The ISC International Journal of Information Security

Abstract The rapid advancement of quantum computing poses a direct threat to classical public-key cryptographic systems at the core of Internet security protocols. Post-quantum cryptography (PQC) has therefore become central to ongoing standardisation and early deployment efforts. This paper presents a comparative analysis of PQC integration into TLS, SSH, and IPsec, examining cross-cutting challenges, protocol-specific trade-offs, and deployment considerations. Our findings show that PQC adoption introduces markedly uneven overheads across protocols: handshake latency may increase by up to 600% in TLS, by 29% in SSH, and by up to 300% in IPsec, while memory requirements in hybrid configurations can exceed 300 KB in resource-constrained environments. We further demonstrate that message fragmentation, certificate chain expansion, and cumulative rekeying costs emerge as protocol-dependent bottlenecks, underscoring that migration strategies must be tailored to the architecture and operational context of each protocol. Beyond performance, we identify interoperability gaps, downgrade vulnerabilities, and side-channel risks as critical obstacles to secure deployment. By combining empirical performance evidence with a structured review of challenges and deployment strategies, our study provides actionable insights for practitioners, informs ongoing standards development, and highlights research priorities essential to building a resilient, quantum-resistant Internet infrastructure. 

Abstract Kyber, a key encapsulation mechanism (KEM), plays a pivotal role in post-quantum cryptography. As a finalist in the NIST project, Kyber is gaining traction in industry libraries and systems. The heart of the Kyber algorithm lies in the Number Theoretic Transform (NTT), where modular multiplication is the most intricate operation. In this paper, we propose a novel general modular multiplier that reduces both time and area requirements compared to prior methods. Our key innovation lies in the novel reduction algorithm, which avoids fixed values for coefficients A or B (i.e., C = A × B mod q) used in NTT, Inverse NTT (INTT), and PWM (Point-Wise Multiplication). Additionally we introduce two pipeline architectures for modular multiplication within Kyber, emphasizing low area usage and high frequency. These architectures demonstrate 8% and 31% better frequency, while our work achieves the lowest slice usage and AT (Area × Time) among all previous work.