1. Introduction

Recent breakthroughs in quantum computing underscore the escalating vulnerabilities of current cryptographic algorithms. The potential for quantum computers to break widely used 2048-bit RSA keys within hours [1], exemplified by advancements such as the Willow processor from Google (Mountain View, CA, USA) [2,3], suggests cryptanalytic quantum capabilities may emerge within 5–10 years. This necessitates the accelerated deployment of post-quantum cryptographic (PQC) solutions.

Traditional public-key algorithms such as RSA and Elliptic Curve Cryptography (ECC) are vulnerable to Shor’s algorithm [4,5]. While symmetric algorithms such as AES-256 offer more resilience against Grover’s algorithm, their key distribution often relies on vulnerable public-key methods. The security of all cryptographic systems also critically depends on high-quality random number generation. Traditional pseudo-random number generators (PRNGs) can have vulnerabilities [6], whereas true random number generators (TRNGs) harnessing physical entropy offer stronger security.

Research has intensified on PQC algorithms and secure TRNGs. Kyber, a Key Encapsulation Mechanism (KEM) based on the Module Learning With Errors (MLWE) problem, was selected by NIST for PQC standardization [7], ensuring intellectual property accessibility [8]. Concurrently, TRNG technology has advanced, with various hardware implementations demonstrating high throughput and resilience [9,10,11,12]. However, challenges remain in achieving optimal randomness, cost-effectiveness, and robust integration of TRNGs with PQC frameworks, especially on accessible hardware.

FPGA-based System-on-Chips (SoCs) like the Xilinx Zynq family (San Jose, CA, USA) offer a flexible platform for cryptographic systems, combining programmable logic (PL) for hardware acceleration with processing systems (PSs) for control [13,14,15]. This paper leverages this architecture to propose a high-security hybrid cryptosystem on a Zynq UltraScale+ MPSoC platform. Our work introduces three key innovations:

A Multi-Level Hardware TRNG: A TRNG based on a multi-level Ring Oscillator (RO) architecture (5, 7, 9, and 11 inverter stages) with three-level pooling, delivering 49.6 Mbps of entropy and passing NIST SP 800-22 tests.

Our integrated system (Figure 1) balances performance, resource utilization, and post-quantum security. The remainder of this paper is organized as follows: Section 2 details the methodology, Section 3 presents the experimental results, and Section 4 discusses these findings, their implications, and limitations. Finally, Section 5 summarizes the key contributions and concludes the work.

2. Materials and Methods

This section details the theoretical foundations, system design, implementation specifics, and evaluation methodologies employed in this work.

2.1. Mathematical Notation and Kyber-KEM Overview

This subsection establishes the mathematical foundations for our quantum-resistant cryptographic system, covering notation conventions and the Kyber Key Encapsulation Mechanism implementation details.

Notation and Definitions

The ring of integers modulo a prime q is denoted by ${\mathbb{Z}}_q$. The polynomial ring $R_q={\mathbb{Z}}_q\left[x\right]/(x^n+1)$ is defined with $n=256$ and $q=3329$. Polynomials in $R_q$ are denoted by bold lowercase letters (e.g., $\mathbf{a},\mathbf{b}$). Vectors and matrices with entries from $R_q$ (i.e., elements of modules such as $R_q^k$ or $R_q^{k\times l}$) are also denoted by bold letters; context usually distinguishes vectors (e.g., $\mathbf{s}$) from matrices (e.g., $\mathbf{A}$). The i-th coefficient of a polynomial $\mathbf{a}\in R_q$ is denoted by $a\left[i\right]$ (using a non-bold symbol for the polynomial when referring to its coefficients, or $\mathbf{a}\left[i\right]$ if $\mathbf{a}$ itself is a single polynomial).

The product of two polynomials $\mathbf{a},\mathbf{b}\in R_q$ is denoted by $\mathbf{c}=\mathbf{a}\times \mathbf{b}$. Coefficient-wise multiplication is denoted by ∘. Kyber utilizes the Number Theoretic Transform (NTT) for efficient polynomial multiplication. The NTT of a polynomial $\mathbf{a}\in R_q$ is denoted by $\widehat{\mathbf{a}}$. Polynomial multiplication $\mathbf{a}\times \mathbf{b}$ using the NTT is computed as $\mathbf{c}=\mathrm{INTT}\left(\mathrm{NTT}\right(\mathbf{a})\circ \mathrm{NTT}(\mathbf{b}\left)\right)$, where $\mathrm{NTT}$ and $\mathrm{INTT}$ are the forward and inverse transforms, respectively. Byte arrays of a specific length, say $L_{\mathrm{bytes}}$, are denoted by $B^{L_{\mathrm{bytes}}}$. The i-th bit of an element $x\in {\mathbb{Z}}_q$ is denoted by $x_i$.

2.2. Kyber Key Encapsulation Mechanism (Kyber-KEM)

Kyber is an IND-CCA secure Key Encapsulation Mechanism based on the Module Learning With Errors (MLWE) problem [7]. The MLWE problem involves finding a secret vector $\mathbf{s}$ and error vector $\mathbf{e}$ (small coefficients sampled via Centered Binomial Distribution, CBD) from samples $(\mathbf{A},\mathbf{t}=\mathbf{A}\mathbf{s}+\mathbf{e})$, where $\mathbf{A}$ has uniformly random coefficients in $R_q$. This work uses Kyber768 (NIST Security Level 3), with $k=3$, providing security comparable to AES-256.

Key Generation. Two random seeds, ${\mathsf{seed}}_A,{\mathsf{seed}}_B\in B^{32}$, are used. An extendable output function (XOF) expands ${\mathsf{seed}}_A$ to matrix $\mathbf{A}\in R_q^{k\times k}$ (stored as $\widehat{\mathbf{A}}$ in NTT domain). ${\mathsf{seed}}_B$ generates secret vector $\mathbf{s}\in R_q^k$ and error vector $\mathbf{e}\in R_q^k$ from CBD. The public key is $\mathsf{pk}=(\rho ={\mathsf{seed}}_A,\widehat{\mathbf{t}}=\mathrm{NTT}(\mathbf{A}\mathbf{s}+\mathbf{e}))$. The private key is $\mathsf{sk}=\widehat{\mathbf{s}}=\mathrm{NTT}\left(\mathbf{s}\right)$.

Encapsulation. To generate a shared secret and ciphertext, new random values $\mathbf{r}\in R_q^k$, ${\mathbf{e}}_1\in R_q^k$, and $e_2\in R_q$ (from CBD) are sampled. A random message $m^{\prime }\in B^{32}$ is also generated. The ciphertext components are

(1)$\begin{array}{cc}\hfill \mathbf{u}& =\mathrm{INTT}({\widehat{\mathbf{A}}}^T\circ \mathrm{NTT}\left(\mathbf{r}\right))+{\mathbf{e}}_1\hfill \end{array}$

(2)$\begin{array}{cc}\hfill v_p& =\mathrm{INTT}({\widehat{\mathbf{t}}}^T\circ \mathrm{NTT}\left(\mathbf{r}\right))+e_2\hfill \end{array}$

Message $m^{\prime }$ is encoded (e.g., to polynomial $m_{\mathrm{poly}}$) and combined with $v_p$ to form v (e.g., $v=v_p+\mathrm{Encode}\left(m^{\prime }\right)$). The shared key is $K=H_1(\mathbf{r},m^{\prime })$, where $H_1$ is a hash function. The ciphertext comprises compressed versions of $\mathbf{u}$ and v.

Decapsulation. The recipient uses $\mathsf{sk}=\widehat{\mathbf{s}}$ to recover $m^{\prime }$ from $(\mathbf{u},v)$, typically by recomputing parts of the encapsulation and verifying to ensure IND-CCA security.

Implementation Optimizations. The efficiency of Kyber operations critically depends on NTT and modular reduction algorithms. Our implementation employs Cooley–Tukey for forward NTT and Gentleman–Sande for inverse NTT, leveraging their complementary data flow to eliminate reordering overhead [16]. For modular arithmetic with fixed $q=3329$, Barrett reduction outperforms Montgomery reduction by avoiding domain conversion costs while enabling precomputed reciprocals [17,18].

2.3. System Hardware Architecture and Data Flow

The hardware data flow for the cryptographic system’s transmitter and receiver operations is depicted in Figure 2 and Figure 3, respectively. These figures illustrate the integration of AES encryption, the TRNG, and network interfaces within the Zynq MPSoC’s processing system (PS) and programmable logic (PL).

As shown in Figure 2 (transmitter), data originating in the PS (managed by CPU0 for Ethernet and CPU1 for FA-Kyber) is transferred via AXI DMA to the PL. Here, an AXI Stream FIFO buffers data before encryption by the AES-GCM core. The TRNG supplies random numbers for AES-GCM (e.g., IVs). Encrypted data is then prepared for network transmission, potentially through a specialized IP core (e.g., SharkNet, for specific protocols beyond standard Ethernet) or standard Ethernet, and can also be routed to PS DDR memory.

Figure 3 (receiver) shows incoming encrypted data being decrypted by the PL’s AES-GCM core. Decrypted data is then transferred via AXI DMA back to the PS for CPU processing or storage in DDR memory.

This architectural design strategically partitions tasks: High-speed cryptographic operations (AES acceleration, TRNG entropy generation) are implemented in the PL for parallelism and efficiency. Complex control logic, including Kyber-KEM key management (FA-Kyber framework) and higher-level network protocol handling, resides in the PS. This PS-PL separation is crucial for achieving both high performance and enhanced security, as further discussed regarding implementation security in Section 4.3.3.

2.4. FA-KYBER Framework Design and Implementation

The Flow-Adaptive Kyber (FA-KYBER) framework integrates the Kyber-KEM with network-adaptive key management strategies. It utilizes the Zynq UltraScale+ MPSoC’s Generic Ethernet MAC (GEM) controller, incorporating a Traffic-Sensing Trigger (TST) mechanism to dynamically adjust key update thresholds based on network conditions.

2.4.1. Traffic-Sensing Threshold (TST) Mechanism

Unlike existing adaptive key management approaches that rely on CPU load monitoring [19] or fixed-interval rotation [20], FA-KYBER introduces network-traffic-aware adaptation. Previous systems ignore network-layer attack indicators or require expensive SDN controller overhead [21]. Our hardware-register-based monitoring achieves <1% CPU utilization while providing multi-metric threat assessment, representing one of the first frameworks to couple network characteristics with post-quantum key rotation frequency.

The TST mechanism dynamically adjusts the key update threshold using Equation (3):

(3)${\mathrm{TST}}_{\mathrm{calc}}=T_{\mathrm{base}}+\alpha ·log\left(B_{\mathrm{avg}}\right)+\beta ·{\displaystyle \frac{V_{\mathrm{curr}}}{V_{\max }}}$

Here, $T_{\mathrm{base}}$ is a baseline data volume, and coefficients $\alpha$ and $\beta$ balance responsiveness to average bandwidth $B_{\mathrm{avg}}$ (detailed in Section 2.4.3) and the current transmission volume ratio ${\displaystyle \frac{V_{\mathrm{curr}}}{V_{\max }}}$. The policy enforces volume-based, time-based (e.g., a maximum interval), and anomaly-based (via GEM error counters) triggers for key updates.

The mathematical formulation in Equation (3) represents a constrained optimization problem that is well-suited for linear programming solutions. The model exhibits favorable computational properties: the logarithmic bandwidth term $\alpha ·log\left(B_{\mathrm{avg}}\right)$ can be linearized through piecewise approximation techniques [22], while the traffic ratio $\beta ·{\displaystyle \frac{V_{\mathrm{curr}}}{V_{\max }}}$ maintains inherent linearity. Given bounded parameters ($T_{\mathrm{base}}>0$, $B_{\mathrm{avg}}>0$, $0\le V_{\mathrm{curr}}/V_{\max }\le 1$), the solution space remains convex and computationally tractable [23,24].

Parameter optimization for $\alpha$ and $\beta$ can be achieved through regression analysis on historical traffic patterns, where the objective function minimizes prediction error while maintaining system responsiveness [25]. This linear modeling approach aligns with established frameworks for adaptive threshold optimization in network security, demonstrating superior performance over static methods in balancing detection accuracy and computational overhead [26,27].

To enhance practical robustness, the TST mechanism incorporates dual-layer validation logic. To minimize false positives, it requires anomalous behavior to persist across multiple consecutive monitoring windows, distinguishing genuine threats from transient network fluctuations. To counter false negatives, especially from low-rate attacks, it cross-validates bandwidth-based metrics with hardware error counter monitoring (e.g., RXCRCERR), providing a more comprehensive detection capability based on established anomaly detection and adaptive threshold principles [28,29].

The TST interfaces directly with the GEM controller’s hardware performance registers. Accessing these memory-mapped counters allows precise traffic measurement with negligible performance impact, unlike software-based monitoring. A non-blocking polling mechanism samples RXCNT and TXCNT registers, handling overflows and ensuring reliable, concurrent monitoring without packet delays.

2.4.2. Decentralized Device Discovery and Key Exchange Coordination

A decentralized coordination mechanism using Address Resolution Protocol (ARP) tables enables peer discovery and key exchange coordination, enhancing resilience by avoiding central authorities. To prevent collisions and ensure a unique active exchange per pair, a deterministic initiator selection (based on lexicographically smaller MAC address) is used. The system extends ARP scanning with state management to track device transitions and maintain key state synchronization.

2.4.3. Adaptive TST Algorithm Implementation

The TST value (Equation (3)) is calculated in two phases. First, current bandwidth ($B_{\mathrm{curr}}$) is measured using GEM hardware counters (RXCNT, TXCNT) over an interval $t_{\mathrm{interval}}$:

(4)$B_{\mathrm{curr}}={\displaystyle \frac{\Delta RXCNT+\Delta TXCNT}{t_{\mathrm{interval}}·{10}^6}}$

(5)$B_{\mathrm{avg}\_\mathrm{new}}=B_{\mathrm{avg}\_\mathrm{old}}·(1-\gamma )+B_{\mathrm{curr}}·\gamma$

2.4.4. Key Update Protocol Implementation

The key update protocol follows a three-phase approach for decentralized security and efficiency.

2.4.5. Network Performance Monitoring for Adaptive Security

The FA-KYBER framework employs multiple network metrics from GEM hardware registers for adaptive key management with minimal overhead. Beyond throughput (via RXCNT/TXCNT sampling), it monitors CRC errors (RXCRCERR) and length errors (RXLENERR) as indicators of potential network manipulation. If these error rates exceed adaptive thresholds, the system enters an elevated security state, accelerating key rotation.

Adaptive error thresholds are calculated dynamically based on historical data using a sliding window approach with efficient online statistics. A circular buffer maintains the last W error observations for each monitored type (CRC errors, length errors), where W is dynamically configurable (default: 1000 samples). When new observations arrive, we use Welford’s incremental algorithm [30] to update the mean ($\mu$) and standard deviation ($\sigma$) without recomputing from scratch.

For each new observation $x_i$, the running statistics are updated as follows:

-. $n=min(n+1,W)$ (current window size);

The window size W adapts to network conditions: 500–2000 samples based on traffic stability [31]. When the buffer reaches capacity, new observations replace the oldest entries using modular indexing [32]. This ensures $O\left(1\right)$ update complexity per new observation while maintaining statistical relevance. The adaptive threshold is

(6)$T_{\mathrm{adaptive}}=\mu +k·\sigma$

A hysteresis mechanism prevents oscillation. To return to normal operation from an elevated state, error rates must fall below a recovery threshold

(7)$T_{\mathrm{recovery}}=\mu +0.8·k·\sigma$

To guard against poisoning attacks aimed at suppressing key updates, the design incorporates two key defenses inspired by research into the robust detection of advanced threats [34]. First, the mandatory time-based trigger (e.g., max 4 h) acts as a fail-safe, preventing indefinite suppression of key rotation. Second, the adaptive threshold mechanism is hardened by bounding the statistical impact of outliers on the historical traffic baseline. This prevents an adversary from artificially inflating the TST threshold through malicious traffic injection, thus preserving detection sensitivity.

2.5. Multi-Level Hardware TRNG Design and Implementation

The True Random Number Generator (TRNG), a critical component for robust entropy, is based on a multi-level Ring Oscillator (RO) architecture within the FPGA, leveraging inherent physical noise. Key design principles include utilizing differentiated RO stages (5, 7, 9, and 11 inverters) as independent entropy sources and a multi-tier pooling architecture to refine raw entropy.

The TRNG’s structure, detailed in Figure 4, comprises an RO Array Core, a Pooling Module, and an Adaptive Control System. This configuration aims to eliminate biases and produce a statistically sound random bitstream. The adaptive control system, with its entropy estimator and adaptive sampler, continuously monitors and adjusts TRNG parameters to maintain randomness quality under varying conditions.

Physical isolation of entropy sources is crucial. As depicted in Figure 5, distinct RO configurations are spatially separated on the FPGA using Pblock constraints and careful placement. This “Physical Isolation Design” minimizes crosstalk and electromagnetic interference. The varied distributions (e.g., even, linear, staggered multi-row) for different RO types (5, 7, 9, and 11 stages) further enhance spatial diversity and the unpredictability of the TRNG output.

2.6. Security Analysis Methodology

The cryptosystem’s security was evaluated against classical and quantum-capable adversaries, based on established cryptographic principles and specific assessment methodologies tailored to its components and objectives.

2.6.1. Security Model and Assumptions

Our security model considers two attacker profiles: traditional attackers (classical resources, network attacks, limited by computational problem hardness) and quantum-capable attackers (access to large-scale quantum computers for Shor’s/Grover’s algorithms). This dual approach ensures comprehensive assessment towards goals of confidentiality, integrity, and availability. The analysis relies on four fundamental assumptions:

(1). The MLWE problem underlying Kyber remains intractable against quantum computers.

The system aims for IND-CCA2 security for Kyber-KEM and AEAD security for AES-GCM, targeting at least 128-bit post-quantum security. Evaluation objectives include assessing these security levels, verifying TRNG quality, and analyzing the FA-KYBER’s adaptive key rotation for approximating forward secrecy by limiting key exposure.

2.6.2. Quantum Resistance Assessment

Quantum resistance was primarily assessed by

2.6.3. TRNG Security Evaluation

The TRNG’s security (design in Section 2.5, Figure 4 and Figure 5) was evaluated as follows:

Statistical Randomness Verification: Subjecting output bitstreams to the NIST SP 800-22 test suite, using pass/fail and p-value distribution as metrics, with entropy estimation following NIST SP 800-90B [35] for non-IID sources.

2.6.4. Protocol-Level Security Assessment

FA-KYBER’s protocol-level security enhancements were assessed by examining the following:

The dual-trigger (time/volume-based) key update’s effectiveness in ensuring regular refreshes and limiting key exposure.

2.6.5. Implementation Security Design Considerations

Implementation security was addressed through the following design choices:

PS-PL separation for isolating Kyber-KEM (PS) from TRNG/AES (PL) to mitigate certain side-channel vectors.

While these architectural choices provide foundational security measures, a comprehensive quantitative assessment of side-channel attack resistance represents a critical limitation that must be acknowledged. Side-channel attacks, particularly power analysis attacks (Differential Power Analysis, DPA; Simple Power Analysis, SPA) and electromagnetic analysis, pose significant threats to cryptographic implementations [36,37]. Recent research has demonstrated successful attacks on both masked software [38] and hardware implementations [39] of Kyber-768, revealing vulnerabilities even in protected implementations using Boolean masking and other countermeasures.

Our current design incorporates several features that provide a foundation for side-channel resistance: the PS-PL architectural separation limits potential attack surfaces by isolating cryptographic operations across different domains; the multi-level RO TRNG’s physical design with spatial separation (Section 2.5) reduces electromagnetic coupling between entropy sources; and the FA-KYBER framework’s adaptive key rotation inherently limits the temporal exposure window available for side-channel analysis. Nevertheless, dedicated countermeasures such as Boolean masking for polynomial operations [40], constant-time implementations, and formal leakage assessment using standardized methodologies like the Test Vector Leakage Assessment (TVLA) [41] would be essential for deployment in adversarial environments and represent important directions for future investigation.

2.7. Performance Evaluation Methodology

Comprehensive experiments evaluated the cryptosystem’s performance. This section details the hardware platform, network test environment, evaluation metrics, and specific test scenarios.

2.7.1. Hardware Platform and Test Environment

The system was implemented on AXU4EV-P development boards (ALINX, Shanghai, China) featuring a Xilinx Zynq UltraScale+ MPSoC (XCZU4EV-1SFVC784: quad-core ARM Cortex-A53 at 1.5 GHz, PL at 100 MHz, 8GB DDR4 SDRAM). A customized carrier board provided Gigabit Ethernet and other interfaces. Tests were controlled by a host PC (Intel Corporation, Santa Clara, CA, USA) running Ubuntu 22.04 and equipped with an Intel Core i9-12900K processor and 64GB RAM. The network environment comprised three AXU4EV-P boards in a star topology via a Gigabit Ethernet switch, with a baseline one-way delay of 0.8 ms (±0.3 ms jitter). Network congestion (20%, 50%, 80%) was simulated by running bandwidth-intensive applications on additional board pairs connected to the same switch, offering a realistic assessment of robustness without specialized simulation tools.

2.7.2. Evaluation Metrics

Key performance metrics included the following:

Encryption Throughput (Mbps): Rate of successfully processed data under various conditions.

These metrics provide a holistic view of performance and operational characteristics.

2.7.3. Test Scenarios and Data Collection

System performance was evaluated under diverse conditions using the test scenarios summarized in Table 1. Data collection involved PS-side cycle counters, a Vivado Design Suite (v2022.2) for PL resources, and combined hardware (GEM registers) and software statistics for network performance. Each test configuration was repeated 10 times for statistical validity. These scenarios were designed to ensure comprehensive and representative results.

3. Results

3.1. Overall System Performance

System performance was robust and consistent. Table 2 shows encrypted data rates from a 2-h test series (10-minute key update intervals).

Across 10 independent 2-h tests, the system showed high stability (average throughput, 564.8 ± 7.2 Mbps; standard deviation (SD), 1.3% of the mean), confirming operational consistency. The consistently low latency (3.14 ± 0.10 ms) and high success rate (99.99 ± 0.01%) further affirm its reliability for real-world deployment.

3.1.1. Throughput Analysis Across Packet Sizes

Encryption throughput was evaluated for various packet sizes. For 64-byte packets (raw network throughput 86.1 Mbps), the encrypted throughput was 73.43 Mbps (85% efficiency). For larger packets (4096–8192 bytes, raw network throughput approaching 900 Mbps), consistent encryption throughput of 558–575 Mbps was maintained.

Figure 6 illustrates system throughput and encryption efficiency versus Ethernet packet size. Overall throughput increased with packet size due to reduced relative protocol overhead. Encryption efficiency (encrypted throughput/raw network throughput) peaked for smaller packets, and then decreased to 63% for 8192-byte packets as the system processing capacity became the bottleneck over the Gigabit Ethernet link.

3.1.2. Latency Characteristics

Table 3 details the system’s end-to-end latency components.

Baseline Ethernet latency averaged 0.683 ms (range: 0.465–0.810 ms). Encryption and key management added overhead, resulting in total end-to-end latencies from 1.8 ms (64-byte packets) to 5.7 ms (8192-byte packets). Average temporary service interruption during key updates was 78 ms. This minimal impact highlights the FA-KYBER protocol’s efficiency. Double buffering prevented packet loss during key transitions, maintaining a continuous data stream with only microsecond-level jitter.

3.1.3. System Stability and Resource Consumption

Figure 7 shows system throughput and PS CPU utilization during a 24-h stability test. Average throughput remained at 564 Mbps. CPU utilization peaked at 32–35% during key updates, remaining significantly lower otherwise, indicating efficient steady-state operation.

Power consumption varied minimally: 4.5 W idle (5V/0.90A) to 4.9 W full-load (5V/0.98A), showing good energy efficiency. MPSoC core temperatures stabilized between 50 °C and 62 °C under varying loads, well within specifications. Throughout the 24-h test, all 144 key updates were successful (100% rate), verifying operational reliability with frequent rotation. The TRNG maintained stable, high-quality entropy generation (verified by periodic NIST SP 800-22 tests). Zynq Performance Monitoring Unit (PMU) data corroborated efficient resource utilization.

3.2. Component-Level Performance Results

The performance of key individual hardware and software components was evaluated for a detailed understanding of their contributions.

3.2.1. TRNG Performance Results

The multi-level RO TRNG produced a stable 49.6 Mbps throughput. It successfully passed all NIST SP 800-22 statistical tests, with detailed p-values in Table 4.

Entropy contributions from distinct RO configurations were as follows: 5 stages (14.2 Mbps), 7 stages (12.8 Mbps), 9 stages (11.5 Mbps), and 11 stages (11.1 Mbps). This diversified output enhances overall randomness quality.

3.2.2. Encryption Engine and Kyber Operation Performance

The AES-256-GCM engine (extended from [42]) achieved > 550 Mbps throughput using 7.2% FPGA logic resources on the Zynq UltraScale+ XCZU4EV. Engine latency included a 0.28 μs initialization and 0.15 μs per-block (32-byte) processing time. Software Kyber-768 on an ARM Cortex-A53 core showed efficient operation: key generation: 1.2 $\mathrm{m}$$\mathrm{s}$; encapsulation: 1.5 $\mathrm{m}$$\mathrm{s}$; and decapsulation: 1.7 $\mathrm{m}$$\mathrm{s}$ (average). The peak PS memory footprint during key generation was 2.4 MB.

3.2.3. FA-KYBER Framework Adaptive Behavior

The FA-KYBER evaluation focused on key exchange efficiency and adaptive security response.

Key Exchange Efficiency. The average key exchange completion time (including Kyber-KEM and protocol overhead) was 74.3 $\mathrm{m}$$\mathrm{s}$, with 99.7% of it completed within 85 $\mathrm{m}$$\mathrm{s}$. Dual-key buffering prevented packet loss. Peak PS memory for an update cycle was 128 kB.

TST Mechanism Overhead. PS-based TST traffic monitoring consumed < 1% CPU utilization of its allocated core, due to direct GEM register access. Upon significant network changes (e.g., 20% to 80% congestion), TST recalculated and applied new key update thresholds (Equation (3)) with an average response time of 1.8 $\mathrm{s}$ post-detection.

Adaptive Security Response to Network Congestion. As shown in Figure 8, increasing network congestion (0% to 90%) reduced throughput (from 565 Mbps to 39 Mbps). Concurrently, FA-KYBER increased key update frequency from time-based (e.g., 2/hour at low congestion) to a TST-driven maximum of 5/hour at ≥70% congestion, even as throughput further declined.

3.3. Security Analysis Findings

Key findings from the security evaluation (methodology in Section 2.6) are presented.

3.3.1. Verification of Cryptographic Primitives and TRNG Quality

The Kyber-768 implementation was verified against test vectors and NIST specifications, confirming its Level 3 (128-bit post-quantum) security. AES-256-GCM was similarly verified for correct encryption, decryption, and authentication. As detailed (Section 3.2.1, Table 4), the TRNG passed all NIST SP 800-22 tests, providing high-quality randomness. Its adaptive sampling maintained stable entropy output under simulated environmental variations (voltage, ±15%; temperature, −40 °C to 85 °C during component stress tests).

3.3.2. Effectiveness of Protocol-Level Security Mechanisms

FA-KYBER’s TST mechanism demonstrated 93.7% detection accuracy across 150 simulated network attacks (bandwidth exhaustion: 96%; temporal analysis probes: 92%; replay attacks: 93%). Simulations used real network traffic baselines with superimposed attack traffic. The dual-trigger key update (time/TST-based) ensured regular refreshes, adapting to traffic conditions as observed in the 24-h test (Section 3.1.3). The exception-handling protocol (<0.1% activation during tests) successfully recovered connections from transient issues.

During validation, the persistence-checking logic was observed to significantly reduce false positive triggers from transient network spikes. In simulated poisoning attack scenarios, the hardened baseline calculation successfully resisted manipulation attempts, and the mandatory time-based trigger provided a reliable backstop, confirming the effectiveness of the layered defensive mechanisms.

3.3.3. Assessment of Implementation Security Aspects

Architectural PS-PL separation was maintained, confining Kyber-KEM to PS and TRNG/AES to PL, verified through code review and testing against unauthorized data paths. RO TRNG physical design choices (Pblocks, etc.) were implemented per methodology (Section 2.5). While direct side-channel leakage measurement was beyond the scope of this study, adaptive key rotation inherently limits exposure windows. Sensitive cryptographic materials were cleared from memory post-use (verified during debugging).

4. Discussion

The experimental results (Section 3) validate the proposed quantum-resistant hybrid cryptographic system’s successful implementation and robust performance on the Zynq UltraScale+ MPSoC. This section interprets these findings, contextualizes them within existing research, outlines contributions and limitations, and suggests future research.

4.1. Interpretation of Overall System Performance

The system’s high throughput (>560 Mbps, Table 2) and low standard deviation (1.3%) confirm its suitability and stability for bandwidth-intensive, post-quantum secure communications. The average end-to-end latency of 3.14 ms is acceptable for many interactive applications, with AES processing and system overheads identified (Table 3) as primary contributors, suggesting avenues for further optimization. Critically, minimal service interruption (78 ms) during key updates, with no packet loss due to dual-key buffering, underscores the FA-KYBER framework’s effectiveness in maintaining both communication continuity and cryptographic agility. Throughput analysis across packet sizes (Figure 6) revealed expected efficiency scaling, defining a practical performance envelope. Long-term stability tests (24-h, Figure 7) demonstrated consistent throughput, successful key rotation, stable TRNG output, and manageable power/thermal characteristics (4.5 W idle, 4.9 W load), supporting its viability for mission-critical operations. Transient CPU spikes during key updates did not compromise stability, reflecting a balanced PS-PL task distribution.

4.2. Interpretation of Component-Level Performance and Design Choices

Individual component performance underpins the system’s overall efficacy and security.

4.2.1. Significance of TRNG Performance and Quality

The multi-level RO TRNG’s stable 49.6 Mbps throughput adequately meets the randomness demands for Kyber, AES-GCM IVs, and other cryptographic operations without becoming a performance bottleneck. Successfully passing all NIST SP 800-22 tests (Table 4) provides strong evidence of high-quality, unpredictable random numbers, crucial for the cryptosystem’s security foundation. This robustness is likely enhanced by diversified noise sources from distinct RO configurations.

4.2.2. Implications of Encryption Engine and Kyber Operation Speeds

The AES-256-GCM engine’s >550 Mbps throughput with modest FPGA resource usage (7.2%) signifies efficient hardware acceleration, capable of handling high-bandwidth streams. Its low per-block latency (0.15 μs post-initialization) benefits delay-sensitive tasks. Kyber-768 software execution times on the ARM core (key generation: 1.2ms; encapsulation: 1.5ms; decapsulation: 1.7ms) are competitive for embedded PQC KEMs. While more intensive than traditional counterparts, these latencies are acceptable for secure session establishment given the enhanced quantum security, confirming Kyber’s feasibility on resource-constrained platforms.

4.2.3. Effectiveness and Novelty of the FA-KYBER Adaptive Framework

The FA-KYBER framework represents a significant advancement over static key management policies. Its dual-trigger (time and TST-based) mechanism provides a responsive approach. Key strengths include the TST’s low CPU overhead (<1%), leveraging hardware counters, and its adaptive threshold (Equation (3)) with quick responsiveness (1.8s). The adaptive key update frequency under network congestion (Figure 8), increasing up to five updates/hour, is particularly noteworthy as it actively reduces key lifetimes under stress, offering a practical enhancement to forward secrecy. This adaptive sophistication, surpassing fixed-interval/volume rotations, potentially offers superior security utility.

4.3. Interpretation of Security Analysis Findings and Implications

Security analysis (Section 3.3) supports the system’s resilience against targeted classical and quantum threats, alongside its protocol and implementation robustness.

4.3.1. Confidence in Cryptographic Primitives and Randomness

Verified Kyber-768 and AES-256-GCM implementations ensure adherence to their designed security levels. Kyber-768 meeting the 128-bit post-quantum security target is central to the system’s quantum resistance. While Grover’s algorithm theoretically impacts AES-256 [43], its remaining 128-bit effective security is widely considered adequate. The TRNG’s successful NIST SP 800-22 testing (Table 4) is paramount, ensuring the entropy source is not an exploitable weak link. High-quality randomness is essential for all cryptographic secrets and nonces. The TRNG’s stability under simulated stress (Section 3.3.1) suggests practical reliability, although comprehensive side-channel analysis would provide further assurance.

4.3.2. Effectiveness and Practicality of Protocol-Level Defenses

The FA-KYBER TST mechanism’s 93.7% detection accuracy against simulated network attacks (Section 3.3.2) highlights its utility as an integrated, lightweight intrusion detection capability. This allows for proactive responses, such as more frequent key rotations, enhancing cryptographic agility. High detection rates for common disruptions like bandwidth exhaustion (96%) and replay attacks (93%) demonstrate good sensitivity. The appropriate triggering of key updates by both time- and TST-based mechanisms validates the dual-trigger design’s utility in ensuring both baseline key freshness and dynamic protection.

4.3.3. Implications of Implementation Security Measures

The verified PS/PL architectural separation (Figure 2 and Figure 3) provides a degree of defense-in-depth, making it more challenging for vulnerabilities in one domain to compromise the other. RO TRNG design choices (Pblocks, differentiated routing) represent practical efforts towards entropy source integrity. Standard practices like clearing sensitive cryptographic material from memory post-use reduce attack windows. Furthermore, FA-KYBER’s adaptive key rotation, by limiting key lifetimes, inherently reduces the value of a compromised key and the time available for attacks, complementing theoretical cryptographic strength.

4.4. Comparison with Existing Work

This research is contextualized by comparison with existing cryptographic solutions and TRNGs.

4.4.1. Comparison with Other Cryptographic Systems

The proposed system, with a >550 Mbps throughput and 256-bit post-quantum security (Table 5), significantly advances practical PQC implementation on embedded platforms. While some traditional, non-quantum-resistant systems offer higher throughput (e.g., ZUC [44]), and other embedded PQC efforts report lower performance or lack comprehensive integration [14,45,46], our work distinguishes itself. The key differentiator is the holistic integration of high-throughput AES-256-GCM, robust Kyber-768, a hardware TRNG, and the adaptive FA-KYBER framework, addressing the full post-quantum secure communication lifecycle. This combination offers a practical, flexible solution with throughput surpassing that of many reported PQC systems for similar embedded platforms.

4.4.2. Comparison of TRNG Performance and Design

Our multi-level RO TRNG (49.6 Mbps, full NIST SP 800-22 compliance) compares favorably with recent designs (Table 6). While some alternatives offer higher throughput (e.g., Meitei et al. [12], but with partial NIST compliance) or use advanced fabrication (e.g., Park et al. [9]), our TRNG strikes a practical balance of sufficient throughput, strong randomness, and implementability on standard FPGAs. The multi-level, adaptive sampling RO architecture is key to this balance.

4.4.3. Novelty in System Integration and Adaptive Key Management

A primary contribution is the synergistic integration of Kyber-KEM, AES-GCM, a quality TRNG, and the innovative FA-KYBER framework on an embedded SoC. To our knowledge, few existing works present such a comprehensive, end-to-end PQC system featuring both a validated hardware TRNG and dynamic, network-traffic-adaptive key rotation. While individual components are well-studied, their effective integration and the development of adaptive security mechanisms responsive to real-world network dynamics are critical for practical PQC deployment. FA-KYBER’s TST mechanism, in particular, offers intelligent, resource-efficient key lifecycle management, enhancing security by minimizing key exposure windows.

4.4.4. Brief Comparison with Related Approaches

Our approach differs from recent adaptive security frameworks [47] that focus on malware detection without cryptographic integration. While SDN-based systems achieve good threat detection, they require continuous controller monitoring with higher overhead. FA-KYBER’s hardware-register approach achieves 93.7% anomaly detection with minimal resource consumption, specifically optimized for post-quantum environments where existing frameworks lack coverage.

4.5. Broader Implications and Significance

This work has several broader implications. It demonstrates the feasibility of deploying comprehensive, high-performance PQC systems on resource-constrained embedded platforms (FPGAs/SoCs), crucial for securing future IoT, industrial control, automotive, and edge computing applications. Achieving >550 Mbps encryption with robust key management and entropy generation on such devices indicates that PQC adoption need not be limited to high-end hardware. The FA-Kyber framework’s traffic-adaptive key management suggests a new approach to operational security, moving beyond static policies to dynamically respond to network conditions and potential threats. Its principles could inspire more intelligent, resilient security architectures, with the TST mechanism’s lightweight intrusion detection capabilities offering a path towards self-defending cryptosystems. Furthermore, demonstrating a reliable, high-throughput hardware TRNG using standard FPGA resources underscores the importance of building strong cryptographic foundations without resorting to exotic or expensive entropy sources, vital for cost-sensitive applications. Overall, this research provides a tangible blueprint for quantum-resistant, context-aware secure communication systems, bridging theoretical PQC development with practical, high-performance system-level implementation.

4.6. System Portability Considerations

While this work focuses on the Zynq UltraScale+ platform, the architectural design principles employed support potential cross-platform adaptability. This section discusses the theoretical portability considerations and migration challenges.

4.6.1. Architectural Design for Portability

Our PS-PL separation architecture (Figure 2 and Figure 3) follows established heterogeneous computing principles, enabling theoretical mapping to various platforms: ARM+FPGA SoCs (Intel Cyclone V/Arria 10), CPU+GPU systems, and CPU+dedicated accelerator configurations. The modular design separates hardware-intensive operations (AES encryption, TRNG) from software control logic (Kyber-KEM, FA-KYBER), facilitating independent platform optimization.

4.6.2. Component Portability Analysis

Cryptographic algorithms demonstrate inherent portability: Kyber-768 as an NIST standard with a C reference implementation exhibits natural cross-architecture compatibility, while our measured performance (1.2–1.7 ms operations) should scale predictably with processor capabilities. AES-256-GCM represents a widely supported standard with hardware acceleration available across most platforms. The TRNG design presents the greatest platform dependency, as our multi-level Ring Oscillator implementation (Section 2.5) relies on FPGA-specific routing and placement, requiring significant adaptation for cross-vendor migration or alternative entropy sources for non-FPGA platforms.

4.6.3. Migration Challenges and Limitations

Cross-platform migration faces several challenges: toolchain adaptation (Vivado vs. Quartus), resource architecture differences (CLBs vs. ALMs), and platform-specific integration requirements. The FA-KYBER framework’s network monitoring, while conceptually portable through standard APIs, would require platform-specific driver adaptation.

Important limitation: This analysis represents theoretical considerations based on architectural principles rather than empirical validation. Actual migration would require substantial engineering effort including performance characterization, component optimization, security validation, and integration testing on target platforms. Future work should prioritize establishing baselines for strategically important alternative platforms.

4.7. Limitations of the Study

Despite promising results, this study has the following limitations:

Comprehensive Side-Channel Attack Analysis: While our architectural design incorporates several SCA-aware features (PS-PL separation, adaptive key rotation, TRNG spatial isolation), this work lacks formal side-channel resistance evaluation against power analysis attacks (DPA/SPA), electromagnetic analysis attacks, and timing-based attacks. Quantitative security assessment using standardized methodologies such as Test Vector Leakage Assessment (TVLA) [41] was not performed due to the requirement for specialized equipment (oscilloscopes, electromagnetic probes) and evaluation frameworks that were beyond the scope of this initial implementation study. Recent research has demonstrated successful side-channel attacks on masked implementations of Kyber-768 [37,39], highlighting that even protected implementations can be vulnerable without comprehensive countermeasures such as higher-order masking, shuffling, and constant-time operations specifically tailored for lattice-based cryptographic operations.

These limitations offer avenues for future refinement and research.

4.8. Future Research Directions

Building on these findings and limitations, future research directions include the following:

Formal Side-Channel Analysis and Enhanced Countermeasures:Building upon the SCA-aware architectural features identified in this work, conducting comprehensive side-channel resistance evaluation using Test Vector Leakage Assessment (TVLA) methodology [41] and implementing dedicated countermeasures. Priority research areas include the following: (a) power analysis testing of Kyber-768 operations using differential and correlation power analysis techniques; (b) electromagnetic leakage assessment of the multi-level RO TRNG under varying environmental conditions; (c) timing attack analysis of the FA-KYBER key exchange protocol; (d) implementation and evaluation of masking schemes for polynomial arithmetic operations [40]; and (e) integration of established SCA countermeasures such as clock randomization, noise injection, and shuffling techniques, validated through standardized leakage assessment frameworks.

Addressing these areas would further enhance the security, performance, and applicability of quantum-resistant cryptosystems.

5. Conclusions

This paper presented the design and comprehensive evaluation of an optimized quantum-resistant cryptographic system, demonstrating the practical feasibility of deploying high-performance post-quantum security on embedded platforms. Our integrated solution on the Zynq UltraScale+ MPSoC successfully combines three key elements: NIST-standardized Kyber-KEM for secure key exchange, a novel multi-level hardware TRNG providing stable 49.6 Mbps of high-quality entropy, and the innovative FA-KYBER framework for adaptive key management. The system delivers an encrypted data throughput exceeding 550 Mbps at a low average latency of 3.14 ms, validating its suitability for demanding, real-world applications.

The success of this work illuminates several clear and critical paths for future research. While our software-based Kyber implementation is efficient, hardware acceleration is the next logical step to reduce key exchange latency below the current 1.2–1.7 ms, enabling ultra-low-latency secure communications. The demonstrated 93.7% anomaly detection rate of our FA-KYBER framework provides a strong baseline, which could be further enhanced by incorporating machine learning models for more sophisticated threat intelligence. To build upon our security-conscious design, a comprehensive side-channel analysis (SCA) of the PS-PL architecture is essential for hardening against physical attacks. Finally, investigating long-term TRNG stability and developing scalable key management protocols are crucial for ensuring robust, enterprise-grade deployment.

In conclusion, this research provides more than just a high-performance implementation; it offers a tangible blueprint for developing the next generation of secure systems. By synergistically integrating quantum-resistant algorithms, robust hardware entropy sources, and context-aware adaptive security, this work establishes a new benchmark and a clear research roadmap for building resilient communications infrastructure capable of withstanding the quantum threat.

Footnotes

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Figure 1 Overall architecture of the quantum-resistant hybrid cryptographic system showing the integration of processing system (PS) and programmable logic (PL) components.

Enlarge this image.

Figure 2 Hardware data flow for the transmitter side, showing data transfer from PS to PL for encryption and network transmission.

Enlarge this image.

Figure 3 Hardware data flow for the receiver side, showing data reception, decryption in PL, and transfer to PS.

Enlarge this image.

Figure 4 Multi-level RO architecture and three-tier pool structure of the implemented TRNG, showing the RO Array, Pooling, and Adaptive Control modules.

Enlarge this image.

Figure 5 Schematic of the physical layout for the multi-stage RO TRNG, illustrating the spatial distribution and isolation of different RO configurations on the FPGA.

Enlarge this image.

Figure 6 System throughput and efficiency across different packet sizes.

Enlarge this image.

Figure 7 System throughput and CPU utilization during a 24-h stability test.

Enlarge this image.

Figure 8 System performance under different network congestion conditions showing adaptive key update frequency.

Enlarge this image.

Appendix A. A Proposed Roadmap for Formal Verification

As suggested by our analysis in Section 4.7, formal verification was not within the scope of this work. However, for the benefit of interested readers and future research, this appendix outlines a practical roadmap for applying formal methods to a hybrid cryptographic system like ours, based on established practices in the formal verification of cryptographic systems [48,49]. The process involves progressively refining models from high-level protocol abstractions down to implementation-specific details.

A graphical overview of the proposed verification process is shown in Figure A1.

Figure A1 Proposed flowchart for the formal verification of the hybrid cryptosystem.

Enlarge this image.

The verification process can be broken down into four main phases:

Phase 1: Formal Specification. The initial step is to translate the system’s security goals and operational requirements into a precise, machine-readable format. For our system, this would involve the following:

Protocol Properties: Defining security goals for the FA-KYBER key exchange protocol. This includes properties like mutual authentication (i.e., the initiator and responder correctly identify each other), key secrecy (i.e., the exchanged session key remains unknown to an attacker), and forward secrecy (i.e., the compromise of long-term keys does not compromise past session keys).

Phase 2: System Modeling. In this phase, different aspects of the system are abstracted into formal models suitable for analysis. This requires creating multiple models at different levels of abstraction:

Protocol Model: Modeling the FA-KYBER key update protocol as a state machine. This model would capture the roles (initiator, responder), messages exchanged, session identifiers, and the cryptographic primitives (e.g., Kyber.Encaps, Kyber.Decaps) as abstract functions.

Phase 3: Automated Verification and Analysis. With formal models in place, automated tools can be used to search for flaws or prove that certain properties hold:

Protocol Security: A symbolic model checker like ProVerif [50] or Tamarin [51] would be used on the protocol model. These tools are excellent at automatically finding attacks on cryptographic protocols, such as man-in-the-middle or replay attacks, for an unbounded number of sessions.

Phase 4: Manual Proof and Composition. Not all properties can be proven automatically. This phase uses interactive theorem provers to tackle more complex properties and to tie the results from different models together.

This structured approach, combining automated tools for broad analysis and manual proofs for deep, critical properties, represents a robust methodology for gaining high assurance in the security of complex quantum-resistant cryptosystems [55,56].