pith. sign in

arxiv: 2605.04129 · v1 · submitted 2026-05-05 · 💻 cs.CR

Quantum-Resistant Networks: A Review of Primitives, Protocols and Best Practices

Elisa Bertino , Ramana Kompella , Ashish Kundu , Cristina Nita-Rotaru , Jaideep Vaidya , Attila A. Yavuz This is my paper

Pith reviewed 2026-05-08 18:17 UTC · model grok-4.3

classification 💻 cs.CR
keywords post-quantum cryptographyquantum-resistant networkskey distributionnetwork securitytaxonomyhybrid cryptographyIoT securityindustrial control systems
0
0 comments X

The pith

Key distribution must be treated as a system-level problem to achieve quantum-resistant networks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that adapting individual protocols such as TLS or SSH is not enough to secure complex networked systems against large-scale quantum computers. It introduces a unified taxonomy that organizes post-quantum resistant architectures according to their cryptographic foundations and key-distribution methods. This framework is used to compare security, scalability, and operational trade-offs across environments like IoT, mobile networks, and industrial control systems, while accounting for threats such as harvest-now decrypt-later attacks. The analysis shows when full public-key infrastructures can be avoided and identifies gaps that existing approaches leave unaddressed. If correct, the work clarifies the architectural choices needed for cryptographically agile, quantum-resilient infrastructures.

Core claim

The central claim is that a unified taxonomy spanning cryptographic foundations (symmetric-only, PQ-PKI, hybrid, and information-theoretic multi-path), key-distribution architectures (centralized, hierarchical, replicated, threshold, MPC-backed, and serverless), trust models, key-management lifecycle, and deployment environments enables systematic evaluation of security, scalability, and operational trade-offs under realistic post-quantum adversary assumptions, thereby revealing when PQ-PKI is necessary or avoidable and highlighting fundamental gaps in current methods.

What carries the argument

A unified taxonomy that classifies approaches by cryptographic foundations and key-distribution architectures to analyze system-level trade-offs.

If this is right

  • Certain deployment environments can rely on symmetric-only or information-theoretic methods instead of full PQ-PKI.
  • Hybrid models serve as a practical transition strategy while maintaining security against quantum threats.
  • Threat models must explicitly include partial infrastructure compromise and delayed decryption attacks.
  • Serverless and MPC-backed architectures require additional research to address scalability limits.
  • Long-term resilience depends on designing for cryptographic agility across the key-management lifecycle.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The taxonomy could be extended to evaluate quantum resistance in 5G/6G or edge computing deployments not covered in the review.
  • Empirical testing of the described architectures in simulated partial-compromise scenarios would provide concrete validation of the reported trade-offs.
  • Integration of this classification with emerging standards processes could help prioritize research on the identified gaps.

Load-bearing premise

The proposed taxonomy and selection of reviewed literature capture all relevant security, scalability, and operational trade-offs without major omissions or bias.

What would settle it

Identification of a widely deployed post-quantum network architecture whose key management approach falls outside the four cryptographic foundations or six key-distribution categories, or exhibits trade-offs not captured in the analysis under harvest-now decrypt-later threats.

Figures

Figures reproduced from arXiv: 2605.04129 by Ashish Kundu, Attila A. Yavuz, Cristina Nita-Rotaru, Elisa Bertino, Jaideep Vaidya, Ramana Kompella.

Figure 1
Figure 1. Figure 1: “Taxonomy Map” highlighting the paper’s dimensions and how they jointly structure the PQ view at source ↗
read the original abstract

Large-scale quantum computers threaten the public-key cryptographic foundations underpinning today's network security infrastructures. While significant progress has been made in standardizing post-quantum cryptographic (PQC) primitives and adapting individual protocols such as TLS and SSH, far less attention has been paid to the broader architectural consequences of the post-quantum transition for networked systems. In particular, many real-world deployments such as mobile networks, industrial control systems, IoT environments, and regulated infrastructures cannot assume the universal availability, deployability, or desirability of PQ public-key infrastructures. This paper presents the first comprehensive systematization of PQ-resistant network architectures, focusing on key distribution and management as a system-level design problem rather than a protocol-local substitution. We introduce a unified taxonomy spanning cryptographic foundations (symmetric-only, PQ-PKI, hybrid, and information-theoretic multi-path), key-distribution architectures (centralized, hierarchical, replicated, threshold, MPC-backed, and serverless), trust and threat models, key-management lifecycle, and deployment environments. Using this framework, we analyze the security, scalability, and operational trade-offs of a wide range of architectures under realistic PQ adversary assumptions, including harvest-now, decrypt-later attacks and partial infrastructure compromise. Our study highlights fundamental gaps in existing approaches, clarifies when PQ-PKI is necessary or avoidable, and identifies promising research directions for building cryptographically agile, quantum-resilient network infrastructures.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. The manuscript claims to deliver the first comprehensive systematization of post-quantum (PQ) resistant network architectures by introducing a unified taxonomy that spans cryptographic foundations (symmetric-only, PQ-PKI, hybrid, information-theoretic multi-path), key-distribution architectures (centralized, hierarchical, replicated, threshold, MPC-backed, serverless), trust and threat models, key-management lifecycle, and deployment environments. It analyzes security, scalability, and operational trade-offs under realistic PQ adversary assumptions including harvest-now/decrypt-later attacks and partial infrastructure compromise, while highlighting gaps and research directions.

Significance. If the taxonomy proves comprehensive and free of significant selection bias, this paper would provide a valuable framework for system-level design of quantum-resilient networks, moving beyond protocol-specific adaptations. The focus on key distribution as a system problem and the analysis under harvest-now threats are particularly relevant for real-world deployments like IoT and industrial systems. The identification of when PQ-PKI is necessary or avoidable could inform practical transitions.

major comments (1)
  1. [Abstract and Taxonomy Introduction] The central claim of providing the 'first comprehensive systematization' (Abstract) is load-bearing for the paper's positioning but rests on the assumption that the listed dimensions in the taxonomy capture all relevant trade-offs without omissions; an explicit discussion of search methodology, inclusion criteria, and comparison to prior PQC surveys would be needed to substantiate this.
minor comments (2)
  1. [Deployment Environments] The trade-off analysis for deployment environments (e.g., mobile networks, ICS, IoT) would be clearer with at least one concrete example per environment showing how a specific architecture meets or fails the listed security/scalability criteria.
  2. [References] Ensure the reference list includes full details for all synthesized works and covers recent hybrid and information-theoretic schemes up to 2024 to support the claim of wide coverage.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback and the recommendation for minor revision. We agree that strengthening the substantiation of our 'first comprehensive systematization' claim will improve the manuscript.

read point-by-point responses

  1. Referee: [Abstract and Taxonomy Introduction] The central claim of providing the 'first comprehensive systematization' (Abstract) is load-bearing for the paper's positioning but rests on the assumption that the listed dimensions in the taxonomy capture all relevant trade-offs without omissions; an explicit discussion of search methodology, inclusion criteria, and comparison to prior PQC surveys would be needed to substantiate this.

    Authors: We acknowledge this point and will revise the manuscript to include an explicit 'Review Scope and Methodology' subsection in the Introduction. This will describe our literature search strategy (keywords such as 'post-quantum key distribution', 'quantum-resistant network architecture', 'hybrid key exchange' across arXiv, IEEE Xplore, ACM DL, and major conferences from 2016–2024), inclusion criteria (system-level architectures and key-distribution mechanisms under harvest-now/decrypt-later and partial-compromise threats; exclusion of pure primitive papers or protocol-specific adaptations without architectural implications), and a direct comparison to prior PQC surveys (e.g., those centered on NIST candidates or TLS/SSH adaptations). The added text will clarify how the four cryptographic foundations and six key-distribution architectures were selected to cover the principal trade-offs, thereby supporting the comprehensiveness claim without overstating coverage. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

This is a literature review and systematization-of-knowledge paper that constructs a taxonomy of post-quantum network architectures by synthesizing external prior work on primitives, protocols, key-distribution schemes, and threat models. No original derivations, equations, fitted parameters, or mathematical claims are presented that could reduce to the paper's own inputs by construction. The central contribution is organizational and classificatory rather than deductive; all reviewed content is drawn from cited external sources, and no load-bearing step relies on self-definition, self-citation chains, or renaming of results internal to this manuscript. The paper is therefore self-contained against external benchmarks with no circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The paper relies on standard domain assumptions from post-quantum cryptography and network security; no free parameters, new invented entities, or ad-hoc axioms are introduced because the work is a review and taxonomy synthesis.

axioms (2)
  • domain assumption Standard post-quantum cryptographic hardness assumptions against quantum adversaries, including harvest-now decrypt-later threats.
    Invoked throughout the analysis of security under PQ adversary models.
  • domain assumption Real-world network deployments (mobile, IoT, industrial) have constraints that make universal PQ-PKI deployment undesirable or infeasible.
    Central to the claim that PQ-PKI is sometimes avoidable and to the identification of alternative architectures.

pith-pipeline@v0.9.0 · 5569 in / 1489 out tokens · 66199 ms · 2026-05-08T18:17:11.322811+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

99 extracted references · 6 canonical work pages

  1. [1]

    Abdmeziem, A

    A. Abdmeziem, A. Ahmed Nacer, and N. Deroues. A taxonomy of key management schemes of scada systems.IEEE Access, 13:1–22, 2025

    2025

  2. [2]

    Adan et al

    A. Adan et al. Quantum-resistant authentication: Securing identity and data against future threats. AIMS Mathematics, 10(8):779–810, July 2025

    2025

  3. [3]

    Dise: Distributed symmetric-key encryption

    Shashank Agrawal, Payman Mohassel, Pratyay Mukherjee, and Peter Rindal. Dise: Distributed symmetric-key encryption. InProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18), pages 1993–2010. ACM, 2018

    2018

  4. [4]

    Ahmadi and R

    H. Ahmadi and R. Safavi-Naini. Multipath private communication: An information theoretic approach. arXiv preprint arXiv:1401.3659, 2014

    work page arXiv 2014

  5. [5]

    M. Y. Al-Darwbi, A. A. Ghorbani, and A. H. Lashkari. Keyshield: A scalable and quantum-safe key management scheme.IEEE Open Journal of the Communications Society, 1:1–14, 2020

    2020

  6. [6]

    Post-quantum cryptography for military uav communication systems: Integration with mavlink protocol.Authorea Preprints, November 2025

    Hussein Al-Haj, Zaher Al Bahou, Ammar Kadi, and Ahmad Musa. Post-quantum cryptography for military uav communication systems: Integration with mavlink protocol.Authorea Preprints, November 2025

    2025

  7. [7]

    Sok: Post-quantum tls handshake.IACR Cryptology ePrint Archive, 2023:1873, 2023

    Nasser Alnahawi, Johannes M¨ uller, Jan Oupick´ y, and Alexander Wiesmaier. Sok: Post-quantum tls handshake.IACR Cryptology ePrint Archive, 2023:1873, 2023. 34

    2023

  8. [8]

    A comprehensive survey on post-quantum tls.IACR Communications in Cryptology, 2024

    Nasser Alnahawi, Johannes M¨ uller, Jan Oupick´ y, and Alexander Wiesmaier. A comprehensive survey on post-quantum tls.IACR Communications in Cryptology, 2024

    2024

  9. [9]

    Compiled constructions towards post-quantum group key exchange: A design from kyber

    ´Alvaro Pablos Cantos, Mar´ ıa Isabel Gonz´ alez Vasco, Misael Enrique Mart´ ınez P´ erez, and Rainer Stein- wandt. Compiled constructions towards post-quantum group key exchange: A design from kyber. Mathematics, 8(10):1853, 2020

    2020

  10. [10]

    Secure post-quantum group key exchange from kyber.IET Information Security, 16(5):561–571, 2022

    ´Alvaro Pablos Cantos, Mar´ ıa Isabel Gonz´ alez Vasco, and Rainer Steinwandt. Secure post-quantum group key exchange from kyber.IET Information Security, 16(5):561–571, 2022

    2022

  11. [11]

    Schultz, Jonathan Stanton, and Gene Tsudik

    Yair Amir, Yongdae Kim, Cristina Nita-Rotaru, John L. Schultz, Jonathan Stanton, and Gene Tsudik. Secure group communication using robust contributory key agreement.IEEE Transactions on Parallel and Distributed Systems, 15(5):468–480, 2004

    2004

  12. [12]

    High-throughput semi-honest secure three-party computation with an honest majority

    Toshinori Araki, Jun Furukawa, Yehuda Lindell, Ariel Nof, and Kazuma Ohara. High-throughput semi-honest secure three-party computation with an honest majority. InProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16). ACM, 2016. Includes a Kerberos authentication / ticket-generation demonstration workload

    2016

  13. [13]

    Navigating quantum security risks in networked environments: A comprehensive study of quantum-safe network protocols.Computers and Security, 142:103883, 2024

    Yaser Baseri, Vikas Chouhan, and Abdelhakim Hafid. Navigating quantum security risks in networked environments: A comprehensive study of quantum-safe network protocols.Computers and Security, 142:103883, 2024

    2024

  14. [14]

    Bella and P

    M. Bella and P. Marchetta. Robust multicast origin authentication in macsec and cansec for automotive networks.arXiv preprint arXiv:2502.20555, 2025

    work page arXiv 2025

  15. [15]

    Formal verification of the pqxdh post-quantum key agreement protocol for end-to-end secure messaging

    Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer, and Rolfe Schmidt. Formal verification of the pqxdh post-quantum key agreement protocol for end-to-end secure messaging. InProceedings of the 33rd USENIX Conference on Security Symposium, SEC ’24, USA, 2024. USENIX Association

    2024

  16. [16]

    A secure and efficient conference key distribution system

    Mike Burmester and Yvo Desmedt. A secure and efficient conference key distribution system. In Advances in Cryptology—EUROCRYPT ’94, pages 275–286. Springer, 1994

    1994

  17. [17]

    Butler, I

    F. Butler, I. Cervesato, A. D. Jaggard, and A. Scedrov. Specifying kerberos 5 cross-realm authentication. InWorkshop on Issues in the Theory of Security (WITS), pages 12–26. ACM, 2005

    2005

  18. [18]

    Invitation-oriented tgdh: Key management for dynamic groups in the cloud

    Levente Butty´ an, Tam´ as Holczer, and P´ eter Szil´ agyi. Invitation-oriented tgdh: Key management for dynamic groups in the cloud. InProceedings of CloudSec 2012, pages 1–15. Springer, 2012

    2012

  19. [19]

    Kerberos revisited: Quantum-safe authentication

    Matt Campagna, Thomas Hardjono, Leon Pintsov, Boris Romansky, and Tom Yu. Kerberos revisited: Quantum-safe authentication. InETSI Quantum-Safe-Crypto Workshop, Sophia Antipolis, France, September 2013. Workshop presentation (slides)

    2013

  20. [20]

    Lpbt-sso: Password- based threshold single-sign-on authentication from lwe.IEEE Transactions on Dependable and Secure Computing, 2025

    Chenchen Cao, Chunxiang Xu, Changsong Jiang, Zhao Zhang, and Xinfeng Dong. Lpbt-sso: Password- based threshold single-sign-on authentication from lwe.IEEE Transactions on Dependable and Secure Computing, 2025. Metadata (volume/issue/DOI/pages) should be pulled from the IEEE record for precision

    2025

  21. [21]

    Practical byzantine fault tolerance

    Miguel Castro and Barbara Liskov. Practical byzantine fault tolerance. InProceedings of the Third Symposium on Operating Systems Design and Implementation (OSDI ’99). USENIX Association, 1999

    1999

  22. [22]

    Proactive recovery in a byzantine-fault-tolerant system

    Miguel Castro and Barbara Liskov. Proactive recovery in a byzantine-fault-tolerant system. InProceed- ings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000). USENIX Association, 2000

    2000

  23. [23]

    Csidh: Post-quantum key exchange using isogeny-based group actions

    Wouter Castryck and Tanja Lange. Csidh: Post-quantum key exchange using isogeny-based group actions. KU Leuven COSIC Research Blog, December 2018. 35

    2018

  24. [24]

    Csidh: An efficient post-quantum commutative group action

    Wouter Castryck, Tanja Lange, Chloe Martindale, Lorenz Panny, and Joost Renes. Csidh: An efficient post-quantum commutative group action. InProceedings of ASIACRYPT 2018, pages 395–427. Springer, 2018

    2018

  25. [25]

    Fully heterogeneous prepare-and-measure quan- tum network for the quantum internet.Nature Communications, 16:966, 2025

    Yaxing Chen, Tianqi Dou, Qiang Zhou, and Qiong Li. Fully heterogeneous prepare-and-measure quan- tum network for the quantum internet.Nature Communications, 16:966, 2025

    2025

  26. [26]

    Intelligent uav swarm key agreement survey: Systematic taxonomy and analysis.Internet of Things, 30:101449, 2025

    Menglin Chu, Hao Wang, Jun Zhao, and Zhangjie Fu. Intelligent uav swarm key agreement survey: Systematic taxonomy and analysis.Internet of Things, 30:101449, 2025

    2025

  27. [27]

    John Chung-I Chuang and Marvin A. Sirbu. Distributed authentication in kerberos using public key cryptography. InProceedings of the Network and Distributed System Security Symposium (NDSS ’97),

  28. [28]

    Also referred to as PKDA (public-key based Kerberos for distributed authentication)

  29. [29]

    SPDZ2k: Efficient MPC mod 2 k for Dishonest Majority

    Ronald Cramer, Ivan Damg˚ ard, Daniel Escudero, Peter Scholl, and Chaoping Xing. SPDZ2k: Efficient MPC mod 2 k for Dishonest Majority. Cryptology ePrint Archive / CRYPTO 2018 preprint, 2018

    2018

  30. [30]

    Smart, and Sarah Zakarias

    Ivan Damg˚ ard, Valerio Pastro, Nigel P. Smart, and Sarah Zakarias. Multiparty computation from somewhat homomorphic encryption. InAdvances in Cryptology – CRYPTO 2012, 2012

    2012

  31. [31]

    Future-proofing security for uavs with post-quantum cryptography: A review.IEEE Access, 12:165321–165349, 2024

    Esra Demir, Muhammad Waqas, Zheng Gong, and Gautam Srivastava. Future-proofing security for uavs with post-quantum cryptography: A review.IEEE Access, 12:165321–165349, 2024

    2024

  32. [32]

    Dervisevic, A

    E. Dervisevic, A. Tankovic, E. Fazel, R. Kompella, P. Fazio, M. Voznak, and M. Mehic. Quantum key distribution networks – key management: A survey.ACM Computing Surveys, May 2025

    2025

  33. [33]

    A. G. Dinker and V. Sharma. Exploring cryptographic key management schemes for enhanced security in wireless sensor networks.Intelligent Automation and Soft Computing, 37(3), 2025

    2025

  34. [34]

    Dolev and S

    S. Dolev and S. Tzur-David. A method for establishing a secure private interconnection over a multipath network, March 2017

    2017

  35. [35]

    F. D. D. Florence, Mike Ounsworth, and Scott Mister. Terminology for post-quantum traditional hybrid schemes. IETF RFC 9794, June 2025

    2025

  36. [36]

    Post-quantum cryptography working group: Current state of quantum readiness

    FS-ISAC PQC Working Group. Post-quantum cryptography working group: Current state of quantum readiness. Technical report, Financial Services Information Sharing and Analysis Center, 2025

    2025

  37. [37]

    Ghosh, M

    S. Ghosh, M. Zaman, R. Joshi, and S. Sampalli. Multi-phase quantum resistant framework for secure communication in scada systems.IEEE Transactions on Dependable and Secure Computing, 21(3), 2024

    2024

  38. [38]

    Goertzen and D

    J. Goertzen and D. Stebila. Post-quantum signatures in dnssec via request-based fragmentation. ArXiV, 2022

    2022

  39. [39]

    Harney and C

    H. Harney and C. Muckenhirn. Group key management protocol (gkmp) architecture. RFC 2094, IETF, 1997

    2094

  40. [40]

    Hartman, K

    S. Hartman, K. Raeburn, and L. Zhu. Kerberos principal name canonicalization and cross-realm refer- rals. InRFC 6806. IETF, 1999

    1999

  41. [41]

    The post-quantum cryptography transition: Researching a quantum-safe future.Red Hat Research, 2025

    Luke Hinds. The post-quantum cryptography transition: Researching a quantum-safe future.Red Hat Research, 2025

    2025

  42. [42]

    Sok: How (not) to design and implement post-quantum cryptography

    Jasmine Howe, Thomas Prest, and Daniel Apon. Sok: How (not) to design and implement post-quantum cryptography. InProceedings of CT-RSA 2021, Lecture Notes in Computer Science. Springer, 2021

    2021

  43. [43]

    Kampanakis

    P. Kampanakis. Post-quantum hybrid key exchange with ml-kem in the internet key exchange protocol version 2 (ikev2). InProposed Standard. IETF, 2025. 36

    2025

  44. [44]

    Kampanakis et al

    P. Kampanakis et al. Applied post quantum cryptography: A practical approach to hybrid certificate management.arXiv preprint arXiv:2505.04333, May 2025

    work page arXiv 2025

  45. [45]

    The zero-trust paradigm: Concepts, architectures and applica- tions.Foundations and Trends in Privacy and Security, 8(2), 2025

    Charalampos Katsis and Elisa Bertino. The zero-trust paradigm: Concepts, architectures and applica- tions.Foundations and Trends in Privacy and Security, 8(2), 2025

    2025

  46. [46]

    Scalable protocols for authenticated group key exchange

    Jonathan Katz and Moti Yung. Scalable protocols for authenticated group key exchange. InAdvances in Cryptology—CRYPTO 2003, pages 110–125. Springer, 2003

    2003

  47. [47]

    Mascot: Faster malicious arithmetic secure com- putation with oblivious transfer

    Marcel Keller, Emmanuela Orsini, and Peter Scholl. Mascot: Faster malicious arithmetic secure com- putation with oblivious transfer. IACR Cryptology ePrint Archive, 2016

    2016

  48. [48]

    Tree-based group key agreement.ACM Transactions on Information and System Security (TISSEC), 7(1):60–96, 2004

    Yongdae Kim, Adrian Perrig, and Gene Tsudik. Tree-based group key agreement.ACM Transactions on Information and System Security (TISSEC), 7(1):60–96, 2004

    2004

  49. [49]

    Kumar et al

    M. Kumar et al. Post-quantum cryptographic integration framework for zero trust enterprise cloud environments.TechRxiv Preprint, December 2025

    2025

  50. [50]

    Kumar and R

    P. Kumar and R. S. Rao. Post-quantum cryptography for secure data transmission in cloud environ- ments.TIJER International Journal, 11(12), 2024

    2024

  51. [51]

    Post-quantum migration strategies: A hybrid approach to cryp- tographic transition.ResearchGate Preprint, 2025

    Lamide Kumibe and Sunday Oladele. Post-quantum migration strategies: A hybrid approach to cryp- tographic transition.ResearchGate Preprint, 2025

    2025

  52. [52]

    Patrick P. C. Lee, John C. S. Lui, and David K. Y. Yau. Distributed collaborative key agreement protocols for dynamic peer groups. InProceedings of IEEE ICNP 2002, pages 92–101, 2002

    2002

  53. [53]

    A lattice-based dynamic group authenticated key exchange protocol

    Yang Li, Jianghong Wei, Guomin Yang, and Willy Susilo. A lattice-based dynamic group authenticated key exchange protocol. InProceedings of IEEE TrustCom 2024, pages 1–8, 2024

    2024

  54. [54]

    A formal analysis of apple’s imessage pq3 protocol

    Felix Linker, Ralf Sasse, and David Basin. A formal analysis of apple’s imessage pq3 protocol. In Proceedings of the 34th USENIX Conference on Security Symposium, SEC ’25, USA, 2025. USENIX Association

    2025

  55. [55]

    G. Liu, H. Li, N. Wang, T. Xiang, and Y. Liu. Degkm: Decentralized group key management for content push in integrated networks.IEEE Transactions on Quantum Engineering, 5, 2024

    2024

  56. [56]

    A multipath routing approach for secure data delivery

    Wenjing Lou and Yuguang Fang. A multipath routing approach for secure data delivery. InProceedings of MILCOM 2001 Communications for Network-Centric Operations: Creating the Information Force, volume 2, pages 1467–1473, October 2001. Cat. No. 01CH37277

    2001

  57. [57]

    Classifying implementa- tions of cryptographic primitives and protocols that use post-quantum algorithms, 2025

    Tushin Mallick, Cristina Nita-Rotaru, Ashish Kundu, and Ramana Kompella. Classifying implementa- tions of cryptographic primitives and protocols that use post-quantum algorithms, 2025

    2025

  58. [58]

    Quantum disruption: An SOK of how post-quantum attackers reshape blockchain security and performance, 2025

    Tushin Mallick, Maya Zeldin, Murat Cenk, and Cristina Nita-Rotaru. Quantum disruption: An SOK of how post-quantum attackers reshape blockchain security and performance, 2025

    2025

  59. [59]

    D. A. McGrew and A. T. Sherman. Key establishment in large dynamic groups using one-way function trees.IEEE Transactions on Software Engineering, 29(5):444–458, 2003

    2003

  60. [60]

    [ms-kkdcp]: Kerberos key distribution center (kdc) proxy protocol

    Microsoft Corporation. [ms-kkdcp]: Kerberos key distribution center (kdc) proxy protocol. Technical report, Microsoft Open Specifications, 2024. Open specification for tunneling Kerberos to a proxy over HTTP(S)

    2024

  61. [61]

    S. Mittra. Iolus: A framework for scalable secure multicasting. InProceedings of ACM SIGCOMM, pages 277–288, 1997

    1997

  62. [62]

    Migrating software systems towards post-quantum cryptography: A systematic literature review.arXiv preprint arXiv:2404.12854, 2024

    Christian N¨ ather, Daniel Herzinger, Stefan-Lukas Gazdag, Jan-Philipp Stegh¨ ofer, Simon Daum, and Daniel Loebenberger. Migrating software systems towards post-quantum cryptography: A systematic literature review.arXiv preprint arXiv:2404.12854, 2024. 37

    work page arXiv 2024

  63. [63]

    Sok: Towards a common understanding of cryptographic agility.arXiv preprint arXiv:2401.16443, 2024

    Christian N¨ ather, Daniel Herzinger, Stefan-Lukas Gazdag, Jan-Philipp Stegh¨ ofer, Simon Daum, and Daniel Loebenberger. Sok: Towards a common understanding of cryptographic agility.arXiv preprint arXiv:2401.16443, 2024

    work page arXiv 2024

  64. [64]

    Fips 203, 204, 205: Module-lattice-based key- encapsulation mechanism, digital signature algorithm, and stateless hash-based digital signature al- gorithm

    National Institute of Standards and Technology. Fips 203, 204, 205: Module-lattice-based key- encapsulation mechanism, digital signature algorithm, and stateless hash-based digital signature al- gorithm. Technical report, NIST, August 2024

    2024

  65. [65]

    Module-lattice-based digital signature standard

    National Institute of Standards and Technology. Module-lattice-based digital signature standard. Fed- eral Information Processing Standards Publication 204, National Institute of Standards and Technology, August 2024. Published Aug. 2024

    2024

  66. [66]

    Module-lattice-based key-encapsulation mechanism standard

    National Institute of Standards and Technology. Module-lattice-based key-encapsulation mechanism standard. Federal Information Processing Standards Publication 203, National Institute of Standards and Technology, August 2024. Published Aug. 2024

    2024

  67. [67]

    Node-capture resilient key establishment in sensor networks: Design space and new protocols.ACM Comput

    Andrew Newell, Hongyi Yao, Alex Ryker, Tracey Ho, and Cristina Nita-Rotaru. Node-capture resilient key establishment in sensor networks: Design space and new protocols.ACM Comput. Surv., 47(2), August 2014

    2014

  68. [68]

    World’s first integrated system for quantum key distribution network on backbone optical network

    NICT Japan. World’s first integrated system for quantum key distribution network on backbone optical network. NICT Press Release, September 2025. Multiple QKD protocol coexistence demonstration

    2025

  69. [69]

    Migration to post-quantum cryptography: Preparation for considering the implementa- tion and adoption of quantum safe cryptography

    NIST NCCoE. Migration to post-quantum cryptography: Preparation for considering the implementa- tion and adoption of quantum safe cryptography. Technical report, NIST National Cybersecurity Center of Excellence, 2025. SP 1800-38 Draft

    2025

  70. [70]

    PhD thesis, Johns Hopkins University, 2001

    Cristina Nita-Rotaru.High-Performance Secure Group Communication. PhD thesis, Johns Hopkins University, 2001. Advisor: Yair Amir

    2001

  71. [71]

    Secure group communication in asynchronous networks with failures: Integration and experiments

    Cristina Nita-Rotaru, Yair Amir, Jonathan Stanton, and Gene Tsudik. Secure group communication in asynchronous networks with failures: Integration and experiments. InProceedings of the 20th IEEE International Conference on Distributed Computing Systems (ICDCS), pages 330–343, 2000

    2000

  72. [72]

    More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes

    Leila Rashidi, Daniel Kostecki, Alexander James, Anthony Peterson, Majid Ghaderi, Samuel Jero, Cristina Nita-Rotaru, Hamed Okhravi, and Reihaneh Safavi-Naini. More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes. InProceedings of the 28th Annual Network and Distributed System Security Symposium (NDSS 2021). The Inter...

    2021

  73. [73]

    The post-quantum cryptography transition: Pqc linux authentication pilot

    Red Hat Research. The post-quantum cryptography transition: Pqc linux authentication pilot. Red Hat Research Blog, October 2025. MIT Kerberos quantum-safe adaptation research

    2025

  74. [74]

    Reddy, D

    T. Reddy, D. Migault, and H. Tschofenig. Guidance for migration to composite, dual, or pqc authenti- cation. Internet-Draft draft-reddy-pquip-pqc-signature-migration, IETF, October 2025

    2025

  75. [75]

    Safavi-Naini, A

    R. Safavi-Naini, A. Poostindouz, and V. Lisy. Path hopping: An mtd strategy for quantum-safe com- munication. InProceedings of the ACM Workshop on Moving Target Defense, pages 111–114, 2017

    2017

  76. [76]

    A survey of threshold signatures: Nist standards, post-quantum cryptography, exotic techniques, and real-world applications.ACM Comput

    Kiarash Sedghighadikolaei and Attila Altay Yavuz. A survey of threshold signatures: Nist standards, post-quantum cryptography, exotic techniques, and real-world applications.ACM Comput. Surv., 58(6), December 2025

    2025

  77. [77]

    Post-quantum cryptography for engineers

    Amir Sehovic, Sof´ ıa Celi, and Thom Wiggers. Post-quantum cryptography for engineers. Internet-Draft draft-ietf-pquip-pqc-engineers-13, IETF, June 2025

    2025

  78. [78]

    How to share a secret.Communications of the ACM, 22(11):612–613, 1979

    Adi Shamir. How to share a secret.Communications of the ACM, 22(11):612–613, 1979

    1979

  79. [79]

    Alan T. Sherman. Needham–schroeder, kerberos, and quantum computing. InCourse handout / lecture notes, 2018. 38

    2018

  80. [80]

    Signal protocol and post-quantum ratchets (spqr).https://signal.org/blog/ spqr/, 2025

    Signal Messenger. Signal protocol and post-quantum ratchets (spqr).https://signal.org/blog/ spqr/, 2025. Blog post

    2025

Showing first 80 references.