Post-Quantum enhanced Ascon for secure vehicular IoT data integrity

Abstract

Secure vehicular communication is important in sustaining secure and effective transportation infrastructures. Advances in the Vehicular Internet of Things (VIoT) technology enable communication among vehicles as well as roadside facilities, offering effective traffic flow and security control. However, the vehicular networks are exposed to increased risks from cyberattacks, particularly from incoming quantum computers with the ability to interpret out-of-date conventional codes. This paper proposes a security solution based on post-quantum cryptography (PQC), which enhances Ascon encryption by adding quantum-proof key exchange. This method ensures secure authentication and protects against replay, sybil, collision, phishing, and man-in-the-middle attacks. A 32-bit Ascon hash coupled with SHA-512 provides data integrity. Investigations on resource-constrained vehicular environments confirm that the new scheme provides better performance, producing 128–512-bit keys in microseconds, much quicker than Kyber and Falcon. It also outperforms Ascon in hash rendering speed, completing a 256 × 256 grayscale image in 0.0782s, compared to 0.822s for standard Ascon, thereby emphasizing its ability to provide secure, immediate communication between vehicles in scenarios sensitive to quantum technologies. These observations show that the suggested approach is strongly secure and computationally efficient, and hence it is suitable for protecting future connected and autonomous vehicles from cyberattacks in the quantum era.

Introduction

The increasing digitalization of vehicular networks and the adoption of connected and autonomous vehicles (CAVs) have raised concerns about the security and privacy of vehicular data. Intelligent Transportation Systems (ITS) and Vehicular Internet of Things rely on seamless data exchange between vehicles, roadside units (RSUs), and cloud infrastructure to improve traffic efficiency and road safety¹. However, this interconnected ecosystem is highly vulnerable to cyber threats, including unauthorized access, data manipulation, and large-scale attacks that could disrupt traffic operations and compromise user privacy². Cyberattacks on vehicular networks can result in severe consequences, such as vehicle hijacking, location tracking, identity theft, and traffic manipulation. The need to secure confidential data over IoV (Internet of Vehicles) networks has become increasingly critical. Cybersecurity in this context is governed by the Confidentiality, Integrity, and Availability (CIA) triad³. To protect vehicular data, security mechanisms such as access controls, encryption, authentication protocols, and intrusion detection systems are commonly used⁴. Confidentiality ensures that sensitive data is protected from unauthorized access through encryption, while integrity guarantees that information remains accurate and unaltered during transmission and storage. Availability ensures that authorized users can access the data whenever needed⁵.

However, these traditional security measures often introduce performance overhead, require significant computational resources, and may not be scalable for real-time vehicular environments^6,7. Moreover, modern cryptographic algorithms are increasingly vulnerable to the increasing power of quantum computers. Quantum computers can break traditional encryption techniques and pose a serious threat to vehicular IoT data integrity. This challenge necessitates the integration of Post-Quantum Cryptography (PQC) solutions to ensure long-term security in vehicular communication networks⁸.

Cryptographic techniques, including authentication and hash verification, play a vital role in securing vehicular data from tampering, unauthorized access, and cyberattacks⁹. However, conventional encryption methods may not provide sufficient protection against emerging quantum-based threats. Quantum computers have the potential to solve complex cryptographic problems much faster than classical computers, making traditional encryption methods obsolete. To address this issue, quantum-resistant cryptographic solutions must be integrated into vehicular security frameworks. Quantum Key Distribution (QKD) leverages quantum mechanics to generate encryption keys that are inherently resistant to both classical and quantum attacks¹⁰.

This study introduces a novel modified Ascon (m-Ascon) encryption scheme enhanced with PQC for protecting vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-cloud (V2C) communication against quantum-enabled threats. The contributions of this study include:

• Implementation of a PQC-secure key exchange mechanism for safe and efficient communication between connected vehicles and infrastructure.

• Key improvements include enhanced substitution layers in Ascon’s permutation block, 256-bit key generation.

• Use of a 32-bit Ascon hash with SHA-512 for authentication, ensuring integrity and preventing data manipulation.

• Security analysis of m-Ascon for vehicular applications, including protection against cyberattacks such as replay attacks, sybil attacks, Man-in-the-Middle (MITM) attacks, and data falsification.

The rest of the paper is structured as follows: Section II reviews related work and identifies research gaps. Section III presents the system model and study objectives. Section IV details the proposed PQC-enhanced Ascon encryption for vehicular networks. Section V evaluates the performance and security of the proposed method. Finally, Section VI concludes the study and highlights future research directions.

Literature review

In the area of vehicular networks data security, significant progress has been made to improve protection through cryptographic systems. Historically, data encryption methods such as AES, RSA and ECC have been used to protect data exchanged between vehicles, road-side units (RSUs) and cloud infrastructure. However, these techniques are now encountering substantial challenges due to increasingly advanced cyber threats, such as Man-in-the-Middle, sybil, and replay attacks. Additionally, the advent of quantum computing presents a major threat, as quantum algorithms have the potential to compromise widely used cryptographic standards^11,12. In response, attention has shifted towards quantum-secured cryptographic solutions. Quantum Key Distribution uses quantum mechanics principles to create encryption keys that are unconditionally secure. Protocols like BB84 and E91 are resistant to both classical and quantum-based attacks, making them appealing for future-proof security models¹³. Nevertheless, their application in real-time vehicular communication—such as V2V, V2I, and V2C—remains underdeveloped. While QKD has shown potential in cloud security and blockchain-based networks, its direct application in vehicular settings is still in its early stages. Alternative models, such as hybrid schemes incorporating Self-Adaptive Bald Eagle Search (SABES), chaotic encryption, and circular shift operations, have been assessed for their resistance to entropy-based, differential, and brute-force attacks¹⁴. However, these models often overlook real-time constraints like latency and lightweight processing. Similarly, AES-based models enhanced with techniques like watermarking and cuckoo search optimization still fall short against quantum-enabled decryption¹⁵. A comprehensive survey on quantum communication highlighted advancements in quantum networks, cryptography, and machine learning, suggesting the integration of QKD with CRYSTALS-Kyber and Zero-Knowledge Proofs (ZKPs) for securing cloud-based blockchain systems¹⁶. However, there remains a gap in fully integrated frameworks that combine QKD, PQC, and ZKPs tailored to real-time, smart vehicular environments¹⁷. Some studies also explore QKD in the context of network routing and simulation protocols, but real-world applicability remains limited. Recent focus has shifted to Ascon, a lightweight cipher chosen for the NIST Lightweight Cryptography Standard, due to its low computational overhead and high-speed performance in constrained environments¹⁸. Although Ascon is suitable for in-vehicle communications, current implementations lack integration with post-quantum cryptography , leaving systems vulnerable to future quantum threats¹⁹.

Post-quantum cryptography algorithms such as CRYSTALS-Kyber and SPHINCS + have been utilized in the Internet of Things and cloud sectors to achieve quantum resistance. However, their performance limitations make them unsuitable for automotive applications requiring low latency²⁰. At the same time, authenticating users and vehicles is crucial for maintaining network trust, yet challenges like denial-of-service (DoS) and Zig-Zag attacks continue to threaten the CIA triad²¹. To address these issues, Alalwany and Imad²² developed an online vehicle trust management framework using machine learning to improve response to conventional attacks. However, it still relies on traditional cryptographic models, which are inadequate against quantum threats. Similarly, Bhuvaneshwari and her team proposed a 7-stage pipelined Ascon architecture to enhance processing efficiency in embedded vehicular systems, but it does not adequately address quantum resistance²³. Recent work by Taneja and Rani introduced a quantum-enabled intelligent resource control framework aimed at improving the reliability of IoV communication by tackling latency and connectivity challenges²⁴. In parallel, Veera Jyothi et al. explored vulnerabilities in Vehicular Ad Hoc Networks (VANETs) within the context of quantum computing, highlighting the pressing need to upgrade traditional cryptographic defenses²⁵. Collectively, these studies emphasize the importance of integrating quantum-aware security with intelligent control to ensure robust, real-time protection in future vehicular communication systems.

There has been no prior research on combining PQC with Ascon to improve security and efficiency in vehicular networks. Quantum Key Distribution has been examined for secure key exchange in cloud and satellite networks. While some studies suggest using QKD for securing blockchain transactions and IoT communications, no research has integrated QKD with Ascon for vehicular networks. The combination of QKD with lightweight encryption in vehicular security remains largely uncharted. Despite progress in PQC and QKD, no existing study has proposed a modified Ascon (m-Ascon) integrated with QKD for vehicular networks. This research addresses that gap by presenting a new hybrid cryptographic model, providing low-latency, quantum-resistant security for real-time vehicular communication.

Need for a novel approach

Given these research gaps, there is a pressing need to develop a modified Ascon (m-Ascon) encryption scheme that integrates PQC-based key exchange mechanisms to secure vehicular communication. Unlike traditional security models, this approach would:

1. Leverage Ascon’s lightweight structure to support real-time vehicular communication.

2. Integrate PQC-resistant key exchange to counter quantum attacks.

3. Utilize QKD for tamper-proof key distribution, ensuring secure authentication and data integrity.

4. Optimize encryption performance for resource-constrained vehicular environments.

This research aims to introduce the first-ever integration of modified Ascon with QKD in vehicular networks, filling a crucial gap in quantum-secure vehicular communication. The proposed solution will be evaluated against existing encryption models to demonstrate its superiority in terms of efficiency, security, and scalability for future vehicular ecosystems. A detailed literature survey is tabulated in Table 1.

Table 1.

Literature Survey.

Author & Year	Algorithms Used	Security Achievements	Limitations
Pradhan & Patil (2024)	AES, RSA, ECC	Provided baseline encryption for vehicular data protection	Vulnerable to quantum attacks; lacks quantum resistance
Sood (2024)	AES, RSA, ECC	Defense against MITM, Sybil, and replay attacks	Not quantum-secure; lacks lightweight design for real-time applications
Yang et al. (2023)	BB84, E91 (QKD)	Unconditionally secure key exchange based on quantum mechanics	Early-stage application in vehicular networks; limited real-time applicability
Adeyinka & Adeyinka (2024)	SABES, chaotic encryption, circular shifts	Resistant to entropy, brute-force, and differential attacks	High complexity; not optimized for real-time vehicular scenarios
Hameed et al. (2024)	AES + watermarking + cuckoo search optimization	Enhanced authentication mechanisms	Still vulnerable to quantum decryption techniques
Oh et al. (2024)	QKD + CRYSTALS-Kyber + ZKP	Secure blockchain-based cloud system	Focused on cloud security, not designed for real-time V2X communications
Zhou et al. (2018)	QKD + Classical Cryptography + ZKPs	Theoretical hybrid models for secure smart systems	No practical framework or performance evaluation w.r.t vehicular networks
Liu et al. (2017)	Ascon (NIST LWC candidate)	Lightweight, low-overhead encryption suitable for IoT and vehicular contexts	Lacks post-quantum integration; susceptible to quantum attacks
Ghashghaei et al. (2024)	Ascon	Proposed for sensor data encryption in vehicles	Standard Ascon Implementation addressed, PQC not addressed
Sharma et al. (2023)	CRYSTALS-Kyber, SPHINCS+	Quantum-resistant encryption for IoT and cloud	Introduces high latency; impractical for time-sensitive vehicular environments
Alalwany & Imad (2024)	ML-based Trust Management	Dynamic threat detection in IoV	Classical cryptos were used
Bhuvaneshwari et al. (2025)	7-stage pipelined Ascon	Optimized Ascon for resource-constrained embedded devices	Lack of quantum-based security analysis
Taneja & Rani (2024)	Quantum-enabled resource control	Improved reliability for IoV	QKD is not considered
Veera Jyothi et al. (2023)	Security analysis of VANETs	Highlighted quantum threats	No proposed implementation
Proposed Work (2025)	AQKD + modified Ascon (m-Ascon) + SHA-512	Combines PQC and QKD in a lightweight, efficient model; quantum-safe key generation in microseconds; robust against multiple attack types	Contribution for the Limitations: First integration of QKD and Ascon in vehicular networks; optimized for real-time and resource constraints

System model

In the proposed PQC-based system model for VIoT, the user application interface interacts with VIoT devices, including sensing units that collect real-time vehicle and environmental data. This data is processed by a data collector unit, which organizes and pre-processes it before transmitting it to a decision unit for analysis and insight extraction. The analysed data is securely transmitted through a communication device and stored in a protected data storage system. Post-quantum cryptography ensures secure communication and data integrity between VIoT devices and applications. Additionally, data storage and verification occur between the VIoT storage system and cloud infrastructure, utilizing quantum-resistant hash verification for enhanced security.

Security requirements

In this research, the security requirements are clearly defined to serve as foundational benchmarks for evaluation. m-Ascon & QKD ensures vehicular security: Confidentiality via Ascon with PQC encryption, Integrity through authenticated encryption, Authentication using key establishment, Quantum Resistance with PQC & QKD.Efficiency & Scalability is achieved by maintaining low computational overhead and real-time performance within resource-constrained vehicular environments. These benchmarks guarantee robust, future-proof security against quantum threats in vehicular networks.

Quantum gates

Quantum gates enhance security in VIoT networks by enabling robust cryptographic operations resistant to quantum threats. The X Gate (NOT gate) flips qubit states from |0⟩ to |1⟩, aiding essential transformations in secure vehicle communications. The Z Gate, applying a π-radian phase shift, protects phase-based information without altering measurement probabilities, ensuring secure message authentication. The Hadamard Gate places qubits in superposition, providing equal measurement probabilities for |0⟩ and |1⟩, which is essential for advanced quantum security protocols. The CNOT Gate, a two-qubit control mechanism, supports quantum error correction and secure key exchanges, while the SWAP Gate ensures reliable data transmission between quantum states, strengthening cryptographic key distribution. Together, these quantum gates establish a secure foundation for PQC-enhanced VIoT networks, protecting vehicular communication against emerging cyber threats.

Proposed system

Our proposed system integrates ASCON, a lightweight encryption algorithm, with PQC and QKD to enhance security in Vehicular Internet of Things networks. The system utilizes image encryption algorithms combined with quantum key generation to create a resilient and future-proof security framework for protecting sensitive data, such as vehicle sensor data and environmental information, within the VIoT ecosystem. This data, including real-time vehicle diagnostics and traffic management information, must be securely encrypted to prevent unauthorized access or tampering. The data collected from various IoT nodes in vehicles is transmitted to a gateway server, aggregated, and then forwarded to cloud infrastructure for further analysis. Securing this data is crucial, as it may contain sensitive information that could pose privacy risks or lead to security breaches if accessed by unauthorized parties. ASCON ensures efficient encryption and decryption, minimizing computational overhead while maintaining robust security. PQC techniques, integrated with QKD, leverage the principles of quantum mechanics to generate cryptographic keys resistant to quantum-based attacks, safeguarding the integrity and confidentiality of data exchanged in VIoT systems. The proposed protocol uses BB84-based QKD for quantum-secure key exchange, enhanced Ascon encryption with 256-bit keys, and a hybrid Ascon–SHA-512 hash for integrity. It effectively defends against quantum-enabled attacks while maintaining lightweight performance, making it suitable for secure, real-time communication in connected vehicular networks. The proposed system with its functionality is illustrated in Fig. 1.

Fig. 1.

The Proposed AQKD in VIoT.

ASCON encryption

It operates on fixed-size blocks of data, typically 64 or 128 bits. Along with the vehicular network data, an encryption key is provided as an input to specify the transformation used in encrypting. This key, generated based on the desired security level, is crucial for both encryption and authentication processes and is utilized during initialization. It operates with a fixed number of iterations or rounds, applying a series of transformations to the input data. One of the key components of ASCON’s encryption process is the S-box, which introduces nonlinearity through 5 unified equations instead of a lookup table operation. Overall, ASCON’s encryption operation integrates various cryptographic techniques, including substitution, permutation, and diffusion, to provide efficient and secure encryption. The use of QKD to obtain the required encryption key adds a layer of security to the process.

ASCON with quantum key distribution in vehicular IoT

Integrating ASCON with Quantum Key Distribution in Vehicular IoT provides a highly secure solution by combining the security of quantum key exchange with the efficiency of ASCON encryption. QKD uses quantum mechanics to generate cryptographic keys for encrypting sensitive data such as vehicle telemetry and GPS coordinates, ensuring future quantum-resistant communication. The proposed framework uses a QKD-generated 256-bit key to derive a 128-bit key for ASCON encryption. This hybrid approach enhances key management resilience and secures communication within the dynamic and distributed VIoT environment.

Quantum mechanics in the key generation process

Quantum mechanics is fundamental to QKD security. Quantum superposition allows for the efficient generation of keys because qubits exist in multiple states before they are measured. The qubits are initially prepared in a superposition of states, meaning they exist in a combination of |0⟩ and |1⟩ states. This allows for efficient key generation because the information encoded in qubits cannot be fully determined until measured. It is only upon measurement that the qubit collapses to one of its basis states. The Heisenberg Uncertainty Principle ensures eavesdropping detection; any measurement disturbs the quantum states, revealing an attacker. The No-Cloning Theorem prevents adversaries from copying qubits undetected, as attempts alter the original states. Although not in BB84, quantum entanglement, where the measurement of one qubit immediately affects the other, has the potential to provide an even more robust future QKD in VIOT, providing secure and integral cryptographic keys. Quantum mechanics plays a pivotal role throughout the entire QKD process, ensuring the security and integrity of the cryptographic key.

ASCON with quantum key generation in VIoT

The implementation of ASCON with Quantum Key Distribution in the VIoT context uses eight qubits (q0 to q7) within a quantum circuit built on the BB84 protocol. This protocol employs the principles of quantum mechanics to ensure secure key exchange and is crucial for protecting communications between vehicles or between a vehicle and roadside infrastructure. Figure 2 illustrates the Quantum Circuit Implementation for AQKD.

Fig. 2.

Quantum Circuit Implementation for AQKD.

Key Generation: In the QKD process, the Sender node (Vehicle A) generates bits, which represent bits of a cryptographic key. After that these bits are encoded randomly into quantum states, such as |0⟩, |1⟩, |+⟩, or |−⟩ to form qubits. Each qubit represents a quantum state crucial for establishing secure communication, as the quantum state remains undetectable without causing measurable interference. The Sender node then transmits these qubits to the Receiver node (e.g., Vehicle B or the IT infrastructure) over a quantum communication channel.

Quantum Measurement: Upon receiving the qubits, the Receiver node (Vehicle B or IT infrastructure) randomly selects a measurement basis diagonal for each qubit. The measurement process collapses the quantum state to a definite value, which can be either |0⟩ or |1⟩, depending on the selected basis. Importantly, quantum mechanics ensures that any attempt by an eavesdropper to intercept the qubits will disturb their quantum state, making any unauthorized tampering detectable.

Basis Reconciliation: Once the qubits are transmitted, Alice (the Sender) and Bob (the Receiver) publicly disclose the measurement bases used (but not the actual outcomes). They then discard any qubits where the measurement bases did not align, and they retain only those qubits that were measured using matching bases. This process ensures that the final key bits are correlated and valid.

Secure Key Generation: The outcome of this quantum key distribution process is a shared 128-bit cryptographic key between the sender and receiver, which can then be used as the encryption key for ASCON encryption. Qubits (q0, q1, …, q7): A total of 8 qubits are used within the quantum circuit to implement the BB84 protocol. These qubits represent the cryptographic key bits that will be securely exchanged between the Sender node (Vehicle A) and the Receiver node (Vehicle B or IT infrastructure). Classical Register (c): An 8-bit classical register is used to store the measurement outcomes from the qubits, which will generate the key.

Key generation unit

1. Sender Node prepares the qubits.

2. Sender randomly selects a basis ϕi∈{+,×} to measure each qubit

3. Sender randomly selects a bit ∈{0,1} and a basis ∈{+,×} for each qubit i.

4. The state of each qubit is given in Eq. (1)

5. The sender sends the qubits to the receiver over a quantum channel.

6. Measurement of the received qubits based on Eq. (2) at the receiver side.

7. For enhancing the security and resilience against cyber-attacks 256 bits are generated and shared. Out of which 128-bit qubits are taken as the required key for ASCON encryption.

8. Sender and Receiver publicly share their bases, they keep the bits where θi = ϕi.

9. Discard non-matching bases when the key bits are ki = mi where θi = ϕi.

10. The remaining bits after basis reconciliation form the raw key by Eq. (3)

11. Integration with ASCON Encryption: Sender and receiver shared a secure 128-bit key given by the Eq. (3).

1

The measurement result

2

Raw key k = , The final secure key k is

3

Now the key is incorporated into the initial state of ASCON. The state consists of five 64-bit words as in Eq.(4), so we use the key along with other initial parameters such as nonce and associated data.

Enhanced substitution layers in ascon’s permutation block & 256-bit key generation

To resist quantum-accelerated cryptanalytic attacks such as Grover’s algorithm, we enhance the Ascon cipher by introducing modified S-boxes with unified equations and 256-bit key generation. These changes expand the cipher’s complexity and reduce predictability, offering stronger security guarantees even under quantum threat models. Unlike standard lightweight ciphers, which may be vulnerable to side-channel or algebraic attacks, these enhancements make m-Ascon more resilient to both classical and quantum differential analysis.

Quantum transmission and key distribution

The derived 128-bit quantum key, generated through QKD principles like superposition and the Heisenberg Uncertainty Principle, is integrated into the ASCON encryption algorithm to secure sensitive VIoT data such as telemetry and GPS. This quantum transfer, via optical fibre or free space channels, guarantees the integrity and confidentiality of the data. Any attempt to intercept or measure the quantum states during key distribution or data transmission will immediately cause a detectable disturbance, preventing successful eavesdropping and safeguarding information against cyber-attacks.

ASCON encryption round with modified S-Box

Single-Round encryption function

A single round of ASCON consists of the following steps:

Let the initial state S be:

4

The other parts of the state might include the nonce and associated data initialization. Initialize the state with the key K from the QKD unit:

Modified Substitution Layer (S-Box Application): Each 5-bit word of the state is substituted using the modified S-Box given by Eq. (5)

5

The specific mapping of the 5-bit input to the output using the S-Box unified Eqs. (6,7,8,9,10).

6

7

8

9

10

.

Linear Diffusion Layer: The state undergoes linear diffusion as described by the Eqs. (11, 12 &13)

11

12

Where , are the left, and right bitwise rotations, and the rotational constants are .

13

Permutations within the round function: Within the round function, permutations are typically applied to the state to shuffle the bits further and introduce confusion. These permutations involve bitwise operations such as rotation, XOR, and substitution.The modified permutation block logic is given in Algorithm 1.

Algorithm 1.

The proposed Modified Permutation Block.

Final permutation: After completing all rounds, a final permutation is applied to the state to ensure that the output data is thoroughly mixed and diffused. This final permutation ( prepares the state for output or further processing, such as generating the ciphertext by equation.

14

15

16

Finally, Eqs. (14,15) illustrates permutations within the round, enhancing confusion. The Eq. (16) represents the generated Cipher text (. These operations are repeated for each round, with the output of each round serving as the input for the next round. The secure 128-bit key generated by the BB84 quantum key distribution protocol is essential for initializing the ASCON encryption state. This key ensures robust encryption by combining quantum security with the lightweight and efficient operations of ASCON, making it highly suitable for securing sensitive vehicular data.

Decryption process

Decryption in ASCON follows the same process as encryption but in reverse. The ciphertext is XORed with the round key, and then the inverse of the S-box, permutations, and diffusion layer operations are applied. This involves reversing the permutation function and the linear diffusion layer. This combined approach ensures enhanced security for sensitive vehicular data, leveraging the strengths of both quantum key distribution and lightweight cryptographic operations.

Ascon hash with quantum

The integration of Ascon hash functions with quantum technology aims to enhance file storage and integrity checks in VIoT systems, facilitating secure communication between cloud servers and authorized personnel. Ascon ensures data confidentiality and integrity by generating unique hash values of 512 bits for confidential informational logs. This hashing mechanism allows for efficient verification of file authenticity, ensuring that any unauthorized modifications can be detected swiftly. The algorithm processes a message using four ASCON variants (Ascon-Hash, Ascon-Hasha, Ascon-Xof, Ascon-Xofa). For Ascon-Hash and Ascon-Hasha, a 32-bit hash length is enforced. It applies 12 or 8 permutation rounds based on the variant and uses an 8-byte rate for block operations. Message padding ensures the input is a multiple of the rate. The state (S) is initialized with parameters including a tag specification and a zeroed state. The ASCON permutation function is iteratively applied during block-wise absorption and hash extraction. If quantum security is required, the 32-bit output hash (H) undergoes further hashing using SHA3-512 to produce a final digest. Otherwise, the algorithm returns the computed hash directly.

In the implementation of the ASCON hash function using quantum circuits, eight qubits (q10 to q17) are utilized to perform quantum operations essential for secure hashing. A corresponding 8-bit classical register (c1) is employed to store the measurement results from these qubits. This combination of quantum and classical components enhances the security and efficiency of the ASCON hash process, ensuring reliable data integrity and confidentiality in various applications, including vehicular IoT systems.The Algorithm 2 describes the proposed hash function.

Algorithm 2.

Ascon_Hash (message, variant, hashlength, quantum_secure).

Hash-Based integrity and collision mitigation

17

where H in Eq. (17) is the Unique hash output used for collision resistance & ∥ is the Concatenation operator. This ensures that even a small change in P or N results in a different hash output H, mitigating collision and pre-image attacks. Metadata Generation: For every encryption, the following metadata is generated.

18

Where (M) in Eq. (18) is the metadata associated with the encrypted message, (MAC) is the Message Authentication Code for integrity verification, and (T) is the tag generated during the encryption process, (H) - digested Hash function. The decryption process by the recipients (i) can be modelled as follows:

19

where is the decrypted data, () is the decryption function of ASCON. Integrity verification can be formulated in Eq.(19) as follows:

20

where in Eq. (20) is a binary output indicating whether the integrity check has passed. V is the verification function that checks the validity of the MAC against the received data. ​∈{0,1}: Output is 1 if all checks pass; else 0.

Ascon hashing variants are enhanced by integrating SHA3-512 for improved collision resistance. ASCON’s hash function plays a vital role in data integrity by confirming that data, such as telemetry or sensor readings, remains unaltered. The approach features adaptive parameters, optimized state initialization, and advanced padding techniques. Combining the Ascon and SHA3-512 security capabilities, collision-defense resilience is significantly strengthened, addressing the challenges of classical and quantum adversaries in the rapidly evolving VIoT landscape.

Results & discussions

This research operates under several foundational assumptions to validate the proposed m-Ascon + QKD framework for securing vehicular IoT communications. First, all quantum key distribution processes are simulated within the Qiskit environment to assess real-world applicability. The model assumes that a tamper-proof quantum channel is available for the secure exchange of keys. It also considers that the container environments used for image encoding and decoding are isolated and secured. Vehicles and roadside units are expected to support lightweight cryptographic functions with minimal performance overhead. Additionally, the adversary is assumed to possess network access but cannot compromise secure hardware or the quantum channel. To conduct a comprehensive performance analysis of the security of the cryptosystem integrating encryption techniques with quantum key generation for encrypting the images of Container load for secure transmission and storage. The large size of your encryption key space demonstrates that the system is robust against variations in encryption keys, ensuring strong security guarantees. Various parameters including encryption, decryption, histogram analysis, PSNR, entropy, chosen-plaintext attack resilience, key sensitivity analysis, Number of Pixel Change Rate (NPCR), Unified Average Changing Intensity (UACI), MSE (Mean Squared Error), and encryption quality analysis. The aim is to achieve good results across these parameters, indicating strong security, high image quality, and robust performance. Here’s how each parameter can be evaluated:

Quantum results

In the proposed VIoT security framework, the quantum key distribution process begins with Vehicle D preparing qubits based on randomly selected bases-bit pairs such as (1,1), (1,0), (0,0), and (0,1). These qubits are transmitted to Infrastructure I, which independently selects its own sequence of measurement bases. After measuring the incoming qubits, both parties communicate over a classical channel to compare their basis choices. Bits corresponding to mismatched bases are discarded, and the remaining bits—where the basis matched—form a shared raw secret key. This process is performed by means of a quantum circuit (QC) consisting of one qubit and one classical bit, which simulates the preparation and measurement of the qubits by means of the inputs from vehicle D. Since qubits exist in a superposition state, any eavesdropping attempt alters their condition and becomes detectable, thus reinforcing the security of the key exchange.

Once established, the QKD-derived secret key is used to strengthen the post-quantum ASCON encryption scheme. Sensitive vehicular data such as telemetry, GPS coordinates, and driver details are encrypted using PQC-ASCON and securely transmitted to infrastructure nodes or cloud services. The integration of QKD ensures that the encryption key is unconditionally secure and resistant to both classical and quantum attacks. This combined approach of QKD with PQC-ASCON enhances the overall security architecture of VIoT, ensuring mutual authentication, secure key establishment, data confidentiality, and integrity. It supports robust protection for V2V and vehicle-to-infrastructure V2I communications, contributing to safe and reliable autonomous transportation and real-time traffic systems. In this quantum key distribution process, Vehicle D first generates a random sequence of bases and bits, where each basis can be either rectilinear (0) or diagonal (1) as illustrated in Fig. 3.

Fig. 3.

Simulated Qubits in AQKD.

The system verifies authenticity and integrity and facilitates secure key exchange for vehicle data.The execution time for AQKD is shown in Fig. 4, which could also reveal sensor data encryption that appears to be undetectable, preventing unauthorised access to valuable information.

Fig. 4.

Simulated AQKD Results.

Security analysis -collision attack

AQKD combined with Quantum Hash Value Verification is robust against unauthorized access and resilient to cyber-attacks, such as Collision, sybil, phishing, and Man-in-the-Middle attacks. A collision attack is a situation in cryptography where two distinct inputs produce the same output hash or signature. This is particularly significant in hash functions and digital signatures because it can compromise the integrity of the data. But in proposed systems, the hashing is extended to unique 512 bytes, for each input; this makes pre-computation attacks much harder. The proposed longer hash outputs reduce the probability of collisions. Table 2 compares the time taken to generate a hash for AQKD and ASCON for different data types. For raw data files (64–1024 bytes), AQKD outperforms ASCON with slightly faster generation time. AQKD also shows significant efficiency in hashing images, with shorter generation times for 256 × 256 greyscale (0.0782s vs. 0.822s) and color images (0.952s vs. 1.242s). For larger images, such as 512 × 512, AQKD maintains faster hashing (0.830s for greyscale and 1.521s for color) compared to ASCON.

Table 2.

Hash generation time.

Types of input data	Generation time (sec)
	HASH of AQKD	HASH of ASCON
Raw Data File- 64 Bytes	0.0000199	0.0000195
Raw Data File- 128 Bytes	0.0001492	0.0001872
Raw Data File- 256 Bytes	0.0003985	0.0004197
Raw Data File- 512 Bytes	0.000997	0.00257
Raw Data File- 1024 Bytes	0.001597	0.0035
256 × 256 Greyscale Image	0.0782	0.822
256 × 256 Color Image	0.952	1.242
512 × 512 Greyscale Image	0.830	1.0130
512 × 512 Color Image	1.521	2.671

The probability of at least one collision occurring after (N_H) hash operations for a hash function that produces an output of (S_H) bits can be approximated as in Eq. (21),

21

Here, H is the hash function. S_H is the output size of the hash function (H) in bits. N_H is the number of hash operations. Prob Coll (H) represents the probability of at least one collision for the hash function (H). This shows that as the number of hash computations (N_H) increases, the likelihood of encountering a collision also increases, considerably when (N_H) approaches (2^{S_H/2}). The detailed analysis is tabulated in Table 3.

Table 3.

Analysis of collision Attack.

Aspects	Generated collision attempts	Collisions found	Collision rate (%)
ASCON Hash + SHA512
1 st Try	1,000,000	0	0.00
2nd Try	2,000,000	0	0.0000
3rd Try	3,000,000	0	0.0000
ASCON
1 st Try	1,000,000	0	0.00
2nd Try	2,000,000	0	0.00
3rd Try	3,000,000	1	0.000025

The photons generation rate ( 10⁶ Photons/sec is required to generate the 256 bits, the basis matching efficiency ) is 0.5 and the quantum bit error rate (e) is 0.05. Now the generation time taken for the BB84 is given by the Eq. (22) from which the required 128-bit is taken for the proposed key generation unit. The BB84 key generation unit is analysed for various number of nodes which is tabulated in the Table 4

Table 4.

Key generation time for N nodes.

Number of Nodes (N)	keys/sec.	Key Rate per Node { (1-e)}/N	Time per Node for 1 Key
10	475,000	47,500	0.0000210526
20	475,000	23,750	0.000042105
30	475,000	15833.33333	0.000063157
40	475,000	11,875	0.000084210
50	475,000	9500	0.000105263
60	475,000	7916.666667	0.000126316
70	475,000	6785.714286	0.000147368
80	475,000	5937.5	0.000168421
90	475,000	5277.777778	0.000189474
100	475,000	4750	0.000210526

22

= 475,000 keys/sec per node

The proposed AQKD key generation time is significantly faster than existing quantum schemes, with the AQKD achieving a time of 0.0000023157s for 128-bit keys, 0.0000042105s for 256-bit keys and 0.000310526s for 512-bit. In contrast, existing schemes like Kyber and Falcon range from 0.0312s for Kyber 512 to a staggering 53.601s for Falcon 1024, highlighting the efficiency of the proposed approach in comparison in Table 5.

Table 5.

Key generation time (s) Comparison.

Key generation Time for existing quantum schemes	Time (s)
The Proposed Scheme AQKD (512)	0.000310526
The Proposed Scheme AQKD (256)	0.0000042105
The Proposed Scheme AQKD (128)	0.0000023157
[Ref- 19] Kyber 512	0.0312
[Ref- 19] Falcon 256	6.60639
[Ref- 19] Falcon 512	10.01676
[Ref- 19] Kyber 768	0.078
[Ref- 19] Kyber 1024	0.9372
[Ref- 19] Falcon 1024	53.601
The Proposed Scheme AQKD 1024	0.000420526

Security analysis – sybil & spoofing attack

In the context of Vehicular IoT, histogram analysis and correlation evaluation play a crucial role in assessing the security and robustness of encryption algorithms. The histogram of an image is significant, as it reflects the distribution of pixel values. A cipher image with a uniform distribution hinders potential attackers from extracting meaningful information from the encrypted data. Results show that the Ascon algorithm generates cipher images that closely resemble a uniformly distributed histogram. Histograms and correlations of the selected images together with their corresponding encrypted versions in the context of VIoT are shown in Fig. 5.

Fig. 5.

Analysis of Tested Input Image: A ₍₁₋₃₎ -Input images; B₍₁₋₃₎- Encrypted Images for the A₍₁₋₃₎ input images; Histogram Images for the input images (A₍₁₋₃₎) is C₍₁₋₃₎; Histogram Images for the Encrypted Images(B₍₁₋₃₎) is D₍₁₋₃₎; E₍₁₋₃₎ Correlation Coefficient of both Input(A₁₋₃) & encrypted images(B₁₋₃).

Histogram & correlation analysis

In Vehicular IoT systems, Sybil and spoofing attacks exploit identifiable patterns or redundancies in data, including image-based telemetry. To counter such threats, histogram analysis and pixel correlation evaluation are critical tools for validating the strength of encryption algorithms. The histogram of an image reveals the distribution of pixel intensities, if a cipher image displays a near-uniform histogram, it becomes extremely difficult for attackers to infer patterns or reconstruct the original content. Results from this study show that the Ascon encryption algorithm achieves such uniformity, effectively masking the original image’s statistical properties and enhancing resistance to spoofing-based inference attacks. Additionally, the correlation between adjacent pixels (horizontal, vertical, and diagonal) is minimized post-encryption. In VIoT applications, low correlation between neighboring pixels indicates strong encryption, as high correlation can leak structural information to attackers. Ascon significantly reduces these correlations, breaking spatial relationships within the image and impeding Sybil attack vectors that rely on identifying consistent or repeated patterns. These observations are supported by statistical tests, including correlation coefficient analysis, which demonstrate Ascon’s ability to disrupt pixel continuity and defend against adversarial attempts to forge or replicate identities through visual data manipulation.

Security analysis - Chosen Plaintext Attack (CPA)

Table 6 details the image statistical analysis of Vehicular Image data. The ASCON-based AQKD system offers a multitude of benefits when applied in the V-IoT environment, particularly regarding its rapid and efficient processing capabilities. The system preserves image integrity during encryption and decryption, as evidenced by high PSNR values, resulting in exceptional image quality. The system’s ability to resist differential attacks, coupled with its key sensitivity and robustness to various attacks, further enhances its security features. Additionally, the system demonstrates superior resistance to attacks, with low MSE values confirming the high level of the system’s fidelity and limited distortion. By assessing the difficulty of recovering the encryption key from known plaintext ciphertext pairs, the resistance of the cryptosystem against CPA was evaluated, that confirms strong resistance against CPA, indicating robust security against known plaintext-based attacks. The results also showcase the effectiveness of the proposed encryption algorithm in dispersing pixel changes uniformly (NPCR and UACI) and minimizing distortion between original and decrypted images (low MSE), indicating strong diffusion and confusion properties. By conducting a thorough performance analysis across these evaluation parameters and achieving good results, the cryptosystem demonstrate its effectiveness in providing secure, high-quality encryption for container images, thereby ensuring the confidentiality, integrity, and privacy of sensitive data. The performance comparison of encryption schemes (AQKD, ASCON, AES, Present) applied to container images are depicted in Fig. 6. AQKD exhibits high entropy (7.9676 to 7.9919) and consistently strong NPCR (> 99%), with PSNR around 27.87 to 28.21, indicating moderate image quality. ASCON shows slightly higher entropy but lower PSNR (27.84 to 28.08) than AQKD, maintaining similarly high NPCR values, while MSE ranges from 104.26 to 105.48.

Table 6.

Image statistical Analysis.

Container Load - Color Image	Entropy details Where p() represents the symbol m’s probability		PSNR of Decrypted Image (DB)		NPCR-Encrypted Image’ Number of Pixel Changes Rate =1, if != =0, if ==	UACI- Encrypted Image’ Unified Average Changed Intensity
Image Details (Container Load - Color Image)	Raw Input	Cipher	Cipher	Decrypted	= cipher image =1 pixel changed cipher image	= cipher image =1 pixel changed cipher image
128 PIXELS	7.311	7.9759	27.8038	52.1508	99.15	33.55
256 PIXELS	7.342	7.9572	28.1971	51.1292	99.57	32.16
512 PIXELS	6.705	7.9859	26.9899	52.6935	99.89	33.18
1024 PIXELS	6.845	7.9987	28.1657	51.160	99.04	32.97

Fig. 6.

Comparison with Existing Methods.

AES consistently demonstrates the lowest entropy (7.6909 to 7.9195) but achieves the highest PSNR, reflecting better image quality (27.87 to 28.21); however, NPCR is lower than AQKD and ASCON. PRESENT displays the lowest entropy (7.6206 to 7.9560) and comparable PSNR values, with high NPCR (> 99%) and MSE variability. Overall, while AQKD and ASCON balance security and entropy, AES is superior in preserving image quality. Present qualitative assessments of encrypted images by domain experts, demonstrating that the encryption process maintains image quality and diagnostic value, ensuring clinical utility and interpretability. The proposed protocol integrates Quantum Key Distribution (BB84 with BBS4 basis) to achieve secure, post-quantum key exchange resistant to quantum adversaries. Enhancements to Ascon’s permutation block and the use of 256-bit keys strengthen encryption against quantum attacks like Grover’s. A hybrid hashing scheme combining a 32-bit Ascon hash with SHA-512 ensures authentication and integrity. The protocol defends against replay, Sybil, and man-in-the-middle attacks, while remaining lightweight and suitable for real-time vehicular networks. Experimental results confirm superior performance over Kyber, Falcon, and standard Ascon, demonstrating the protocol’s practical viability and strong resilience in quantum-threatened environments. Table 7 details the various attack mitigations possible with our proposed methodology.

Table 7.

Attack Mitigation.

Attack type	Description	Countermeasure in proposed system
Collision & Collusion	Two distinct inputs producing the same hash/output, compromising data integrity.	Extended hash length to 512 bytes and integration of SHA3-512 with Ascon for enhanced collision resistance.
Replay Attack	Reuse of intercepted valid data transmission to deceive the system.	Use of timestamps and nonce-based session validation to detect and discard repeated transmissions.
Sybil & Spoofing Attacks	Malicious nodes assume multiple identities or fake legitimate sources.	Histogram uniformity and pixel correlation analysis reduce the effectiveness of statistical and identity-based attacks.
Chosen Plaintext Attack	Attacker selects plaintexts to encrypt and analyzes resulting ciphertext.	High NPCR, UACI, and key sensitivity; robust statistical differences in encrypted outputs prevent inference of encryption patterns.
Man-in-the-Middle Attack	Interception and manipulation of communication between parties.	Secure key exchange through QKD combined with PQC-ASCON encryption ensures message integrity and confidentiality even in hostile environments.
Eavesdropping	Unauthorized interception of sensitive vehicular communication (e.g., GPS, telemetry).	PQC-enhanced Ascon encrypts sensitive data; quantum-resistant key management via QKD ensures secure communication channels.

It is important to communicate these results effectively to stakeholders and to highlight the benefits and advantages of adopting encryption solutions for image protection in the vehicular networks environment. The evaluation results clearly demonstrate the effectiveness of the ASCON-based AQKD encryption system in ensuring security, quality, and performance for image protection in V-IoT environments. The system delivers strong data confidentiality and integrity by generating secure keys, enabling real-time encryption, and resisting eavesdropping and data tampering. Its ability to safeguard sensitive vehicular information such as location data, diagnostics, and driver profiles makes it highly suitable for secure V2V and V2I communications. With robust key management and resistance to cyber threats, the proposed system offers a dependable solution to the evolving security demands of intelligent transportation networks.

Conclusion

A novel and secure framework for Quantum Key Exchange integrated with Post-Quantum Cryptography within the Ascon protocol, tailored for Vehicular Internet of Things environments. By combining lightweight encryption with quantum-resistant mechanisms, the proposed solution ensures data confidentiality, integrity, and authentication against both classical and quantum threats. The implemented hash value verification scheme, validated via Qiskit simulations, achieves rapid integrity checks in 0.0000199s, demonstrating its real-time applicability in vehicular networks. The ability to generate 128–512-bit quantum keys in microseconds, outperforming other schemes like Kyber and Falcon. The proposed model achieved faster hash computation on grayscale images (e.g., 0.0782s for 256 × 256 image) compared to standard Ascon (0.822s). Future research will focus on optimizing the framework for scalability, low-resource deployment, and integration with V2V, V2X, and 5G-enabled vehicular technologies. Exploration of hybrid quantum-classical encryption and advanced quantum key distribution protocols will further enhance its resilience and applicability in large-scale, latency-sensitive urban environments.

Author contributions

All authors contributed to the study conception, literature survey, and Comparative studies. Ms. Bhuvaneshwari A J: Conceptualization, Data curation, Formal analysis, Investigation, Methodology, Project administration, Software, Validation, Visualization, Writing – review & editing. Muthu Harish: implemented, developed, and performed the computations, Writing – original draft, Visualization. Dr.R.Kishore & Dr. P. Kaythry verified the analytical methods and supervised the findings of this work. Dr. R. Kishore read and approved the final manuscript.

Funding

No funding was received to conduct this study.

Data availability

The datasets used and/or analysed during the current study available from the corresponding author on reasonable request.

Declarations

Consent for publication

Not applicable.

Competing interests

The authors declare no competing interests.

Research involving human participants and animals

Not applicable.

Ethics approval

The manuscript in part or full has not been submitted or published anywhere. The manuscript will not be submitted elsewhere until the editorial process is completed.

Consent to participate

Not applicable.

Informed consent

Not applicable.