Optimized Quantum-Resistant Cryptosystem: Integrating Kyber-KEM with Hardware TRNG on Zynq Platform

Abstract

Traditional cryptographic systems face critical vulnerabilities posed by the rapid advancement of quantum computing, particularly concerning key exchange mechanisms and the quality of entropy sources for random number generation. To address these challenges, this paper proposes a multi-layered, quantum-resistant hybrid cryptographic architecture. First, to ensure robust data confidentiality and secure key establishment, the architecture employs AES-256 (Advanced Encryption Standard-256) for data encryption and utilizes the Kyber Key Encapsulation Mechanism (KEM), which is based on the Learning With Errors (LWE) problem, for secure key exchange. Second, to further bolster overall security by establishing a high-quality cryptographic foundation, we design a TRNG (true random number generator) system based on a multi-level Ring Oscillator (RO) architecture (employing 5, 7, 9, and 11 inverter stages), which provides a reliable and high-quality entropy source. Third, to enable intelligent and adaptive security management, we introduce FA-Kyber (Flow-Adaptive Kyber), a dual-trigger key exchange framework facilitating dynamic key management strategies. Experimental evaluations demonstrate that our implementation exhibits robust performance, achieving an encrypted data transmission throughput of over 550 Mbps with an average end-to-end latency of only 3.14 ms and a key exchange success rate of 99.99% under various network conditions. The system exhibits excellent stability under network congestion, maintaining 86% of baseline throughput under moderate stress, while adaptively increasing the key rotation frequency to enhance security. This comprehensive approach strikes an optimal balance between performance and post-quantum resilience for sensitive communications.

1. Introduction

Recent breakthroughs in quantum computing underscore the escalating vulnerabilities of current cryptographic algorithms. The potential for quantum computers to break widely used 2048-bit RSA keys within hours [1], exemplified by advancements such as the Willow processor from Google (Mountain View, CA, USA) [2,3], suggests cryptanalytic quantum capabilities may emerge within 5–10 years. This necessitates the accelerated deployment of post-quantum cryptographic (PQC) solutions.

Traditional public-key algorithms such as RSA and Elliptic Curve Cryptography (ECC) are vulnerable to Shor’s algorithm [4,5]. While symmetric algorithms such as AES-256 offer more resilience against Grover’s algorithm, their key distribution often relies on vulnerable public-key methods. The security of all cryptographic systems also critically depends on high-quality random number generation. Traditional pseudo-random number generators (PRNGs) can have vulnerabilities [6], whereas true random number generators (TRNGs) harnessing physical entropy offer stronger security.

Research has intensified on PQC algorithms and secure TRNGs. Kyber, a Key Encapsulation Mechanism (KEM) based on the Module Learning With Errors (MLWE) problem, was selected by NIST for PQC standardization [7], ensuring intellectual property accessibility [8]. Concurrently, TRNG technology has advanced, with various hardware implementations demonstrating high throughput and resilience [9,10,11,12]. However, challenges remain in achieving optimal randomness, cost-effectiveness, and robust integration of TRNGs with PQC frameworks, especially on accessible hardware.

FPGA-based System-on-Chips (SoCs) like the Xilinx Zynq family (San Jose, CA, USA) offer a flexible platform for cryptographic systems, combining programmable logic (PL) for hardware acceleration with processing systems (PSs) for control [13,14,15]. This paper leverages this architecture to propose a high-security hybrid cryptosystem on a Zynq UltraScale+ MPSoC platform. Our work introduces three key innovations:

• A Multi-Level Hardware TRNG: A TRNG based on a multi-level Ring Oscillator (RO) architecture (5, 7, 9, and 11 inverter stages) with three-level pooling, delivering 49.6 Mbps of entropy and passing NIST SP 800-22 tests.
• The FA-Kyber Framework: Flow-Adaptive Kyber, integrating Kyber768-KEM with hardware-assisted network traffic monitoring for adaptive, dual-trigger (time/volume-based) key updates and robust exception handling.
• High-Performance Encrypted Data Transmission: An FPGA-accelerated AES-256-GCM module achieving over 550 Mbps secure data transmission.

Our integrated system (Figure 1) balances performance, resource utilization, and post-quantum security. The remainder of this paper is organized as follows: Section 2 details the methodology, Section 3 presents the experimental results, and Section 4 discusses these findings, their implications, and limitations. Finally, Section 5 summarizes the key contributions and concludes the work.

2. Materials and Methods

This section details the theoretical foundations, system design, implementation specifics, and evaluation methodologies employed in this work.

2.1. Mathematical Notation and Kyber-KEM Overview

This subsection establishes the mathematical foundations for our quantum-resistant cryptographic system, covering notation conventions and the Kyber Key Encapsulation Mechanism implementation details.

Notation and Definitions

The ring of integers modulo a prime q is denoted by ${\mathbb{Z}}_q$. The polynomial ring $R_q={\mathbb{Z}}_q\left[x\right]/(x^n+1)$ is defined with $n=256$ and $q=3329$. Polynomials in $R_q$ are denoted by bold lowercase letters (e.g., $\mathbf{a},\mathbf{b}$). Vectors and matrices with entries from $R_q$ (i.e., elements of modules such as $R_q^k$ or $R_q^{k\times l}$) are also denoted by bold letters; context usually distinguishes vectors (e.g., $\mathbf{s}$) from matrices (e.g., $\mathbf{A}$). The i-th coefficient of a polynomial $\mathbf{a}\in R_q$ is denoted by $a\left[i\right]$ (using a non-bold symbol for the polynomial when referring to its coefficients, or $\mathbf{a}\left[i\right]$ if $\mathbf{a}$ itself is a single polynomial).

The product of two polynomials $\mathbf{a},\mathbf{b}\in R_q$ is denoted by $\mathbf{c}=\mathbf{a}\times \mathbf{b}$. Coefficient-wise multiplication is denoted by ∘. Kyber utilizes the Number Theoretic Transform (NTT) for efficient polynomial multiplication. The NTT of a polynomial $\mathbf{a}\in R_q$ is denoted by $\widehat{\mathbf{a}}$. Polynomial multiplication $\mathbf{a}\times \mathbf{b}$ using the NTT is computed as $\mathbf{c}=\mathrm{INTT}\left(\mathrm{NTT}\right(\mathbf{a})\circ \mathrm{NTT}(\mathbf{b}\left)\right)$, where $\mathrm{NTT}$ and $\mathrm{INTT}$ are the forward and inverse transforms, respectively. Byte arrays of a specific length, say $L_{\mathrm{bytes}}$, are denoted by $B^{L_{\mathrm{bytes}}}$. The i-th bit of an element $x\in {\mathbb{Z}}_q$ is denoted by $x_i$.

2.2. Kyber Key Encapsulation Mechanism (Kyber-KEM)

Kyber is an IND-CCA secure Key Encapsulation Mechanism based on the Module Learning With Errors (MLWE) problem [7]. The MLWE problem involves finding a secret vector $\mathbf{s}$ and error vector $\mathbf{e}$ (small coefficients sampled via Centered Binomial Distribution, CBD) from samples $(\mathbf{A},\mathbf{t}=\mathbf{A}\mathbf{s}+\mathbf{e})$, where $\mathbf{A}$ has uniformly random coefficients in $R_q$. This work uses Kyber768 (NIST Security Level 3), with $k=3$, providing security comparable to AES-256.

Key Generation. Two random seeds, ${\mathsf{seed}}_A,{\mathsf{seed}}_B\in B^{32}$, are used. An extendable output function (XOF) expands ${\mathsf{seed}}_A$ to matrix $\mathbf{A}\in R_q^{k\times k}$ (stored as $\widehat{\mathbf{A}}$ in NTT domain). ${\mathsf{seed}}_B$ generates secret vector $\mathbf{s}\in R_q^k$ and error vector $\mathbf{e}\in R_q^k$ from CBD. The public key is $\mathsf{pk}=(\rho ={\mathsf{seed}}_A,\widehat{\mathbf{t}}=\mathrm{NTT}(\mathbf{A}\mathbf{s}+\mathbf{e}))$. The private key is $\mathsf{sk}=\widehat{\mathbf{s}}=\mathrm{NTT}\left(\mathbf{s}\right)$.

Encapsulation. To generate a shared secret and ciphertext, new random values $\mathbf{r}\in R_q^k$, ${\mathbf{e}}_1\in R_q^k$, and $e_2\in R_q$ (from CBD) are sampled. A random message $m^{\prime }\in B^{32}$ is also generated. The ciphertext components are

$$\begin{array}{cc}\hfill \mathbf{u}& =\mathrm{INTT}({\widehat{\mathbf{A}}}^T\circ \mathrm{NTT}\left(\mathbf{r}\right))+{\mathbf{e}}_1\hfill \end{array}$$

(1)

$$\begin{array}{cc}\hfill v_p& =\mathrm{INTT}({\widehat{\mathbf{t}}}^T\circ \mathrm{NTT}\left(\mathbf{r}\right))+e_2\hfill \end{array}$$

(2)

Message $m^{\prime }$ is encoded (e.g., to polynomial $m_{\mathrm{poly}}$) and combined with $v_p$ to form v (e.g., $v=v_p+\mathrm{Encode}\left(m^{\prime }\right)$). The shared key is $K=H_1(\mathbf{r},m^{\prime })$, where $H_1$ is a hash function. The ciphertext comprises compressed versions of $\mathbf{u}$ and v.

Decapsulation. The recipient uses $\mathsf{sk}=\widehat{\mathbf{s}}$ to recover $m^{\prime }$ from $(\mathbf{u},v)$, typically by recomputing parts of the encapsulation and verifying to ensure IND-CCA security.

Implementation Optimizations. The efficiency of Kyber operations critically depends on NTT and modular reduction algorithms. Our implementation employs Cooley–Tukey for forward NTT and Gentleman–Sande for inverse NTT, leveraging their complementary data flow to eliminate reordering overhead [16]. For modular arithmetic with fixed $q=3329$, Barrett reduction outperforms Montgomery reduction by avoiding domain conversion costs while enabling precomputed reciprocals [17,18].

2.3. System Hardware Architecture and Data Flow

The hardware data flow for the cryptographic system’s transmitter and receiver operations is depicted in Figure 2 and Figure 3, respectively. These figures illustrate the integration of AES encryption, the TRNG, and network interfaces within the Zynq MPSoC’s processing system (PS) and programmable logic (PL).

As shown in Figure 2 (transmitter), data originating in the PS (managed by CPU0 for Ethernet and CPU1 for FA-Kyber) is transferred via AXI DMA to the PL. Here, an AXI Stream FIFO buffers data before encryption by the AES-GCM core. The TRNG supplies random numbers for AES-GCM (e.g., IVs). Encrypted data is then prepared for network transmission, potentially through a specialized IP core (e.g., SharkNet, for specific protocols beyond standard Ethernet) or standard Ethernet, and can also be routed to PS DDR memory.

Figure 3 (receiver) shows incoming encrypted data being decrypted by the PL’s AES-GCM core. Decrypted data is then transferred via AXI DMA back to the PS for CPU processing or storage in DDR memory.

This architectural design strategically partitions tasks: High-speed cryptographic operations (AES acceleration, TRNG entropy generation) are implemented in the PL for parallelism and efficiency. Complex control logic, including Kyber-KEM key management (FA-Kyber framework) and higher-level network protocol handling, resides in the PS. This PS-PL separation is crucial for achieving both high performance and enhanced security, as further discussed regarding implementation security in Section 4.3.3.

2.4. FA-KYBER Framework Design and Implementation

The Flow-Adaptive Kyber (FA-KYBER) framework integrates the Kyber-KEM with network-adaptive key management strategies. It utilizes the Zynq UltraScale+ MPSoC’s Generic Ethernet MAC (GEM) controller, incorporating a Traffic-Sensing Trigger (TST) mechanism to dynamically adjust key update thresholds based on network conditions.

2.4.1. Traffic-Sensing Threshold (TST) Mechanism

Unlike existing adaptive key management approaches that rely on CPU load monitoring [19] or fixed-interval rotation [20], FA-KYBER introduces network-traffic-aware adaptation. Previous systems ignore network-layer attack indicators or require expensive SDN controller overhead [21]. Our hardware-register-based monitoring achieves <1% CPU utilization while providing multi-metric threat assessment, representing one of the first frameworks to couple network characteristics with post-quantum key rotation frequency.

The TST mechanism dynamically adjusts the key update threshold using Equation (3):

$${\mathrm{TST}}_{\mathrm{calc}}=T_{\mathrm{base}}+\alpha ·log\left(B_{\mathrm{avg}}\right)+\beta ·{\displaystyle \frac{V_{\mathrm{curr}}}{V_{\max }}}$$

(3)

Here, $T_{\mathrm{base}}$ is a baseline data volume, and coefficients $\alpha$ and $\beta$ balance responsiveness to average bandwidth $B_{\mathrm{avg}}$ (detailed in Section 2.4.3) and the current transmission volume ratio ${\displaystyle \frac{V_{\mathrm{curr}}}{V_{\max }}}$. The policy enforces volume-based, time-based (e.g., a maximum interval), and anomaly-based (via GEM error counters) triggers for key updates.

The mathematical formulation in Equation (3) represents a constrained optimization problem that is well-suited for linear programming solutions. The model exhibits favorable computational properties: the logarithmic bandwidth term $\alpha ·log\left(B_{\mathrm{avg}}\right)$ can be linearized through piecewise approximation techniques [22], while the traffic ratio $\beta ·{\displaystyle \frac{V_{\mathrm{curr}}}{V_{\max }}}$ maintains inherent linearity. Given bounded parameters ($T_{\mathrm{base}}>0$, $B_{\mathrm{avg}}>0$, $0\le V_{\mathrm{curr}}/V_{\max }\le 1$), the solution space remains convex and computationally tractable [23,24].

Parameter optimization for $\alpha$ and $\beta$ can be achieved through regression analysis on historical traffic patterns, where the objective function minimizes prediction error while maintaining system responsiveness [25]. This linear modeling approach aligns with established frameworks for adaptive threshold optimization in network security, demonstrating superior performance over static methods in balancing detection accuracy and computational overhead [26,27].

To enhance practical robustness, the TST mechanism incorporates dual-layer validation logic. To minimize false positives, it requires anomalous behavior to persist across multiple consecutive monitoring windows, distinguishing genuine threats from transient network fluctuations. To counter false negatives, especially from low-rate attacks, it cross-validates bandwidth-based metrics with hardware error counter monitoring (e.g., RXCRCERR), providing a more comprehensive detection capability based on established anomaly detection and adaptive threshold principles [28,29].

The TST interfaces directly with the GEM controller’s hardware performance registers. Accessing these memory-mapped counters allows precise traffic measurement with negligible performance impact, unlike software-based monitoring. A non-blocking polling mechanism samples RXCNT and TXCNT registers, handling overflows and ensuring reliable, concurrent monitoring without packet delays.

2.4.2. Decentralized Device Discovery and Key Exchange Coordination

A decentralized coordination mechanism using Address Resolution Protocol (ARP) tables enables peer discovery and key exchange coordination, enhancing resilience by avoiding central authorities. To prevent collisions and ensure a unique active exchange per pair, a deterministic initiator selection (based on lexicographically smaller MAC address) is used. The system extends ARP scanning with state management to track device transitions and maintain key state synchronization.

2.4.3. Adaptive TST Algorithm Implementation

The TST value (Equation (3)) is calculated in two phases. First, current bandwidth ($B_{\mathrm{curr}}$) is measured using GEM hardware counters (RXCNT, TXCNT) over an interval $t_{\mathrm{interval}}$:

$$B_{\mathrm{curr}}={\displaystyle \frac{\Delta RXCNT+\Delta TXCNT}{t_{\mathrm{interval}}·{10}^6}}$$

(4)

where $\Delta$ denotes the change from the previous interval. Second, average bandwidth ($B_{\mathrm{avg}}$) is updated via an Exponential Weighted Moving Average (EWMA):

$$B_{\mathrm{avg}\_\mathrm{new}}=B_{\mathrm{avg}\_\mathrm{old}}·(1-\gamma )+B_{\mathrm{curr}}·\gamma$$

(5)

with weighting factor $\gamma$. Accumulated transmission volume is tracked precisely, handling counter overflows. Numerical stability is ensured via bounds checking and logarithm domain validation. Key updates are triggered if (1) the volume exceeds the TST threshold; (2) a maximum time (e.g., 4 h) elapses; or (3) GEM error counters detect abnormal network behavior (Section 2.4.5).

2.4.4. Key Update Protocol Implementation

The key update protocol follows a three-phase approach for decentralized security and efficiency.

• Initiation: Kyber-KEM processing starts when a time-based or TST-based threshold is met. The exchange initiator is determined by MAC address comparison (Section 2.4.2), preventing collisions.
• Exchange: Nodes communicate over an encrypted channel using messages with session identifiers, timestamps, and authentication codes. Staged buffers optimize message processing and reduce cryptographic memory operations.
• Verification: A verification sequence confirms successful key establishment before transitioning to the new key. A dual-key buffer maintains current and pending keys within a transition window (e.g., 10 ms ± 5 ms tolerance) for continuous secure operation.
• Exception Handling: A three-tiered recovery (immediate retry, then attempts at increasing intervals, e.g., 500 ms, 5000 ms) addresses failures. Consistent timing mitigates side-channel risks. Communication flags enable seamless fallback to pre-shared keys during sustained failures, maintaining security state awareness.

2.4.5. Network Performance Monitoring for Adaptive Security

The FA-KYBER framework employs multiple network metrics from GEM hardware registers for adaptive key management with minimal overhead. Beyond throughput (via RXCNT/TXCNT sampling), it monitors CRC errors (RXCRCERR) and length errors (RXLENERR) as indicators of potential network manipulation. If these error rates exceed adaptive thresholds, the system enters an elevated security state, accelerating key rotation.

Adaptive error thresholds are calculated dynamically based on historical data using a sliding window approach with efficient online statistics. A circular buffer maintains the last W error observations for each monitored type (CRC errors, length errors), where W is dynamically configurable (default: 1000 samples). When new observations arrive, we use Welford’s incremental algorithm [30] to update the mean ($\mu$) and standard deviation ($\sigma$) without recomputing from scratch.

For each new observation $x_i$, the running statistics are updated as follows:

-

$n=min(n+1,W)$ (current window size);

-

$\delta =x_i-{\mu }_{\mathrm{old}}$;

-

${\mu }_{\mathrm{new}}={\mu }_{\mathrm{old}}+\delta /n$;

-

${\delta }_2=x_i-{\mu }_{\mathrm{new}}$;

-

$M_2=M_2+\delta \times {\delta }_2$;

-

${\sigma }^2=M_2/(n-1)$.

The window size W adapts to network conditions: 500–2000 samples based on traffic stability [31]. When the buffer reaches capacity, new observations replace the oldest entries using modular indexing [32]. This ensures $O\left(1\right)$ update complexity per new observation while maintaining statistical relevance. The adaptive threshold is

$$T_{\mathrm{adaptive}}=\mu +k·\sigma$$

(6)

where k is a sensitivity factor (e.g., 3.5). This statistical approach distinguishes normal fluctuations from potential attacks. Automatic recalibration every 24 h during low-traffic periods prevents drift from long-term environmental changes [33].

A hysteresis mechanism prevents oscillation. To return to normal operation from an elevated state, error rates must fall below a recovery threshold

$$T_{\mathrm{recovery}}=\mu +0.8·k·\sigma$$

(7)

and remain there for a configurable period (e.g., three 5-minute monitoring cycles). These calculations are performed on the PS, using a circular buffer for historical data, conserving PL resources and allowing flexible parameter tuning.

To guard against poisoning attacks aimed at suppressing key updates, the design incorporates two key defenses inspired by research into the robust detection of advanced threats [34]. First, the mandatory time-based trigger (e.g., max 4 h) acts as a fail-safe, preventing indefinite suppression of key rotation. Second, the adaptive threshold mechanism is hardened by bounding the statistical impact of outliers on the historical traffic baseline. This prevents an adversary from artificially inflating the TST threshold through malicious traffic injection, thus preserving detection sensitivity.

2.5. Multi-Level Hardware TRNG Design and Implementation

The True Random Number Generator (TRNG), a critical component for robust entropy, is based on a multi-level Ring Oscillator (RO) architecture within the FPGA, leveraging inherent physical noise. Key design principles include utilizing differentiated RO stages (5, 7, 9, and 11 inverters) as independent entropy sources and a multi-tier pooling architecture to refine raw entropy.

The TRNG’s structure, detailed in Figure 4, comprises an RO Array Core, a Pooling Module, and an Adaptive Control System. This configuration aims to eliminate biases and produce a statistically sound random bitstream. The adaptive control system, with its entropy estimator and adaptive sampler, continuously monitors and adjusts TRNG parameters to maintain randomness quality under varying conditions.

Physical isolation of entropy sources is crucial. As depicted in Figure 5, distinct RO configurations are spatially separated on the FPGA using Pblock constraints and careful placement. This “Physical Isolation Design” minimizes crosstalk and electromagnetic interference. The varied distributions (e.g., even, linear, staggered multi-row) for different RO types (5, 7, 9, and 11 stages) further enhance spatial diversity and the unpredictability of the TRNG output.

2.6. Security Analysis Methodology

The cryptosystem’s security was evaluated against classical and quantum-capable adversaries, based on established cryptographic principles and specific assessment methodologies tailored to its components and objectives.

2.6.1. Security Model and Assumptions

Our security model considers two attacker profiles: traditional attackers (classical resources, network attacks, limited by computational problem hardness) and quantum-capable attackers (access to large-scale quantum computers for Shor’s/Grover’s algorithms). This dual approach ensures comprehensive assessment towards goals of confidentiality, integrity, and availability. The analysis relies on four fundamental assumptions:

(1)

The MLWE problem underlying Kyber remains intractable against quantum computers.

(2)

AES-256, despite Grover’s algorithm, maintains sufficient security when combined with quantum-resistant key exchange.

(3)

The TRNG (Section 2.5) produces statistically random outputs verifiable by NIST SP 800-22 tests.

(4)

PS-PL architectural separation on Zynq provides a degree of isolation against certain side-channel attacks.

The system aims for IND-CCA2 security for Kyber-KEM and AEAD security for AES-GCM, targeting at least 128-bit post-quantum security. Evaluation objectives include assessing these security levels, verifying TRNG quality, and analyzing the FA-KYBER’s adaptive key rotation for approximating forward secrecy by limiting key exposure.

2.6.2. Quantum Resistance Assessment

Quantum resistance was primarily assessed by

• Confirming Kyber-768’s (NIST Level 3) 128-bit post-quantum security target and MLWE problem hardness against known quantum algorithms (e.g., Shor’s ineffectiveness).
• Evaluating AES-256’s effective security (approx. 128-bit) under Grover’s algorithm.
• Analyzing how FA-KYBER’s adaptive key rotation (limiting session key exposure time/volume) contributes to overall quantum resilience.

2.6.3. TRNG Security Evaluation

The TRNG’s security (design in Section 2.5, Figure 4 and Figure 5) was evaluated as follows:

• Statistical Randomness Verification: Subjecting output bitstreams to the NIST SP 800-22 test suite, using pass/fail and p-value distribution as metrics, with entropy estimation following NIST SP 800-90B [35] for non-IID sources.
• Adaptive Mechanism Review: Assessing the adaptive sampling mechanism’s role in maintaining entropy quality against environmental manipulation.
• Physical Isolation Review: Examining layout strategies (Pblocks, spatial separation) for minimizing entropy source correlation and side-channel susceptibility.

2.6.4. Protocol-Level Security Assessment

FA-KYBER’s protocol-level security enhancements were assessed by examining the following:

• The dual-trigger (time/volume-based) key update’s effectiveness in ensuring regular refreshes and limiting key exposure.
• The TST mechanism’s potential as an integrated anomaly detector by reviewing its designed response to bandwidth anomalies, elevated CRC/length error rates. TST effectiveness was further evaluated by simulating network attacks (e.g., bandwidth exhaustion, probing) and observing system response against defined detection metrics.
• The exception-handling protocol’s (graded retries, consistent timing) design for resisting timing analysis and ensuring continuity.
• The pre-shared key fallback mechanism’s role in maintaining baseline security during sustained key exchange failures.

2.6.5. Implementation Security Design Considerations

Implementation security was addressed through the following design choices:

• PS-PL separation for isolating Kyber-KEM (PS) from TRNG/AES (PL) to mitigate certain side-channel vectors.
• RO TRNG physical design (Pblocks, clock domain separation, Section 2.5) for entropy independence.
• Standard software practices (secure clearing of sensitive data, consistent exception handling) to prevent information leakage.
• FA-KYBER’s adaptive key rotation to limit single-key exposure windows, reducing side-channel attack viability.

While these architectural choices provide foundational security measures, a comprehensive quantitative assessment of side-channel attack resistance represents a critical limitation that must be acknowledged. Side-channel attacks, particularly power analysis attacks (Differential Power Analysis, DPA; Simple Power Analysis, SPA) and electromagnetic analysis, pose significant threats to cryptographic implementations [36,37]. Recent research has demonstrated successful attacks on both masked software [38] and hardware implementations [39] of Kyber-768, revealing vulnerabilities even in protected implementations using Boolean masking and other countermeasures.

Our current design incorporates several features that provide a foundation for side-channel resistance: the PS-PL architectural separation limits potential attack surfaces by isolating cryptographic operations across different domains; the multi-level RO TRNG’s physical design with spatial separation (Section 2.5) reduces electromagnetic coupling between entropy sources; and the FA-KYBER framework’s adaptive key rotation inherently limits the temporal exposure window available for side-channel analysis. Nevertheless, dedicated countermeasures such as Boolean masking for polynomial operations [40], constant-time implementations, and formal leakage assessment using standardized methodologies like the Test Vector Leakage Assessment (TVLA) [41] would be essential for deployment in adversarial environments and represent important directions for future investigation.

2.7. Performance Evaluation Methodology

Comprehensive experiments evaluated the cryptosystem’s performance. This section details the hardware platform, network test environment, evaluation metrics, and specific test scenarios.

2.7.1. Hardware Platform and Test Environment

The system was implemented on AXU4EV-P development boards (ALINX, Shanghai, China) featuring a Xilinx Zynq UltraScale+ MPSoC (XCZU4EV-1SFVC784: quad-core ARM Cortex-A53 at 1.5 GHz, PL at 100 MHz, 8GB DDR4 SDRAM). A customized carrier board provided Gigabit Ethernet and other interfaces. Tests were controlled by a host PC (Intel Corporation, Santa Clara, CA, USA) running Ubuntu 22.04 and equipped with an Intel Core i9-12900K processor and 64GB RAM. The network environment comprised three AXU4EV-P boards in a star topology via a Gigabit Ethernet switch, with a baseline one-way delay of 0.8 ms (±0.3 ms jitter). Network congestion (20%, 50%, 80%) was simulated by running bandwidth-intensive applications on additional board pairs connected to the same switch, offering a realistic assessment of robustness without specialized simulation tools.

2.7.2. Evaluation Metrics

Key performance metrics included the following:

• Encryption Throughput (Mbps): Rate of successfully processed data under various conditions.
• Key Exchange Latency (ms): Time for Kyber-KEM operations during updates.
• Service Interruption (ms or %): Impact of key updates on data flow.
• End-to-End Encryption Latency (ms): Total packet processing time (encryption, transmission, decryption) for sizes of 64–8192 bytes.
• Resource Utilization: PL (LUTs, BRAMs, DSPs) and PS (CPU load, memory) usage.
• Power Consumption (W): Board power draw at idle and full load.
• TRNG Quality: Output throughput (Mbps) and NIST SP 800-22 test suite results.

These metrics provide a holistic view of performance and operational characteristics.

2.7.3. Test Scenarios and Data Collection

System performance was evaluated under diverse conditions using the test scenarios summarized in

Table 1. System evaluation test scenarios.

Scenario Name	Network Setup	Test Procedure & Data Types	Duration	Primary Metrics
Baseline Performance	Three-node network, no background traffic.	Fixed pattern data (all zeros/ones, alternating bits); various packet sizes (64–8192 bytes).	30 min/ config.	Throughput, E2E latency, resource util.
Key Update Impact	Two-node direct connect, continuous data.	Fixed-interval (e.g., 10 min) vs. TST-based dynamic key updates.	2 h	Service interruption, throughput fluctuation, key update success.
Network Congestion Adaptability	Three-node network; 20%, 50%, 80% background traffic.	Continuous data and burst patterns (e.g., 1000 packets/100 ms).	45 min/ config.	Throughput stability, key update freq., recovery.
Long-Term Stability	Full three-node network; mixed actual workloads, varied traffic.	Periodic data with multiple key updates (time and TST triggered).	24 cont. hours	System reliability, resource trends, TRNG quality.

. Data collection involved PS-side cycle counters, a Vivado Design Suite (v2022.2) for PL resources, and combined hardware (GEM registers) and software statistics for network performance. Each test configuration was repeated 10 times for statistical validity. These scenarios were designed to ensure comprehensive and representative results.

3. Results

3.1. Overall System Performance

System performance was robust and consistent.

Table 2. System transmission performance with key updates (2-h test series).

Test Run	Max. Rate (Mbps)	Latency (ms)	Success Rate (%)
1	562.3	3.2	99.98
2	567.9	3.1	100.00
3	569.2	3.0	99.99
4	558.7	3.3	99.97
5	570.1	3.0	100.00
6	563.4	3.2	99.98
7	566.2	3.1	99.99
8	561.8	3.2	99.98
9	565.7	3.1	100.00
10	563.1	3.2	99.99
Mean	564.84	3.14	99.99

shows encrypted data rates from a 2-h test series (10-minute key update intervals).

Across 10 independent 2-h tests, the system showed high stability (average throughput, 564.8 ± 7.2 Mbps; standard deviation (SD), 1.3% of the mean), confirming operational consistency. The consistently low latency (3.14 ± 0.10 ms) and high success rate (99.99 ± 0.01%) further affirm its reliability for real-world deployment.

3.1.1. Throughput Analysis Across Packet Sizes

Encryption throughput was evaluated for various packet sizes. For 64-byte packets (raw network throughput 86.1 Mbps), the encrypted throughput was 73.43 Mbps (85% efficiency). For larger packets (4096–8192 bytes, raw network throughput approaching 900 Mbps), consistent encryption throughput of 558–575 Mbps was maintained.

Figure 6 illustrates system throughput and encryption efficiency versus Ethernet packet size. Overall throughput increased with packet size due to reduced relative protocol overhead. Encryption efficiency (encrypted throughput/raw network throughput) peaked for smaller packets, and then decreased to 63% for 8192-byte packets as the system processing capacity became the bottleneck over the Gigabit Ethernet link.

3.1.2. Latency Characteristics

Table 3. Latency breakdown by packet size (milliseconds).

Component	64 Bytes	512 Bytes	1500 Bytes	8192 Bytes
Network Baseline	0.683	0.692	0.712	0.776
AES Processing	0.421	0.583	0.741	1.855
Key Management	0.238	0.238	0.238	0.238
System Overhead	0.458	0.587	1.309	2.831
Total Latency	1.8	2.1	3.0	5.7

details the system’s end-to-end latency components.

Baseline Ethernet latency averaged 0.683 ms (range: 0.465–0.810 ms). Encryption and key management added overhead, resulting in total end-to-end latencies from 1.8 ms (64-byte packets) to 5.7 ms (8192-byte packets). Average temporary service interruption during key updates was 78 ms. This minimal impact highlights the FA-KYBER protocol’s efficiency. Double buffering prevented packet loss during key transitions, maintaining a continuous data stream with only microsecond-level jitter.

3.1.3. System Stability and Resource Consumption

Figure 7 shows system throughput and PS CPU utilization during a 24-h stability test. Average throughput remained at 564 Mbps. CPU utilization peaked at 32–35% during key updates, remaining significantly lower otherwise, indicating efficient steady-state operation.

Power consumption varied minimally: 4.5 W idle (5V/0.90A) to 4.9 W full-load (5V/0.98A), showing good energy efficiency. MPSoC core temperatures stabilized between 50 °C and 62 °C under varying loads, well within specifications. Throughout the 24-h test, all 144 key updates were successful (100% rate), verifying operational reliability with frequent rotation. The TRNG maintained stable, high-quality entropy generation (verified by periodic NIST SP 800-22 tests). Zynq Performance Monitoring Unit (PMU) data corroborated efficient resource utilization.

3.2. Component-Level Performance Results

The performance of key individual hardware and software components was evaluated for a detailed understanding of their contributions.

3.2.1. TRNG Performance Results

The multi-level RO TRNG produced a stable 49.6 Mbps throughput. It successfully passed all NIST SP 800-22 statistical tests, with detailed p-values in

Table 4. NIST SP 800-22 statistical test results for the implemented TRNG.

Statistical Test Name	Observed p-Value (s)	Outcome
Frequency (Monobit)	0.350485	Pass
Block Frequency	0.350485	Pass
Cumulative Sums (Forward)	0.350485	Pass
Cumulative Sums (Backward)	0.834308	Pass
Runs	0.534146	Pass
Longest Run of Ones	0.122325	Pass
Binary Matrix Rank	0.739918	Pass
Discrete Fourier Transform	0.122325	Pass
Non-Overlapping Template	0.008879–0.991468	Pass
Overlapping Template	0.162606	Pass
Maurer’s Universal Statistical	0.213309	Pass
Approximate Entropy	0.275709	Pass
Random Excursions	0.025193–0.911413	Pass
Random Excursion Variant	0.066882–0.964295	Pass
Serial (Two tests)	0.437274	Pass
Linear Complexity	0.739918	Pass

.

Entropy contributions from distinct RO configurations were as follows: 5 stages (14.2 Mbps), 7 stages (12.8 Mbps), 9 stages (11.5 Mbps), and 11 stages (11.1 Mbps). This diversified output enhances overall randomness quality.

3.2.2. Encryption Engine and Kyber Operation Performance

The AES-256-GCM engine (extended from [42]) achieved > 550 Mbps throughput using 7.2% FPGA logic resources on the Zynq UltraScale+ XCZU4EV. Engine latency included a 0.28 μs initialization and 0.15 μs per-block (32-byte) processing time. Software Kyber-768 on an ARM Cortex-A53 core showed efficient operation: key generation: 1.2 $\mathrm{m}$$\mathrm{s}$; encapsulation: 1.5 $\mathrm{m}$$\mathrm{s}$; and decapsulation: 1.7 $\mathrm{m}$$\mathrm{s}$ (average). The peak PS memory footprint during key generation was 2.4 MB.

3.2.3. FA-KYBER Framework Adaptive Behavior

The FA-KYBER evaluation focused on key exchange efficiency and adaptive security response.

Key Exchange Efficiency. The average key exchange completion time (including Kyber-KEM and protocol overhead) was 74.3 $\mathrm{m}$$\mathrm{s}$, with 99.7% of it completed within 85 $\mathrm{m}$$\mathrm{s}$. Dual-key buffering prevented packet loss. Peak PS memory for an update cycle was 128 kB.

TST Mechanism Overhead. PS-based TST traffic monitoring consumed < 1% CPU utilization of its allocated core, due to direct GEM register access. Upon significant network changes (e.g., 20% to 80% congestion), TST recalculated and applied new key update thresholds (Equation (3)) with an average response time of 1.8 $\mathrm{s}$ post-detection.

Adaptive Security Response to Network Congestion. As shown in Figure 8, increasing network congestion (0% to 90%) reduced throughput (from 565 Mbps to 39 Mbps). Concurrently, FA-KYBER increased key update frequency from time-based (e.g., 2/hour at low congestion) to a TST-driven maximum of 5/hour at ≥70% congestion, even as throughput further declined.

3.3. Security Analysis Findings

Key findings from the security evaluation (methodology in Section 2.6) are presented.

3.3.1. Verification of Cryptographic Primitives and TRNG Quality

The Kyber-768 implementation was verified against test vectors and NIST specifications, confirming its Level 3 (128-bit post-quantum) security. AES-256-GCM was similarly verified for correct encryption, decryption, and authentication. As detailed (Section 3.2.1, Table 4), the TRNG passed all NIST SP 800-22 tests, providing high-quality randomness. Its adaptive sampling maintained stable entropy output under simulated environmental variations (voltage, ±15%; temperature, −40 °C to 85 °C during component stress tests).

3.3.2. Effectiveness of Protocol-Level Security Mechanisms

FA-KYBER’s TST mechanism demonstrated 93.7% detection accuracy across 150 simulated network attacks (bandwidth exhaustion: 96%; temporal analysis probes: 92%; replay attacks: 93%). Simulations used real network traffic baselines with superimposed attack traffic. The dual-trigger key update (time/TST-based) ensured regular refreshes, adapting to traffic conditions as observed in the 24-h test (Section 3.1.3). The exception-handling protocol (<0.1% activation during tests) successfully recovered connections from transient issues.

During validation, the persistence-checking logic was observed to significantly reduce false positive triggers from transient network spikes. In simulated poisoning attack scenarios, the hardened baseline calculation successfully resisted manipulation attempts, and the mandatory time-based trigger provided a reliable backstop, confirming the effectiveness of the layered defensive mechanisms.

3.3.3. Assessment of Implementation Security Aspects

Architectural PS-PL separation was maintained, confining Kyber-KEM to PS and TRNG/AES to PL, verified through code review and testing against unauthorized data paths. RO TRNG physical design choices (Pblocks, etc.) were implemented per methodology (Section 2.5). While direct side-channel leakage measurement was beyond the scope of this study, adaptive key rotation inherently limits exposure windows. Sensitive cryptographic materials were cleared from memory post-use (verified during debugging).

4. Discussion

The experimental results (Section 3) validate the proposed quantum-resistant hybrid cryptographic system’s successful implementation and robust performance on the Zynq UltraScale+ MPSoC. This section interprets these findings, contextualizes them within existing research, outlines contributions and limitations, and suggests future research.

4.1. Interpretation of Overall System Performance

The system’s high throughput (>560 Mbps, Table 2) and low standard deviation (1.3%) confirm its suitability and stability for bandwidth-intensive, post-quantum secure communications. The average end-to-end latency of 3.14 ms is acceptable for many interactive applications, with AES processing and system overheads identified (Table 3) as primary contributors, suggesting avenues for further optimization. Critically, minimal service interruption (78 ms) during key updates, with no packet loss due to dual-key buffering, underscores the FA-KYBER framework’s effectiveness in maintaining both communication continuity and cryptographic agility. Throughput analysis across packet sizes (Figure 6) revealed expected efficiency scaling, defining a practical performance envelope. Long-term stability tests (24-h, Figure 7) demonstrated consistent throughput, successful key rotation, stable TRNG output, and manageable power/thermal characteristics (4.5 W idle, 4.9 W load), supporting its viability for mission-critical operations. Transient CPU spikes during key updates did not compromise stability, reflecting a balanced PS-PL task distribution.

4.2. Interpretation of Component-Level Performance and Design Choices

Individual component performance underpins the system’s overall efficacy and security.

4.2.1. Significance of TRNG Performance and Quality

The multi-level RO TRNG’s stable 49.6 Mbps throughput adequately meets the randomness demands for Kyber, AES-GCM IVs, and other cryptographic operations without becoming a performance bottleneck. Successfully passing all NIST SP 800-22 tests (Table 4) provides strong evidence of high-quality, unpredictable random numbers, crucial for the cryptosystem’s security foundation. This robustness is likely enhanced by diversified noise sources from distinct RO configurations.

4.2.2. Implications of Encryption Engine and Kyber Operation Speeds

The AES-256-GCM engine’s >550 Mbps throughput with modest FPGA resource usage (7.2%) signifies efficient hardware acceleration, capable of handling high-bandwidth streams. Its low per-block latency (0.15 μs post-initialization) benefits delay-sensitive tasks. Kyber-768 software execution times on the ARM core (key generation: 1.2ms; encapsulation: 1.5ms; decapsulation: 1.7ms) are competitive for embedded PQC KEMs. While more intensive than traditional counterparts, these latencies are acceptable for secure session establishment given the enhanced quantum security, confirming Kyber’s feasibility on resource-constrained platforms.

4.2.3. Effectiveness and Novelty of the FA-KYBER Adaptive Framework

The FA-KYBER framework represents a significant advancement over static key management policies. Its dual-trigger (time and TST-based) mechanism provides a responsive approach. Key strengths include the TST’s low CPU overhead (<1%), leveraging hardware counters, and its adaptive threshold (Equation (3)) with quick responsiveness (1.8s). The adaptive key update frequency under network congestion (Figure 8), increasing up to five updates/hour, is particularly noteworthy as it actively reduces key lifetimes under stress, offering a practical enhancement to forward secrecy. This adaptive sophistication, surpassing fixed-interval/volume rotations, potentially offers superior security utility.

4.3. Interpretation of Security Analysis Findings and Implications

Security analysis (Section 3.3) supports the system’s resilience against targeted classical and quantum threats, alongside its protocol and implementation robustness.

4.3.1. Confidence in Cryptographic Primitives and Randomness

Verified Kyber-768 and AES-256-GCM implementations ensure adherence to their designed security levels. Kyber-768 meeting the 128-bit post-quantum security target is central to the system’s quantum resistance. While Grover’s algorithm theoretically impacts AES-256 [43], its remaining 128-bit effective security is widely considered adequate. The TRNG’s successful NIST SP 800-22 testing (Table 4) is paramount, ensuring the entropy source is not an exploitable weak link. High-quality randomness is essential for all cryptographic secrets and nonces. The TRNG’s stability under simulated stress (Section 3.3.1) suggests practical reliability, although comprehensive side-channel analysis would provide further assurance.

4.3.2. Effectiveness and Practicality of Protocol-Level Defenses

The FA-KYBER TST mechanism’s 93.7% detection accuracy against simulated network attacks (Section 3.3.2) highlights its utility as an integrated, lightweight intrusion detection capability. This allows for proactive responses, such as more frequent key rotations, enhancing cryptographic agility. High detection rates for common disruptions like bandwidth exhaustion (96%) and replay attacks (93%) demonstrate good sensitivity. The appropriate triggering of key updates by both time- and TST-based mechanisms validates the dual-trigger design’s utility in ensuring both baseline key freshness and dynamic protection.

4.3.3. Implications of Implementation Security Measures

The verified PS/PL architectural separation (Figure 2 and Figure 3) provides a degree of defense-in-depth, making it more challenging for vulnerabilities in one domain to compromise the other. RO TRNG design choices (Pblocks, differentiated routing) represent practical efforts towards entropy source integrity. Standard practices like clearing sensitive cryptographic material from memory post-use reduce attack windows. Furthermore, FA-KYBER’s adaptive key rotation, by limiting key lifetimes, inherently reduces the value of a compromised key and the time available for attacks, complementing theoretical cryptographic strength.

4.4. Comparison with Existing Work

This research is contextualized by comparison with existing cryptographic solutions and TRNGs.

4.4.1. Comparison with Other Cryptographic Systems

The proposed system, with a >550 Mbps throughput and 256-bit post-quantum security (

Table 5. Performance comparison with traditional cryptosystems.

System	Implementation Platform	Throughput (Mbps)	Security Level	Quantum Resistant
Our Work	Zynq UltraScale+ MPSoC	>550	256-bit	Yes
AES and RSA [45]	N/A	16	N/A	No
PUF-Key Auth. Enc. [14]	Zynq-7000	22.85	128-bit	No
Dynamic ZUC [44]	Xilinx XC7Z020	2488.34	128-bit	No
High-Perf. ECC [46]	Xilinx Virtex-7	0.134	256-bit	Partial

), significantly advances practical PQC implementation on embedded platforms. While some traditional, non-quantum-resistant systems offer higher throughput (e.g., ZUC [44]), and other embedded PQC efforts report lower performance or lack comprehensive integration [14,45,46], our work distinguishes itself. The key differentiator is the holistic integration of high-throughput AES-256-GCM, robust Kyber-768, a hardware TRNG, and the adaptive FA-KYBER framework, addressing the full post-quantum secure communication lifecycle. This combination offers a practical, flexible solution with throughput surpassing that of many reported PQC systems for similar embedded platforms.

4.4.2. Comparison of TRNG Performance and Design

Our multi-level RO TRNG (49.6 Mbps, full NIST SP 800-22 compliance) compares favorably with recent designs (

Table 6. TRNG performance comparison with recent implementations.

System	Platform	Throughput (Mbps)	NIST Compliance	Entropy Source
Our Work	Zynq UltraScale+ FPGA	49.6	Full SP 800-22	Multi-level RO
Meitei et al. [12]	Kintex-7 FPGA	206–260	Partial (Rank failed)	ADPLL-based
Park et al. [9]	4nm CMOS	60	Full SP 800-90B	STR-based
Cheng et al. [10]	Memristor	5	Not reported	VO2/HfO2
Cabacinho et al. [11]	28nm CMOS	Not reported	Not reported	Self-biased RO

). While some alternatives offer higher throughput (e.g., Meitei et al. [12], but with partial NIST compliance) or use advanced fabrication (e.g., Park et al. [9]), our TRNG strikes a practical balance of sufficient throughput, strong randomness, and implementability on standard FPGAs. The multi-level, adaptive sampling RO architecture is key to this balance.

4.4.3. Novelty in System Integration and Adaptive Key Management

A primary contribution is the synergistic integration of Kyber-KEM, AES-GCM, a quality TRNG, and the innovative FA-KYBER framework on an embedded SoC. To our knowledge, few existing works present such a comprehensive, end-to-end PQC system featuring both a validated hardware TRNG and dynamic, network-traffic-adaptive key rotation. While individual components are well-studied, their effective integration and the development of adaptive security mechanisms responsive to real-world network dynamics are critical for practical PQC deployment. FA-KYBER’s TST mechanism, in particular, offers intelligent, resource-efficient key lifecycle management, enhancing security by minimizing key exposure windows.

4.4.4. Brief Comparison with Related Approaches

Our approach differs from recent adaptive security frameworks [47] that focus on malware detection without cryptographic integration. While SDN-based systems achieve good threat detection, they require continuous controller monitoring with higher overhead. FA-KYBER’s hardware-register approach achieves 93.7% anomaly detection with minimal resource consumption, specifically optimized for post-quantum environments where existing frameworks lack coverage.

4.5. Broader Implications and Significance

This work has several broader implications. It demonstrates the feasibility of deploying comprehensive, high-performance PQC systems on resource-constrained embedded platforms (FPGAs/SoCs), crucial for securing future IoT, industrial control, automotive, and edge computing applications. Achieving >550 Mbps encryption with robust key management and entropy generation on such devices indicates that PQC adoption need not be limited to high-end hardware. The FA-Kyber framework’s traffic-adaptive key management suggests a new approach to operational security, moving beyond static policies to dynamically respond to network conditions and potential threats. Its principles could inspire more intelligent, resilient security architectures, with the TST mechanism’s lightweight intrusion detection capabilities offering a path towards self-defending cryptosystems. Furthermore, demonstrating a reliable, high-throughput hardware TRNG using standard FPGA resources underscores the importance of building strong cryptographic foundations without resorting to exotic or expensive entropy sources, vital for cost-sensitive applications. Overall, this research provides a tangible blueprint for quantum-resistant, context-aware secure communication systems, bridging theoretical PQC development with practical, high-performance system-level implementation.

4.6. System Portability Considerations

While this work focuses on the Zynq UltraScale+ platform, the architectural design principles employed support potential cross-platform adaptability. This section discusses the theoretical portability considerations and migration challenges.

4.6.1. Architectural Design for Portability

Our PS-PL separation architecture (Figure 2 and Figure 3) follows established heterogeneous computing principles, enabling theoretical mapping to various platforms: ARM+FPGA SoCs (Intel Cyclone V/Arria 10), CPU+GPU systems, and CPU+dedicated accelerator configurations. The modular design separates hardware-intensive operations (AES encryption, TRNG) from software control logic (Kyber-KEM, FA-KYBER), facilitating independent platform optimization.

4.6.2. Component Portability Analysis

Cryptographic algorithms demonstrate inherent portability: Kyber-768 as an NIST standard with a C reference implementation exhibits natural cross-architecture compatibility, while our measured performance (1.2–1.7 ms operations) should scale predictably with processor capabilities. AES-256-GCM represents a widely supported standard with hardware acceleration available across most platforms. The TRNG design presents the greatest platform dependency, as our multi-level Ring Oscillator implementation (Section 2.5) relies on FPGA-specific routing and placement, requiring significant adaptation for cross-vendor migration or alternative entropy sources for non-FPGA platforms.

4.6.3. Migration Challenges and Limitations

Cross-platform migration faces several challenges: toolchain adaptation (Vivado vs. Quartus), resource architecture differences (CLBs vs. ALMs), and platform-specific integration requirements. The FA-KYBER framework’s network monitoring, while conceptually portable through standard APIs, would require platform-specific driver adaptation.

Important limitation: This analysis represents theoretical considerations based on architectural principles rather than empirical validation. Actual migration would require substantial engineering effort including performance characterization, component optimization, security validation, and integration testing on target platforms. Future work should prioritize establishing baselines for strategically important alternative platforms.

4.7. Limitations of the Study

Despite promising results, this study has the following limitations:

• Comprehensive Side-Channel Attack Analysis: While our architectural design incorporates several SCA-aware features (PS-PL separation, adaptive key rotation, TRNG spatial isolation), this work lacks formal side-channel resistance evaluation against power analysis attacks (DPA/SPA), electromagnetic analysis attacks, and timing-based attacks. Quantitative security assessment using standardized methodologies such as Test Vector Leakage Assessment (TVLA) [41] was not performed due to the requirement for specialized equipment (oscilloscopes, electromagnetic probes) and evaluation frameworks that were beyond the scope of this initial implementation study. Recent research has demonstrated successful side-channel attacks on masked implementations of Kyber-768 [37,39], highlighting that even protected implementations can be vulnerable without comprehensive countermeasures such as higher-order masking, shuffling, and constant-time operations specifically tailored for lattice-based cryptographic operations.
• Network Attack Simulation Scope: TST effectiveness was validated against specific simulated attacks (bandwidth exhaustion, replay attacks, and temporal analysis probes). However, this evaluation has important limitations regarding attack sophistication. Our assessment did not include advanced persistent threats (APTs), machine learning-based adaptive adversaries that learn from system responses, multi-vector coordinated attacks that combine network and cryptographic vectors, or sophisticated stealth attacks designed to operate below detection thresholds while gradually compromising system security. These advanced attack scenarios represent a critical gap in current evaluation, as real-world adversaries often employ such sophisticated techniques. Future work should prioritize evaluation against adaptive adversaries using reinforcement learning approaches, coordinated multi-stage attacks, and stealth techniques specifically designed to evade TST detection mechanisms. Adaptive thresholds could be susceptible to poisoning without robust recalibration mechanisms.
• Platform Specificity: Results are specific to the Zynq UltraScale+ MPSoC. Performance on other platforms may vary.
• Software Kyber-KEM: The software Kyber implementation, while performant, introduces timing-based vulnerabilities and performance limitations compared to dedicated hardware acceleration, which could provide enhanced side-channel resistance and ultra-low-latency capabilities.
• Large Network Scalability: ARP-based peer discovery was tested on a small scale (three nodes). Scalability and security in larger, more dynamic networks were not evaluated. While our decentralized approach theoretically supports larger deployments, several factors require investigation: (1) ARP table management overhead grows linearly with network size, potentially impacting the <1% CPU utilization advantage; (2) key exchange collision avoidance through MAC address comparison may face timing challenges in networks with >50 nodes; (3) the TST mechanism’s bandwidth monitoring accuracy could degrade in highly dynamic topologies with frequent joins/leaves. Theoretical analysis suggests our approach should scale to 20–50 node networks without architectural modifications, but empirical validation across different network sizes (10, 25, 50+ nodes) and topologies (mesh, hierarchical) is essential for production deployment confidence. Additionally, our TST mechanism’s anomaly detection capabilities (achieving 93.7% accuracy against simulated single-point attacks) have not been validated against sophisticated distributed attack scenarios that could exploit larger network topologies, such as coordinated multi-node DDoS attacks, distributed traffic analysis, or synchronized timing attacks across multiple network segments.
• TRNG Long-Term Degradation: Our 24-h evaluation, while sufficient for operational validation, cannot assess potential long-term entropy degradation under extended operational periods (>1 month) and complex environmental variations. FPGA aging studies indicate RO frequency changes of 0.3–1.8% over months, which could affect entropy quality and would require extended monitoring for comprehensive characterization. Additionally, the cumulative effects of temperature cycling, voltage fluctuations, and electromagnetic interference over extended periods on the multi-level RO architecture’s entropy generation characteristics remain uncharacterized.
• Formal Verification: System-level security properties, particularly component interactions and FA-Kyber logic, were not formally verified.For the benefit of future work, a proposed roadmap for this task is detailed in Appendix A.

These limitations offer avenues for future refinement and research.

4.8. Future Research Directions

Building on these findings and limitations, future research directions include the following:

• Formal Side-Channel Analysis and Enhanced Countermeasures:Building upon the SCA-aware architectural features identified in this work, conducting comprehensive side-channel resistance evaluation using Test Vector Leakage Assessment (TVLA) methodology [41] and implementing dedicated countermeasures. Priority research areas include the following: (a) power analysis testing of Kyber-768 operations using differential and correlation power analysis techniques; (b) electromagnetic leakage assessment of the multi-level RO TRNG under varying environmental conditions; (c) timing attack analysis of the FA-KYBER key exchange protocol; (d) implementation and evaluation of masking schemes for polynomial arithmetic operations [40]; and (e) integration of established SCA countermeasures such as clock randomization, noise injection, and shuffling techniques, validated through standardized leakage assessment frameworks.
• Machine Learning-Enhanced TST Anomaly Detection: Extending the current TST mechanism with machine learning techniques to detect more subtle and sophisticated network attacks. Priority research areas include the following: (a) developing lightweight neural network models suitable for embedded deployment that can identify complex attack patterns beyond simple threshold-based detection; (b) implementing federated learning approaches to enable collaborative threat intelligence sharing across multiple nodes without compromising privacy; (c) designing adaptive models that can evolve with emerging attack vectors while maintaining low computational overhead on the PS; and (d) validating ML-enhanced detection against advanced persistent threats (APTs) and zero-day attack scenarios that current rule-based systems might miss.
• Advanced TST Anomaly Detection: Incorporating machine learning techniques into the TST mechanism for more sophisticated detection of subtle or novel network attacks and to reduce false positives/negatives.
• Hardware Acceleration for PQC KEMs: Designing and integrating a dedicated PL-based Kyber accelerator to further reduce key exchange latency and offload PS resources. Crucially, this hardware implementation would serve as a foundation for robust side-channel countermeasures (e.g., constant-time logic, power randomization, and masking techniques), directly mitigating the timing-based vulnerabilities identified in software-based approaches.
• Cross-Platform Validation and Optimization: Building upon the theoretical portability analysis (Section 4.6), empirical validation on alternative platforms represents a critical next step. Priority should focus on Intel/Altera SoC FPGAs and CPU+GPU configurations, with particular emphasis on TRNG adaptation strategies and performance characterization across different hardware architectures.
• Scalable and Secure Network Management: Investigating more robust and scalable peer discovery and key management protocols for larger, dynamic network deployments. Priority research should include the following: (1) empirical testing on networks of 10–100 nodes to establish performance baselines; (2) hybrid discovery mechanisms combining ARP with hierarchical or DHT-based approaches for >50 node deployments; (3) distributed TST coordination to maintain anomaly detection effectiveness in segmented networks; (4) load balancing strategies for concurrent key exchanges to prevent network congestion during mass key rotation events; (5) evaluation against distributed attack scenarios including coordinated multi-node attacks, distributed traffic injection to poison TST baselines, and synchronized timing analysis across network segments to validate the robustness of our adaptive security mechanisms in complex threat environments.
• Extended TRNG Reliability Assessment and Health Monitoring: Conducting comprehensive long-term evaluations (>1 month) of the multi-level RO TRNG under complex environmental stress conditions to characterize entropy degradation patterns. This research should include the following: (a) extended operational testing across temperature ranges (−40 °C to +85 °C), voltage variations (±15%), and humidity cycling to assess cumulative effects on entropy quality; (b) development of predictive models for entropy degradation based on environmental exposure history; (c) implementation of adaptive recalibration algorithms that can compensate for aging-induced frequency drift while maintaining statistical randomness; (d) design of online health monitoring systems that can detect early signs of entropy degradation before NIST SP 800-22 test failures occur; and (e) establishment of maintenance protocols for long-term deployment scenarios in harsh industrial environments.
• Formal Verification and Security Proofs: Applying formal verification techniques to the FA-Kyber logic and overall system architecture to provide stronger assurance of security properties.
• Exploration of Hybrid PQC Schemes: Investigating hybrid PQC approaches (e.g., combining Kyber with a classical KEM for defense in depth) and enhancing cryptographic agility.
• Application to Specific Use Cases: Tailoring and evaluating the system for specific demanding applications such as V2X communications, industrial IoT, or biomedical device security.

Addressing these areas would further enhance the security, performance, and applicability of quantum-resistant cryptosystems.

5. Conclusions

This paper presented the design and comprehensive evaluation of an optimized quantum-resistant cryptographic system, demonstrating the practical feasibility of deploying high-performance post-quantum security on embedded platforms. Our integrated solution on the Zynq UltraScale+ MPSoC successfully combines three key elements: NIST-standardized Kyber-KEM for secure key exchange, a novel multi-level hardware TRNG providing stable 49.6 Mbps of high-quality entropy, and the innovative FA-KYBER framework for adaptive key management. The system delivers an encrypted data throughput exceeding 550 Mbps at a low average latency of 3.14 ms, validating its suitability for demanding, real-world applications.

The success of this work illuminates several clear and critical paths for future research. While our software-based Kyber implementation is efficient, hardware acceleration is the next logical step to reduce key exchange latency below the current 1.2–1.7 ms, enabling ultra-low-latency secure communications. The demonstrated 93.7% anomaly detection rate of our FA-KYBER framework provides a strong baseline, which could be further enhanced by incorporating machine learning models for more sophisticated threat intelligence. To build upon our security-conscious design, a comprehensive side-channel analysis (SCA) of the PS-PL architecture is essential for hardening against physical attacks. Finally, investigating long-term TRNG stability and developing scalable key management protocols are crucial for ensuring robust, enterprise-grade deployment.

In conclusion, this research provides more than just a high-performance implementation; it offers a tangible blueprint for developing the next generation of secure systems. By synergistically integrating quantum-resistant algorithms, robust hardware entropy sources, and context-aware adaptive security, this work establishes a new benchmark and a clear research roadmap for building resilient communications infrastructure capable of withstanding the quantum threat.