Performance Analysis of NIST Standardized Post-Quantum Cryptography Algorithms in Resource-Constrained IoT Environments

Performance Analysis of NIST Standardized Post-Quantum Cryptography Algorithms in Resource-Constrained IoT Environments | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Performance Analysis of NIST Standardized Post-Quantum Cryptography Algorithms in Resource-Constrained IoT Environments Din Mohammad Toufik, Sumayae Binata Khaiat This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8980683/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Majority of the connections currently rely on traditional public-key cryptography infrastructures such as RSA and Elliptic Curve Cryptography (ECC), but they face great jeopardy with threats lurking upon the horizon in the advent of quantum computing. Indeed, a powerful enough quantum computer would have the potential to overthrow such encryption technologies in a matter of other polynomial times through Shor's algorithm. As part of the new generation of protection mechanisms for combatting possible quantum-based risks, the National Institute of Standards and Technology (NIST) developed lattice-based algorithms called CRYSTALS-Dilithium for Digital Signatures and CRYSTALS-Kyber for Key Encapsulation Mechanism (KEM). However, deploying such computationally intensive algorithms upon IoT devices characterized as being significantly vulnerable in terms of capabilities in memory, computational power, and energy is considered to be a formidable challenge. In a paper, Post-Quantum Cryptography (PQC) algorithms, as chosen by NIST, are thoroughly benchmarked, and their performance is evaluated in a simulated IoT environment. Our paper seeks to measure the performance of Kyber and Dilithium algorithms for limited hardware architectures at various security levels, NIST Level 1, 3, and 5, using the open-source library called liboqs. There are three parameters that have been studied in our paper: overhead in terms of communication, size of memory in terms of stack usage, and delay time. There are experimental results that show that Kyber-512 offers a good trade-off for security and latency, which is needed for real-time Internet of Things services, but more secure variants and digital signatures such as Dilithium have high latency that may have an impact on system performance, specifically for ultra-low-power devices. The operational hurdles for using PQC that is integrated into current Internet of Things protocols as well as optimization strategies for a smooth shift to a quantum-resistant Internet of Things environment are determined. Some of the index terms used in this article are: NIST Standardization, Post-Quantum Cryptography (PQC), Internet of Things (IoT), CRYSTALS-Kyber, C Systems and Networking Post-Quantum Cryptography (PQC) Internet of Things (IoT) NIST Standardization CRYSTALS-Kyber CRYSTALS-Dilithium Performance Benchmarking Network Security. Full Text Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8980683","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":597732015,"identity":"31c71255-622a-4f2e-9bd5-20ca7a1f98ee","order_by":0,"name":"Din Mohammad Toufik","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABFElEQVRIiWNgGAWjYDCCw0DM2ABmGgCxHI8EO4hnYEGUFkMgZcwjwXMApEUCt5YDaFoYJCQSQBzcWviO8x7d8HGHXbRu++HtDz62GchIznx+dcOPAgkG/vbuBGxaJA/zpd2ceSY5d9uZtMLGmW0GPNLSOWU3e4AOkzhzdgM2LQaHecxu87Yx5247kGPYzNv2h0dOOiftBg9Qi4FELj4t9bnbzr8BaTHgkZM8k3bzD2Eth3O33ciBaJGWYD92G58tkkAtN2e2HQdqeVY4c8Y5Ax7Jnhy22zIGEjy4/MJ3/ozZjY9t1UCHJW/48KHMwF7i+PFnN9/8sZHjb+/FqgUb4DEAk8QqBwH2B6SoHgWjYBSMguEPAHmoaZAtk9TJAAAAAElFTkSuQmCC","orcid":"https://orcid.org/0009-0005-5603-874X","institution":"Metopolitan University, Sylhet, Bangladesh","correspondingAuthor":true,"prefix":"","firstName":"Din","middleName":"Mohammad","lastName":"Toufik","suffix":""},{"id":597732016,"identity":"34818e6d-b7c7-48ee-90e5-3077d309de86","order_by":1,"name":"Sumayae Binata Khaiat","email":"","orcid":"","institution":"Sylhet Agricultural University, Bangladesh","correspondingAuthor":false,"prefix":"","firstName":"Sumayae","middleName":"Binata","lastName":"Khaiat","suffix":""}],"badges":[],"createdAt":"2026-02-26 18:20:24","currentVersionCode":1,"declarations":{"humanSubjects":true,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":true,"humanSubjectConsent":true,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-8980683/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8980683/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":104399221,"identity":"0f7cd5c8-1a12-4264-94d2-2951dda5bba8","added_by":"auto","created_at":"2026-03-11 12:05:09","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":620573,"visible":true,"origin":"","legend":"","description":"","filename":"PerformanceAnalysisofNISTStandardized.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8980683/v1_covered_1fefc629-a110-4534-9ca8-f3e5f58c2a05.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003ePerformance Analysis of NIST Standardized Post-Quantum Cryptography Algorithms in Resource-Constrained IoT Environments\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"Metropolitan University, Sylhet, Bangladesh","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Post-Quantum Cryptography (PQC), Internet of Things (IoT), NIST Standardization, CRYSTALS-Kyber, CRYSTALS-Dilithium, Performance Benchmarking, Network Security.","lastPublishedDoi":"10.21203/rs.3.rs-8980683/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8980683/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eMajority of the connections currently rely on traditional public-key cryptography infrastructures such as RSA and Elliptic Curve Cryptography (ECC), but they face great jeopardy with threats lurking upon the horizon in the advent of quantum computing. Indeed, a powerful enough quantum computer would have the potential to overthrow such encryption technologies in a matter of other polynomial times through Shor's algorithm. As part of the new generation of protection mechanisms for combatting possible quantum-based risks, the National Institute of Standards and Technology (NIST) developed lattice-based algorithms called CRYSTALS-Dilithium for Digital Signatures and CRYSTALS-Kyber for Key Encapsulation Mechanism (KEM). However, deploying such computationally intensive algorithms upon IoT devices characterized as being significantly vulnerable in terms of capabilities in memory, computational power, and energy is considered to be a formidable challenge.\u003c/p\u003e\n\u003cp\u003eIn a paper, Post-Quantum Cryptography (PQC) algorithms, as chosen by NIST, are thoroughly benchmarked, and their performance is evaluated in a simulated IoT environment. Our paper seeks to measure the performance of Kyber and Dilithium algorithms for limited hardware architectures at various security levels, NIST Level 1, 3, and 5, using the open-source library called liboqs. There are three parameters that have been studied in our paper: overhead in terms of communication, size of memory in terms of stack usage, and delay time.\u003c/p\u003e\n\u003cp\u003eThere are experimental results that show that Kyber-512 offers a good trade-off for security and latency, which is needed for real-time Internet of Things services, but more secure variants and digital signatures such as Dilithium have high latency that may have an impact on system performance, specifically for ultra-low-power devices. The operational hurdles for using PQC that is integrated into current Internet of Things protocols as well as optimization strategies for a smooth shift to a quantum-resistant Internet of Things environment are determined.\u003c/p\u003e\n\u003cp\u003eSome of the index terms used in this article are: NIST Standardization, Post-Quantum Cryptography (PQC), Internet of Things (IoT), CRYSTALS-Kyber, C\u003c/p\u003e","manuscriptTitle":"Performance Analysis of NIST Standardized Post-Quantum Cryptography Algorithms in Resource-Constrained IoT Environments","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-02-27 10:44:58","doi":"10.21203/rs.3.rs-8980683/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"00d286eb-7139-4b9a-acec-7a93e8dd1b69","owner":[],"postedDate":"February 27th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":63610333,"name":"Systems and Networking"}],"tags":[],"updatedAt":"2026-02-27T10:44:58+00:00","versionOfRecord":[],"versionCreatedAt":"2026-02-27 10:44:58","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8980683","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8980683","identity":"rs-8980683","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}