Search papers, labs, and topics across Lattice.
This paper provides a comprehensive review of post-quantum (PQ) resistant network architectures, focusing on key distribution and management strategies beyond simple protocol-level substitutions. It introduces a taxonomy spanning cryptographic foundations, key-distribution architectures, trust models, and deployment environments to analyze the security, scalability, and operational trade-offs of various architectures under realistic PQ adversary assumptions. The analysis reveals gaps in current approaches and clarifies the necessity (or avoidance) of PQ-PKI, offering insights for developing cryptographically agile, quantum-resilient network infrastructures.
The transition to post-quantum cryptography isn't just about swapping algorithms; it demands a complete architectural rethink of networked systems, especially regarding key distribution and management.
Large-scale quantum computers threaten the public-key cryptographic foundations underpinning today's network security infrastructures. While significant progress has been made in standardizing post-quantum cryptographic (PQC) primitives and adapting individual protocols such as TLS and SSH, far less attention has been paid to the broader architectural consequences of the post-quantum transition for networked systems. In particular, many real-world deployments such as mobile networks, industrial control systems, IoT environments, and regulated infrastructures cannot assume the universal availability, deployability, or desirability of PQ public-key infrastructures. This paper presents the first comprehensive systematization of PQ-resistant network architectures, focusing on key distribution and management as a system-level design problem rather than a protocol-local substitution. We introduce a unified taxonomy spanning cryptographic foundations (symmetric-only, PQ-PKI, hybrid, and information-theoretic multi-path), key-distribution architectures (centralized, hierarchical, replicated, threshold, MPC-backed, and serverless), trust and threat models, key-management lifecycle, and deployment environments. Using this framework, we analyze the security, scalability, and operational trade-offs of a wide range of architectures under realistic PQ adversary assumptions, including harvest-now, decrypt-later attacks and partial infrastructure compromise. Our study highlights fundamental gaps in existing approaches, clarifies when PQ-PKI is necessary or avoidable, and identifies promising research directions for building cryptographically agile, quantum-resilient network infrastructures.
