June 8, 2021
Derek Atkins - Veridify Security
As NIST proceeds through Round 3 to whittle down and choose the PQC methods it will standardize, members of the commercial community who plan to use the output of NIST would like to ensure their needs are also being met. Specifically, while the needs of the US Federal Government are absolutely vital, and large organizations like Google, Amazon, Microsoft, Apple, etc. would be able to directly leverage anything NIST creates for the Federal Government, there are other use-cases that are just as vital but have a significantly different set of operating requirements and restrictions, namely restricted resources for embedded “Internet of Things” (IoT) devices. This paper provides the background of various IoT platforms in common use, their available resources, and summarizes with the point that NIST should include at least one method that will fit and successfully operate in these restricted environments, along with a suggestion for how NIST might achieve that by prioritizing RAM usage over ROM usage while also prioritizing low clock-cycle (faster) methods.