whose lifetime may well exceed a decade,
conservative threat models should consider attackers with access to quantum computing
The SUIT standard (specified by the IETF) defines a security
architecture for IoT software updates, standardizing the metadata and
the cryptographic tools—namely, digital signatures and hash functions—that guarantee the legitimacy of software updates.
While the performance of SUIT has previously been evaluated in the pre-quantum context,
it has not yet been studied in a post-quantum context.
Taking the open-source implementation of SUIT available in RIOT
as a case study, we overview post-quantum considerations, and
quantum-resistant digital signatures in particular,
focusing on low-power, microcontroller-based IoT devices
which have stringent resource constraints in terms of memory, CPU, and energy
We benchmark a selection of proposed post-quantum signature schemes
(LMS, Falcon, and Dilithium)
and compare them with current pre-quantum signature schemes (Ed25519 and ECDSA).
Our benchmarks are carried out on a variety of IoT hardware including ARM Cortex-M, RISC-V, and
Espressif (ESP32), which form the bulk of modern 32-bit microcontroller architectures.
We interpret our benchmark results in the context of SUIT,
and estimate the real-world impact
of post-quantum alternatives for a range of typical software update categories.