Integrating PQC in MPU-Based Device with HW SE and OpenSSL

Introduction

Big tech giants, as Google, IBM and Microsoft, suggest that cryptographic-relevant quantum computers may be available within the next two decades [1]. Therefore governments as well as the industry sector are moving towards the adoption of quantum-resistant technologies. In this blogpost we discuss about the implementation of Post-Quantum Cryptography (PQC) functionalities on a Micro-Processor Unit (MPU) based system that leverages on widely used OpenSSL framework exploiting state-of-the-art PQC software library from OpenQuantumSafe and hardware acceleration from an on-chip hardware Secure Element (SE) developed within the QUBIP project. The chosen MPU-based system is representative of a typical device widely used in Internet-of-Things (IoT) and Industrial-IoT (IIoT) applications.

MPU Architecture

In this Section we discuss about the architecture of the MPU-based IoT device, briefing the main components of the PQC-enabled system.

The IoT device is implemented on a AMD Xilinx ZCU104 development board, which hosts a powerful Zynq UltraScale+ MPSoC System-on-Chip (SoC), that is mainly composed of:

• quad-core ARM Cortex-A53 processor;
• dual-core ARM R5 real time processor;
• 504K logic elements FPGA.

This heterogeneous SoC system is able to run a Linux OS and to guarantee cryptographic hardware acceleration by integrating the QUBIP’s hardware SE [2] on the FPGA programmable logic. It is important to note that the FPGA resources are available to the processors through an on-chip Advanced eXtensible Interface (AXI). The SE communicates with the main processor (in our application is the quad-core Cortex-A53) directly on-chip, without using external interfaces, reducing the attack surface to malicious users. The main processor runs a full-fledged embedded Linux distribution based on Petalinux/Yocto-Langdale. The ZCU104 board provides also internet connection by means of a 1G Ethernet interface, under the direct control of the Linux operating system.

Being the architecture based on re-programmable software and re-programmable hardware, it allows the user to easily update the design and functionalities. In the perspective of the transition to PQC and as new quantum-resistant algorithms are standardized, this flexibility aspect becomes particularly dominant and clearly helps with cryptoagility without sacrifying performance.

Enhancing OpenSSL with PQC

In IoT networks, it is critical to protect communications between IoT nodes and servers/hubs in order to avoid data leakage and unwanted disclosures of critical assets. Whenever the communication is based on the TCP/IP protocol, it is common to protect it with Transport Layer Socket (TLS) and in particular with TLS 1.3. In this platform demonstrator we enhance the TLS 1.3 handshake with PQC functionalities, and in particular, we enforced quantum-resistance on the key exchange with mutual authentication, which is usually based on classical cryptography. Following the recommendation of the IETF [3], we implemented these fundamental steps in TLS 1.3 with Post-Quantum/Traditional (PQ/T) hybrid key exchange and X.509 certificate verification:

• Key Exchange: the key exchange scheme is based on the combination of the classical Elliptic-Curve Diffie-Hellman (ECDH) X25519 with the Key Encapsulation Mechanism (KEM) PQC algorithm ML-KEM-768 (formerly based on CRYSTALS-Kyber). The hybrid PQ/T scheme is called X25519MLKEM768.
• Digital Signature in certificates: the mutual authentication part is based on the generation and the verification of certificates and it leverages on an hybrid digital signature scheme based on the classical Ed25519 and the PQ ML-DSA-65 (formerly based on CRYSTALS-Dilithium), referenced as mldsa65_ed25519. The overall signature in the certificate is a proper concatenation of the two signatures, as well as the public and private key pairs.

OpenSSL is one of most widely adopted software library for securing communication over networks. Its usage spans from internet servers to edge devices, and it is available for most operating systems, including Linux, MacOS and Windows. One of the main advantages of OpenSSL is to provide an extensible framework based on providers, which allows users and experimenters to implement new algorithms and protocols or to deploy their own implementations of pre-existing ones. We have adopted OpenSSL 3.2.2 to secure our TLS 1.3 communication on our MPU-based platform. In particular, we have leveraged on the oqsprovider [4] from OpenQuantumSafe for the digital signature verification part and the QUBIP’s aurora provider [5] for the key exchange backed by the hardware SE. The oqsprovider makes use of the liboqs [6] post-quantum library, and specifically we have used the mldsa65_ed25519 for the digital signature verification. For what concerns the key exchange, a porting of the QUBIP’s aurora provider [5] for Petalinux/Yocto has been developed. In our architecture the aurora provider makes use of a custom Linux kernel module that is tailored to use the on-chip hardware SE. The kernel module, namely telsy_mod, has been developed to interact with the hardware SE through the AXI interface, in order to provide cryptographic functionalities to its accelerators. Within the aurora provider, we have implemented the functionalities that are needed to handles the PQ/T key exchange with X25519MLKEM768. A block diagram of the architecture of the PQ/T protected MPU-based demonstrator is depicted below.

A running example of the MPU-based demonstrator implementing the TLS 1.3 with the PQ/T functionalities can be found at https://github.com/QUBIP/pq-iot-package along with all software components needed to run a quantum-aware MQTT node. The GitHub repository contains a link to the Zenodo platform to download the Board Support Package (BSP) archive containing the Petalinux project and the Vivado Project for the hardware part of the design, as well as all building instructions.

Conclusions

In this blogpost we presented the implementation of a PQ-enabled secure IoT device based on an MPU platform leveraging on PQC software and quantum-aware hardware SE. The flexibility of this embedded Linux platform shows that the transition to PQC and PQ/T of TLS 1.3 is practically achievable and replicable also for constrained device for IoT and industrial IoT.

References

[1] M. Russo, “CRQC, a 2025 perspective,” 2025. [Online]. Available: https://qubip.eu/cryptographically-relevant-quantum-computers-a-2025-perspective/

[2] E. Camacho-Ruiz, P. Navarro-Torrero, P. Ortega-Castro, and A. Karmakar, “pq-se,” 2025. [Online]. Available: https://github.com/QUBIP/pq-se

[3] D. Stebila, S. Fluhrer, and S. Gueron, “Hybrid key exchange in TLS 1.3,” IETF, Internet-Draft, 2025. [Online]. Available: https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/13/

[4] Open-Quantum-Safe, “oqsprovider,” 2025. [Online]. Available: https://github.com/open-quantum-safe/oqs-provider

[5] N. Tuveri, A. Shaindlin, N. A. Khan, and A. Mehmood, “Aurora provider,” 2025. [Online]. Available: https://github.com/QUBIP/aurora

[6] Open-Quantum-Safe, “liboqs,” 2025. [Online]. Available: https://github.com/open-quantum-safe/liboqs