PQ-AuthN-IIoT: ALightweight,LWE-Based Postquantum and Privacy-Preserving Mutual Authentication Scheme for Resource-Constrained Industrial IoT Systems

Abstract

The rapid expansion of the Industrial Internet of Things (IIoT) presents pressing challenges for secure, efficient, and privacy‐preserving communication among users, sensors, and cloud infrastructures. Existing lightweight authentication schemes, primarily based on classical cryptographic assumptions, are increasingly vulnerable to the emerging threat of quantum computing. To address these challenges, we propose a lightweight, quantum‐resilient, and privacy‐preserving mutual authentication scheme tailored to the IIoT ecosystem. The proposed scheme integrates the learning with errors (LWE) assumption to achieve postquantum secure authentication and identity protection, hash functions for message integrity, and ephemeral elliptic curve Diffie–Hellman (ECDH) to provide classical forward secrecy within a hybrid security model. A novel use of ephemeral pseudonyms further enhances unlinkability and resilience against traceability attacks. The security of the scheme is established through informal analysis, covering resistance to forgery, impersonation, replay, man‐in‐the‐middle, and key compromise impersonation attacks, and through formal analysis in both the random oracle model (ROM) and BAN logic, proving mutual authentication and secrecy properties. Performance evaluation demonstrates that the scheme achieves low computational cost for resource‐constrained sensors (≈ 4 ms) and practical communication overhead while maintaining comprehensive security features superior to existing solutions. These results highlight that the proposed scheme provides a robust, efficient, and deployable framework for postquantum secure authentication in IIoT ecosystems.