Implementing post-quantum cryptography for future-proof communication systems
Daniel Lawo defended his PhD thesis at the Department of Electrical Engineering on December 10.
The cryptographic landscape currently responds to growing computational performance by increasing the key size while relying on the same algorithmic approaches to keep communication systems secure. However, with quantum computers on the horizon, a new approach is needed. Classical asymmetric cryptographic primitives are foundational for securing communications, but they are expected to be broken by sufficiently powerful quantum computers. That is why a transition to quantum-resilient solutions, so-called Post-Quantum Cryptography (PQC) algorithms, is necessary. In his PhD research, Daniel Lawo addresses this security challenge by proposing, implementing, and validating a comprehensive framework for deploying quantum-resistant cryptography across high-speed communication infrastructures.
Building on the NIST PQC standardization process, provides a detailed analysis of three algorithms: Falcon, Dilithium, and Kyber. He examines the interplay between symmetric and asymmetric cryptographic mechanisms, along with their role in both quantum and classical key distribution protocols. Special attention is given to the integration of PQC into the TCP/IP stack, as well as other digital networking protocols such as IPsec and MACsec - an essential step for real-world applicability.
Focus on modern data centers
Lawo also demonstrates practical PQC deployments within modern data centers. He specifically explored the architecture of digital networks in these environments and the role of data processing units (DPUs) in enabling computational offloading. A suite of PQC-secured procedures was developed and deployed between DPUs. These implementations were validated through empirical benchmarks and presented in a series of peer-reviewed contributions.
Cryptographic deployment at scale
To further strengthen the scalability and performance of quantum-resilient communications, Lawo investigated cryptographic deployment at scale. He applied techniques such as network slicing and traffic flow differentiation (north-south and east-west) to optimize cryptographic resource allocation. These methods were demonstrated at line-rate bandwidths using state-of-the-art, data center鈥揼rade equipment and software.
Towards resilient and secure future systems
Finally, this research concludes by synthesizing its contributions and outlining future directions. These include hardware acceleration of PQ algorithms, dynamic selection between QKD and PQC based on application requirements, and the integration of quantum-resilient primitives into production-grade network software. The results of this research serve as a roadmap for transitioning from research-grade implementations to fully integrated, high-performance, crypto-agile systems.
This research is part of . Within this project, the impact of the transition towards post-quantum cryptography in networked systems is investigated. The research line quantum-secure communications aims to mitigate the threat posed by quantum computers by designing, testing, and implementing strategies that are hard to crack for quantum computers as well as digital computers.
Title of PhD thesis: . Supervisors: Prof. Idelfonso Tafur Monroy, Dr. Juan Jose Vegas Olmos and Prof. Jos茅 Luis Ima帽a Pascual