Next Article in Journal
Experimental Evaluation and Performance Analysis of 5G NSA Networks
Previous Article in Journal
Enhancing Respiratory Disease Diagnosis with AI Lung Sound Analysis: A Web-Based Approach
Previous Article in Special Issue
Vehicle, Driver, and Road Digital Twins for Connected Mobility: A Critical Review and Unified Conceptual Framework
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 18
Issue 6
10.3390/fi18060319
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Secure V2X Communication in the Quantum Era: A Survey of Post-Quantum Authentication and Key Agreement (AKA) Protocols for Autonomous Vehicles

by
Weiqi Wang
1 and
Soo Fun Tan
2,*
1
Faculty of Computing and Informatics, University Malaysia Sabah (UMS), Kota Kinabalu 88400, Malaysia
2
Cybersecurity Research Lab, Creative Advanced Machine Intelligence Research Centre, Faculty of Computing and Informatics, University Malaysia Sabah (UMS), Kota Kinabalu 88400, Malaysia
*
Author to whom correspondence should be addressed.
Future Internet 2026, 18(6), 319; https://doi.org/10.3390/fi18060319
Submission received: 12 May 2026 / Revised: 5 June 2026 / Accepted: 8 June 2026 / Published: 11 June 2026
(This article belongs to the Special Issue Future Industrial Networks: Technologies, Algorithms, and Protocols)
Browse Figures
Versions Notes

Abstract

Vehicle-to-Everything (V2X) communication is a critical enabler of autonomous driving, supporting real-time information exchange among vehicles, roadside infrastructure, pedestrians, and cloud services. However, the security of current V2X systems largely relies on classical cryptographic mechanisms, which are expected to become vulnerable in the presence of large-scale quantum computers. Given the long operational lifespan and stringent safety requirements of autonomous vehicular networks, the transition toward quantum-resistant authentication and key management mechanisms has become increasingly important. This paper presents a comprehensive survey of post-quantum Authentication and Key Agreement (AKA) protocols for secure V2X communications. The survey systematically reviews V2X communication architectures, security and privacy requirements, existing authentication frameworks, and emerging post-quantum cryptographic approaches. Representative AKA schemes and NIST-standardized post-quantum algorithms are comparatively analyzed in terms of security strength, computational complexity, communication overhead, storage requirements, scalability, and deployment suitability for resource-constrained vehicular environments. The survey further examines practical implementation challenges, including latency constraints, bandwidth limitations, signature size expansion, memory consumption, and hardware resource requirements. The analysis reveals that achieving quantum-resistant security in V2X networks requires balancing strong cryptographic protection with the stringent performance demands of safety-critical vehicular applications. While recent post-quantum approaches offer promising security guarantees against quantum adversaries, their practical deployment remains constrained by computational and communication overhead. Finally, this survey identifies key research gaps and outlines future directions for the development of lightweight, scalable, and quantum-resilient AKA frameworks capable of supporting next-generation autonomous transportation systems. The findings provide researchers and practitioners with a structured understanding of the opportunities, limitations, and challenges associated with securing future V2X communications in the quantum era.

1. Introduction

Autonomous driving technology is rapidly evolving from advanced driver-assistance systems toward fully autonomous transportation ecosystems. At the core of this transformation lies Vehicle-to-Everything (V2X) communication, which enables real-time interaction among vehicles, roadside infrastructure, pedestrians, and cloud services. As the “nervous system” of intelligent transportation systems, V2X communication integrates four major modes, namely Vehicle-to-Vehicle (V2V), Vehicle-to-Infrastructure (V2I), Vehicle-to-Pedestrian (V2P), and Vehicle-to-Network (V2N), enabling autonomous vehicles to achieve cooperative awareness, beyond-line-of-sight perception, intelligent decision-making, and real-time traffic coordination [1,2,3]. However, the open, highly dynamic, and decentralized nature of vehicular communication environments introduces severe cybersecurity challenges. Malicious attackers may exploit vulnerabilities through identity forgery, replay attacks, message tampering, Sybil attacks, and denial-of-service attacks, potentially causing catastrophic physical consequences to road users and transportation infrastructures.
Current V2X communication systems predominantly rely on classical public-key cryptographic mechanisms such as RSA and Elliptic Curve Cryptography (ECC) to provide authentication, confidentiality, integrity, and secure session establishment. The security of these schemes is fundamentally based on the computational hardness of integer factorization and elliptic curve discrete logarithm problems [4,5]. However, Shor’s quantum algorithm [6,7] demonstrated that sufficiently powerful quantum computers can solve these mathematical problems in polynomial time, rendering existing public-key cryptographic systems fundamentally insecure in the post-quantum era. This emerging threat is particularly critical for autonomous vehicular systems due to their long operational lifecycle. Modern vehicles are typically designed for deployment periods ranging from 10 to 20 years, while large-scale cryptographic migration itself may require another 10 to 15 years. Consequently, future intelligent transportation systems must begin transitioning toward post-quantum cryptography (PQC) before practical quantum attacks become feasible.
To address this challenge, the U.S. National Institute of Standards and Technology (NIST) initiated the Post-Quantum Cryptography Standardization Project in 2016 and formally standardized several quantum-resistant algorithms in 2024, including FIPS 203 (ML-KEM/Kyber) [8], FIPS 204 (ML-DSA/Dilithium) [9], and FIPS 205 (SLH-DSA/SPHINCS+) [10]. In addition, the Falcon signature algorithm based on NTRU lattices is currently undergoing standardization review under FIPS 206 [11]. Among the various PQC approaches, lattice-based cryptography has emerged as the dominant research direction due to its strong theoretical security reductions, relatively compact parameter sizes, and practical implementation efficiency [12,13,14,15,16]. Consequently, RLWE-, MLWE-, and NTRU-based cryptographic constructions are increasingly considered promising candidates for next-generation V2X security architectures. Despite their theoretical quantum resistance, integrating PQC into V2X environments introduces substantial engineering and performance challenges. Compared with classical ECC-based schemes, post-quantum algorithms generally require significantly larger signatures, higher computational overhead, and increased memory consumption, which directly conflict with the ultra-low latency requirements of safety-critical vehicular applications. For example, in emergency braking scenarios, a communication delay of only 20 ms may cause a vehicle traveling at 120 km/h to move approximately 66.7 cm, potentially determining whether a collision can be avoided [17,18]. Furthermore, the ML-DSA-44 signature size reaches 2420 bytes, exceeding the payload limitation of a single Dedicated Short-Range Communications (DSRC) frame (2304 bytes), while Kyber operations on ARM Cortex-M4 embedded platforms may require substantially higher execution latency compared with traditional ECDH mechanisms [19,20]. These limitations reveal a fundamental trade-off between post-quantum security and real-time vehicular communication performance.
Authentication and Key Agreement (AKA) protocols have been extensively studied in the literature, with numerous surveys and reviews examining their security threats, vulnerabilities, and privacy challenges over the past decade. Table 1 presents a comparative overview of recent survey studies on AKA protocols across various communication domains, including cellular networks, the Internet of Things (IoT), Vehicle-to-Everything (V2X), and post-quantum cryptography (PQC).
The comparison highlights the evolution of research interests from conventional authentication mechanisms in 5G-enabled IoT environments toward advanced security solutions for emerging 6G networks. Existing surveys primarily focus on authentication protocols, security schemes, cryptographic techniques, and access control mechanisms for cellular and IoT systems, addressing challenges such as resource constraints, attack resistance, privacy preservation, and protocol efficiency. While Tashtoush et al. [21] and Hasan et al. [22] mainly investigate Authentication and Key Agreement protocols for IoT and cellular network environments using conventional cryptographic approaches, Yoshizawa et al. [17], Turnip et al. [23], and Hitayezu et al. [24] acknowledge the growing importance of post-quantum cryptography in securing future communication systems. However, these studies primarily provide high-level discussions, comparative analyses, or future research directions regarding quantum-resistant authentication mechanisms rather than proposing dedicated PQC-based AKA protocols. Furthermore, although Yoshizawa et al. [17] address security and privacy challenges in V2X communications, the integration of post-quantum cryptographic techniques into V2X authentication frameworks remains largely unexplored. Consequently, limited attention has been devoted to the design, implementation, and evaluation of post-quantum AKA protocols for vehicular communication environments, where stringent requirements for security, privacy, latency, scalability, and mobility support must be simultaneously satisfied. This research gap highlights the need for developing quantum-resistant AKA frameworks tailored for future intelligent transportation systems and 6G-enabled vehicular networks.
Motivated by these challenges, this paper presents a comprehensive survey of post-quantum Authentication and Key Agreement (AKA) protocols for secure V2X communications in autonomous driving environments. The survey reviews V2X communication architectures, security requirements, existing AKA protocols, and the ongoing transition from classical cryptography toward quantum-resistant security frameworks. To ensure broad coverage of the state-of-the-art, a targeted literature search was conducted using major scientific databases, including IEEE Xplore, Scopus, ScienceDirect, SpringerLink, and Google Scholar. The search employed combinations of keywords such as “Authentication and Key Agreement”, “AKA Protocol”, “Post-Quantum Cryptography”, “PQC Authentication”, “V2X Authentication”, “Vehicle-to-Everything Security”, “Vehicular Authentication”, “5G-AKA”, “6G Authentication”, and “Quantum-Resistant Authentication”. Priority was given to peer-reviewed journal articles, conference papers, standards documents, and recent survey studies relevant to authentication mechanisms, key agreement protocols, post-quantum cryptographic techniques, and vehicular communication security. The selected studies were subsequently categorized and analyzed according to their application domains, cryptographic approaches, security properties, and quantum-resistance capabilities.
In this survey, the assessment of quantum resistance is based on the underlying cryptographic hardness assumptions, resistance to known quantum attacks, and the current state of post-quantum cryptographic standardization rather than direct experimental validation against quantum computers, which remain unavailable at the scale required to compromise contemporary cryptographic systems. Specifically, schemes based on integer factorization and discrete logarithm problems, such as RSA and ECC, are classified as non-quantum-resistant due to their vulnerability to Shor’s algorithm. In contrast, lattice-based, hash-based, code-based, and related post-quantum cryptographic schemes are considered quantum-resistant because no efficient quantum algorithms are currently known to solve their underlying mathematical problems. The evaluation further considers the NIST post-quantum cryptography standardization status and the current cryptanalytic evidence reported in the literature.
Based on the selected literature, a comparative analysis of representative V2X AKA schemes is conducted across multiple dimensions, including authentication latency, computational complexity, communication overhead, storage requirements, scalability, and quantum resistance. In addition, the paper critically evaluates the applicability of major NIST-standardized PQC algorithms, including Kyber [25], Dilithium [26], Falcon [27], SPHINCS+ [28], and NTRU-based cryptographic systems [28], within resource-constrained vehicular platforms. The major contributions of this survey are summarized as follows:
  • A comprehensive review of the evolution of V2X communication security from classical cryptographic systems toward post-quantum cryptographic architectures is presented.
  • Existing V2X AKA protocols are systematically analyzed and compared based on security properties, authentication latency, communication cost, scalability, and quantum resistance.
  • The applicability and practical deployment challenges of NIST-standardized PQC algorithms in autonomous vehicular environments are critically evaluated.
  • Key engineering challenges involving signature size constraints, computational overhead, memory consumption, packet fragmentation, and embedded hardware limitations are quantitatively discussed.
  • A detailed review of lattice-based cryptography, RLWE, MLWE, NTRU variants, sparse polynomial optimization, and Number Theoretic Transform (NTT) acceleration techniques is provided.
  • An important research gap involving the integration of sparse polynomial optimization techniques with bi-cyclic ring structures in NTRU-based cryptography is identified as a promising future direction for lightweight and quantum-resistant V2X security systems.
Overall, this survey aims to provide researchers and practitioners with a comprehensive understanding of the opportunities, limitations, and future research directions of post-quantum Authentication and Key Agreement protocols for next-generation autonomous vehicular networks.

2. V2X Communication Architecture and Security Requirements

2.1. V2X Communication Modes

Vehicle-to-Everything (V2X) communication constitutes the foundational communication framework of intelligent transportation systems, enabling autonomous vehicles to exchange real-time information with surrounding entities, including vehicles, infrastructure, pedestrians, and cloud platforms. Depending on the communication counterpart, V2X systems are generally categorized into four major communication modes: Vehicle-to-Vehicle (V2V), Vehicle-to-Infrastructure (V2I), Vehicle-to-Pedestrian (V2P), and Vehicle-to-Network (V2N) [1,2,3,29,30,31]. These communication modes collectively establish a cooperative vehicular ecosystem that supports beyond-line-of-sight perception, cooperative decision-making, intelligent traffic coordination, and autonomous driving operations. Table 2 compares the major V2X communication modes, including Vehicle-to-Vehicle (V2V), Vehicle-to-Infrastructure (V2I), and Vehicle-to-Pedestrian (V2P), in terms of their technical characteristics, application scenarios, and associated security challenges.
Despite sharing a common objective of enabling intelligent vehicular communication, each V2X communication model exhibits substantially different characteristics in terms of communication architecture, latency sensitivity, mobility dynamics, bandwidth requirements, computational constraints, and security exposure. Consequently, the security requirements and cryptographic design considerations associated with each communication model vary significantly.
Among all V2X communication modes, V2V communication is regarded as the most safety-critical and latency-sensitive component of autonomous driving systems. Vehicles periodically broadcast safety-critical messages, such as Basic Safety Messages (BSMs) and Cooperative Awareness Messages (CAMs), typically at frequencies of 10 Hz or higher. In high-speed driving scenarios, even millisecond-level communication delays may directly impact traffic safety. For example, when a vehicle travels at 120 km/h, a communication delay of 20 ms corresponds to a travel distance of approximately 66.7 cm [31], which may determine whether collision avoidance mechanisms can respond successfully. Due to its decentralized broadcast nature, V2V communication is highly vulnerable to identity spoofing, replay attacks, Sybil attacks, false information injection, and message tampering. Therefore, V2V security protocols must simultaneously achieve ultra-low latency, high authentication accuracy, lightweight computation, and strong resistance against both classical and quantum-based attacks.
V2I communication establishes bidirectional interaction between vehicles and roadside infrastructure components such as Roadside Units (RSUs), intelligent traffic signals, edge servers, and toll collection systems. In intelligent transportation ecosystems, RSUs commonly function as localized trust anchors that support certificate distribution, regional authentication management, cooperative traffic coordination, and edge-assisted computing services. However, the critical role of RSUs also makes them attractive attack targets. A compromised RSU may launch distributed denial-of-service attacks, distribute malicious certificates, manipulate traffic coordination information, or perform man-in-the-middle attacks against connected vehicles. Consequently, V2I security architectures require scalable trust management frameworks, efficient certificate revocation mechanisms, and secure edge-assisted authentication protocols capable of operating under highly dynamic vehicular conditions.
Compared with V2V and V2I communication, V2P communication introduces a distinct set of challenges due to the highly resource-constrained nature of pedestrian devices. V2P communication involves interaction between vehicles and vulnerable road users (VRUs), including pedestrians, cyclists, smartphones, wearable devices, and IoT sensors. Typical V2P applications include blind-spot detection, pedestrian collision warning, cyclist protection, and intelligent road-crossing assistance. However, wearable devices and mobile platforms generally possess limited computational capability, constrained battery capacity, intermittent connectivity, and weaker wireless reliability under non-line-of-sight conditions. These limitations make lightweight authentication mechanisms, low-power cryptographic implementations, and privacy-preserving communication protocols essential requirements for secure V2P communication systems.
V2N communication extends vehicular connectivity toward cloud infrastructures using cellular communication technologies such as 4G, 5G, and emerging 6G networks [32,33]. Unlike V2V communication, V2N applications are generally less latency-sensitive but involve significantly higher communication throughput and broader service integration. Representative V2N services include high-definition map synchronization, over-the-air software updates, remote diagnostics, cloud-assisted autonomous driving, and intelligent route planning. However, integrating cloud infrastructures into vehicular ecosystems introduces additional cybersecurity concerns involving cloud-based attacks, network slicing vulnerabilities, data privacy leakage, distributed denial-of-service attacks, and large-scale infrastructure compromise. In particular, future 5G/6G-enabled V2N architectures will require secure integration among vehicular authentication systems, edge computing infrastructures, and cloud-native security orchestration frameworks.
The heterogeneous characteristics of V2V, V2I, V2P, and V2N communication modes reveal that a unified security architecture for autonomous vehicular systems must simultaneously accommodate multiple conflicting requirements, including ultra-low latency, lightweight computation, high scalability, strong privacy preservation, and post-quantum security resilience. This multidimensional complexity makes the design of Authentication and Key Agreement (AKA) protocols one of the most critical and challenging research problems in next-generation V2X communication security.

2.2. Layered V2X System Architecture

Modern V2X communication systems commonly adopt a hierarchical cloud–edge–vehicle architecture as illustrated in Figure 1 to support scalable, low-latency, and intelligent autonomous driving operations [34,35,36,37]. This multi-layer architecture enables efficient coordination among onboard vehicular systems, roadside infrastructures, edge computing platforms, and cloud services while simultaneously supporting real-time decision-making, large-scale data processing, and secure communication management. In general, the architecture can be divided into three major layers: the vehicle/perception layer, the edge layer, and the cloud layer.
At the vehicle or perception layer [38,39], autonomous vehicles are equipped with onboard units (OBUs), Electronic Control Units (ECUs), and multimodal sensors such as LiDAR, radar, cameras, GPS modules, and inertial measurement units. This layer is responsible for environmental perception, local decision-making, message generation, and secure communication initiation. Security-related operations at this layer include digital signature generation, identity authentication, key agreement, secure session establishment, and message verification. However, vehicular onboard systems are significantly constrained in terms of computational capability, memory resources, energy efficiency, and real-time processing requirements. Typical automotive ECUs often possess limited RAM and embedded processing capability, making the deployment of computationally intensive post-quantum cryptographic algorithms particularly challenging.
The edge layer [40,41,42] consists primarily of Roadside Units (RSUs), fog computing nodes, Mobile Edge Computing (MEC) servers, intelligent traffic controllers, and regional vehicular coordination infrastructures. Acting as intermediate communication and processing nodes, the edge layer enables localized cooperative awareness, traffic coordination, low-latency computation offloading, and regional security management. In addition, RSUs frequently serve as localized trust anchors responsible for certificate distribution, authentication assistance, temporary pseudonym management, and vehicular session coordination. Edge-assisted architectures are especially important for reducing authentication latency and mitigating the computational burden of post-quantum cryptographic operations on resource-constrained vehicles. Nevertheless, because RSUs operate as semi-centralized security entities, compromised edge infrastructures may become high-value attack targets capable of launching man-in-the-middle attacks, malicious certificate dissemination, denial-of-service attacks, and traffic manipulation.
The cloud layer forms the global intelligence and management backbone of modern intelligent transportation systems. Cloud infrastructures are responsible for large-scale vehicular data analytics, artificial intelligence model training, global traffic optimization, long-term storage management, certificate authority operations, and software orchestration services. In most V2X security architectures, the cloud layer hosts centralized Public Key Infrastructure (PKI) services and Certificate Authorities (CAs), which function as the root trust anchors of the vehicular ecosystem. However, this centralization also introduces critical security risks. A successful compromise of cloud-based trust infrastructures may potentially undermine the security integrity of the entire vehicular communication ecosystem.
Although the cloud–edge–vehicle architecture significantly improves scalability, modularity, and computational efficiency, it simultaneously introduces a broader attack surface across multiple communication layers [43,44]. Attackers may exploit vulnerabilities within inter-layer communication interfaces to perform cross-layer attacks, privilege escalation, malicious command injection, false data dissemination, or distributed denial-of-service attacks. Furthermore, the integration of emerging technologies such as 5G/6G networks, software-defined networking (SDN), network slicing, artificial intelligence, and edge orchestration frameworks further increases architectural complexity and security dependency.
To address these challenges, Zero Trust Architecture (ZTA) has recently emerged as a promising security paradigm for next-generation V2X systems [45,46,47,48]. Unlike traditional perimeter-based trust models, Zero Trust adopts the principle of “never trust, always verify,” requiring continuous authentication, authorization, and behavioral validation for every communication entity regardless of network location. Integrating Zero Trust principles with post-quantum Authentication and Key Agreement (AKA) protocols is expected to become a critical research direction for future autonomous vehicular security architectures.

2.3. Security Requirements and Design Constraints of V2X Communication Systems

The security requirements of V2X communication systems can be systematically characterized through four tightly interconnected and mutually constraining dimensions: latency, reliability, security, and scalability. Unlike conventional wireless communication systems, autonomous vehicular networks operate within highly dynamic and safety-critical environments where communication failures, authentication delays, or security breaches may directly result in physical accidents and loss of human life. Consequently, V2X security architectures must simultaneously satisfy stringent real-time communication requirements, ultra-high reliability, strong privacy preservation, large-scale scalability, and resistance against both classical and quantum-enabled cyberattacks.
However, these requirements are inherently conflicting. Enhancing one security dimension often introduces performance degradation in another dimension. For example, stronger cryptographic protection generally increases computational overhead, authentication latency, packet size, and energy consumption, which may negatively impact real-time communication performance. Similarly, highly scalable certificate management frameworks may introduce additional synchronization complexity and trust management overhead. As a result, achieving an effective balance among these four dimensions remains one of the most challenging research problems in next-generation V2X security design. Table 3 presents a comparative analysis of the core security requirements in V2X communication systems.
Among these dimensions, latency represents the most rigid and safety-critical constraint in V2X communication systems. Autonomous driving applications such as emergency braking, cooperative lane changing, collision avoidance, and platooning require end-to-end communication delays within only a few milliseconds. Consequently, the computational overhead introduced by cryptographic operations cannot be ignored. Even relatively lightweight security mechanisms may significantly affect vehicular response time in high-speed driving environments. For example, Previous studies [48,49] have shown that implementing the ETSI ITS-G5 security stack on commercial vehicular communication hardware can significantly increase end-to-end latency, in some cases by up to eight times, thereby affecting the timeliness of safety-critical V2X applications. In post-quantum environments, the performance gap becomes even more significant. CRYSTALS-Kyber operations on ARM Cortex-M4 embedded platforms [50] may require substantially higher execution latency compared with classical ECDH-based key exchange mechanisms, directly affecting safety-critical communication. This reveals a fundamental challenge in post-quantum V2X security: achieving quantum resistance without violating ultra-low-latency communication constraints.
Reliability is another critical requirement in autonomous vehicular systems. Future V2X networks are expected to support ultra-reliable low-latency communication (URLLC) services with reliability targets exceeding 99.999% [51,52]. However, maintaining stable communication reliability becomes highly challenging in dense traffic environments characterized by rapid topology changes, high-speed mobility, frequent handovers, and wireless channel congestion. In urban scenarios involving large numbers of connected vehicles, packet collisions and channel interference may significantly degrade communication quality and authentication consistency. From a cybersecurity perspective, V2X systems must defend against a wide spectrum of attacks targeting authentication, confidentiality, integrity, availability, and privacy preservation. These attacks include identity spoofing, replay attacks, Sybil attacks, false information dissemination, message tampering, man-in-the-middle attacks, distributed denial-of-service attacks, and malicious certificate manipulation. Furthermore, autonomous vehicular systems require conditional privacy preservation mechanisms, where vehicle identities remain anonymous under normal operation while still allowing authorized authorities to perform identity tracing when necessary for forensic investigation or law enforcement purposes.
Scalability introduces an additional layer of complexity in next-generation intelligent transportation systems [53,54]. Future vehicular ecosystems are expected to involve millions of highly mobile vehicles interacting across heterogeneous communication infrastructures and administrative domains. Therefore, V2X security architectures must efficiently support dynamic vehicle registration, certificate distribution, pseudonym updates, cross-domain roaming, trust synchronization, and large-scale authentication management. Traditional Public Key Infrastructure (PKI) systems often suffer from excessive certificate management overhead and revocation latency under large-scale deployment conditions. Consequently, scalable authentication frameworks, hierarchical trust architectures, edge-assisted certificate management, and lightweight cryptographic protocols are increasingly becoming essential research directions.
Importantly, the transition toward post-quantum cryptography further intensifies the inherent tension among these four dimensions. While classical ECC-based AKA protocols can satisfy real-time latency and scalability requirements, they remain fundamentally vulnerable to quantum attacks. Conversely, NIST-standardized post-quantum cryptographic algorithms provide quantum-resistant security guarantees but introduce significantly larger signatures, higher computational overhead, increased memory consumption, and larger communication payloads, all of which directly impact V2X latency budgets and embedded vehicular resource constraints. Therefore, designing lightweight, scalable, and quantum-resistant Authentication and Key Agreement (AKA) protocols capable of simultaneously satisfying the four core V2X security dimensions remains one of the most critical open challenges in autonomous vehicular communication research.

3. State-of-the-Art Authentication and Key Agreement (AKA) Protocols for Secure V2X Systems

3.1. Fundamentals of Authentication and Key Agreement (AKA) Protocols

Authentication and Key Agreement (AKA) protocols constitute the cryptographic foundation of secure V2X communication systems as illustrated in Figure 2. In autonomous vehicular environments, AKA protocols are responsible for establishing mutual trust among communication entities while simultaneously enabling secure session key generation over highly dynamic and potentially untrusted wireless networks. Unlike conventional communication systems, V2X environments impose significantly stricter requirements on authentication latency, scalability, mobility support, and privacy preservation due to the safety-critical nature of autonomous driving applications.
In general, modern AKA protocols can be decomposed into three tightly coupled functional components: entity authentication, key agreement, and session management [22,24]. Entity authentication verifies the legitimacy and authenticity of communicating entities, thereby preventing impersonation and unauthorized access. Depending on the trust architecture employed, authentication mechanisms can generally be categorized into three major approaches: Public Key Infrastructure (PKI)-based authentication, Identity-Based Cryptography (IBC)-based authentication, and certificateless authentication. Among these, PKI-based approaches remain the dominant industrial solution for vehicular communication systems due to their maturity and interoperability, although certificate management overhead remains a major challenge under large-scale vehicular deployment conditions. The second component, key agreement, enables communicating parties to establish shared cryptographic session keys over insecure communication channels. Based on the number of communication rounds involved, AKA protocols may be classified into single-round, two-round, or multi-round authentication protocols. In highly latency-sensitive V2X environments, reducing the number of interaction rounds is particularly important to minimize communication overhead and authentication delay. The third component, session management, governs the lifecycle management of cryptographic session keys, including key refresh, revocation, renewal, and expiration. An essential security property of session management is forward secrecy, which ensures that compromise of long-term private keys does not expose previously established communication sessions.
Beyond conventional authentication and confidentiality requirements, AKA protocols in autonomous vehicular systems must additionally support advanced privacy-preserving properties. These include anonymity, unlinkability, and conditional privacy preservation (CPP) [24,55,56,57]. Anonymity prevents adversaries from directly identifying vehicles based on communication messages, while unlinkability prevents attackers from correlating multiple communication sessions belonging to the same vehicle. Conditional privacy preservation represents a balanced security model in which vehicle identities remain anonymous during normal operation but can be revealed by authorized authorities in the event of disputes, criminal investigations, or traffic incidents. To achieve these privacy objectives, existing V2X AKA schemes commonly employ pseudonym certificates, group signatures, ring signatures, and temporary identity mechanisms. However, these approaches often introduce additional computational complexity, certificate synchronization overhead, and scalability limitations, especially in highly dynamic vehicular environments. As autonomous vehicular systems continue evolving toward large-scale intelligent transportation ecosystems, the design of lightweight, scalable, and quantum-resistant AKA protocols has become one of the most critical research challenges in next-generation V2X communication security.

3.2. Classical Cryptography-Based AKA Protocols for V2X Security

Early research on V2X communication security primarily focused on lightweight AKA protocols based on classical public-key cryptographic algorithms, particularly Elliptic Curve Cryptography (ECC). Due to its relatively compact key sizes, low computational complexity, and mature hardware acceleration support, ECC rapidly became the dominant cryptographic foundation for vehicular authentication systems. Wang et al. [58] proposed an ECC-based multi-server AKA protocol for Internet of Vehicles (IoV) environments, achieving lower computational overhead compared with conventional ECC schemes. Such ultra-low latency performance makes ECC-based schemes highly attractive for safety-critical V2X applications, including collision avoidance and cooperative driving [59]. However, the security of ECC fundamentally relies on the hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which becomes vulnerable to polynomial-time attacks under sufficiently powerful quantum computers.
To improve privacy preservation, researchers further explored bilinear pairing-based authentication schemes. Bilinear pairings provide stronger support for anonymity, traceability, and identity-based authentication mechanisms. Nevertheless, bilinear pairing operations introduce significantly higher computational overhead compared with standard ECC scalar multiplication. For example, a single bilinear pairing operation may require approximately 3.21–5.76 ms, whereas ECC scalar multiplication typically requires approximately 1.064 ms under comparable embedded platforms [60,61]. Consequently, recent research trends have gradually shifted from pairing-based architectures toward pairing-free lightweight authentication protocols. Ma et al. [62] proposed a pairing-free fog-assisted AKA protocol capable of reducing vehicle-side authentication overhead, thereby improving practicality for latency-sensitive vehicular applications.
In terms of privacy-preserving authentication, pseudonym certificate mechanisms remain the most widely adopted industrial solution. Vehicles periodically update temporary pseudonyms to avoid long-term identity tracking. However, pseudonym-based systems still face significant challenges involving certificate distribution overhead, storage synchronization, and certificate revocation scalability. Alternative approaches such as group signatures and ring signatures have also been investigated. Group signature schemes provide built-in accountable anonymity by enabling vehicles to authenticate anonymously while still supporting identity tracing by authorized entities. However, group member management and revocation complexity remain major scalability bottlenecks. Ring signature schemes eliminate the requirement for centralized trusted authorities but suffer from computational complexity that increases linearly with ring size, limiting scalability in dense vehicular environments. Overall, classical ECC-based AKA protocols remain highly effective in terms of authentication latency and deployment maturity. Nevertheless, their fundamental vulnerability to quantum attacks makes them unsuitable for long-term deployment in future autonomous vehicular systems.

3.3. Post Quantum-Based AKA Protocols for V2X Security

The emergence of quantum computing threats has accelerated the development of post-quantum AKA protocols for autonomous vehicular communication systems. Recent research primarily focuses on lattice-based cryptographic approaches due to their strong theoretical security guarantees, efficient implementation characteristics, and favorable standardization progress within the NIST PQC initiative. One important research direction involves multi-factor authentication architectures that combine multiple authentication factors, including passwords, smart cards, biometrics, and cryptographic credentials. Jiang et al. [63] proposed a cloud-assisted three-factor AKA protocol integrating biometric authentication for autonomous vehicular systems. Although the scheme enhances authentication robustness, its overall execution latency reaches approximately 130.561 ms, which substantially exceeds the strict real-time requirements of safety-critical V2X applications.
To mitigate computational overhead, researchers increasingly explore edge-assisted and cloud-assisted authentication architectures. Fog-assisted AKA protocols leverage edge computing infrastructures to partially offload cryptographic computation from resource-constrained onboard vehicular systems. With the advancement of post-quantum cryptography standardization, RLWE- and MLWE-based authentication protocols have become dominant research directions in post-quantum vehicular security. Mishra et al. [64] proposed an RLWE-based three-factor cloud-assisted authentication scheme achieving an overall authentication latency of approximately 5.77 ms, representing one of the most promising lightweight post-quantum authentication approaches for autonomous vehicular systems. Hybrid cryptographic architectures combining classical and post-quantum mechanisms have also emerged as practical transitional solutions. Chaudhary et al. [65] proposed a hybrid RLWE-ECC three-party AKA protocol integrating both lattice-based and ECC-based authentication mechanisms. The hybrid approach provides partial quantum resistance while preserving relatively efficient authentication performance. Similarly, Dai et al. [4] introduced a hybrid Kyber–Saber Key Encapsulation Mechanism (KEM) framework for V2X communication systems. By integrating multiple NIST PQC candidate algorithms through parallel encapsulation and key fusion mechanisms, the proposed architecture achieved approximately 60% handshake latency reduction and nearly 40% reduction in overall resource consumption compared with traditional RSA- and ECDH-based systems. Experimental evaluation using Veins-SUMO vehicular simulation platforms demonstrated acceptable CPU utilization and memory overhead under moderate vehicular density conditions.
Despite these advancements, post-quantum AKA protocols still face substantial engineering limitations involving authentication latency, computational overhead, memory consumption, communication payload size, and embedded hardware compatibility. Consequently, achieving practical quantum-resistant authentication for ultra-low-latency vehicular environments remains an open research challenge.

3.4. Comparative Analysis of Existing AKA Schemes

Table 4 summarizes representative V2X AKA protocols and compares their core cryptographic techniques, application environments, post-quantum resistance, authentication performance, and deployment limitations. Early V2X AKA protocols predominantly relied on ECC-based cryptography due to its lightweight computational requirements and low authentication latency. For example, the ECC multi-server authentication protocol proposed by Wang et al. [60] achieves authentication latency as low as 2.2 ms, making it highly suitable for safety-critical V2V and V2I applications. However, ECC-based schemes fundamentally rely on the hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP), rendering them vulnerable to future quantum attacks. To strengthen authentication robustness, Jiang et al. [63] introduced a biometric three-factor authentication framework integrating passwords, smart cards, and biometric credentials for cloud-assisted autonomous vehicular systems. Although the scheme improves identity assurance, its authentication latency reaches approximately 130.6 ms, which substantially exceeds the stringent real-time requirements of safety-critical V2X communication environments.
Recent research trends increasingly focus on post-quantum and hybrid cryptographic architectures. Chaudhary et al. [65] proposed an RLWE-ECC hybrid AKA protocol that partially improves quantum resistance while preserving compatibility with existing ECC infrastructures. Nevertheless, hybrid schemes generally introduce higher computational complexity and increased protocol management overhead. Fully post-quantum authentication approaches based on RLWE and MLWE have also gained significant attention. Mishra et al. [64] proposed an RLWE-based three-factor authentication protocol achieving approximately 5.8 ms authentication latency, representing one of the more promising lightweight post-quantum solutions for cloud-assisted V2X systems. However, the scheme still suffers from large signature and ciphertext overhead, which may affect communication efficiency in bandwidth-constrained vehicular environments.
More recently, Dai et al. [4] introduced a hybrid Kyber–Saber Key Encapsulation Mechanism (KEM) for general V2X communication systems. Experimental results demonstrate approximately 60% handshake latency reduction compared with conventional RSA- and ECDH-based approaches. Despite these performance improvements, hybrid post-quantum architecture continues to face implementation complexity, interoperability, and embedded deployment challenges. Overall, Table 3 demonstrates that current V2X AKA research is transitioning from lightweight classical cryptography toward quantum-resistant architectures. However, no existing scheme simultaneously satisfies all critical V2X requirements, including ultra-low latency, scalability, lightweight computation, privacy preservation, and strong post-quantum security. Consequently, designing practical and lightweight post-quantum AKA protocols remains an important open research challenge for next-generation autonomous vehicular networks.
Subsequently, a broader comparison among ECC-based, RLWE-based, and hybrid cryptographic architectures is presented in Table 5, i.e., a comparative analysis of classical ECC-based, post-quantum RLWE-based, and hybrid AKA architectures for V2X communication systems. The comparison highlights the fundamental trade-offs among authentication latency, communication overhead, deployment complexity, and quantum resistance in current vehicular security research. ECC-based AKA schemes remain the most practical solution for present-day V2X deployments due to their ultra-low authentication latency, compact key sizes, mature hardware acceleration support, and well-established PKI ecosystem. Authentication delay in ECC-based systems typically ranges between 2–5 ms, making them highly suitable for safety-critical applications such as collision avoidance and cooperative driving. In addition, ECC signatures and public keys remain highly compact, significantly reducing communication overhead and bandwidth consumption. However, ECC security fundamentally depends on the hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which becomes vulnerable to polynomial-time attacks under sufficiently powerful quantum computers. Consequently, despite their excellent real-time performance, ECC-based architectures are not suitable for long-term quantum-resilient vehicular systems.
In contrast, RLWE- and MLWE-based AKA schemes provide strong resistance against quantum attacks and currently represent the dominant direction in post-quantum cryptographic standardization. NIST-standardized algorithms such as Kyber [25] and Dilithium [26] are built upon lattice-based mathematical foundations, offering theoretically secure alternatives against quantum adversaries. Nevertheless, these schemes introduce substantially larger key sizes, signature sizes, and computational overhead compared with ECC-based approaches. Authentication latency for RLWE-based architectures commonly ranges from 50–130 ms, which may exceed the strict real-time requirements of safety-critical V2X applications. Furthermore, larger ciphertext and signature payloads may increase packet fragmentation, memory consumption, and bandwidth overhead in resource-constrained vehicular environments.
Hybrid AKA architectures [4,65,66] attempt to balance these conflicting requirements by integrating classical ECC mechanisms with post-quantum cryptographic algorithms. Such approaches provide transitional quantum resistance while maintaining partial compatibility with existing vehicular PKI infrastructures. Compared with fully post-quantum schemes, hybrid architectures generally achieve lower authentication latency and improved deployment flexibility. However, combining multiple cryptographic mechanisms simultaneously introduces increased architectural complexity, larger composite signatures, more complicated key management procedures, and additional protocol synchronization overhead. The comparison further reveals that the current challenge in V2X cryptographic research is not solely achieving quantum resistance but rather achieving quantum-resistant security while preserving ultra-low-latency communication performance, lightweight embedded implementation, and scalable vehicular deployment. Existing ECC-based systems satisfy real-time requirements but fail to provide long-term quantum security, whereas post-quantum RLWE-based schemes achieve strong cryptographic security at the expense of significantly higher computational and communication overhead.
The comparative analysis of Table 3 and Table 4 further reveals a pronounced trade-off between quantum resistance and real-time authentication performance. ECC-based schemes maintain a substantial advantage in latency efficiency and deployment maturity but fundamentally fail to provide long-term quantum resistance. Conversely, RLWE- and MLWE-based schemes offer strong quantum security guarantees but introduce significantly higher authentication latency, larger communication payloads, and increased computational overhead. This trade-off manifests across three major dimensions. First, there exists an inherent mathematical complexity gap between ECC scalar multiplication and lattice-based polynomial operations. ECC operations rely primarily on scalar point multiplication over elliptic curves, whereas lattice-based cryptography requires high-dimensional polynomial multiplication and modular reduction operations [2,59] resulting in substantially higher computational complexity. Second, practical engineering implementation of post-quantum algorithms on embedded vehicular hardware remains significantly less optimized than mature ECC implementations. Although recent progress in Number Theoretic Transform (NTT) acceleration and hardware-assisted polynomial arithmetic has improved post-quantum performance, most RLWE- and MLWE-based schemes still exhibit considerable overhead on resource-constrained vehicular platforms such as ARM Cortex-M microcontrollers and automotive ECUs. Third, the standardization and deployment ecosystem for post-quantum vehicular security architectures remains incomplete compared with the mature ECC-based PKI ecosystem currently deployed in intelligent transportation systems. Existing vehicular PKI infrastructures, certificate management systems, and trust distribution mechanisms were originally designed around classical cryptographic assumptions, making large-scale migration toward post-quantum security architectures both technically and operationally challenging.
Consequently, hybrid cryptographic architectures presently represent the most practical transitional solution for post-quantum V2X security, enabling gradual migration while preserving partial interoperability with existing infrastructures. Nevertheless, fundamentally resolving the contradiction between quantum-resistant security and ultra-low-latency vehicular communication will require substantial future breakthroughs in lightweight lattice cryptography, sparse polynomial optimization, embedded hardware acceleration, protocol simplification, and scalable post-quantum vehicular trust management architectures.

4. Post-Quantum Cryptographic Foundations and Standardization for Secure V2X Communication

4.1. Quantum Computing Threats to V2X Security

The security of current V2X communication systems fundamentally relies on classical public-key cryptographic algorithms such as RSA, Diffie–Hellman (DH), Elliptic Curve Cryptography (ECC), and Elliptic Curve Diffie–Hellman (ECDH). The security of these schemes is based on mathematically hard problems including integer factorization and discrete logarithm problems. However, the emergence of quantum computing poses a transformative threat to these cryptographic foundations. The primary threat originates from Shor’s quantum algorithm [6,67], which demonstrated that integer factorization and discrete logarithm problems can be solved in polynomial time on sufficiently powerful quantum computers. Consequently, cryptographic systems based on RSA, ECC, DSA, ECDSA, DH, and ECDH would become fundamentally insecure once large-scale fault-tolerant quantum computers become practical. This threat is particularly critical for autonomous vehicular systems because modern vehicles typically remain operational for 10–20 years, while cryptographic migration itself may require another decade. Therefore, V2X security systems deployed today must already consider future quantum threats. Although large-scale quantum computers capable of breaking RSA and ECC do not yet exist, the “harvest now, decrypt later” attack model introduces an immediate security concern. Adversaries may intercept and store encrypted vehicular communication data today with the intention of decrypting it in the future using quantum computers. This threat is especially severe for long-term sensitive vehicular information, including autonomous driving decisions, vehicular identities, transportation infrastructure coordination, and traffic management records. Table 6 summarizes the impact of quantum computing on mainstream cryptographic algorithms and highlights their implications for secure V2X communications.
In contrast to asymmetric cryptography, symmetric cryptographic algorithms are primarily affected by Grover’s search algorithm, which provides a quadratic rather than exponential speedup. The threat of Grover’s search algorithm [68] to symmetric cryptography is more moderate, reducing the effective security level of a k-bit key to k/2 bits. The countermeasure is straightforward: doubling the symmetric key length and hash output length restores the original security level. For example, AES-128 security is effectively reduced from 128 bits to approximately 64 bits under quantum attacks, while AES-256 remains relatively secure with an effective security level of approximately 128 bits. Mosca’s theorem provides a theoretical framework for cryptographic migration decisions: if x is the data security requirement period, y is the cryptographic migration period, and z is the time until the emergence of a quantum computer, then when x + y > z, the currently deployed cryptography is already at potential risk. For scenarios with a vehicle design and cryptographic migration cycle of 10–15 years, the current x + y ≈ 25 to 35 years; even with a conservative estimate of z ≈ 30 years, the risk window has already been entered. Consequently, increasing symmetric key sizes and hash output lengths remains a practical countermeasure against quantum search attacks.

4.2. Post-Quantum Cryptography for V2X Security

The rapid advancement of quantum computing has accelerated global efforts to standardize cryptographic algorithms capable of resisting quantum-enabled attacks. To address this challenge, the U.S. National Institute of Standards and Technology (NIST) launched the Post-Quantum Cryptography (PQC) Standardization Project in 2016 to identify practical cryptographic algorithms that remain secure against both classical and quantum adversaries. Following multiple rounds of cryptanalysis, performance evaluation, and implementation assessment, NIST selected a number of candidate algorithms for standardization based on their security, efficiency, implementation feasibility, and resistance to known attacks.
Table 7 summarizes the NIST-standardized post-quantum cryptographic algorithms that are most relevant to V2X communication systems. The first generation of standards includes ML-KEM (CRYSTALS-Kyber) under FIPS 203, ML-DSA (CRYSTALS-Dilithium) under FIPS 204, and SLH-DSA (SPHINCS+) under FIPS 205, while FN-DSA (Falcon) is currently under standardization review through the draft FIPS 206 specification. The standardization outcome reflects the growing dominance of lattice-based cryptography due to its favorable balance between security, efficiency, and deployment practicality. The withdrawal of the SIKE isogeny-based cryptosystem following successful cryptanalytic attacks further strengthened confidence in lattice-based approaches as the primary foundation for future quantum-resistant communication systems.
From a V2X perspective, each standardized algorithm exhibits different trade-offs. Kyber [8] provides efficient key establishment with moderate communication overhead, making it a promising candidate for post-quantum Authentication and Key Agreement (AKA) protocols. Dilithium [9] offers strong and implementation-friendly digital signatures but introduces larger signature sizes that may affect bandwidth-constrained vehicular environments. SPHINCS+ [10] provides conservative security guarantees based solely on hash functions but suffers from substantial communication overhead due to its large signatures. Falcon [11] achieves compact signatures and improved bandwidth efficiency; however, its implementation complexity and reliance on floating-point arithmetic present challenges for resource-constrained automotive embedded platforms.
Overall, the NIST PQC standardization initiative provides a practical foundation for the development of quantum-resistant V2X communication systems. Nevertheless, significant challenges remain in adapting these algorithms to the stringent latency, bandwidth, storage, and computational constraints of safety-critical vehicular environments. Consequently, optimizing the deployment of standardized PQC algorithms for real-time V2X authentication and key management remains an important research direction.

4.3. Comparative Analysis of Standardized Post-Quantum Cryptographic Approaches for Secure V2X Communication

The comparative analysis of standardized post-quantum cryptographic approaches as summarized in Table 8 reveals that the transition toward quantum-resistant V2X communication systems represents a fundamental architectural transformation rather than a simple cryptographic algorithm replacement.
Unlike conventional Internet security environments, autonomous vehicular communication systems operate under extremely stringent real-time, bandwidth, reliability, and embedded resource constraints, where cryptographic overhead directly influences physical driving safety. Consequently, the practical applicability of post-quantum cryptography in V2X systems must be evaluated not only from a theoretical security perspective, but also through the multidimensional interaction among communication latency, payload efficiency, computational complexity, hardware feasibility, and vehicular scalability.
Among the standardized post-quantum approaches, lattice-based cryptography [69,70] has clearly emerged as the dominant technological direction for secure autonomous vehicular communication. This dominance is not accidental but results from lattice cryptography providing the most balanced compromise among security rigor, implementation efficiency, and engineering practicality. In contrast to code-based and hash-based approaches, lattice-based schemes offer moderate key sizes, relatively efficient polynomial arithmetic, and strong worst-case to average-case hardness reductions. More importantly, lattice-based cryptography supports advanced functionalities such as Fully Homomorphic Encryption (FHE), Zero-Knowledge Proofs (ZKP), and Attribute-Based Encryption (ABE), which are expected to become increasingly important in future intelligent transportation ecosystems involving cooperative AI, federated learning, and privacy-preserving vehicular analytics.
The comparative analysis of standardized post-quantum cryptographic approaches reveals that the transition toward quantum-resistant V2X communication systems represents a fundamental architectural transformation rather than a simple cryptographic algorithm replacement. Unlike conventional Internet security environments, autonomous vehicular communication systems operate under extremely stringent real-time, bandwidth, reliability, and embedded resource constraints, where cryptographic overhead directly influences physical driving safety. Consequently, the practical applicability of post-quantum cryptography in V2X systems must be evaluated not only from a theoretical security perspective, but also through the multidimensional interaction among communication latency, payload efficiency, computational complexity, hardware feasibility, and vehicular scalability. Falcon partially alleviates this communication bottleneck by significantly reducing signature sizes compared with Dilithium. Nevertheless, Falcon introduces another dimension of engineering complexity through its dependence on floating-point arithmetic and Fast Fourier Sampling operations. Unlike desktop and server-class systems, automotive ECUs and low-power microcontrollers are highly constrained in floating-point computation capability. Many embedded vehicular platforms lack dedicated hardware FPUs, causing Falcon implementations to rely on software-emulated floating-point operations that substantially degrade performance and increase side-channel attack exposure. Consequently, the practical deployment challenge of Falcon is not purely cryptographic but fundamentally hardware architectural in nature. This observation highlights a broader issue within PQC research: many algorithmic performance evaluations conducted on general-purpose computing platforms do not accurately reflect the constraints of real-world automotive embedded systems.
Besides that, the comparative analysis further demonstrates that alternative PQC approaches currently remain less suitable for autonomous vehicular communication systems. Code-based cryptography [71,72], while possessing extremely strong cryptanalytic confidence, introduces prohibitively large public key sizes that directly conflict with bandwidth-sensitive V2X communication environments. Similarly, SPHINCS+ [28,73] achieves highly conservative security guarantees but suffers from excessive signature overhead unsuitable for frequent low-latency vehicular message broadcasting. The complete cryptanalytic failure of Rainbow and SIKE during the NIST evaluation [12,74] process additionally reinforces the importance of long-term cryptographic resilience and highlights the inherent uncertainty associated with emerging post-quantum constructions. These events collectively strengthen the current industrial and academic preference toward lattice-based cryptography for future V2X security infrastructures.
More significantly, the findings reveal that the core challenge of post-quantum V2X security extends beyond cryptographic security itself and increasingly becomes a systems engineering optimization problem. Future vehicular security architectures must simultaneously optimize multiple conflicting objectives, including quantum resistance, authentication latency, communication bandwidth efficiency, memory consumption, energy efficiency, privacy preservation, trust scalability, and interoperability with legacy vehicular PKI infrastructures. The coexistence of these constraints creates a multidimensional optimization space in which improving one security dimension often degrades another. For example, increasing cryptographic security levels generally enlarges signature sizes and computational complexity, while aggressive latency optimization may weaken security robustness or privacy guarantees.
This multidimensional trade-off strongly suggests that future V2X security systems will likely adopt hybrid and adaptive cryptographic architecture rather than relying exclusively on a single post-quantum algorithm. Hybrid ECC-PQC schemes currently represent the most practical transitional approach because they preserve compatibility with existing vehicular PKI ecosystems while gradually introducing quantum-resistant mechanisms. Nevertheless, hybrid architecture also introduces additional complexity involving composite signatures, dual-certificate management, protocol synchronization, and increased trust management overhead. Most importantly, the analysis identifies that substantial future breakthroughs are still required before fully practical post-quantum autonomous vehicular communication can be achieved. Current standardized PQC algorithms were primarily optimized for general-purpose computing environments rather than ultra-low-latency vehicular systems. Therefore, future research directions should focus on lightweight lattice optimization, sparse polynomial arithmetic, Number Theoretic Transform (NTT) acceleration, hardware-assisted cryptography, edge-assisted authentication offloading, and scalable post-quantum trust architectures specifically tailored for vehicular ecosystems. In particular, integrating sparse polynomial techniques with advanced algebraic structures such as bi-cyclic rings may offer promising opportunities to simultaneously reduce computational complexity, communication overhead, and memory consumption while preserving strong quantum-resistant security.
Overall, the comparative findings indicate that post-quantum V2X security remains an open and rapidly evolving research domain where cryptographic theory, embedded system engineering, vehicular networking, and intelligent transportation infrastructures must converge. The ultimate success of post-quantum autonomous vehicular communication will depend not only on achieving theoretical quantum resistance, but on developing lightweight, scalable, interoperable, and safety-aware security architectures capable of operating under the extremely demanding constraints of real-world intelligent transportation systems.

5. Lattice-Based Cryptographic Foundations and Polynomial

Optimization for Secure Post-Quantum V2X Communication

Lattice-based cryptography has emerged as the dominant mathematical foundation for post-quantum Authentication and Key Agreement (AKA) protocols due to its strong worst-case hardness guarantees, efficient algebraic constructions, and practical implementation feasibility under resource-constrained environments. Unlike classical public-key cryptographic systems such as RSA and Elliptic Curve Cryptography (ECC), whose security relies on integer factorization and discrete logarithm problems vulnerable to Shor’s quantum algorithm, lattice-based cryptography derives its security from computationally hard geometric problems defined over high-dimensional Euclidean lattices. These problems are currently believed to remain computationally intractable even in the presence of large-scale quantum computers, making lattice-based cryptography one of the most promising foundations for long-term secure V2X communication systems.
Mathematically, a lattice is a discrete additive subgroup generated by integer linear combinations of linearly independent basis vectors in Rn. The security of modern lattice-based cryptographic schemes is primarily rooted in several hard problems, including the Shortest Vector Problem (SVP), Closest Vector Problem (CVP), Short Integer Solution (SIS), and Learning With Errors (LWE). Among these, LWE and its structured variants have become particularly important due to their strong worst-case to average-case hardness reductions and practical suitability for efficient cryptographic implementations.
The Learning With Errors problem, first formalized by Regev [70], introduces controlled random noise into linear systems over finite fields, making recovery of secret vectors computationally infeasible. One of the most important theoretical properties of LWE is its reduction from worst-case lattice problems, providing substantially stronger security assurance compared with many classical cryptographic assumptions. However, despite its strong theoretical foundation, plain LWE introduces extremely large matrix dimensions, key sizes, and computational complexity, rendering direct deployment impractical for latency-sensitive V2X communication systems.
To address these limitations, structured lattice variants such as Ring-LWE (RLWE) and Module-LWE (MLWE) were introduced to improve computational efficiency while preserving quantum-resistant security. RLWE transforms high-dimensional matrix operations into polynomial arithmetic over algebraic rings, enabling efficient polynomial multiplication through Number Theoretic Transform (NTT)-based acceleration. This optimization reduces multiplication complexity from quadratic complexity, O(n2), to quasi-linear complexity, O(n log n), thereby improving computational efficiency by one to two orders of magnitude under practical parameter settings. Consequently, RLWE-based schemes substantially reduce communication overhead, memory consumption, and execution latency, making them significantly more suitable for embedded vehicular systems.
Module-LWE (MLWE) further extends this optimization framework by balancing the strong security properties of plain LWE with the computational efficiency of RLWE. Instead of relying on a single polynomial ring, MLWE introduces module structures that preserve stronger non-commutative security characteristics while maintaining efficient polynomial arithmetic. This balance between security rigor and implementation practicality explains why NIST-standardized algorithms such as CRYSTALS-Kyber and CRYSTALS-Dilithium are both fundamentally based on MLWE-related constructions. For autonomous vehicular communication systems, MLWE currently represents one of the most practical post-quantum cryptographic foundations due to its moderate key sizes, relatively efficient computation, and scalability under resource-constrained embedded platforms.
Efficient polynomial multiplication remains one of the most critical computational bottlenecks in lattice-based cryptography. To overcome this limitation, modern post-quantum cryptographic schemes extensively employ the Number Theoretic Transform (NTT), which functions as the finite-field analogue of the Fast Fourier Transform (FFT). NTT transforms polynomial convolution operations into element-wise multiplication in the transform domain, dramatically improving arithmetic efficiency. The cyclotomic polynomial ring, Rq = Zq[x]/(xn + 1), is widely adopted in lattice-based cryptographic systems because it enables efficient modular polynomial factorization and highly optimized NTT implementation.
For V2X communication systems, NTT acceleration is particularly important because authentication latency directly influences traffic safety and vehicular responsiveness. Recent optimization studies demonstrate that highly optimized NTT implementations on ARM Cortex-M4 microcontrollers can reduce Kyber key generation latency to below 1 ms, significantly improving the practicality of post-quantum cryptography for real-time vehicular communication environments. Hardware-assisted acceleration using AVX2 vectorization, pipelined polynomial arithmetic, and optimized modular reduction further demonstrates that lattice-based cryptography can approach the performance requirements of embedded autonomous vehicular systems.
Nevertheless, NTT optimization introduces several engineering challenges involving cache scheduling, memory access patterns, side-channel resistance, modular reduction efficiency, and implementation portability across heterogeneous automotive hardware architectures. These challenges become even more severe under low-power vehicular ECUs where memory resources, computational throughput, and energy budgets remain highly constrained. Consequently, lightweight NTT optimization and efficient polynomial arithmetic remain active research areas in the development of practical post-quantum AKA protocols for autonomous vehicular communication systems.
Overall, the evolution from plain LWE toward structured RLWE and MLWE architectures, combined with NTT-based polynomial acceleration, represents a critical transition from theoretical post-quantum security toward practical cryptographic deployment in intelligent transportation systems. The combination of strong quantum-resistant security guarantees, efficient polynomial arithmetic, and embedded implementation feasibility positions lattice-based cryptography as the dominant foundation for next-generation secure V2X communication infrastructures. However, achieving fully practical post-quantum vehicular authentication still requires further breakthroughs in lightweight lattice optimization, sparse polynomial arithmetic, hardware-assisted acceleration, and scalable low-latency trust management architectures specifically tailored for autonomous vehicular ecosystems. Table 9 compares representative lattice-based cryptographic techniques and NTRU variants proposed for post-quantum V2X authentication and key agreement protocols, highlighting their security features, performance characteristics, and application suitability.

6. Practical Deployment Challenges and Performance Trade-Offs of Post-Quantum V2X Authentication Protocols

6.1. Signature Size Constraints in V2X Communication Systems

One of the most critical deployment challenges of post-quantum Authentication and Key Agreement (AKA) protocols in autonomous vehicular communication systems is the substantial increase in digital signature and ciphertext sizes compared with classical cryptographic schemes. Unlike conventional Internet environments where moderate communication overhead may be tolerable, V2X communication systems operate under highly constrained wireless bandwidth and strict real-time latency requirements. Consequently, even moderate increases in cryptographic payload size may significantly affect communication reliability, channel congestion, packet fragmentation, and safety-critical message delivery performance. Current Dedicated Short-Range Communications (DSRC)-based vehicular communication systems are built upon the IEEE 802.11p/WAVE protocol stack, which provides an effective payload limit of approximately 2304 bytes per frame. Under classical cryptography, this payload limitation does not pose a significant challenge because ECDSA-P256 signatures require only 64 bytes, occupying less than 3% of the available DSRC payload. However, the transition toward post-quantum cryptography fundamentally changes this communication efficiency model.
As shown in Table 10, several NIST-standardized post-quantum signature schemes substantially exceed the DSRC payload limitation [9,11]. For example, ML-DSA-44 signatures already exceed the DSRC payload capacity by approximately 5%, while ML-DSA-65 and ML-DSA-87 exceed the limit by approximately 43% and 99%, respectively. Such oversized signatures introduce mandatory packet fragmentation, which significantly increases communication latency, packet loss probability, retransmission overhead, and synchronization complexity in dense vehicular environments.
Among the evaluated algorithms, Falcon (FN-DSA) demonstrates the best communication efficiency due to its compact signature sizes. Both FN-DSA-512 and FN-DSA-1024 can be transmitted within a single DSRC or C-V2X frame, making them significantly more suitable for latency-sensitive vehicular broadcasting scenarios. However, Falcon introduces substantial implementation complexity due to its reliance on floating-point arithmetic and Fast Fourier Sampling operations, which remain difficult to deploy efficiently on resource-constrained automotive ECUs. The payload constraint challenge becomes even more severe in C-V2X sidelink communication environments. Under the C-V2X PC5 interface, the Maximum Transmission Unit (MTU) is typically around 1400 bytes. Consequently, ML-DSA-65 and ML-DSA-87 signatures require transmission across multiple IP packets, further increasing fragmentation overhead and communication delay. These findings demonstrate that signature size optimization remains one of the most important open challenges for practical post-quantum V2X authentication systems.

6.2. Computational Overhead and Latency Constraints in Post-Quantum V2X Communication Systems

Beyond communication payload limitations, computational overhead represents another major barrier to the deployment of post-quantum V2X authentication protocols. Autonomous vehicular communication systems impose extremely strict real-time requirements because authentication latency directly influences driving safety, collision avoidance capability, and cooperative vehicular decision-making. Safety-critical V2X applications typically require end-to-end authentication and message verification latency below 20 ms, while some ultra-reliable low-latency communication (URLLC) scenarios target sub-10 ms or even sub-5 ms latency. Under these constraints, even modest increases in cryptographic execution time may become operationally unacceptable.
Table 11 summarizes the performance of representative post-quantum Key Encapsulation Mechanisms (KEMs) on ARM Cortex-M4 embedded platforms commonly used in automotive and IoT environments [19,75]. The results indicate that Kyber-768 currently represents the most practical post-quantum KEM for real-time vehicular communication systems. Its total execution latency of approximately 2.7 ms is only marginally slower than classical ECDH-P256 while still providing Level-3 post-quantum security. This performance explains why Kyber has become the preferred NIST-standardized post-quantum KEM for practical deployment scenarios. In contrast, FrodoKEM exhibits extremely high computational overhead, with total execution latency approaching 100 ms, substantially exceeding the real-time latency tolerance of most V2X applications. Although FrodoKEM provides stronger conservative security assumptions due to its unstructured LWE construction, its computational and memory overhead render it impractical for embedded autonomous vehicular systems.
NTRU-based schemes demonstrate an interesting intermediate trade-off. Although NTRU-HRSS and NTRU-HPS exhibit higher key generation latency than Kyber, their encapsulation and decapsulation operations remain relatively efficient. Furthermore, when precomputed key strategies are employed, online encapsulation latency may become lower than Kyber, making NTRU-based architectures highly promising for latency-sensitive V2X authentication environments. To further contextualize post-quantum performance overhead, Table 12 compares representative PQC KEM algorithms with classical ECDH-P256. The comparison reveals that Kyber is currently the only standardized PQC KEM whose performance approaches that of classical ECDH under embedded deployment conditions. Nevertheless, even Kyber introduces additional computational overhead that may become significant in high-density vehicular communication scenarios involving large-scale authentication operations. Digital signature generation and verification further exacerbate this computational challenge. On ARM Cortex-M4 platforms, Dilithium signature generation may require approximately 4.5 ms, while Falcon signature generation varies substantially depending on hardware floating-point support. Without dedicated FPU acceleration, Falcon signature generation latency may increase beyond 15 ms, approaching or exceeding the safety-critical latency threshold of autonomous vehicular systems.

6.3. Storage and Embedded Resource Constraints

In addition to communication and computational challenges, storage and memory consumption represent major deployment barriers for post-quantum V2X authentication protocols. Unlike traditional server-class environments, vehicular onboard units (OBUs) and automotive ECUs operate under highly constrained memory budgets, often limited to only a few hundred kilobytes of RAM. Table 13 summarizes the storage requirements of representative post-quantum KEM algorithms. The analysis reveals that Kyber and NTRU-based schemes introduce relatively manageable storage overhead under typical automotive embedded environments. In contrast, FrodoKEM consumes more than 60 kB of total storage, making it highly impractical for low-power vehicular onboard units with limited RAM capacity.
The storage challenge becomes even more severe when considering full vehicular PKI ecosystems. Post-quantum certificates, certificate chains, revocation lists, and trust anchors significantly increase memory requirements compared with classical ECC-based PKI infrastructures. For example, replacing ECDSA certificates with ML-DSA certificates may increase certificate sizes from approximately 64 bytes to several kilobytes. Under large-scale vehicular deployments, cumulative certificate chain storage may easily exceed tens of kilobytes per vehicle, substantially increasing OBU memory pressure. Consequently, future post-quantum V2X systems will likely require advanced optimization mechanisms including hierarchical certificate architectures, certificate compression, lightweight trust delegation, and edge-assisted cryptographic offloading.

6.4. Comprehensive Trade-Off Analysis and Research Implications

The comprehensive evaluation of post-quantum cryptographic algorithms for V2X authentication systems reveals that practical deployment feasibility is governed by a complex multidimensional trade-off among signature size, computational latency, storage overhead, embedded implementation complexity, and quantum-resistant security strength. Unlike conventional Internet security environments, autonomous vehicular communication systems impose strict safety-critical timing constraints, where cryptographic overhead directly influences vehicular responsiveness, collision avoidance capability, and overall transportation safety. Consequently, evaluating post-quantum Authentication and Key Agreement (AKA) protocols for V2X systems requires balancing not only cryptographic security but also real-time operational feasibility under highly resource-constrained embedded environments. The analysis illustrated in Table 14 demonstrates that existing standardized post-quantum algorithms exhibit fundamentally different optimization priorities across multiple performance dimensions.
Falcon (FN-DSA) achieves the most favorable communication efficiency due to its compact signature sizes, making it highly attractive for DSRC- and C-V2X-based vehicular communication systems where payload fragmentation significantly affects latency and packet reliability. However, Falcon simultaneously exhibits the highest implementation complexity because of its dependence on floating-point arithmetic and Fast Fourier Sampling operations. In automotive ECUs lacking dedicated hardware floating-point acceleration, Falcon execution latency may increase substantially, thereby reducing its practical suitability for low-power vehicular platforms. In contrast, CRYSTALS-Dilithium (ML-DSA) provides stronger implementation simplicity, deterministic arithmetic operations, and improved side-channel resistance. These characteristics make Dilithium significantly easier to implement securely on embedded vehicular systems. Nevertheless, its extremely large signature sizes create severe communication overhead under DSRC and C-V2X payload constraints. Higher-security Dilithium parameter sets often require fragmentation across multiple packets, introducing increased transmission delay, retransmission probability, channel congestion, and synchronization complexity in dense vehicular environments.
Kyber (ML-KEM) currently represents the most balanced post-quantum Key Encapsulation Mechanism for practical V2X deployment. Experimental evaluations on ARM Cortex-M4 platforms demonstrate that Kyber-768 achieves total execution latency of approximately 2.7 ms, which remains relatively close to classical ECDH-P256 performance while still providing strong Level-3 post-quantum security. This relatively efficient execution profile positions Kyber as one of the few standardized PQC algorithms capable of approaching the stringent real-time constraints required in autonomous vehicular communication systems. NTRU-based cryptographic schemes further demonstrate promising characteristics for lightweight post-quantum vehicular security due to their efficient polynomial arithmetic, compact ciphertext structures, and relatively moderate storage overhead. In particular, optimized sparse polynomial NTRU variants appear highly suitable for resource-constrained automotive ECUs. However, current NTRU implementations still face challenges involving parameter optimization, standardization maturity, side-channel resistance, and large-scale interoperability within future vehicular PKI ecosystems.
The analysis additionally reveals that code-based and hash-based cryptographic approaches currently remain unsuitable for real-time vehicular authentication scenarios. FrodoKEM introduces extremely high computational and storage overhead due to its unstructured LWE construction, while SPHINCS+ suffers from excessively large signatures that fundamentally conflict with bandwidth-sensitive vehicular communication requirements. Although these schemes provide strong conservative security guarantees, their practical deployment feasibility in latency-sensitive autonomous driving systems remains highly limited. More importantly, the findings demonstrate that no existing post-quantum cryptographic algorithm simultaneously satisfies the three critical constraints of next-generation V2X security systems: (i) strong post-quantum security; (ii) ultra-low safety-critical latency; and (iii) lightweight embedded resource consumption. This “triple-constraint problem” fundamentally distinguishes post-quantum V2X security from conventional Internet cryptography. Improving one performance dimension often degrades another. For example, increasing cryptographic security levels generally enlarges signature sizes and computational overhead, whereas aggressive latency optimization may weaken implementation robustness or long-term security margins.
Consequently, future autonomous vehicular communication systems will likely adopt hybrid and adaptive cryptographic architectures rather than relying on a single standalone PQC algorithm. Hybrid ECC-PQC authentication mechanisms currently represent the most practical transitional solution because they preserve compatibility with existing vehicular PKI infrastructures while gradually introducing quantum-resistant security mechanisms. Under such architectures, classical ECC may continue supporting ultra-low-latency safety broadcasting, whereas post-quantum mechanisms provide long-term cryptographic protection for session establishment, certificate management, and infrastructure-level authentication. Our findings further indicate that future research should increasingly focus on lightweight lattice optimization techniques specifically designed for vehicular communication environments. Promising research directions include sparse polynomial arithmetic, hardware-assisted NTT acceleration, bi-cyclic NTRU structures, edge-assisted authentication offloading, adaptive cryptographic agility frameworks, and scalable post-quantum vehicular PKI architectures. In particular, integrating sparse polynomial optimization with advanced algebraic structures may significantly reduce computational complexity, storage overhead, and communication payload size while preserving strong post-quantum security guarantees. Overall, the analysis strongly suggests that the future success of post-quantum V2X authentication systems will depend not solely on theoretical quantum resistance, but on achieving an effective multidisciplinary balance among cryptographic security, real-time communication efficiency, embedded hardware feasibility, and large-scale intelligent transportation system scalability.

7. Conclusions and Future Research Directions

The evolution of autonomous vehicular technologies and intelligent transportation systems has significantly increased the importance of secure, reliable, and ultra-low-latency Vehicle-to-Everything (V2X) communication. However, the emergence of quantum computing fundamentally threatens the security foundations of existing vehicular communication infrastructures. Current V2X Authentication and Key Agreement (AKA) protocols predominantly rely on classical public-key cryptographic mechanisms such as RSA, ECC, ECDH, and ECDSA, all of which become vulnerable in the presence of sufficiently powerful quantum computers due to Shor’s algorithm. Consequently, the migration toward post-quantum cryptography (PQC) is no longer optional but essential for ensuring the long-term security, privacy, and operational sustainability of autonomous vehicular communication systems. This survey has presented a comprehensive review of post-quantum Authentication and Key Agreement protocols for secure V2X communication in autonomous driving environments. The survey systematically examined V2X communication architectures, security requirements, classical and post-quantum AKA protocols, the NIST PQC standardization process, lattice-based cryptographic foundations, NTRU optimization techniques, and the practical deployment challenges associated with post-quantum authentication in real-time vehicular systems. Through extensive comparative analysis of representative V2X authentication schemes and standardized PQC algorithms, the study identified the fundamental trade-offs among quantum-resistant security, authentication latency, communication payload efficiency, computational complexity, and embedded implementation feasibility.
Our findings reveal that lattice-based cryptography has emerged as the dominant technological foundation for practical post-quantum V2X security architectures. In particular, MLWE- and RLWE-based constructions such as Kyber and Dilithium currently provide the most balanced compromise between cryptographic security and implementation practicality. Kyber demonstrates relatively efficient execution latency and moderate communication overhead, making it the most deployment-ready post-quantum Key Encapsulation Mechanism for vehicular communication systems. Falcon achieves excellent bandwidth efficiency through compact signatures, whereas Dilithium offers stronger implementation simplicity and side-channel resilience. Nevertheless, despite significant progress in PQC standardization, current post-quantum algorithms still exhibit substantial limitations when deployed under the stringent latency and resource constraints of autonomous vehicular environments.
More importantly, this survey demonstrates that no existing post-quantum cryptographic algorithm simultaneously satisfies the three critical requirements of next-generation V2X communication systems: strong post-quantum security, safety-critical ultra-low latency, and lightweight embedded resource consumption. This “triple-constraint problem” represents the core challenge of practical post-quantum V2X authentication. ECC-based schemes remain highly efficient and deployment-mature but fundamentally fail to provide long-term quantum resistance. Conversely, post-quantum schemes offer strong security guarantees but introduce significantly larger signatures, increased computational overhead, higher memory consumption, packet fragmentation, and embedded implementation complexity. The survey further reveals that communication payload efficiency has become one of the most significant bottlenecks in PQC-based V2X authentication systems. Signature schemes such as Dilithium and SPHINCS+ frequently exceed DSRC and C-V2X payload limitations, causing fragmentation and retransmission overhead that directly affect communication reliability and vehicular responsiveness. Furthermore, embedded deployment feasibility remains a major engineering challenge, particularly for algorithms requiring floating-point arithmetic, large memory footprints, or computationally intensive polynomial operations.
Based on the findings of this survey, several important future research directions have been identified below:
i. 
Hybrid Cryptographic Architectures for Transitional V2X Security
Future autonomous vehicular communication systems are expected to adopt hybrid cryptographic frameworks that combine classical ECC-based mechanisms with post-quantum cryptography (PQC). Hybrid architectures provide backward compatibility with existing vehicular PKI infrastructures while gradually introducing quantum-resistant security. Such approaches allow real-time safety messages to continue using lightweight classical cryptography while PQC mechanisms protect long-term session establishment, certificate management, and infrastructure-level authentication.
ii. 
Lightweight Post-Quantum Authentication Protocols
Existing standardized PQC algorithms were primarily designed for general-purpose computing systems rather than highly resource-constrained vehicular environments. Future research should focus on designing ultra-lightweight post-quantum Authentication and Key Agreement (AKA) protocols with reduced computational complexity, smaller signatures, and lower communication overhead suitable for real-time V2X communication.
iii. 
Hardware-Assisted PQC Acceleration for Vehicular ECUs
The computational overhead of post-quantum cryptography remains a major challenge for low-power automotive ECUs. Future vehicular processors may require dedicated cryptographic accelerators supporting NTT operations, modular arithmetic, polynomial multiplication, and lattice-based computations. Hardware-assisted PQC acceleration will be essential for achieving real-time authentication in autonomous driving environments.
iv. 
Efficient NTT and Polynomial Multiplication Optimization
Number Theoretic Transform (NTT) operations dominate the computational cost of many lattice-based cryptographic algorithms. Future research should investigate lightweight NTT scheduling, pipelined modular reduction, cache-aware polynomial multiplication, and low-memory arithmetic optimization techniques to improve embedded deployment feasibility for V2X systems.
v. 
Adaptive Cryptographic Agility Frameworks
Future intelligent transportation systems will require dynamic cryptographic agility capable of switching among multiple cryptographic primitives according to latency requirements, hardware capabilities, communication conditions, and security levels. Adaptive frameworks will enable vehicles to optimize security-performance trade-offs in real time under heterogeneous vehicular environments.
vi. 
Lightweight Post-Quantum Vehicular PKI Architectures
Existing vehicular PKI ecosystems were designed around compact ECC certificates and signatures. The larger certificate sizes introduced by PQC schemes create scalability and storage challenges. Future research should focus on hierarchical certificate architectures, certificate compression mechanisms, lightweight revocation systems, and edge-assisted trust management frameworks optimized for post-quantum vehicular networks.
vii. 
Edge-Assisted and Cloud-Assisted Authentication Offloading
To reduce computational burden on vehicular onboard units (OBUs), future V2X systems may increasingly leverage roadside edge servers and cloud infrastructures for partial authentication processing and cryptographic computation offloading. Efficient edge-assisted PQC frameworks could significantly reduce authentication latency and energy consumption under resource-constrained vehicular environments.
viii. 
Privacy-Preserving Post-Quantum Authentication
Future V2X communication systems must simultaneously support quantum-resistant security and user privacy preservation. Research should focus on integrating post-quantum pseudonym systems, ring signatures, group signatures, and anonymous authentication frameworks capable of providing anonymity, unlinkability, and conditional privacy preservation under quantum-resistant security assumptions.
ix. 
Secure Integration with 5G/6G and Edge Intelligence
Emerging 5G/6G-enabled V2X systems will integrate edge intelligence, network slicing, AI-assisted traffic management, and cooperative autonomous driving. Future PQC-based V2X authentication frameworks must support seamless integration with next-generation communication infrastructures while preserving ultra-low latency and large-scale scalability.
x. 
Side-Channel Resistant PQC Implementations
Many lattice-based cryptographic algorithms remain vulnerable to timing attacks, power analysis, cache leakage, and fault injection attacks during embedded implementation. Future research should prioritize constant-time arithmetic, masking techniques, secure sampling mechanisms, and side-channel-resistant hardware implementations suitable for automotive ECUs.
xi. 
Real-World Experimental Validation and Vehicular Testbeds
Most existing PQC-V2X studies rely heavily on simulations and theoretical benchmarking. Future work should involve hardware-in-the-loop testing, vehicular field experiments, real-world DSRC/C-V2X deployment evaluation, and large-scale intelligent transportation testbeds to validate the practicality of post-quantum authentication systems under realistic traffic conditions.
xii. 
AI-Assisted Cryptographic Optimization for V2X Systems
Artificial intelligence and machine learning may play an important role in future cryptographic optimization. AI-assisted approaches could dynamically optimize cryptographic parameter selection, authentication scheduling, edge offloading decisions, and communication resource allocation based on vehicular mobility patterns and network congestion conditions.
xiii. 
Standardization and Interoperability Frameworks for PQC-V2X
Although NIST has standardized several PQC algorithms, standardized frameworks specifically targeting vehicular communication systems remain immature. Future research should support the development of interoperable PQC-V2X standards, secure migration guidelines, protocol compatibility frameworks, and industry-level deployment architectures for intelligent transportation systems.
Figure 3 presents a taxonomy of the major challenges and future research directions for post-quantum Authentication and Key Agreement (AKA) protocols in V2X communication systems. The identified challenges are categorized into four key dimensions, namely security and privacy challenges, performance and resource constraints, deployment and interoperability issues, and V2X-specific environmental challenges. Based on these challenges, several promising research directions are highlighted, including lightweight post-quantum cryptographic schemes, hybrid classical–post-quantum authentication frameworks, hardware-accelerated implementations, edge-assisted authentication architectures, AI-driven trust management, and scalable cross-domain security mechanisms for next-generation autonomous vehicular networks.
While practical deployment validation remains insufficiently explored in the current literature, most existing studies rely heavily on theoretical analysis and simulation-based evaluations, while real-world vehicular experiments, hardware-in-the-loop testing, and large-scale intelligent transportation testbeds remain limited. Future work should therefore emphasize realistic deployment validation under actual vehicular communication environments to ensure the scalability, interoperability, robustness, and practicality of post-quantum authentication protocols. In conclusion, the transition toward quantum-resistant V2X communication represents one of the most significant security transformations in the evolution of autonomous vehicular systems. Although substantial progress has been achieved in post-quantum cryptography standardization and lattice-based optimization, considerable research and engineering challenges remain before fully practical post-quantum autonomous vehicular communication can be realized. The future success of PQC-based V2X authentication systems will ultimately depend on the ability to achieve an effective multidisciplinary balance among cryptographic security, real-time communication efficiency, embedded implementation feasibility, scalability, and intelligent transportation system interoperability.

Author Contributions

Conceptualization, S.F.T. and W.W.; methodology, S.F.T. and W.W.; validation, S.F.T. and W.W.; investigation, W.W.; writing—original draft preparation, W.W.; writing—review and editing, S.F.T.; supervision, S.F.T.; project administration, S.F.T.; funding acquisition, W.W. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

The data presented in this study are available on request from the corresponding author. The data are not publicly available due to confidentiality restrictions and because they involve proprietary research information of the authors’ research group.

Acknowledgments

The authors gratefully acknowledge the reviewers for their insightful comments and constructive suggestions, which have significantly improved the quality of this work.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Masood, A.; Lakew, D.S.; Cho, S. Security and Privacy Challenges in Connected Vehicular Cloud Computing. IEEE Commun. Surv. Tutor. 2020, 22, 2725–2764. [Google Scholar] [CrossRef]
  2. Wang, W.; Tan, S.F. Quantum Resistant Authentication and Key Agreement Protocol (AKA) for Autonomous Vehichle. In Proceedings of the 2025 5th International Conference on Neural Networks, Information and Communication Engineering (NNICE), Guangzhou, China, 10–12 January 2025; pp. 1011–1016. [Google Scholar] [CrossRef]
  3. Sivanantham, T.; Sethuraman, S.C. Securing Vehicle-to-Everything (V2X) Communication: Challenges, Mechanisms, and Future Directions. Wirel. Pers. Commun. 2026, 146, 537–643. [Google Scholar] [CrossRef]
  4. Dai, Y.; Wang, Q.; Song, X.; Wang, S. A Lightweight Key Agreement Protocol for V2X Communications Based on Kyber and Saber. Sensors 2025, 25, 6938. [Google Scholar] [CrossRef] [PubMed]
  5. Okafor, C.I.; Ahakonye, L.A.C.; Kim, D.-S.; Lee, J.M. ConfidSPEC-V2X: A Quantum-Blockchain Intelligence for Mitigating Confidentiality Threats in Vehicle-to-Everything Networks. IEEE Internet Things J. Early Access 2026. [Google Scholar] [CrossRef]
  6. Shor, P.W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 1997, 26, 1484–1509. [Google Scholar] [CrossRef]
  7. Kishi, K.; Yamaguchi, J.; Izu, T.; Kunihiro, N. Simulation of Shor Algorithm for Discrete Logarithm Problems with Comprehensive Pairs of Modulo p and Order q. IEEE Trans. Quantum Eng. 2025, 6, 2100512. [Google Scholar] [CrossRef]
  8. FIPS 203; Module-Lattice-Based Key-Encapsulation Mechanism Standard. U.S. Department of Commerce: Washington, DC, USA, 2024. [CrossRef]
  9. FIPS 204; Module-Lattice-Based Digital Signature Standard. U.S. Department of Commerce: Washington, DC, USA, 2024. [CrossRef]
  10. FIPS 205; Stateless Hash-Based Digital Signature Standard. U.S. Department of Commerce: Washington, DC, USA, 2024. [CrossRef]
  11. FIPS 206; Initial Public Draft: FN-DSA Digital Signature Algorithm. U.S. Department of Commerce: Washington, DC, USA, 2025. [CrossRef]
  12. Alagic, G.; Alperin-Sheriff, J.; Apon, D.; Cooper, D.; Dang, Q.; Kelsey, J.; Liu, Y.-K.; Miller, C.; Moody, D.; Peralta, R.; et al. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process; NISTIR; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2022; p. 8413. [CrossRef]
  13. Truong, D.; Nguyen, H.; Tan Nguyen, T.; Lee, H. NIST Post-Quantum Cryptography Standards: A Comprehensive Review of Theoretical Foundations and Implementations. IEEE Access 2026, 14, 14069–14097. [Google Scholar] [CrossRef]
  14. Jemihin, Z.B.; Tan, S.F.; Chung, G.-C. Attribute-Based Encryption in Securing Big Data from Post-Quantum Perspective: A Survey. Cryptography 2022, 6, 40. [Google Scholar] [CrossRef]
  15. Nathoul, H.; Dutt, N.; Ray, S.; Regazzoni, F.; Banerjee, I.; Camurati, G. Post-quantum lattice-based cryptography implementations: A survey. ACM Comput. Surv. 2019, 51, 129. [Google Scholar]
  16. NIST IR 8545; Post-Quantum Cryptography Standardization: Fourth Round Status. U.S. Department of Commerce: Washington, DC, USA, 2023.
  17. Yoshizawa, K.; Shinkuma, R.; Takahashi, T. Survey of vehicle-to-everything communication security. ACM Comput. Surv. 2023, 56, 81. [Google Scholar] [CrossRef]
  18. Dai, Y.; Wang, S. ESPMD: Efficient sparse polynomial multiplication for NTRU-based post-quantum cryptography. arXiv 2024, arXiv:2404.12675. [Google Scholar] [CrossRef]
  19. Kannwischer, M.J.; Rijneveld, J.; Schwabe, P.; Stoffelen, K. pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4. In Proceedings of the Second NIST Post-Quantum Cryptography Standardization Conference, Santa Barbara, CA, USA, 22–24 August 2019; Available online: https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/kannwischer-pqm4.pdf (accessed on 10 January 2026).
  20. Bienstock, A.; de Castro, L.; Escudero, D.; Polychroniadou, A.; Takahashi, A. Quorus: Efficient, Scalable Threshold ML-DSA Signatures from MPC. Cryptology ePrint Archive 2025, Paper 2025/1163. Available online: https://eprint.iacr.org/2025/1163 (accessed on 10 January 2026).
  21. Tashtoush, Y.; Darweesh, D.; Karajeh, O.; Darwish, O.; Maabreh, M.; Swedat, S.; Tashtoush, Y.; Koraysh, R.; Almousa, O.; Alsaedi, N. Survey on Authentication and Security Protocols and Schemes over 5G Networks. Int. J. Distrib. Sens. Netw. 2022, 18, 15501329221126609. [Google Scholar] [CrossRef]
  22. Hasan, M.K.; Weichen, Z.; Safie, N.; Ahmed, F.R.A.; Ghazal, T.M. A Survey on Key Agreement and Authentication Protocol for Internet of Things Application. IEEE Access 2024, 12, 61642–61666. [Google Scholar] [CrossRef]
  23. Turnip, T.N.; Andersen, B.; Vargas-Rosales, C. Toward 6G Authentication and Key Agreement Protocol: A Survey on Hybrid Post-Quantum Cryptography. IEEE Commun. Surv. Tutor. 2025, 28, 3311–3345. [Google Scholar] [CrossRef]
  24. Hitayezu, A.; Wang, J.-T.; Chia, T.C. From 2G to 6G: A Comprehensive Survey on the Evolution and Enhancement of AKA Protocols for Next-Generation Wireless Networks. ICT Express 2026, in press. [Google Scholar] [CrossRef]
  25. Bos, J.; Ducas, L.; Kiltz, E.; Lepoint, T.; Lyubashevsky, V.; Schanck, J.M.; Schwabe, P.; Seiler, G.; Stehlé, D. CRYSTALS-Kyber: A CCA-Secure Module-Lattice-Based KEM. In Proceedings of the 2018 IEEE European Symposium on Security and Privacy (EuroS&P), London, UK, 24–26 April 2018; pp. 353–367. [Google Scholar] [CrossRef]
  26. Ducas, L.; Kiltz, E.; Lepoint, T.; Lyubashevsky, V.; Schwabe, P.; Seiler, G.; Stehlé, D. CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 2018, 238–268. [Google Scholar] [CrossRef]
  27. Fouque, P.-A.; Kirchner, P.; Tibouchi, M.; Wallet, G. Falcon: Fast-Fourier Lattice-Based Compact Signatures over NTRU. In Proceedings of the NIST Post-Quantum Cryptography Standardization Conference, Fort Lauderdale, FL, USA, 11–13 April 2018; Available online: https://falcon-sign.info/falcon.pdf (accessed on 5 February 2026).
  28. Bernstein, D.J.; Hülsing, A.; Kölbl, S.; Niederhagen, R.; Rijneveld, J.; Schwabe, P. SPHINCS+: Submission to the NIST Post-Quantum Project. NIST PQC Standardization Project. 2017. Available online: https://sphincs.org/data/sphincs+-round2-specification.pdf (accessed on 5 February 2026).
  29. Hoffstein, J.; Pipher, J.; Silverman, J.H. NTRU: A Ring-Based Public Key Cryptosystem. In Algorithmic Number Theory Symposium (ANTS III); Springer: Berlin/Heidelberg, Germany, 1998; pp. 267–288. [Google Scholar] [CrossRef]
  30. Lozano Domínguez, J.M.; Mateo Sanguino, T.J. Review on V2X, I2X, and P2X Communications and Their Applications: A Comprehensive Analysis over Time. Sensors 2019, 19, 2756. [Google Scholar] [CrossRef]
  31. Kumar, G.; Mikkili, S. Critical Review of Vehicle-to-Everything (V2X) Topologies: Communication, Power Flow Characteristics, Challenges, and Opportunities. CPSS Trans. Power Electron. Appl. 2024, 9, 10–26. [Google Scholar] [CrossRef]
  32. Serôdio, C.; Cunha, J.; Candela, G.; Rodriguez, S.; Sousa, X.R.; Branco, F. The 6G Ecosystem as Support for IoE and Private Networks: Vision, Requirements, and Challenges. Future Internet 2023, 15, 348. [Google Scholar] [CrossRef]
  33. Pawar, V.; Zade, N.; Vora, D.; Khairnar, V.; Oliveira, A.; Kotecha, K.; Kulkarni, A. Intelligent Transportation System with 5G Vehicle-to-Everything (V2X): Architectures, Vehicular Use Cases, Emergency Vehicles, Current Challenges, and Future Directions. IEEE Access 2024, 12, 183937–183960. [Google Scholar] [CrossRef]
  34. Abdel Hakeem, S.A.; Hady, A.A.; Kim, H. 5G-V2X: Standardization, Architecture, Use Cases, Network-Slicing, and Edge-Computing. Wirel. Netw. 2020, 26, 6015–6041. [Google Scholar] [CrossRef]
  35. Liu, K.; Xu, X.; Chen, M.; Liu, B.; Wu, L.; Lee, V.C.S. A Hierarchical Architecture for the Future Internet of Vehicles. IEEE Commun. Mag. 2019, 57, 41–47. [Google Scholar] [CrossRef]
  36. Juárez, R.; Rodríguez-Sela, F. An Edge–Mesh–Cloud Telemetry Architecture for High-Mobility Environments: Low-Latency V2V Hazard Dissemination in Competitive Motorcycling. Telecom 2026, 7, 47. [Google Scholar] [CrossRef]
  37. Alabdouli, H.; Hassan, M.S.; Abdelfatah, A. Enhancing Route Guidance with Integrated V2X Communication and Transportation Systems: A Review. Smart Cities 2025, 8, 24. [Google Scholar] [CrossRef]
  38. Rosique, F.; Navarro, P.J.; Fernández, C.; Padilla, A. A Systematic Review of Perception System and Simulators for Autonomous Vehicles Research. Sensors 2019, 19, 648. [Google Scholar] [CrossRef]
  39. Ahangar, M.N.; Ahmed, Q.Z.; Khan, F.A.; Hafeez, M. A Survey of Autonomous Vehicles: Enabling Communication Technologies and Challenges. Sensors 2021, 21, 706. [Google Scholar] [CrossRef]
  40. Raza, S.; Wang, S.; Ahmed, M.; Anwar, M.R. A Survey on Vehicular Edge Computing: Architecture, Applications, Technical Issues, and Future Directions. Wirel. Commun. Mob. Comput. 2019, 2019, 3159762. [Google Scholar] [CrossRef]
  41. Huang, X.; Yu, R.; Pan, M.; Shu, L. Secure Roadside Unit Hotspot Against Eavesdropping Based Traffic Analysis in Edge Computing Based Internet of Vehicles. IEEE Access 2018, 6, 62371–62383. [Google Scholar] [CrossRef]
  42. Mendiboure, L.; Chalouf, M.A.; Krief, F. Edge Computing Based Applications in Vehicular Environments: Comparative Study and Main Issues. J. Comput. Sci. Technol. 2019, 34, 869–886. [Google Scholar] [CrossRef]
  43. Chen, C.; Li, Y.; Wang, Q.; Yang, X.; Wang, X.; Yang, L.T. An Intelligent Edge-Cloud Collaborative Framework for Communication Security in Distributed Cyber-Physical Systems. IEEE Netw. 2024, 38, 172–179. [Google Scholar] [CrossRef]
  44. Ali, B.; Gregory, M.A.; Li, S. Multi-Access Edge Computing Architecture, Data Security and Privacy: A Review. IEEE Access 2021, 9, 18706–18721. [Google Scholar] [CrossRef]
  45. Muriithi, G.; Papari, B.; Arsalan, A.; Timilsina, L.; Muriithi, A.; Buraimoh, E.; Khan, A.; Ozkan, G.; Edrington, C.; Papari, A. Zero Trust Architecture for Electric Transportation Systems: A Systematic Survey and Deep Learning Framework for Replay Attack Detection. IEEE Open J. Veh. Technol. 2025, 6, 2171–2194. [Google Scholar] [CrossRef]
  46. Yousseef, A.; Satam, S.; Latibari, B.S.; Abdel-Malek, M.; Salehi, S.; Satam, P. Towards a Zero Trust Decentralized Identity Management System for Secure Autonomous Vehicles. arXiv 2025, arXiv:2509.25566. [Google Scholar] [CrossRef]
  47. Mi, B.; Deng, Z.; Huang, D.; Li, Y.; Li, Z.; Sun, C. Privacy-Preserving Location-Based Service in Internet of Vehicles via Oblivious Transfer in Zero-Trust Framework. IEEE Trans. Veh. Technol. Early Access 2026. [Google Scholar] [CrossRef]
  48. Tassi, A.; Mavromatis, I.; Piechocki, R.J. A Dataset of Full-Stack ITS-G5 DSRC Communications over Licensed and Unlicensed Bands Using a Large-Scale Urban Testbed. arXiv 2019, arXiv:1903.10289. [Google Scholar] [CrossRef]
  49. Lone, F.R.; Verma, H.K.; Sharma, K.P. ETSI ITS: A Comprehensive Overview of the Architecture, Challenges and Issues. Int. J. Sens. Wirel. Commun. Control 2024, 14, 85–103. [Google Scholar] [CrossRef]
  50. Dang, V.B.; Mohajerani, K.; Gaj, K. High-Speed Hardware Architectures and FPGA Benchmarking of CRYSTALS-Kyber, NTRU, and Saber. IEEE Trans. Comput. 2023, 72, 306–320. [Google Scholar] [CrossRef]
  51. Bagheri, H.; Noor-A-Rahim, M.; Liu, Z.; Lee, H.; Pesch, D.; Moessner, K.; Xiao, P. 5G NR-V2X: Towards Connected and Cooperative Autonomous Driving. arXiv 2020, arXiv:2009.03638. [Google Scholar] [CrossRef]
  52. 3GPP. Ultra Reliable Low Latency Communication (URLLC). Available online: https://www.3gpp.org/technologies/urlcc-2022 (accessed on 10 February 2026).
  53. Sarwatt, D.S.; Lin, Y.; Ding, J.; Sun, Y.; Ning, H. Metaverse for Intelligent Transportation Systems (ITS): A Comprehensive Review of Technologies, Applications, Implications, Challenges and Future Directions. IEEE Trans. Intell. Transp. Syst. 2024, 25, 6290–6308. [Google Scholar] [CrossRef]
  54. Khalil, R.A.; Safelnasr, Z.; Yemane, N.; Kedir, M.; Shafiqurrahman, A.; Saeed, N. Advanced Learning Technologies for Intelligent Transportation Systems: Prospects and Challenges. IEEE Open J. Veh. Technol. 2024, 5, 397–427. [Google Scholar] [CrossRef]
  55. Alnashwan, R.; Yang, Y.; Dong, Y.; Gope, P.; Abdolmalki, B.; Hussain, S.R. Strong Privacy-Preserving Universally Composable AKA Protocol with Seamless Handover Support for Mobile Virtual Network Operator. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS ’24), Salt Lake City, UT, USA, 14–18 October 2024; pp. 2057–2071. [Google Scholar] [CrossRef]
  56. Kim, J.; Kim, D.; Park, K. PSL-AKA: Physically Secure and Lightweight Authenticated Key Agreement Protocol for Wearable Devices. IEEE Access 2025, 13, 206138–206154. [Google Scholar] [CrossRef]
  57. Li, R.; Cui, J.; Wei, L.; Bolodurina, I.; Zhang, J.; Zhong, H. Privacy-Accountable Distributed Collaborative Authentication for Malicious Node Resistance in Vehicular Ad Hoc Networks. IEEE Trans. Dependable Secur. Comput. 2026, 23, 5718–5733. [Google Scholar] [CrossRef]
  58. Wang, J.; Wu, L.; Wang, H.; Choo, K.-K.R.; Wang, L.; He, D. A Secure and Efficient Multiserver Authentication and Key Agreement Protocol for Internet of Vehicles. IEEE Internet Things J. 2022, 9, 24398–24416. [Google Scholar] [CrossRef]
  59. Kong, Y.; Tian, J. An ECC-Based Anonymous and Fast Handover Authentication Protocol for Internet of Vehicles. Appl. Sci. 2025, 15, 5894. [Google Scholar] [CrossRef]
  60. Kamyszek-Mały, E.; Batalla, J.M.; Kelner, J.M.; Mavromoustakis, C.X. Opportunities and Challenges of Service Mesh in Multi-Access Edge Computing. Comput. Netw. 2026, 280, 112208. [Google Scholar] [CrossRef]
  61. Abbood, A.A.; Al-Shammri, F.K.; Al-Alaidany, A.A.; Al-Shareeda, M.A.; Almaiah, M.A.; Shehab, R.; Ngadi, M.A.B.; Aljarwan, A.Z.A. Benchmarking Bilinear Pair Cryptography for Resource-Constrained Platforms Using Raspberry Pi. WSEAS Trans. Inf. Sci. Appl. 2025, 22, 221–231. [Google Scholar] [CrossRef]
  62. Ma, M.; He, D.; Wang, H.; Kumar, N.; Choo, K.-K.R. An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks. IEEE Internet Things J. 2019, 6, 8065–8075. [Google Scholar] [CrossRef]
  63. Jiang, Q.; Zhang, N.; Ni, J.; Ma, J.; Ma, X.; Choo, K.-K.R. Unified Biometric Privacy Preserving Three-Factor Authentication and Key Agreement for Cloud-Assisted Autonomous Vehicles. IEEE Trans. Veh. Technol. 2020, 69, 9390–9401. [Google Scholar] [CrossRef]
  64. Mishra, D.; Pushpalatha, K.; Rewal, K. Development of quantum-enhanced key agreement protocol for autonomous vehicles. Veh. Commun. 2023, 44, 100688. [Google Scholar] [CrossRef]
  65. Chaudhary, D.; Kumar, U.; Saleem, K. A Construction of Three Party Post Quantum Secure Authenticated Key Exchange Using Ring Learning with Errors and ECC Cryptography. IEEE Access 2023, 11, 136947–136957. [Google Scholar] [CrossRef]
  66. Zhang, B.; Hong, J.; Mao, G.; Shen, S.; Yang, H.; Li, G.; Lyu, S.; Hung, P.S.Y.; Cheung, R.C.C. HySecure: FPGA-Based Hybrid Post-Quantum and Classical Cryptography Platform for End-to-End IoT Security. Electronics 2025, 14, 3908. [Google Scholar] [CrossRef]
  67. Chen, L.; Jordan, S.; Liu, Y.-K.; Moody, D.; Peralta, R.; Perlner, R.; Smith-Tone, D. Report on Post-Quantum Cryptography; NISTIR 8105; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2016. [CrossRef]
  68. Grover, L.K. A fast quantum mechanical algorithm for database search. In Proceedings of the 28th Annual ACM Symposium on Theory of Computing, Philadelphia, PA, USA, 22–24 May 1996; pp. 212–219. [Google Scholar]
  69. Micciancio, D.; Regev, O. Lattice-based cryptography. In Post-Quantum Cryptography; Bernstein, D.J., Buchmann, J., Dahmen, E., Eds.; Springer: Berlin/Heidelberg, Germany, 2009; pp. 147–191. [Google Scholar] [CrossRef]
  70. Regev, O. On lattices, learning with errors, random linear codes, and cryptography. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing; ACM: New York, NY, USA, 2005; pp. 84–93. [Google Scholar] [CrossRef]
  71. McEliece, R.J. A public-key cryptosystem based on algebraic coding theory. DSN Prog. Rep. 1978, 44, 114–116. [Google Scholar]
  72. Bernstein, D.J.; Lange, T.; Peters, C. Wild McEliece. In Selected Areas in Cryptography—SAC 2010; Biryukov, A., Gong, G., Stinson, D.R., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2011; Volume 6544, pp. 143–158. [Google Scholar] [CrossRef]
  73. Hülsing, A. W-OTS+—Shorter signatures for hash-based signature schemes. In Progress in Cryptology—AFRICACRYPT 2013; Youssef, A., Nitaj, A., Hassanien, A.E., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2013; Volume 7918, pp. 173–188. [Google Scholar] [CrossRef]
  74. Castryck, W.; Decru, T. An efficient key recovery attack on SIDH (preliminary version). In Advances in Cryptology—EUROCRYPT 2023; Springer: Cham, Switzerland, 2023; pp. 423–447. [Google Scholar] [CrossRef]
  75. Chung, C.-M.M.; Hwang, V.; Kannwischer, M.J.; Seiler, G.; Shih, C.-J.; Yang, B.-Y. NTT Multiplication for NTT-unfriendly Rings: New Speed Records for Saber and NTRU on Cortex-M4 and AVX2. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021, 2021, 159–188. [Google Scholar] [CrossRef]
Futureinternet 18 00319 g001
Figure 1. Layered cloud–edge–vehicle architecture for secure V2X communication (Figure concept developed by the authors and visualized using OpenAI (GPT-5.5) and Canva AI image-generation tools. The final figure was reviewed, edited, and validated by the authors based on the literature surveyed in this study).
Figure 1. Layered cloud–edge–vehicle architecture for secure V2X communication (Figure concept developed by the authors and visualized using OpenAI (GPT-5.5) and Canva AI image-generation tools. The final figure was reviewed, edited, and validated by the authors based on the literature surveyed in this study).
Futureinternet 18 00319 g001
Futureinternet 18 00319 g002
Figure 2. Authentication and Key Agreement (AKA) protocols for secure V2X systems (Figure concept developed by the authors and visualized using OpenAI and Canva AI image-generation tools. The final figure was reviewed, edited, and validated by the authors based on the literature surveyed in this study).
Figure 2. Authentication and Key Agreement (AKA) protocols for secure V2X systems (Figure concept developed by the authors and visualized using OpenAI and Canva AI image-generation tools. The final figure was reviewed, edited, and validated by the authors based on the literature surveyed in this study).
Futureinternet 18 00319 g002
Futureinternet 18 00319 g003
Figure 3. Taxonomy of challenges and future research directions for post-quantum AKA protocols in V2X networks (Figure concept developed by the authors and visualized using OpenAI and Canva AI image-generation tools. The final figure was reviewed, edited, and validated by the authors based on the literature surveyed in this study).
Figure 3. Taxonomy of challenges and future research directions for post-quantum AKA protocols in V2X networks (Figure concept developed by the authors and visualized using OpenAI and Canva AI image-generation tools. The final figure was reviewed, edited, and validated by the authors based on the literature surveyed in this study).
Futureinternet 18 00319 g003
Table 1. Chronological summary of previous surveys in the AKA protocol security.
Table 1. Chronological summary of previous surveys in the AKA protocol security.
YearReferencesCellular NetworkIoTV2XV2CQuantum PerspectiveFocus
2022Tashtoush et al. [21] A broad comparative review on authentication and security protocols in 5G-enabled IoT environments, categorizing schemes by application domain, authentication process, security properties, and evaluation methods to guide protocol selection for different IoT use cases.
2023Yoshizawa et al. [17] Root-cause analysis of security, privacy, certificate management, trust, and communication challenges in V2X systems, highlighting standardization gaps and the need for stronger trust frameworks and post-quantum security solutions for future intelligent transportation networks.
2024Hasan et al. [22] Comprehensive survey of Authentication and Key Agreement protocols for IoT applications, focusing on cryptographic techniques, security services, attack resistance, formal security analysis, and lightweight authentication mechanisms for resource-constrained IoT environments.
2025Turnip et al. [23] Survey of 6G Authentication and Key Agreement (AKA) protocols with emphasis on hybrid post-quantum cryptography (PQC), 5G-AKA security vulnerabilities, quantum-resistant key exchange, AI-driven trust mechanisms, decentralized authentication, and lightweight PQC integration for future 6G and IoT-enabled networks.
2026Hitayezu et al. [24] Comprehensive survey of Authentication and Key Agreement (AKA) protocols from 2G to 6G, focusing on protocol evolution, security vulnerabilities, authentication efficiency, and the integration of emerging technologies such as AI, edge computing, blockchain, and post-quantum cryptography for future wireless networks briefly.
Table 2. Comparison of V2X Communication Modes.
Table 2. Comparison of V2X Communication Modes.
ModeTechnical DescriptionApplicationsSecurity Challenges
V2VDirect low-latency communication between vehicles using IEEE 802.11p, ITS-G5, PC5, or C-V2X technologies for periodic safety message broadcastingCollision avoidance, cooperative awareness, platooning, emergency braking, Cooperative Adaptive Cruise Control (CACC)Identity spoofing, Sybil attacks, replay attacks, false data injection, message tampering
V2IBidirectional communication between vehicles and roadside infrastructure components such as RSUs, traffic lights, and edge serversIntelligent traffic signal coordination, toll collection, hazard notification, traffic optimization, edge-assisted drivingRSU impersonation, man-in-the-middle (MITM) attacks, distributed denial-of-service (DDoS) attacks, certificate management overhead
V2PCommunication between vehicles and vulnerable road users (VRUs) through smartphones, wearable devices, and IoT sensorsBlind-spot detection, pedestrian and cyclist warning systems, collision prevention, road crossing assistanceResource-constrained devices, low-power operation, privacy leakage, non-line-of-sight (NLOS) communication reliability
V2NLong-range communication between vehicles and cloud services via 4G/5G/6G cellular infrastructuresHigh-definition map synchronization, remote diagnostics, over-the-air (OTA) updates, cloud-assisted route planningLatency fluctuation, data privacy leakage, network slicing vulnerabilities, cloud-based DDoS attacks
Table 3. Comparative Analysis of Core Security Requirements in V2X Communication Systems.
Table 3. Comparative Analysis of Core Security Requirements in V2X Communication Systems.
DimensionCore RequirementsRepresentative Performance IndicatorsMajor Technical Challenges
LatencyUltra-low communication delay for safety-critical applicationsEmergency braking ≤ 10–20 ms; ITS-G5: 1–3 ms; C-V2X PC5: 14–37 msTrade-off between cryptographic security and real-time performance; PQC introduces significantly higher latency than classical cryptography
ReliabilityHighly reliable and continuous communication under dynamic mobility conditionsAvailability ≥ 99.999%; packet delivery ratio ≥ 90% at 300 mHigh mobility, frequent handovers, channel congestion, wireless interference
SecurityProtection against authentication, confidentiality, integrity, and availability attacksAuthentication delay < 30% of latency budget; certificate verification > 99.9%Replay attacks, Sybil attacks, MITM attacks, privacy leakage, PKI overhead
ScalabilitySupport for large-scale dynamic vehicular ecosystemsDynamic join/leave support; cross-domain roaming; high-density vehicular communicationCertificate distribution and revocation overhead, trust synchronization, multi-domain interoperability
Table 4. Representative Authentication and Key Agreement Protocols for V2X Communication.
Table 4. Representative Authentication and Key Agreement Protocols for V2X Communication.
SchemeCore TechniqueApplication ScenarioPQC ResistantPerformanceMajor Limitations
Jiang et al. [63]ECC + biometric three-factor authenticationCloud-assisted AV systemsNoHigh authentication latency (~130 ms)Excessive latency; no quantum resistance
Wang et al. [58]ECC multi-server authenticationV2V/V2INoLightweight authentication efficiencyVulnerable to quantum attacks
Chaudhary et al. [65]RLWE + ECC hybrid AKAV2P/three-party authenticationPartialModerate computational overhead (~19K cycles)High computational complexity
Mishra et al. [64]RLWE three-factor authenticationCloud-assisted V2XYesModerate authentication delay (~5.8 ms)Large signature and ciphertext overhead
Dai et al. [4]Kyber–Saber hybrid KEMGeneral V2XYesReduced communication latency (~60%)Increased implementation complexity
Table 5. Comparative Analysis of ECC-Based, RLWE-Based, and Hybrid Authentication Architectures for Secure V2X Communication Systems.
Table 5. Comparative Analysis of ECC-Based, RLWE-Based, and Hybrid Authentication Architectures for Secure V2X Communication Systems.
DimensionECC-Based SchemesRLWE-Based SchemesHybrid Architectures
Security FoundationECDLPRing-LWE/MLWEECC + PQC
Authentication Latency2–5 ms50–130 ms10–50 ms
Key Size32–64 B800 B–1 kB1.5–2 kB
Signature Size~64 B768 B–1 kBComposite
Embedded DeploymentMature HW accelerationEmerging optimization supportIncreased architectural complexity
Quantum ResistanceNoYesPartial/transitional
Standardization StatusMatureNIST standardizedExperimental
Table 6. Impact of Quantum Computing on Mainstream Cryptographic Algorithms.
Table 6. Impact of Quantum Computing on Mainstream Cryptographic Algorithms.
AlgorithmSecurity Hardness AssumptionsQuantum ImpactSecurity ReductionRecommended Countermeasure
RSA-2048Integer factorizationBroken by Shor’s algorithmEffectively broken; classical 112-bit security collapses under quantum attacksMigrate to PQC
ECC-256Elliptic curve discrete logarithmBroken by Shor’s algorithmEffectively broken; no practical quantum resistanceMigrate to PQC
DSA/ECDSADiscrete logarithm/ECDLPBroken by Shor’s algorithmFully compromised by quantum adversariesReplace with PQ signatures
DH/ECDHDiscrete logarithm/ECDLPBroken by Shor’s algorithmFully broken in which Shared secret establishment becomes insecureReplace with PQ KEM
AES-128Symmetric key searchQuadratic speedup via Grover’s algorithmEffective security reduced from 128-bit to approximately 64-bitIncrease to AES-256
AES-256Symmetric key searchQuadratic speedup via Grover’s algorithmEffective security reduced from 256-bit to approximately 128-bitRemains acceptable
SHA-256Collision and preimage resistanceQuantum collision accelerationCollision resistance reduced to approximately 85-bit securityIncrease hash length
Table 7. Summary of NIST-Standardized Post-Quantum Cryptographic Algorithms for V2X Communication.
Table 7. Summary of NIST-Standardized Post-Quantum Cryptographic Algorithms for V2X Communication.
StandardAlgorithmCryptographic TypeMathematical FoundationMajor AdvantagesMajor Limitations in V2X
FIPS 203 [8]ML-KEM (CRYSTALS-Kyber)Key Encapsulation Mechanism (KEM)Module-LWE (MLWE)Efficient key exchange; moderate key sizes; strong quantum resistanceIncreased computational overhead compared with ECDH
FIPS 204
[9]		ML-DSA (CRYSTALS-Dilithium)Digital SignatureMLWE + MSISStrong security; implementation simplicity; side-channel resilienceLarge signatures may exceed DSRC/C-V2X payload limits
FIPS 205
[10]		SLH-DSA (SPHINCS+)Stateless Hash-Based SignatureHash collision resistanceConservative long-term security assumptionsExtremely large signatures and high communication overhead
FIPS 206 (Draft) [11]FN-DSA (Falcon)Digital SignatureNTRU lattices + Fast Fourier SamplingCompact signatures; bandwidth efficientFloating-point arithmetic and implementation complexity on embedded ECUs
Table 8. Comparative Analysis of Standardized Post-Quantum Cryptographic Approaches for V2X Communication.
Table 8. Comparative Analysis of Standardized Post-Quantum Cryptographic Approaches for V2X Communication.
PQC ApproachRepresentative AlgorithmsSecurity FoundationMajor AdvantagesMajor Limitations for V2XSuitability for V2X
Lattice-Based CryptographKyber, Dilithium, FalconMLWE/MSIS, RLWE, NTRU latticesStrong security reductions; efficient polynomial operations; moderate key sizesSignature size overhead; polynomial arithmetic and embedded implementation complexityHigh
Code-Based CryptographyClassic McEliece, BIKE, HQCError-correcting codesStrong long-term cryptanalytic confidenceVery large public keys and memory overheadLow
Hash-Based CryptographySPHINCS+Hash-based security assumptions (collision and preimage resistance)Conservative long-term securityExtremely large signatures and communication overheadModerate–Low
Multivariate CryptographyRainbowMultivariate polynomial systemsFast signature generationCryptanalytically broken during NIST standardizationNot suitable
Isogeny-Based CryptographySIKESupersingular elliptic curve isogeniesCompact key sizesPolynomial-time cryptanalytic break demonstrated in 2022Not suitable
Table 9. Comparison of Lattice-Based Cryptographic Techniques and NTRU Variants for Post-Quantum V2X Authentication and Key Agreement Protocols.
Table 9. Comparison of Lattice-Based Cryptographic Techniques and NTRU Variants for Post-Quantum V2X Authentication and Key Agreement Protocols.
CategoryTechnique/SchemeCore Mathematical FoundationMajor AdvantagesMajor LimitationsRelevance to V2X Communication
Classical Lattice ProblemSVP/CVPHigh-dimensional lattice geometryStrong worst-case hardness assumptionsComputationally intractable for direct implementationTheoretical security foundation for PQC
Lattice-Based CryptographyLWELearning With Errors (LWE)Strongest theoretical security reductionsExtremely large key sizes and high complexityLimited practicality for real-time V2X
Structured Lattice CryptographyRLWERing Learning With Errors (RLWE)Efficient polynomial arithmetic; NTT accelerationStructural algebraic attack considerationsSuitable for lightweight V2X cryptography
Multivariate CryptographyMLWEModule Learning With Errors (MLWE)Balance between security and efficiencyModerate implementation complexityFoundation of Kyber and Dilithium
Isogeny-Based CryptographyNTT AccelerationPolynomial transform over finite ringsReduces complexity from O ( n 2 ) to O ( n l o g   n ) Requires optimized hardware and memory schedulingCritical for real-time PQC deployment
Lattice-Based KEMKyber (ML-KEM)MLWEEfficient execution; moderate key sizes; NIST standardizedHigher overhead than ECDHMost practical PQ KEM for V2X
Lattice-Based SignatureDilithium (ML-DSA)MLWE + MSISStrong security; implementation simplicityLarge signatures exceed DSRC payload limitsLimited by communication overhead
Lattice-Based SignatureFalcon (FN-DSA)NTRU lattices + FFT samplingCompact signatures; bandwidth efficientFloating-point implementation complexityHighly promising for bandwidth-constrained V2X
Hash-Based SignatureSPHINCS+ (SLH-DSA)Hash collision resistanceConservative long-term securityExtremely large signaturesUnsuitable for real-time V2X broadcasting
NTRU-Based CryptographyOriginal NTRUPolynomial inversion in truncated ringsLightweight operations; compact ciphertextsVulnerable to structural/subfield attacksSuitable for embedded vehicular systems
Optimized NTRU VariantTATRUSparse ternary polynomial ringImproved storage and arithmetic efficiencyLimited standardization and analysisLightweight V2X potential
Optimized NTRU VariantNTRU+Prime-degree polynomial ringImproved structural security; compact ciphertextModerate implementation complexityMost engineering-feasible NTRU variant
Extended Algebraic NTRUQTRUQuaternion polynomial ringIncreased lattice diversity and attack resistanceHigher computational overheadExperimental for V2X
Extended Algebraic NTRUOTRUOctonion/non-associative algebraStrong theoretical attack resistanceVery high implementation complexityCurrently impractical
Sparse Polynomial OptimizationSparse Ternary RepresentationNon-zero coefficient reductionLower storage, lower multiplication complexitySecurity-performance balance requires tuningHighly suitable for low-power vehicular ECUs
Emerging Research DirectionSparse Bi-Cyclic NTRUSparse polynomial + bi-cyclic ringParallel NTT acceleration; improved structural diversity; compact parametersLargely unexplored research areaPromising future PQC-AKA architecture for V2X
Table 10. Size Constraint Analysis of Post-Quantum Signature Algorithms under DSRC Communication.
Table 10. Size Constraint Analysis of Post-Quantum Signature Algorithms under DSRC Communication.
AlgorithmSecurity LevelPublic Key (B)Signature Size (B)DSRC Payload Limit (B)Payload OverheadFeasibility
ECDSA-P256Classical646423040%Fully feasible
ML-DSA-44Level 21312242023045%Slightly exceeds DSRC payload limit
ML-DSA-65Level 319523293230443%Requires fragmentation
ML-DSA-87Level 525924595230499%Highly impractical for DSRC
FN-DSA-512Level 189766623040%Feasible
FN-DSA-1024Level 51793128023040%Feasible
SLH-DSA-128sLevel 132~78562304241%Impractical for real-time V2X
Note: Payload overhead is calculated relative to the DSRC payload limit (2304 bytes). For signature schemes exceeding the payload limit, the overhead is computed as ((Signature Size − 2304)/2304) × 100. Values are derived from standardized algorithm parameters and are intended to illustrate relative communication impacts rather than results from a common experimental platform.
Table 11. Performance Comparison of Post-Quantum KEM Algorithms on ARM Cortex-M4.
Table 11. Performance Comparison of Post-Quantum KEM Algorithms on ARM Cortex-M4.
KEM AlgorithmSecurity LevelKeyGen (ms)Encapsulation (ms)Decapsulation (ms)Total Latency (ms)Public Key (B)Ciphertext (B)Secret Key (B)
Kyber-768Level 30.910.82.7118410882400
NTRU-HRSS-701Level 37.50.41.149301450930
NTRU-HPS-4096Level 35.70.30.83.8156823201568
FrodoKEM-976Level 531.834.233.299.215,68015,63231,296
Table 12. Performance Comparison of Post-Quantum KEM and Classical ECDH on ARM Cortex-M4.
Table 12. Performance Comparison of Post-Quantum KEM and Classical ECDH on ARM Cortex-M4.
AlgorithmTypeTotal Latency (ms)Relative to ECDHPost-Quantum Secure
ECDH-P256Classical key exchange2.51× baselineNo
Kyber-768PQ KEM2.71.08×Yes
NTRU-HRSS-701PQ KEM7429.6×Yes
NTRU-HPS-4096PQ KEM53.821.5×Yes
FrodoKEM-976PQ KEM99.239.7×Yes
Table 13. Storage Requirement Comparison of Post-Quantum KEM Algorithms.
Table 13. Storage Requirement Comparison of Post-Quantum KEM Algorithms.
KEM AlgorithmPublic Key (B)Secret Key (B)Ciphertext (B)Total Storage (B)OBU RAM Share (512 kB)
Kyber-76811842400108846720.89%
NTRU-HRSS-70111381450113837260.71%
NTRU-HPS-409615682320156854561.04%
FrodoKEM-97615,68031,29615,74462,60811.95%
Table 14. Comprehensive Trade-Off Analysis of Post-Quantum Cryptographic Algorithms for V2X Authentication.
Table 14. Comprehensive Trade-Off Analysis of Post-Quantum Cryptographic Algorithms for V2X Authentication.
Algorithm/ApproachSecurity StrengthLatency PerformanceCommunication EfficiencyEmbedded FeasibilityMajor LimitationOverall V2X Suitability
ECDH/ECDSANo long-term quantum resistanceExcellentExcellentMatureVulnerable to quantum attacksTransitional only
Kyber (ML-KEM)Strong PQ securityVery goodModerateGoodLarger key/ciphertext sizes and polynomial arithmetic overhead compared with ECCHighly suitable
Dilithium (ML-DSA)Strong PQ securityModeratePoorModerate–GoodLarge signatures and payload fragmentationModerately suitable
Falcon (FN-DSA)Strong PQ securityGood (with FPU)ExcellentModerateFloating-point complexityPromising
NTRU VariantsStrong PQ securityGoodGoodGoodLimited standardization maturityHighly promising
SPHINCS+Very strong conservative securityPoorVery poorPoor–ModerateExtremely large signaturesLimited suitability
FrodoKEMStrong conservative securityPoorPoorPoorExtremely high computational and storage overheadImpractical
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Wang, W.; Tan, S.F. Secure V2X Communication in the Quantum Era: A Survey of Post-Quantum Authentication and Key Agreement (AKA) Protocols for Autonomous Vehicles. Future Internet 2026, 18, 319. https://doi.org/10.3390/fi18060319

AMA Style

Wang W, Tan SF. Secure V2X Communication in the Quantum Era: A Survey of Post-Quantum Authentication and Key Agreement (AKA) Protocols for Autonomous Vehicles. Future Internet. 2026; 18(6):319. https://doi.org/10.3390/fi18060319

Chicago/Turabian Style

Wang, Weiqi, and Soo Fun Tan. 2026. "Secure V2X Communication in the Quantum Era: A Survey of Post-Quantum Authentication and Key Agreement (AKA) Protocols for Autonomous Vehicles" Future Internet 18, no. 6: 319. https://doi.org/10.3390/fi18060319

APA Style

Wang, W., & Tan, S. F. (2026). Secure V2X Communication in the Quantum Era: A Survey of Post-Quantum Authentication and Key Agreement (AKA) Protocols for Autonomous Vehicles. Future Internet, 18(6), 319. https://doi.org/10.3390/fi18060319

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop