QERS: Quantum Encryption Resilience Score for Post-Quantum Cryptography in Computer, IoT, and IIoT Systems

Post-quantum cryptography (PQC) is becoming essential for securing Internet of Things (IoT) and Industrial IoT (IIoT) systems against quantum-enabled adversaries. However, existing evaluation approaches primarily focus on isolated performance metrics, offering limited support for holistic security and deployment decisions. This paper introduces QERS (Quantum Encryption Resilience Score), a universal measurement framework that integrates cryptographic performance, system constraints, and multi-criteria decision analysis to assess PQC readiness in computer, IoT, and IIoT environments. QERS combines normalized metrics, weighted aggregation, and machine learning-assisted analysis to produce interpretable resilience scores across heterogeneous devices and communication protocols. Experimental results demonstrate how the framework enables comparative evaluation of post-quantum schemes under realistic resource constraints, supporting informed security design and migration planning. This work is presented as a preprint, with extended statistical validation planned as part of ongoing graduate research.

💡 Research Summary

The paper addresses a critical gap in the evaluation of post‑quantum cryptography (PQC) for resource‑constrained platforms such as computers, IoT, and IIoT devices. While most existing studies focus on isolated micro‑benchmarks (runtime, memory, throughput), they fail to capture the system‑level impact of PQC on latency, packet loss, CPU load, energy consumption, and wireless signal quality. To remedy this, the authors propose the Quantum Encryption Resilience Score (QERS), a unified, multi‑metric scoring framework that aggregates seven raw indicators—latency (L), cryptographic overhead (O), packet loss (P_loss), CPU usage (C), RSSI (R), energy (E), and key size (K). Each metric is min‑max normalized to a 0‑100 scale, then combined using weighted sums.

Three scoring modes are defined:

1. Basic – uses only L, O, and P_loss for rapid comparison.
2. Tuned – adds C, R, E, and K with environment‑specific weights, allowing fine‑grained analysis for real‑time, energy‑constrained, or balanced deployments.
3. Fusion – computes separate performance (P) and security (S) subscores and blends them (α·(MS‑P) + β·S) to produce a comprehensive resilience indicator.

The methodology includes a clear mapping of criteria to weights (α…η), a hierarchical MCDM structure, and the possibility of learning optimal weights via supervised techniques (linear regression, random‑forest).

Experimental validation is performed on an ESP32‑C6 development board. Five NIST‑relevant PQC schemes—Kyber, Dilithium, Falcon, SPHINCS+, and NTRU—are implemented and tested under varying Wi‑Fi conditions (different RSSI levels, distances, induced packet loss). Results show that Kyber consistently achieves high QERS values, making it suitable for latency‑sensitive scenarios, whereas SPHINCS+ scores low due to its large signature size and high energy cost. The Fusion mode uniquely reveals trade‑offs that are invisible in single‑metric analyses, such as Dilithium’s strong security subscore offset by a heavy CPU burden.

Strengths of the work include: (i) a reproducible, mathematically explicit normalization and weighting scheme; (ii) flexibility to adapt to diverse deployment priorities; (iii) integration of machine‑learning‑driven weight tuning; and (iv) a practical hardware‑based testbed that avoids purely simulated results.

Limitations are also acknowledged. The normalization bounds are derived from the specific ESP32 dataset, so applying QERS to other hardware (servers, FPGAs, ASICs) or different wireless technologies would require recalibration. The security subscore relies on proxy metrics (key size, claimed resistance level) rather than concrete attack‑complexity estimates, potentially oversimplifying true cryptographic strength. Finally, the evaluation is confined to a single microcontroller platform, limiting generalizability across the broad spectrum of IoT/IIoT devices.

In conclusion, QERS offers a valuable decision‑support tool for engineers facing PQC migration in constrained environments. By unifying performance and security dimensions into an interpretable 0‑100 score, it facilitates informed algorithm selection and migration planning. Future work should broaden the metric baselines to multiple hardware families, enrich the security subscore with attack‑model quantification, and explore adaptive, real‑time weight adjustment to handle dynamic operating conditions.