization for heterogeneous clients. This makes it necessary to implement the high-complexity public-key ciphers efficiently on programmable processors. Therefore, this paper presents a quad-core processor that accelerates public-key computations by enabling high-speed parallel task processing. A test chip (1.925x3 um(2)) of the proposed processor is implemented in 65nm process. This chip is superior to the powerful platforms like Nvidia GPU and AMD Opteron workstation with regard to the performance: 0.13ms for the decryption of RSA-1024 and 0.095ms for the scalar multiplication of ECC-256 in F-p.

Shuo Yang,Dongsheng Liu,Ang Hu,Aobo Li,Jiaming Zhang,Xiang Li,Jiahao Lu,Changwen Mo

DOI: https://doi.org/10.1109/asianhost56390.2022.10022178

2022-01-01

Abstract:Post-quantum cryptography (PQC) is proposed to resist the attack of quantum computer. Among various PQC schemes, lattice-based cryptography depended on learning with errors (LWE) problem has attracted much attention. As one of the lattice-based PQC schemes, number theory research unit (NTRU) algorithm is flexible, simple and fast. In this paper, we propose a high-performance cryptographic processor towards NTRU. In the processor, we optimize instruction set architecture, which also saves memories. Three-level Karatsuba method is utilized to accelerate polynomial multiplication, and the computing time is reduced by 10x. Fixed and custom instructions are used to control the whole data path, with flexibility and high efficiency. Compared to other FPGA implementations, the results show this design performs the highest operating frequency of 200MHz, only consumes 28k look-up tables (LUTs). Besides, it has the shortest time of encryption, decryption and the best area-time product (ATP), which is 1.4x better than state-of-the-art work.

He Li,Yongming Tang,Zhiqiang Que,Jiliang Zhang

DOI: https://doi.org/10.1109/tnano.2022.3217802

2022-01-01

IEEE Transactions on Nanotechnology

Abstract:Recent advancement in quantum information processing technology has led to the emergence of advanced cryptography in the post-quantum era. Next generation cryptographic techniques aim to be mathematically resistant against any known attacks related to quantum computing, and can be easily implemented on traditional hardware platforms. The National Institutes of Standards and Technology (NIST) has entered the fourth-round standardization process of post-quantum cryptography (PQC). Software implementations of PQC candidates have been widely investigated. Interests in domain-specific hardware acceleration of PQC algorithms have risen, in particular using field-programmable gate arrays (FPGAs). While conventional general-purpose hardware platforms have been used for PQC implementations, modern FPGAs promise software-hardware co-optimisation, deep pipeline parallelism and trivial support for custom-precision arithmetic. Therefore, the time is ripe for reviewing recent FPGA-based PQC implementations. This article first surveys state-of-the-art advances in PQC implementations on FPGAs, including fast arithmetic, algorithm-hardware codesign approaches and open-source PQC hardware projects, then gives a brief review of recent attacks on PQC algorithms and their hardware implementations. Finally, we summarise the challenges for hardware implementations along with potential research directions in this promising field.

Tim Fritzmann,Michiel Van Beirendonck,Debapriya Basu Roy,Patrick Karl,Thomas Schamberger,Ingrid Verbauwhede,Georg Sigl

DOI: https://doi.org/10.46586/tches.v2022.i1.414-460

2021-11-19

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Side-channel attacks can break mathematically secure cryptographic systems leading to a major concern in applied cryptography. While the cryptanalysis and security evaluation of Post-Quantum Cryptography (PQC) have already received an increasing research effort, a cost analysis of efficient side-channel countermeasures is still lacking. In this work, we propose a masked HW/SW codesign of the NIST PQC finalists Kyber and Saber, suitable for their different characteristics. Among others, we present a novel masked ciphertext compression algorithm for non-power-of-two moduli. To accelerate linear performance bottlenecks, we developed a generic Number Theoretic Transform (NTT) multiplier, which, in contrast to previously published accelerators, is also efficient and suitable for schemes not based on NTT. For the critical non-linear operations, masked HW accelerators were developed, allowing a secure execution using RISC-V instruction set extensions. With the proposed design, we achieved a cycle count of K:214k/E:298k/D:313k for Kyber and K:233k/E:312k/D:351k for Saber with NIST Level III parameter sets. For the same parameter sets, the masking overhead for the first-order secure decapsulation operation including randomness generation is a factor of 4.48 for Kyber (D:1403k)and 2.60 for Saber (D:915k).

Yan Liu,Liji Wu,Zhenhui Zhang,Xiangmin Zhang,Jing Zhou,Yifan Yang,Le Wu

DOI: https://doi.org/10.1109/asid60355.2023.10426507

2023-01-01

Abstract:The security of existing cryptosystems mostly relies on the difficulty of solving integer factorization problems and discrete logarithm problems. However, in recent years, with the rapid development of quantum computers, the time required to solve these difficult problems has been significantly reduced, which will pose significant risks to the transmission of information. Post-quantum algorithms are a type of cryptographic algorithm specifically designed to resist quantum computer attacks. The National Institute of Standards and Technology of the United States(NIST) has completed four rounds of selection work from 2016 to 2022. The Classic McEliece algorithm is the only Post-Quantum Cryptography (PQC) algorithm that has been selected for the fourth round of selection after more than 50 years. However, currently, the research and implementation of this algorithm are mostly focused on the software algorithm level, while the hardware implementation can be said to be very few. At the same time, hardware-implemented cryptographic algorithms have certain advantages in terms of security, algorithm execution speed, and other aspects compared to software. In this paper, the arithmetic part and the encryption part of the Classic McEliece algorithm are designed, and a UVM verification platform is built to verify its functionality. Finally, the hardware circuit is verified on the SAKURA-G FPGA development board, relevant resource consumption was collected and compared with the work of the predecessors.

Guozhu Xin,Jun Han,Tianyu Yin,Yuchao Zhou,Jianwei Yang,Xu Cheng,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tcsi.2020.2983185

2020-08-01

Abstract:In the 5G era, massive devices need to be securely connected to the edge of communication networks, while emerging quantum computers can easily crack the traditional public-key ciphers. Lattice-based cryptography (LBC) is one of the most promising types of schemes in all post-quantum cryptography (PQC) due to its security and efficiency. To meet the requirements of high-throughput and diverse application scenarios of 5G, we investigate the vectorization of kernel algorithms of several LBC candidates and thus present a domain-specific vector processor, VPQC, leveraging the extensible RISC-V architecture. To support the parallel computation of number theoretic transform (NTT) of different dimensions (from 64 to 2048), a vector NTT unit is implemented in VPQC. Besides, a vector sampler executing both uniform sampling and binomial sampling is also employed. Evaluated under TSMC 28nm technology, the vector coprocessor of VPQC consumes 942k equivalent logic gates and 12KB memories. Experimental results show that VPQC can speed up several typical key encapsulation mechanisms (NewHope, Kyber and LAC) by an order of magnitude compared with previous state-of-the-art hardware implementations.

Jiaming Zhang,Jiahao Lu,Aobo Li,Mingbo Wang,Xiang Li,Tianze Huang,Lei Chen,Dongsheng Liu

DOI: https://doi.org/10.1109/tcsii.2024.3382772

2024-01-01

Abstract:Security systems based on traditional cryptography mechanisms are at risk of being cracked by quantum computers in the future. CRYSTALS-KYBER (Kyber) as the NIST finalized lattice-based post-quantum cryptography (PQC) algorithm, will be widely used in public-key encryption scenarios. Although quantum-difficulty assumptions based on lattice math problems make Kyber quantum-resistant, how to effectively implement it into systems with different security needs remains a challenge. This brief presents a dual-issue superscalar Kyber processor (Super-K) that supports customized RISC-V instruction-set architecture (ISA) and implements the key encapsulation mechanism (KEM) flexibly and efficiently. A reconfigurable polynomial arithmetic unit (PAU) is designed, which optimizes the compress/decompress process, and accelerates polynomial operations efficiently by optimal parallelism. The pipelining scheduling technique is used in Super-K to improve instruction level parallelism and reduce time consumption. Super-K is implemented on UltraScale+ FPGA platform and evaluated under SMIC 40nm technology, which achieves the fastest computational speed with the lowest power consumption and $1.4\times /8.2\times $ improvement in FPGA/ASIC AT product efficiency.

Jiahao Lu,Jiaming Zhang,Zhixiang Luo,Aobo Li,Tianze Huang,Dongsheng Liu,Chi Cheng

DOI: https://doi.org/10.1109/mwscas60917.2024.10658892

2024-01-01

Abstract:The globalized migration towards post-quantum cryptography (PQC) is accelerating to protect communications against the upcoming quantum threat. However, the resource-constrained IoT communication devices limits the deployment multiple PQC algorithms, which is hard to fulfill the various security requirements of IoT devices. In this paper, an efficient hardware architecture compatible with customized instruction format is proposed, which is compatible with CRYSTALS-Kyber and Dilithium. Following the methodology of maximize-reuse, a configurable polynomial modular arithmetic unit is presented to execute all the required modes of polynomial modular operations in pipeline. Implemented on UltraScale+ and Artix-7 platforms, the proposed architecture consumes 2310 and 4028 equivalent slices at a maximum frequency of 280MHz and 99MHz in two platforms. Compared to the state-of-the-art Kyber-only and Dilithium-only researches, this work supports two algorithms simultaneously and realizes the lowest area-time (AT) value for Dilithium and a competitive AT value for Kyber.

Jakub Sowa,Bach Hoang,Advaith Yeluru,Steven Qie,Anita Nikolich,Ravishankar Iyer,Phuong Cao

2024-08-08

Abstract:The problem of adopting quantum-resistant cryptographic network protocols or post-quantum cryptography (PQC) is critically important to democratizing quantum computing. The problem is urgent because practical quantum computers will break classical encryption in the next few decades. Past encrypted data has already been collected and can be decrypted in the near future. The main challenges of adopting post-quantum cryptography lie in algorithmic complexity and hardware/software/network implementation. The grand question of how existing cyberinfrastructure will support post-quantum cryptography remains unanswered. This paper describes: i) the design of a novel Post-Quantum Cryptography (PQC) network instrument placed at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign and a part of the FABRIC testbed; ii) the latest results on PQC adoption rate across a wide spectrum of network protocols (Secure Shell -- SSH, Transport Layer Security -- TLS, etc.); iii) the current state of PQC implementation in key scientific applications (e.g., OpenSSH or SciTokens); iv) the challenges of being quantum-resistant; and v) discussion of potential novel attacks. This is the first large-scale measurement of PQC adoption at national-scale supercomputing centers and FABRIC testbeds. Our results show that only OpenSSH and Google Chrome have successfully implemented PQC and achieved an initial adoption rate of 0.029% (6,044 out of 20,556,816) for OpenSSH connections at NCSA coming from major Internet Service Providers or Autonomous Systems (ASes) such as OARNET, GTT, Google Fiber Webpass (U.S.) and Uppsala Lans Landsting (Sweden), with an overall increasing adoption rate year-over-year for 2023-2024. Our analyses identify pathways to migrate current applications to be quantum-resistant.

Networking and Internet Architecture,Cryptography and Security,Quantum Physics