Efficient Post-Quantum Cryptography Algorithms for Auto-Enrollment in Public Key Infrastructure

Abstract

The security of the digital certificates used in authenticating network devices relies on cryptographic algorithms like the RSA and ECC, which are vulnerable to quantum attacks. This study addresses the urgent need to secure the Simple Certificate Enrollment Protocol (SCEP), widely used in PKI-based systems, by integrating post-quantum cryptographic (PQC) algorithms—Dilithium, Falcon, and SPHINCS+. The experimental results show that Dilithium2 (1312 bytes) and Falcon512 (897 bytes) offer the best performance and throughput, with Falcon512 also being the most efficient in terms of the storage consumption. This research represents the first integration of PQC algorithms into the SCEP, establishing a foundation for scalable, quantum-resilient certificate enrollment in future PKI systems.

1. Introduction

PKI can be described as a security framework for provisioning x.509 digital certificates. Digital certificates are digital identity issued to various clients, servers, and applications for encrypted confidential communication. All the certificates are issued by a well-known and public certificate authority (CA). The CAs are trusted by our operating systems and web browsers; hence, we can safely surf secure HTTPS pages without issue. The same certificates are used for financial transactions and payment gateways. The latest standard for certificates is x.509 version 3. PKI incorporates asymmetric cryptography for its operations, which uses a cryptographic keypair: public and private keys [1]. Both the public and private keys are mathematically linked to each other such that the private key cannot be estimated or deduced from the public key. Extreme care is taken to keep the private key confidential and the public key is distributed openly across the Internet. The existing public key infrastructure (PKI) setups are based on the Rivest–Shamir–Adleman (RSA), Diffie–Hellman (DH), and Elliptic Curve Cryptography (ECC) algorithms. These cryptographic algorithms are heavily used over the Internet for securing communications in the financial, corporate, public, and government sectors [2,3].

Using current technologies, cryptographic algorithms like the RSA and ECC are considered secure against brute-force attacks when the key lengths are sufficiently large. This is because classical computers would require an impractical amount of time to factor large prime numbers (in the case of the RSA) or to solve the elliptic curve discrete logarithm problem (for the ECC), making these tasks computationally infeasible. However, the advent of quantum computers fundamentally changes this security landscape. Quantum algorithms, particularly Shor’s algorithm, can efficiently solve these mathematical problems in polynomial time, effectively rendering the RSA and ECC insecure regardless of the key length when faced with a sufficiently powerful quantum computer. This vulnerability directly impacts the security of certificate enrollment protocols—such as the SCEP, EST, and others—that rely on these algorithms for authentication and secure key exchange. Devices that employ these protocols, including IoT devices, become susceptible to quantum attacks, potentially leading to unauthorized access, compromised data integrity, and the undermining of secure communications across networks [4,5,6,7,8]. A typical SCEP enrollment without using PQ algorithms is depicted in Figure 1.

To tackle the security challenges posed by quantum computing, the current research investigates the integration of PQC algorithms into certificate enrollment protocols. By exploring the use of PQC algorithms such as Dilithium2, SPHINCS+ and Falcon512 within protocols like the SCEP, this research aims to fortify these systems against quantum attacks. This involves a detailed analysis of how these algorithms perform in terms of the efficiency, throughput, and resource consumption during the auto-enrollment of certificates. By adopting PQC algorithms, this research addresses the vulnerabilities of the RSA and ECC in the quantum computing era, ensuring that devices—including IoT devices—that rely on these protocols maintain robust security against emerging quantum threats.

Key Contributions

This section outlines the main contributions of this study. These contributions include the following:

• Post-quantum integration in the SCEP: It presents the first known integration of post-quantum cryptographic (PQC) signature schemes—CRYSTALS–Dilithium, Falcon, and SPHINCS+—into the widely used Simple Certificate Enrollment Protocol (SCEP), enhancing its resilience against quantum-era threats.
• Performance and resource evaluation: This study benchmarks multiple PQC variants across the performance, throughput, and resource consumption metrics, identifying Dilithium2 and Falcon512 as the most efficient candidates for secure certificate enrollment.
• Resource-constrained device analysis: It evaluates the algorithms’ suitability for constrained environments such as IoT and embedded systems, providing practical guidance for real-world PQC deployment on low-power platforms.
• Scalability and deployment insights: This work examines the protocol’s behavior in large-scale deployment scenarios and discusses compatibility considerations, migration strategies from the RSA/ECC, and implementation security challenges.

These contributions collectively support the advancement of quantum-resilient PKI systems and serve as a foundational reference for future research and deployment of PQC-based certificate services.

2. Research Motivation

The current study makes a significant contribution in securing the communication protocols. This is essential for overcoming the emerging quantum attacks. The following sections highlight the importance of the current approach in improving the security of certificate enrollment protocols. Additionally, a comparative analysis between various enrollment protocols is provided to explain the focus on the SCEP in this research

2.1. Improve Security Enrollment Protocols Against Quantum Attacks

The motivation for this research proposal is the current advances in information security and post-quantum cryptography. The inception of a quantum computer will affect the most famous algorithms (RSA and ECC). These algorithms have been operational for almost two decades. The avalanche effect of this transition will continue for years to replace operating systems, web browsers, servers, mobile devices, network devices, applications, and services. Post-quantum computing will be revolutionary in many industries (technology, healthcare, banking, financial, and other sectors).

As the primary drivers of many essential services comprising telemedicine, digital e-commerce/banking, mobile devices, and cloud computing, digital communications have permeated both daily life and the physical environment. The most well-known and widely used certificate enrollment protocol is the SCEP, which is used by many manufacturers of network hardware and software, including firewalls, routers, switches, Internet of Things (IoT) devices, and Apple-based devices, including iOS, iPad OS, Shared iPad device, macOS device, macOS user, and tvOS. The SCEP is used by the iPhone and Cisco IOS operating systems to enroll PKI certificates (SCEP).

The current crypto applications that use public key cryptosystems and protocols, for example, digital signatures, or applications include the following: Bitcoin cryptocurrency depends on the RSA cryptosystem, and Ethereum uses the ECC, so both will be at risk and will be vulnerable to quantum computing. Once quantum computers reach a specific size, current asymmetric methods like the RSA and ECDSA will become obsolete [1,2,3]. Nearly all the current practical applications of cryptography will be broken by this, rendering completely insecure e-commerce and many other digital services we use daily. For example, some applications will need a fast public key cryptosystem. The performance analysis of PQC algorithms in this research will likely determine the best algorithm for various applications. Other security applications, especially those involving embedded and small devices, do not prioritize performance. However, these applications still demand a cryptosystem that consumes fewer resources, given their limited power and storage capacity.

2.2. Comparative Analysis of Certificate Enrollment Protocols

While this study focuses on integrating PQC algorithms into the SCEP, it is important to contextualize its capabilities alongside more modern certificate enrollment protocols such as Enrollment over Secure Transport (EST) and the Automatic Certificate Management Environment (ACME).

The SCEP was selected for its widespread legacy deployment, especially within constrained environments such as routers, firewalls, and embedded systems. Despite its aging design, its simplicity and extensive support across network appliances make it a strong candidate for quantum-safe retrofitting. In contrast, EST and the ACME offer enhanced security features but are typically more resource-intensive and less prevalent in legacy systems.

Table 1. Comparison of certificate enrollment protocols.

Feature/Protocol	SCEP	EST	ACME
Protocol Architecture	HTTP-based PKI enrollment using PKCS#7/PKCS#10	HTTPS-based enrollment with RESTful API	HTTP-based client–server architecture with DNS/HTTP-01 challenges
Primary Use Cases	Network devices (routers, firewalls, switches)	Enterprise and IoT device provisioning	Web servers, automated TLS certificate issuance
Security Features	Basic (challenge password, manual revocation)	Strong (TLS mutual auth, certificate revocation via CRLs/OCSP)	Automated domain validation, certificate transparency
PQC Adaptability	Requires extension for PQC support (this work)	More flexible; can be extended for PQ-hybrid or PQ-only certificates	Currently classical, some research into PQ extension underway
Backward Compatibility	High—suitable for legacy systems	Moderate—designed for modern environments	Low—mainly for cloud-native and web infrastructure
Resource Requirements	Low	Moderate	High (requires external DNS/HTTP infrastructure)

presents a comparison between enrollment protocols in respect of the architecture, use cases, features, adaptability, resource requirements, and compatibility.

Given the lightweight design, low computational overhead, and extensive deployment in legacy infrastructure, the SCEP was selected as the primary protocol for this study’s post-quantum cryptographic (PQC) integration. The SCEP remains widely used in network environments where devices such as routers, firewalls, and switches operate under constrained hardware and software conditions. The comparison in Table 1 shows that the SCEP is ideal for network devices with limited resources, unlike its counterparts. Its simplicity and broad vendor support make the SCEP the most suitable candidate for quantum-safe retrofitting. This allows for the protection of millions of existing network devices without the need for a complete protocol replacement. Furthermore, modifying the SCEP to support PQC allows organizations to preserve existing certificate issuance workflows while future-proofing their PKI infrastructure. Although EST and the ACME offer more advanced features, their adoption in constrained or legacy systems is often limited. Therefore, enhancing the SCEP with PQC capabilities offers immediate and practical security benefits for environments that are most vulnerable in the post-quantum era.

3. Literature Review

The following sections discuss the research that implemented traditional PKI for auto-enrollment protocols, in addition to recent studies that used PQ cryptography to improve network security protocols and authentication mechanisms. Moreover, the current research gaps in this field are presented.

3.1. Research Works That Implemented the Traditional Public Key for Auto-Enrollment

In [5], the researchers present an enrollment protocol based on the SCEP for constrained environments such as battery-powered IoT devices with limited computing resources. It also provides end-to-end security between certificate authorities (CAs) and the recipient IoT devices. This research work does not include PQ algorithms for digital certificates. The study in 9] outlines the difficulties in allowing PKI for the IoT, along with two solutions to those difficulties: secure enrollment and certificate overhead reduction. These contributions are moving actual IoT deployments closer to having a fully operational PKI. In the IETF, the enrollment protocol draft is almost ready to be accepted as an official RFC, pushing both enrollment and lightweight certificates as standards will have the most impact and interoperability across different manufacturers. In [9,10], an automated enrollment system for the Internet of Things based on the SCEP that integrates current Internet security standards with lightweight IoT communication protocols is devised, implemented, and tested. Automating the certificate registration procedure is essential if low-cost IoT devices are to be brought up to this grade economically. The enrollment procedure provided is practical for battery-powered devices concerning the network overhead, latency, energy consumption, and memory usage, according to the performance evaluation conducted on a widely used IoT platform [11]. Because certificates frequently need to be issued and provisioned over an authorized channel in the field, enrolling them in major communication infrastructures (such as VPNs, IoT, and VoIP) entails significant administrative work. Although large individual passphrases are needed for each device to be operated securely, methods like the SCEP lessen the associated expenses. This article addresses the problem by presenting a provisioning method and a cryptographic protocol that employ password-authenticated key exchanges (PAKEs) to enable secure operation with very short PINs even on low-powered computing platforms. As a result, the usability is greatly improved and the security-relevant component’s complexity is reduced in contrast to earlier methods. Because it is a wrapper around existing protocols, adding the extra layer is not too difficult. The research in [12] shows that using open standards, a cybersecurity platform for communications for smart grid substation automation, enables old and new intelligent devices from many suppliers to communicate with each other and with control centers efficiently. The suggested platform may connect to any network, and with additional systems like physical security, increase the resilience and reliability of substation operations. This is referred to as true multi-vendor interoperability. The two notable flaws in the reference implementation are the lack of open standards for supply chain device provenance verification and the requirement to add a warn-and-fail-open security policy capability to the TLS and IPsec standards. In [13], involving a system of services, technologies, protocols, and standards that can be used as a solution for providing secure transactions, the research contribution presents a manuscript that reviews the trends and technologies regarding the future PKI-centric organizations. It provides an opportunity to deploy innovative services for a large base of users and boost revenue. Additionally, it discusses several drawbacks of standard PKIs, such as the secure storage of private keys in mobile devices, which is an area of active research, and offers some technological solutions to overcome these drawbacks. In [14], the researchers introduce the foundation for auto-enrollment in PKI systems by defining the messages and operations needed for certificate management and enrollment processes. The study published in [15] proposes an efficient certificate enrollment protocol designed for resource-constrained networks. Their protocol aims to optimize the certificate enrollment process to suit devices with limited computational capabilities, improving the security without imposing significant overhead on such devices. In [5], the authors provide a comprehensive guide to deploying PKI systems and include strategies for automated certificate enrollment and management to enhance the security and efficiency in PKI deployments across organizations.

3.2. Research Works Using PQ Crypto Algorithms

The research work in [16] assessed the impact of post-quantum (PQ) cryptography on public key infrastructure (PKI). First, we modified a commercially available certification authority (CA) to issue “hybrid” certificates (X.509 certificates with PQ extensions). Further assessment was performed to find the impact of using these certificates on some existing protocols, including the TLS, OCSP, CMP, EST, etc. This research work did not cover the SCEP protocol. The future work referenced in this paper includes SCEP-based PQ PKI. The research study in [17] produced a method for secure device identifiers to realize device identity and authentication. The mechanism for securely enrolling the device to a customer network is achieved through the device enrollment process. The industrial instrument hardware, which has memory and computing restrictions, must be utilized with Raspberry Pi as the device hardware. The SSL library can still be optimized for memory and processing, among other factors. In [15], the authors presented a post-quantum key exchange mechanism for the TLS protocol based on the ring learning with errors (Ring-LWE) problem. The paper demonstrated how to integrate post-quantum cryptographic algorithms into existing PKI-dependent protocols like TLS to enhance the security against quantum attacks. The study published in [18] explored the design of TLS extensions to support post-quantum cryptographic algorithms within the PKI framework in their Internet draft “Post-Quantum TLS”. The draft discusses approaches for integrating PQ algorithms into TLS for enhanced future security, aiming to standardize the methods for PQ-TLS implementations. In [19], the researchers proposed hybrid post-quantum signature schemes for TLS certificate authentication. The work suggested combining classical and PQ signature algorithms in PKI certificates to mitigate the risks associated with quantum attacks while maintaining the compatibility with existing systems. In [7], the authors discussed the challenges and necessary steps when transitioning Internet encryption protocols, including PKI systems, to post-quantum cryptography in their article “Encrypting the Internet”. The paper emphasized the importance of updating encryption standards to withstand future quantum computing threats and outlined strategies for a secure transition.

The authors of [20] presented an experimental implementation of post-quantum certificate issuance and validation using CRYSTALS–Dilithium within a modified EST server. Their study evaluated the latency and bandwidth consumption across constrained devices, demonstrating the feasibility of integrating PQC into lightweight enrollment protocols; however, it did not explore the SCEP.

In [21], the researchers examined the integration of PQC into the ACME (Automatic Certificate Management Environment), proposing protocol extensions to support hybrid certificates and larger key sizes. Their findings emphasized the need for enrollment protocols to be adapted for PQC, along with suggestions applicable to future SCEP adaptations.

The work in [22] proposed a modular PKI framework that supports dynamic algorithm negotiation between classical and post-quantum algorithms. The framework was tested in a simulated IoT environment, highlighting Falcon’s advantages in constrained settings, relevant to SCEP-based device identity solutions.

The study in [23] analyzed the impact of PQ signature schemes on the enrollment protocols in zero-touch provisioning workflows for enterprise devices. The study concluded that Dilithium2 and Falcon512 offer the best trade-offs between performance and the memory footprint, especially when implemented on ARM Cortex-A and embedded Linux environments.

Lastly, ref. [24] introduced a post-quantum cryptography benchmarking toolkit that is tailored for PKI components. The toolkit provides the comparative results of the key generation, signing, and verification across multiple PQ algorithms on the x86 and ARM platforms. The results directly inform protocol developers about the practicality of implementing PQC in certificate enrollment systems such as the SCEP.

3.3. Research Gaps

The process via which devices, such as network appliances, servers, or Internet of Things (IoT) devices, obtain and install digital certificates is known as device enrollment in public key infrastructure (PKI). These certificates are essential for providing identity authentication, data integrity, and secure communications. There is a noticeable lack of research regarding how these systems would withstand quantum assaults, despite PKI’s crucial role in protecting device enrollment and communications [8]. To be more precise, the research gap consists of the following:

-

Lack of integration: Post-quantum cryptographic algorithms and their successful integration into current PKI systems, particularly regarding device registration procedures, are not well studied.

-

Performance and resource impact: Not much research has been performed on how applying PQ algorithms in device enrollment scenarios may affect performance and resource needs. It is essential to comprehend how these algorithms affect the effectiveness and speed of enrollment procedures [25].

-

Practical implementation: The PKI infrastructure, including device enrollment systems, lacks case studies and practical instructions on how to switch from classical to post-quantum cryptography techniques [26].

4. Research Methods

Securing SCEP-based PKI auto-enrollment against quantum attacks involves enhancing the existing systems by integrating post-quantum cryptographic algorithms to replace vulnerable protocols susceptible to quantum threats. This process includes identifying and compiling suitable PQC libraries, updating the SCEP protocol and PKI, developing a compatible client application, and conducting thorough testing to ensure reliability and efficiency. Ultimately, the goal is to select and implement an effective PQ algorithm that fortifies the auto-enrollment system against future quantum computing challenges.

4.1. Implementation of Research Work

This research successfully implemented a solution for integrating PQC algorithms into PKI systems. The focus was on evaluating the performance and efficiency of various post-quantum algorithms when applied to the device enrollment process. The specific algorithms evaluated included different variants of Dilithium, Falcon, and SPHINCS+.

4.1.1. Establishment of Independent PQ CAs

In the following, a description is provided of each variant of the PQC algorithms that were implemented in this study.

-

Dilithium2: A variant of the Dilithium post-quantum signature scheme, designed for efficiency and strong security.

-

Dilithium3: An advanced variant providing enhanced security and performance improvements over Dilithium2.

-

Dilithium5: The base version of the Dilithium scheme.

-

Falcon512: A variant providing strong security with a focus on compact signatures.

-

Falcon1024: A variant offering higher security levels with larger signature sizes.

-

SPHINCS+-SHA256-128f-robust: A variant using the SHA256 hash function, designed for robustness and security.

-

SPHINCS+-Haraka-128f-robust: A variant using the Haraka hash function, focusing on performance and robustness.

-

SPHINCS+-SHAKE256-128f-robust: A variant using the SHAKE256 hash function, combining high security with efficiency.

-

OpenXPKI: Open-source public key infrastructure (PKI) software solution designed for managing digital certificates, cryptographic keys, and customizable certificate workflows. Issuance of the certificate is done via OpenXPKI.

-

LibOQS: Open-source C library developed by the Open Quantum Safe (OQS) project, providing implementations of post-quantum cryptographic algorithms for key encapsulation and digital signatures, along with a common API and testing tools to facilitate integration and evaluation within various applications and protocols.

The next subsection provides the steps taken in this study to incorporate the PQ algorithms into the SCEP. This aims to demonstrate the procedures implemented to ensure that the enrollment protocol is quantum-resistant and address the limitations of traditional asymmetric ciphers.

4.1.2. Incorporation of PQC Algorithms in SCEP Enrollment

In the current study, 1000 certificates were requested for each variant of the PQC algorithms. This large number of requests allowed for a comprehensive evaluation of the algorithms’ performance and scalability.

Furthermore, the evaluation was carried out using an Intel(R) Core(TM) i7-6820HQ CPU with 8 GB of RAM. This platform provided a standardized environment for assessing the algorithms’ efficiency and resource usage.

The SCEP was directly modified to support the post-quantum cryptographic algorithms. The modification involved extending the protocol’s cryptographic handling logic to accept and process certificate signing requests (CSRs) using PQC-based signature schemes such as CRYSTALS–Dilithium, Falcon, and SPHINCS+. These changes required adjustments to the message format and parsing functions to accommodate the larger key sizes and signatures typical of PQC.

To visualize how post-quantum algorithms like CRYSTALS–Dilithium, Falcon, and SPHINCS+ are integrated into the SCEP (Simple Certificate Enrollment Protocol), the most appropriate format is the flowchart. This will clearly show the steps in the SCEP process and where the PQC algorithms are embedded within it.

The current study replaced the traditional RSA/ECC with NIST-recommended PQC signature schemes (CRYSTALS–Dilithium, Falcon, SPHINCS+) during the generation of the CSRs, as depicted in Figure 2. This ensured that the certificate request itself was quantum-resistant, eliminating the reliance on vulnerable classical algorithms.

The process of integrating the PQC algorithms into the SCEP can be outlined as follows:

• The SCEP process starts with the client generating a keypair, choosing between classical (RSA/ECC) or post-quantum (e.g., Dilithium, Falcon, SPHINCS+).
• A certificate signing request (CSR) is created using the selected algorithm and sent to the registration authority (RA).
• The RA verifies the CSR, using either classical or post-quantum signature verification based on the algorithm used.
• Once verified, the CSR is forwarded to the certificate authority (CA), which issues the certificate and returns it to the client.

The following subsection provides the main challenges and compatibility issues when integrating PQC algorithms into existing PKI environments.

4.1.3. Compatibility Considerations and Challenges

Integrating PQC algorithms into existing PKI environments—particularly legacy protocols like the SCEP—introduces several compatibility challenges. These challenges are primarily related to the key size, certificate size, and device-level support. The challenges can be outlined as follows:

• Increased Key and Signature Sizes

Post-quantum algorithms, especially lattice-based ones like CRYSTALS–Dilithium and SPHINCS+, generate public keys and signatures that are significantly larger than their traditional RSA or ECC counterparts. For example:

RSA-2048 signature: ~256 bytes

Dilithium2 signature: ~2420 bytes

SPHINCS+ signature: ~8080 bytes

2.

Legacy System Interoperability

Many legacy systems—including network appliances, routers, and IoT devices—are hardcoded to expect:

RSA/ECC key structures

Specific key lengths

Recognized cryptographic OIDs

3.

X.509 Certificate Format Limitations

While X.509 is extensible, some certificate authorities and libraries may not support newer algorithm OIDs or large key structures, causing validation failures or crashes during certificate processing.

The following subsection illustrates the criteria used to evaluate the effectiveness of the PQC algorithms adopted in this study. These criteria primarily focus on performance and resource consumption.

4.2. Evaluation Criteria

The evaluation focused on several key criteria to determine the effectiveness of each post-quantum algorithm variant in the context of PKI device enrollment. The evaluation criteria adopted in this research can be described as follows:

(a)

Performance and throughput: Performance and throughput are critical aspects of evaluating how post-quantum (PQ) cryptographic algorithms perform in the context of the SCEP (Simple Certificate Enrollment Protocol). Specifically, the focus is on measuring the time required to issue various PQ certificates and understanding how different post-quantum algorithms impact the efficiency of the certificate issuance process.

(b)

Resource consumption: Resource consumption is a critical factor in evaluating the efficiency of the PQ-SCEP protocol, particularly in terms of the data transmission and storage requirements. This aspect focuses on quantifying the amount of data exchanged and managed during the issuance of post-quantum (PQ) certificates, including the impact on the network bandwidth and storage capacity.

The following subsection explains the workflow for implementing PQC algorithms to replace traditional public key algorithms in the SCEP.

4.3. Implementation Workflow

After the successful implementation of the proposed PQ-resistance enrollment protocol, the SCEP will be enhanced to include PQ keys and certificates. The newly designed PKI solution will support PQ-SCEP enrollments and existing RSA public/private keys. The keys of the traditional asymmetric ciphers will be replaced with PQ algorithms public/private keys, as shown in Figure 3. Note that the PQ keys are highlighted in the green color.

This enhancement ensures that the certificate enrollment process is resilient against future quantum threats. The newly designed PKI solution enables PQ-SCEP enrollments, allowing the secure and scalable issuance of certificates based on standardized PQ algorithms. In this upgraded framework, the existing RSA-based public/private keypairs are systematically replaced with their post-quantum counterparts, such as those based on the Dilithium or Falcon algorithms. As illustrated in Figure 3, the integration of the PQ keys is highlighted in green, clearly indicating the cryptographic components that have been transitioned to quantum-resistant algorithms. This development represents a significant step toward future-proofing PKI in high-assurance environments.

5. Experimental Results and Discussion

This section introduces the in-depth analysis of the performance, efficiency, and resource consumption of the various PQC algorithms used in securing PKI systems and the SCEP. It provides comparisons between variants of the Dilithium, Falcon, and SPHINCS+ algorithms.

5.1. Performance and Throughput

The evaluation revealed that Dilithium2, with a public key size of 1312 bytes (10,496 bits), and Falcon512, with a public key size of 897 bytes (7176 bits), are the most efficient algorithms in terms of the performance and throughput. The following subsections provide a detailed analysis of the performance of the PQC algorithms explored in this study.

5.1.1. Evaluation Results of Dilithium Algorithm Variants

This detailed analysis helps in understanding the trade-offs between different Dilithium variants in the context of signing PQ certificates using the PQ-SCEP protocol. This evaluation part was based on various cryptographic variants of the Dilithium algorithm. The CA public/private key, SCEP server public/private key, and Network device public/private key were based on the Dilithium2, Dilithium3, and Dilithium5 algorithm variants. The experimental results and comparisons between the different variants of the Dilithium algorithm are shown in

Table 2. Time to sign 1000x Dilithium certificates.

Dilithium Variant	Time to Sign 1000x Certificates (Seconds)
	Iteration 1	Iteration 2	Iteration 3	Average
Dilithium2	1.79	1.85	2.21	1.95
2. Dilithium3	1.85	2.11	2.27	2.08
3. Dilithium5	1.94	2.29	2.34	2.19

and Figure 4.

The results showed that Dilithium2 is the fastest among the three variants. It has the lowest average time to sign 1000 certificates, making it the most efficient variant in this evaluation, with an average time of 1.95 s. The signing times are relatively consistent, with a slight increase in the third iteration.

On the other hand, Dilithium3 shows a moderate increase in the signing time compared to Dilithium2. The time taken increases gradually with each iteration, with an average time of 2.08 s. This variant is slower than Dilithium2 but still performs reasonably well.

Eventually, the results showed that Dilithium5 is the slowest variant, with the highest average signing time. The signing times are the most consistent across iterations but also show the highest values, with an average time of 2.19 s. This indicates that while Dilithium5 might offer other cryptographic strengths, it is less efficient in terms of the signing speed.

Note that the time (in milliseconds) was calculated by the PQ-SCEP protocol to issue 1000x PQ certificates.

Figure 4 provides a visual representation of the performance results of the three variations of the Dilithium PQC algorithm investigated in this study. The performance of each variation was evaluated in three iterations, as shown in the figure.

Based on the provided data, we can conclude that Dilithium2 is the most efficient in terms of the signing time, making it the best choice if performance is a critical factor. Dilithium3 offers a balance between performance and potential cryptographic strength, with a moderate increase in the signing time. Dilithium5 is the least efficient in this context, suggesting it may be more suitable in scenarios where other factors (such as higher security levels) outweigh the need for speed.

The performance differences among the PQC algorithms, such as Dilithium2 compared to its higher variants, can be attributed to the algorithm’s design and parameters. Dilithium2 has smaller key sizes and requires fewer computational resources, which makes it faster and more suitable for systems with limited storage and processing capabilities. Higher variants like Dilithium5 offer increased security levels (cryptographic strength) by using larger parameters, which inherently demand more memory and computational power, resulting in decreased performance and increased storage requirements.

5.1.2. Evaluation Results of Falcon Algorithm Variants

The evaluation part was based on various cryptographic variants of the Falcon algorithm. The CA public/private key, SCEP server public/private key, and Network device public/private key were based on the Falcon512 and Falcon1024 algorithm variants. The time (in milliseconds) was calculated by the PQ-SCEP protocol to issue 1000x PQ certificates. The experimental results and comparisons between the different variants of the Falcon algorithm are shown in

Table 3. Time to sign 1000x Falcon certificates.

Falcon Variant	Time to Sign 1000x Certificates (Seconds)
	Iteration 1	Iteration 2	Iteration 3	Average
Falcon512	1.83	2.11	2.22	2.05
2. Falcon1024	2.08	2.37	2.49	2.31

and Figure 5.

The experimental results of the current study revealed that Falcon512 is the faster variant between the two. It has a relatively low and consistent signing time across all the iterations, with an average time of 2.05 s. This indicates good performance in terms of the signing speed.

Moreover, Falcon1024 showed a higher signing time compared to Falcon512. The signing times increase gradually across the iterations, with an average time of 2.31 s. This variant is slower but may offer higher security.

Figure 5 illustrates the results of the performance analysis for the two variations of the Falcon PQC algorithm investigated in this research. The performance of the PQC algorithm was evaluated in three iterations.

This detailed analysis helps to clarify the performance differences between Falcon512 and Falcon1024 in the context of signing PQ certificates using the PQ-SCEP protocol. Falcon512 is more efficient in terms of the signing speed, while Falcon1024 may offer enhanced security at the cost of increased signing time.

The results demonstrate that Falcon512 is particularly efficient compared to its higher variant, Falcon1024, primarily due to its smaller key and signature sizes, which result in lower storage requirements and faster computational performance. Falcon512 achieves an excellent balance between cryptographic strength and resource consumption, making it an ideal choice for resource-constrained environments such as IoT devices or low-power applications.

5.1.3. Evaluation Results of SPHINCS+ Algorithm Variants

This evaluation part is based on various cryptographic variants of the SPHNICS+ algorithm. The CA public/private key, SCEP server public/private key, and NW device public/private key were based on the SHA256, Haraka, and SHAKE256 algorithm variants. The time (in milliseconds) was calculated by the PQ-SCEP protocol to issue 1000x PQ certificates. The experimental results and comparisons between the different variants of the SPHINCS+ algorithm are shown in

Table 4. Time to sign 1000x SPHINCS+ certificates.

SPHINCS+ Variant	Time to Sign 1000x Certificates (Seconds)
	Iteration 1	Iteration 2	Iteration 3	Average
SPHINCS+-SHA256-128f-robust	5.64	6.02	6.08	5.91
2. SPHINCS+-Haraka-128f-robust	17.15	17.93	18.22	17.77
3. SPHINCS+-SHAKE256-128f-robust	69.13	69.86	70.04	69.68

and Figure 6.

The experiments revealed that SPHINCS+-SHA256-128f-robust is the fastest among the three variants. The signing times are relatively consistent, with an average time of 5.91 s. This indicates good performance in terms of the signing speed.

The current research showed that SPHINCS+-Haraka-128f-robust is significantly slower than the SHA256 variant. The times are consistent but much higher, with an average time of 17.77 s.

Moreover, the experiments illustrated that SPHINCS+-SHAKE256-128f-robust is the slowest among the three variants, with an average signing time of 69.68 s. The times are consistent across iterations but are substantially higher compared to the other two variants.

Figure 6 shows a comparison between the performance results of the three variations of the SPHNICS+ PQC algorithm implemented in this research.

Based on the provided data, we can conclude that SPHINCS+-SHA256-128f-robust is the most efficient in terms of the signing time, making it the best choice if performance is a critical factor. It has the lowest and most consistent signing times across all the iterations. SPHINCS+-Haraka-128f-robust offers moderate performance with higher signing times compared to the SHA256 variant. It is significantly slower but still feasible for use if performance is not the primary concern. SPHINCS+-SHAKE256-128f-robust is the least efficient in terms of the signing time, with very high signing times. This variant might offer other cryptographic strengths, but it is less suitable for scenarios where the signing speed is important. The next section discusses the experimental results related to the resource consumption criterion.

5.2. Resource Consumption

The resource consumption criterion relates to the amount of storage data consumed for a particular operation/task. The scope of the current evaluation was based on calculating the storage (in bytes) required to store a PQ certificate of Dilithium (Dilithium2, Dilithium3, and Dilithium5), Falcon (Falcon512 and Falcon1024) and SPHNICS+ (SHA256, Haraka and SHAKE256), respectively. It was found that Falcon512, with the public key of 897 bytes (7176 bits), appears to be the most efficient algorithm regarding resource consumption. The experimental results of several PQ algorithms variants are presented in

Table 5. Results of the resource comparison of the algorithm variants.

Sr.	Algorithm	Size of Certificate (KBytes)
1.	Dilithium2	5.49
2.	Dilithium3	7.54
3.	Dilithium5	10.17
4.	Falcon512	2.52
5.	Falcon1024	4.56
6.	SPHINCS+-SHA256-128f-robust	23.61
7.	SPHINCS+-Haraka-128f-robust	23.61
8.	SPHINCS+-SHAKE256-128f-robust	23.61

. A visual representation of the resource consumption results is depicted in Figure 7.

Figure 7 illustrates a comparison of the resource consumption for all the variations of the PQC algorithms implemented in this study. This analysis is useful to determine the most efficient and cost-effective PQC algorithms suitable for low-resources or constrained environments.

The evaluation highlights the differences in storage efficiency among the post-quantum cryptographic algorithms. Among the Dilithium variants, the storage requirements increase with higher versions, with Dilithium2 being the most storage-efficient and Dilithium5 requiring the most storage. The Falcon algorithms, particularly Falcon512, stand out as significantly more storage-efficient than both the Dilithium and SPHINCS+ variants. In contrast, all the SPHINCS+ variants share the same storage requirement, which is considerably higher than those of Dilithium and Falcon, making SPHINCS+ the least storage-efficient option for post-quantum certificates.

5.2.1. Evaluation in Low-Resource and Constrained Environments

In many deployment scenarios—such as IoT gateways, embedded sensors, or low-power network devices—resources such as the CPU cycles, RAM, and flash storage are severely limited. Post-quantum algorithms must therefore be evaluated not only for their security and throughput but also for their feasibility on constrained hardware.

This section examines the performance of Dilithium, Falcon, and SPHINCS+ on resource-limited platforms using data from open-source reference implementations such as PQClean and liboqs [27].

Benchmarking Setup

To simulate constrained environments, the following platforms are commonly used in academic and community testing. Each platform is accompanied by a brief description [28]:

• ARM Cortex-M4 (e.g., STM32F4 @ 168 MHz, 256 KB RAM)

The platform ARM Cortex-M4 is a 32-bit microcontroller core that is specifically designed for real-time applications. It is also ideal to stimulate network devices with limited resources.

b.

RISC-V embedded boards

RISC-V is an open-source instruction set architecture (ISA). RISC-V embedded boards are microcontrollers built on ISA. RISC-V embedded boards are widely use in research to enable testing for security protocols in constrained network environments due to their flexibility and extensibility features.

c.

Raspberry Pi Zero (Broadcom BCM2835 ARM11, 512 MB RAM)

The Raspberry Pi Zero is a single-board computer based on the ARM11 processor that is widely used in scientific research. It is ideal for stimulating constrained network devices such as IoT nodes and network gateways.

The following subsection presents the testing results from previous studies of various PQC algorithms when implemented in a constrained environment that has devices with limited capabilities and resources.

Algorithm Comparison on Constrained Devices

Table 6. PQClean benchmarks + implementation testing by Oder et al. on Cortex-M4 and STM32F4 [27,28].

Algorithm	Code Size (KB)	Signature Size (Bytes)	Sign Time (ms)	Verify Time (ms)	Notes
Dilithium2	~20–30 KB	~2420	~10–12 ms	~3–5 ms	Efficient, suitable for constrained 32-bit systems
Falcon-512	~25–40 KB	~666	~20–40 ms	~5–10 ms	Very compact sigs, but uses FFTs and floats (harder to implement securely)
SPHINCS+-128s	~40–70 KB	~8080	~100–300 ms	~4–8 ms	Conservative and robust, but slower and storage-heavy

shows the testing results of the PQC algorithms on constrained devices as extracted from previous studies [27,28].

The following subsection provides the main observations on the suitability of the PQC algorithms studied in this study for use with different types of devices.

Observations and Suitability by Device Type

The main observations from previous studies [27,28] regarding the suitability of the three PQC algorithms implemented in this study for various device types can be described as follows:

○

Dilithium2 performs well on 32-bit microcontrollers with moderate RAM (>64 KB) and is the most balanced in terms of size vs. speed.

○

Falcon512 provides the smallest signatures but requires floating-point hardware and tight implementation controls to prevent side-channel leaks—challenging on bare-metal embedded systems.

○

SPHINCS+ is highly secure and side-channel resistant but incurs high computation times and large signatures, making it less practical for ultra-low-power devices

The following subsection presents the main recommendations for deploying PQC algorithms on various network devices. These recommendations aim to identify the most efficient PQC algorithm tailored to different device types.

Trade-Offs and Deployment Recommendations

Table 7. Trade-offs and deployment recommendations.

Device Type	Recommended Algorithm	Reasoning
IoT Sensor (Cortex-M4)	Dilithium2	Good balance of RAM, speed, and signature size
Router (ARMv7/ARM64)	Falcon512 or Dilithium2	Falcon if FPU available; otherwise Dilithium
Edge Gateway (Raspberry Pi)	Any, including SPHINCS+	Sufficient resources for even heavyweight schemes

shows the deployment recommendations for the PQC algorithms on various network devices [27,28]. These recommendations can guide industry organizations seeking to build a secure network environment by suggesting the most cost-effective PQC algorithm based on the type of network device.

The following subsection presents the mitigation and optimization strategies that can be adopted for PQC algorithms to reduce the resource consumption and enhance the performance of cryptographic operations.

Mitigation and Optimization Strategies

Each PQC algorithm has limitations regarding the resources usage and memory consumption. To overcome these limitations and improve the performance of the PQC algorithms, various mitigation and optimization strategies can be implemented. These strategies can be described as follows:

○

Dilithium and Falcon can be compiled using lightweight variants of PQClean with reduced memory footprints.

○

Hardware acceleration or external crypto co-processors may enable SPHINCS+ in otherwise unsuitable environments.

○

Devices with limited flash can store private keys externally (e.g., HSM modules) and offload signings to more capable edge systems.

The following subsection demonstrates how the PQC algorithms perform in large-scale deployments. It describes the evaluation of the performance, scalability, and resource consumption for the PQC algorithms in large networks, as well as the optimization strategies.

5.3. Expanded Performance Evaluation

While the initial performance testing in this work evaluated 1000 certificate issuances under controlled conditions, it is important to understand how the PQC-enhanced SCEP behaves in larger-scale deployments, such as enterprise networks or nationwide IoT ecosystems.

5.3.1. Scalability Considerations

Post-quantum algorithms, particularly lattice-based (Dilithium, Falcon) and hash-based (SPHINCS+) ones, introduce larger key sizes and signatures. This increases the following:

-

Transmission overhead

-

Certificate processing time

-

Storage requirements on the certification authority (CA) and client side

In large-scale environments (e.g., telecom or smart city networks with millions of nodes), these factors directly affect the following:

-

Throughput (certificates processed per second)

-

Latency in automated enrollment

-

Bandwidth consumption

The following subsection provides a theoretical estimation of the PQC algorithm’s performance based on previous studies.

5.3.2. Theoretical Estimates Based on the Literature

Previous research projects provided theoretical estimations of the throughput of the PQC algorithms when deployed in large-scale network environments. The estimation results revealed by a recent study [29] can be outlined as follows:

-

Dilithium2 can issue ~12,000 certificates per second on a modern multi-core CA server.

-

Falcon512 achieves higher throughput (~20,000 certs/s) but requires precise floating-point arithmetic.

-

SPHINCS+ is significantly slower (sub-1000 certs/s), making it less ideal for high-volume issuance.

Moreover, assuming 1 million devices per day need certificate renewal, the throughput can be theoretically estimated as follows:

-

Dilithium2 would require ≈ 84 s of continuous processing.

-

SPHINCS+ would require distributed CA infrastructure or long queues.

The following subsection discusses the effects of the large-scale deployment of the PQC algorithms on the network and system load.

5.3.3. Network and System Load Implications

The deployment of the PQC algorithms across large networks has implications regarding the network traffic size and system load. These implications can be outlined as follows:

-

Certificate sizes (e.g., 1.7 KB for Dilithium vs. 300 B for RSA) may lead to increased traffic during bootstrapping or renewal cycles.

-

Memory and CPU constraints in edge devices (e.g., routers, IoT hubs) must be considered when parsing PQC certificates or verifying signatures.

-

Load-balancing, caching, and batch issuance techniques may help mitigate these bottlenecks in production systems.

The following subsection outlines the mitigation strategies for challenges that may arise in the large-scale deployment of the PQC algorithms.

5.3.4. Mitigation Strategies for Large-Scale Use

Deploying the PQC algorithms in large networks raises challenges that may affect the scalability and limit the performance of cryptographic operations. Therefore, the following mitigation strategies can be adopted to ensure efficient scaling for the large-scale use of the PQC algorithms:

-

Parallelized CA implementations can issue thousands of certificates per second with appropriate queuing and thread pools.

-

Hybrid rollout models can reduce the load by issuing PQC certificates only to critical or PQC-ready systems first.

-

Use of compression and differential encoding may reduce the transmission size, especially for repetitive certificate metadata.

The following subsection demonstrates the optimization approaches that can be adopted in the future to enhance the performance of the PQC algorithms.

5.3.5. Future Performance Optimization Opportunities

To improve the throughput of the PQC algorithms and accelerate cryptographic operations, various optimization techniques can be employed. These techniques include the following:

-

Implementing hardware acceleration (e.g., FPGA-based Dilithium signing engines) [30,31].

-

Using lightweight variants of the PQC algorithms where the NIST Level 1 suffices.

-

Profiling and tuning the PQC libraries on embedded and cloud-native platforms.

A security analysis of the PQC algorithms is discussed in the following subsection. The security analysis is a significant metric to consider when assessing the effectiveness of PQC algorithms.

5.4. Security Analysis

This section provides a security analysis of the PQC algorithms to demonstrate their effectiveness in securing enrollment protocols and resisting post-quantum attacks. Previous studies showing security evaluation results are referenced.

5.4.1. Security in the Context of the SCEP

The SCEP relies on classical public key algorithms (RSA, ECDSA) that are vulnerable to quantum attacks, such as Shor’s algorithm, which can break both the RSA and ECC in polynomial time [32,33]. Integrating PQC algorithms into the CSR and message authentication processes enhances the protocol’s resilience to future quantum threats.

Table 8. Selected algorithms and their NIST security levels.

Algorithm	Type	NIST Security Level	Notable Features
CRYSTALS-Dilithium	Lattice-based	Level 2, 3, 5	Strong side-channel resistance, efficient [28]
Falcon	Lattice-based	Level 1, 5	Compact signatures, vulnerable to side-channel unless carefully implemented [29]
SPHINCS+	Hash-based	Level 1, 3, 5	Stateless, robust, conservative design [34]

presents selected algorithms and their NIST security levels.

These algorithms were selected as part of the NIST Post-Quantum Cryptography Standardization Project to replace the RSA and ECC in public key infrastructure [5,35].

The following subsection explains how the PQC algorithms are resilience to quantum attacks.

5.4.2. Resilience to Quantum Attacks

The PQC algorithms implemented rely on hard mathematical problems for which no known quantum algorithm provides an efficient solution:

-

Dilithium and Falcon are based on lattice problems such as Module-LWE and Module-SIS [36].

-

SPHINCS+ leverages hash-based cryptography, which is known to resist both classical and quantum attacks under minimal assumptions [30].

These structures resist attacks enabled by Shor’s and Grover’s algorithms, protecting against both key recovery and forgery.

The following section provides recommendations on how PQC algorithms can be implemented to counter side-channel attacks.

5.4.3. Side-Channel and Implementation Security

Security in practice also depends on the resistance to side-channel attacks, particularly when implemented in real-world systems:

-

Dilithium: Resistant to side-channel attacks due to deterministic signature generation and lack of floating-point operations [28].

-

Falcon: Efficient but uses FFT and floating-point math, which can introduce side-channel leakage if not hardened [29].

-

SPHINCS+: Conservative and stateless, but incurs high signature size and slower verification [30].

All the algorithms were implemented using hardened libraries (e.g., PQClean, liboqs) with side-channel countermeasures enabled [31].

The following subsection discusses the standardization status and trustworthiness of the PQC algorithms.

5.4.4. Standardization Status and Trustworthiness

CRYSTALS–Dilithium and Falcon were selected for standardization by NIST in July 2022 [28]. Additionally, SPHINCS+ was selected as an alternate signature scheme in April 2024 due to its different security basis and robustness [30].

The final standards include the following [32]:

-

FIPS 203: CRYSTALS–Dilithium

-

FIPS 204 (draft): Falcon

-

FIPS 205 (draft): SPHINCS+

Table 9. Security improvements comparison.

Threat	Classical SCEP	PQC-Enhanced SCEP
Quantum key compromise	Vulnerable	Resistant
Forged CSRs	Feasible with quantum computers	Infeasible with current knowledge
Side-channel risks	Moderate (RSA/ECC)	Mitigated via PQ-safe libraries

shows a comparison between traditional algorithms and PQC algorithms in terms of the security improvements.

The following section provides the main recommendations based on the findings of the current study. These recommendations aim to identify the most suitable PQC algorithm for various applications.

5.5. Recommendations Based on Research Findings

The evaluation of the various cryptographic algorithms revealed significant differences in terms of the signing speed and storage efficiency. Based on these results, we can make targeted recommendations for specific applications, such as the Internet of Things (IoT), where the resource constraints and performance requirements vary.

5.5.1. Dilithium Algorithms

The recommendations and preferable use cases for the variants of the Dilithium algorithm can be outlined as follows:

(a)

Dilithium2

Recommendation: Suitable for IoT devices where signing speed and moderate storage efficiency are required.

Use Case: Ideal for general-purpose IoT applications that require fast certificate signing with reasonable storage requirements, such as smart home devices and wearable technology.

(b)

Dilithium3

Recommendation: Suitable for applications requiring a balance between security and performance.

Use Case: Can be used in industrial IoT applications where devices need a moderate level of security and signing speed, such as smart meters and industrial sensors.

(c)

Dilithium5

Recommendation: Suitable for high-security IoT applications where the signing speed is less critical.

Use Case: Ideal for critical infrastructure IoT applications that require robust security, such as medical devices and smart grid components.

The following subsection presents the recommendations and appropriate use case for the Falcon512 algorithms.

5.5.2. Falcon Algorithms

The recommendations and use cases for the variants of Falcon512 algorithm can be outlined as follows:

(a)

Falcon512

Recommendation: Highly suitable for IoT devices due to its excellent storage efficiency and good signing speed.

Use Case: Best suited for resource-constrained IoT devices like low-power sensors and edge devices that need efficient certificate management with minimal storage impact.

(b)

Falcon1024

Recommendation: Suitable for IoT applications requiring higher security, with a trade-off in storage efficiency.

Use Case: Useful for more secure IoT deployments, such as connected vehicles and secure communication gateways, where the storage resources are slightly more abundant.

The following subsection presents the recommendations and ideal use cases for the SPHINCS+ algorithms.

5.5.3. SPHINCS+ Algorithms

The recommendations and use cases for the SPHINCS+ algorithms can be outlined as follows:

Recommendation: Suitable for IoT applications where the highest level of security is paramount and storage resources are less of a concern.

Use Case: Ideal for high-security IoT applications such as defense and aerospace systems, where the security requirements outweigh the need for storage efficiency and speed.

The conclusion of this study and the future research directions are presented in the next section.

6. Conclusions and Future Work

This research presented a novel integration of post-quantum cryptographic (PQC) algorithms into the Simple Certificate Enrollment Protocol (SCEP) to enable quantum-resilient auto-enrollment of digital certificates. The SCEP, widely used in enterprise environments, facilitates the secure and scalable issuance of RSA- and ECC-based certificates for network devices such as routers, firewalls, and switches. However, the advent of quantum computing poses a significant threat to traditional public key algorithms, making protocols like the SCEP vulnerable to cryptographic compromise.

To address this challenge, the current study implemented and evaluated the three NIST-selected PQ signature algorithms: Dilithium, Falcon, and SPHINCS+. The process of integrating these PQC algorithms with the SCEP was detailed. The performance and resource efficiency analysis showed that the Dilithium2 and Falcon512 algorithms are the most practical candidates for PQ-based auto-enrollment in large-scale environments.

The three PQC algorithms were evaluated based on their performance and resource consumption. The performance was measured by the time taken for each PQC algorithm to sign 1000 digital certificates. The experimental results indicated that both the Dilithium2 and Falcon512 algorithms achieved the best performance, with times of 1.95 s and 2.05 s, respectively. Furthermore, the experiments conducted in this research revealed that the Falcon512 algorithm requires only 2.52 KB to store certificates, which is the least consumed storage space compared to the other PQC algorithms. This makes Falcon512 the most suitable PQC algorithm for network devices with limited resources.

Beyond securing the SCEP, the findings of this research pave the way for extending the PQC integration to other modern certificate enrollment protocols, such as Enrollment over Secure Transport (EST) and the Automatic Certificate Management Environment (ACME). These extensions will further strengthen the public key infrastructure (PKI) landscape and ensure robust, future-proof certificate issuance processes across diverse network architectures. This work takes a foundational step toward achieving end-to-end quantum-safe PKI deployments.