Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2025.072887
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

Lightweight Hash-Based Post-Quantum Signature Scheme for Industrial Internet of Things

Chia-Hui Liu*
Department of Electronic Engineering, National Formosa University, Yunlin, 632, Taiwan
* Corresponding Author: Chia-Hui Liu. Email: email
(This article belongs to the Special Issue: Advances in Secure Computing: Post-Quantum Security, Multimedia Encryption, and Intelligent Threat Defence)

Computers, Materials & Continua https://doi.org/10.32604/cmc.2025.072887

Received 05 September 2025; Accepted 23 October 2025; Published online 18 November 2025

Abstract

The Industrial Internet of Things (IIoT) has emerged as a cornerstone of Industry 4.0, enabling large-scale automation and data-driven decision-making across factories, supply chains, and critical infrastructures. However, the massive interconnection of resource-constrained devices also amplifies the risks of eavesdropping, data tampering, and device impersonation. While digital signatures are indispensable for ensuring authenticity and non-repudiation, conventional schemes such as RSA and ECC are vulnerable to quantum algorithms, jeopardizing long-term trust in IIoT deployments. This study proposes a lightweight, stateless, hash-based signature scheme that achieves post-quantum security while addressing the stringent efficiency demands of IIoT. The design introduces two key optimizations: (1) Forest of Random Subsets (FORS) on Demand, where subset secret keys are generated dynamically via a PseudoRandom Function (PRF), thereby minimizing storage overhead and eliminating key-reuse risks; and (2) Winternitz One-Time Signature Plus (WOTS+) partial hash-chain caching, which precomputes intermediate hash values at edge gateways, reducing device-side computations, latency, and energy consumption. The architecture integrates a multi-layer Merkle authentication tree (Merkle tree) and role-based delegation across sensors, gateways, and a Signature Authority Center (SAC), supporting scalable cross-site deployment and key rotation. From a theoretical perspective, we establish a formal (Existential Unforgeability under Chosen Message Attack) EUF-CMA security proof using a game-based reduction framework. The proof demonstrates that any successful forgery must reduce to breaking the underlying assumptions of PRF indistinguishability, (second) preimage resistance, or collision resistance, thus quantifying adversarial advantage and ensuring unforgeability. On the implementation side, our design achieves a balanced trade-off between post-quantum security and lightweight performance, offering concrete deployment guidelines for real-time industrial systems. In summary, the proposed method contributes both practical system design and formal security guarantees, providing IIoT with a deployable signature substrate that enhances resilience against quantum-era threats and supports future extensions such as device attestation, group signatures, and anomaly detection.

Keywords

Industrial Internet of Things (IIoT); post-quantum cryptography; hash-based signatures; SPHINCS+

  • 146

    View

  • 20

    Download

  • 0

    Like

Related articles
Copyright© 2025 Tech Science Press
© 1997-2025 TSP (Henderson, USA) unless otherwise stated

Share Link