Quantum-Resistant Software Update Security on Low-Power Networked Embedded Devices

As the Internet of Things (IoT) rolls out today to devices whose lifetime may well exceed a decade, conservative threat models should consider adversaries with access to quantum computing power. The IETF-specified SUIT standard defines a security architecture for IoT software updates, standardizing metadata and cryptographic tools-digital signatures and hash functions-to guarantee the update legitimacy. SUIT performance has been evaluated in the pre-quantum context, but not yet in a post-quantum context. Taking the open-source implementation of SUIT available in RIOT as a case study, we survey post-quantum considerations, and quantum-resistant digital signatures in particular, focusing on low-power, microcontroller-based IoT devices with stringent memory, CPU, and energy consumption constraints. We benchmark a range of pre- and post-quantum signature schemes on a range of IoT hardware including ARM Cortex-M, RISC-V, and Espressif (ESP32), which form the bulk of modern 32-bit microcontroller architectures. Interpreting our benchmarks in the context of SUIT, we estimate the real-world impact of transition from pre- to post-quantum signatures.