Papers
Topics
Authors
Recent
Search
2000 character limit reached

Pseudonym Scheme Based on Hybrid Certificates for Security Credential Management System in Vehicular Communications

Published 12 Jun 2026 in cs.CR, cs.NI, cs.PF, and eess.SY | (2606.14008v1)

Abstract: In recent years, the Institute of Electrical and Electronics Engineers (IEEE) and the European Telecommunications Standards Institute (ETSI) have developed a series of security communication standards for vehicular communications. These standards include mechanisms such as the Security Credential Management System (SCMS) and Butterfly Key Expansion (BKE) to protect vehicle privacy. However, these standards are mainly based on the Elliptic-Curve Cryptography (ECC), which may be vulnerable to attacks from quantum computing in the future. In response to this potential risk, this study proposes a hybrid certificate that combines the ECC with Post-Quantum Cryptography (PQC). This approach enables infrastructure systems to be built on cryptographic foundations that are more resilient to quantum-based attacks. Furthermore, this study presents a generalized pseudonym scheme that is compatible with various cryptographic algorithms for generating pseudonym certificates. This design aims to eliminate the possibility of inferring any correlation between the public key in a pseudonym certificate and that in an enrollment certificate. This study also conducts a comprehensive performance evaluation of the RSA, ECC, and PQC algorithms, particularly those standardized by the National Institute of Standards and Technology (NIST). The comparison considers factors such as message length and computation time. Based on the findings, this study recommends suitable pseudonym schemes that adopt hybrid certificates for secure and efficient use in vehicular communications.

Summary

  • The paper proposes a quantum-resistant hybrid certificate scheme that blends post-quantum cryptography with ECC to secure vehicular communications.
  • The methodology employs PQC for infrastructure and a hybrid ECC approach for OBUs to meet the strict 1400-byte size limit in V2V transmissions.
  • Experimental evaluations on Raspberry Pi and Android platforms demonstrate improved real-time performance and enhanced security over existing IEEE standards.

Pseudonym Scheme Based on Hybrid Certificates for Security Credential Management System in Vehicular Communications

Introduction and Motivation

Vehicular communications, encompassing V2V, V2I, and I2I, are critically dependent on robust security mechanisms due to the privacy-sensitive nature of vehicle data and stringent real-time operational requirements. Current vehicular Public Key Infrastructure (PKI) implementations, as standardized in IEEE 1609.2/.2.1 and ETSI TS 103 097, rely primarily on ECC for both key establishment and digital signatures, with Butterfly Key Expansion (BKE) for pseudonym certificate unlinkability. However, the advancement of quantum computing threatens all cryptosystems based on integer factorization and discrete logarithm assumptions, including ECC and RSA, thus motivating a transition toward post-quantum cryptography (PQC).

Transitional frameworks must address quantum resilience, message size constraints imposed by IEEE 1609.3 (notably the 1400-byte limit for WAVE Short Messages in V2V scenarios), and computational efficiency, especially on resource-constrained OBUs. Moreover, ensuring robust privacy—i.e., the unlinkability of enrollment and pseudonym keys across CA, RA, and PCA domains—remains quintessential.

Hybrid Certificate and Generalized Pseudonym Scheme Design

This work proposes a cryptographic scheme for SCMS in vehicular networks that leverages hybrid certificates: infrastructure entities transition to pure PQC, while resource-constrained OBUs/RUSs use a hybrid scheme that blends PQC signatures (CA/PCA side) with classical ECC signatures (EE side). The canonical, enrollment, and infrastructure certificates (RCA, ICA, ECA, PCA, RA) utilize PQC for both public keys and signatures (ML-DSA/SLH-DSA/Falcon for signatures, ML-KEM for KEM), while pseudonym certificates for EEs are issued via a hybrid structure: the EE provides an ECC public key (for efficiency and compact size), the CA/PCA issues the certificate using a PQC digital signature.

The scheme is generalized such that the pseudonym certificate protocol is now crypto-agile—supporting any standardized DSA or KEM as building blocks—eliminating implicit linkability between EC and PC public keys. The protocol is constructed such that key generation, certificate requests, and encrypted message exchange in the pseudonym issuance flow are secured via PQC mechanisms in V2I and I2I segments (where size constraints do not apply), while V2V segments use the hybrid structure to conform to the packet size limit.

Technical Details and Protocol Steps

The protocol consists of the following steps:

  1. Canonical Keying (Manufacturing/Initialization): Each EE is provisioned with a PQC-based canonical key pair registered with the ECA.
  2. Enrollment Certificate (EC) Acquisition: The EE proves possession via a PQC-based signature, and obtains an EC carrying its PQC public key.
  3. Pseudonym Certificate (PC) Request: The EE generates a DSA key pair (ECC-based for V2V), encrypts its PC public key using the PCA’s PQC KEM public key, and transmits this (with signature) to the RA. The RA further relays to the PCA.
  4. PC Issuance: The PCA decrypts, issues the PC with the EE’s public key in the verified key indicator field, signs using PQC DSA, and encrypts the return using a pre-shared key (established via KEM), returning it through the RA.
  5. PC Rotation: Periodic generation and receipt of PCs for privacy, maintaining unlinkability between EC and PC under quantum and classical adversaries.

Encryption and signature verification in the infrastructure always adopt PQC. Only messages traversing the V2V constrained channel rely on hybrid certificates, maintaining the 1400-byte bound.

Experimental Evaluation

Evaluations performed on Raspberry Pi 4 and Android platforms confirm:

  • Certificate and Message Lengths: Only the Falcon-512/ECDSA P-256 hybrid can satisfy the <1400 byte V2V requirement. All combinations using pure PQC DSAs exceed this limit.
  • Computation Times: Falcon-512 keypair generation is slower than ECDSA, but signature generation and verification are competitive, with Falcon-512 verification outperforming ECDSA. ML-KEM encapsulation/decapsulation is more efficient than ECIES in many cases. HQC, while quantum-safe, incurs higher computational and message size overhead than ML-KEM.
  • Practicality in Dense V2X Environments: The protocol meets all real-time signature generation/verification rates at LOS F (100 vehicles/km/lane, 10 messages/s/vehicle) on both Raspberry Pi and Android, outperforming classical IEEE 1609.2 in receiver verification throughput.
  • Security Levels: Infrastructure certificates achieve NIST security level 1 (quantum-safe); V2V pseudonym certificates are quantum-safe from the CA side, but EEs remain conditionally vulnerable until efficient/significant PQC DSAs are available for end-entity use.

All performance claims are substantiated with strong numerical results, including message lengths and signature processing rates under realistic vehicular densities.

Security, Privacy, and Migration Considerations

  • Quantum Security: The CA’s PQC-based signatures ensure infrastructural resilience, with fallback protection in pseudonym certificates via reduced lifetime. The only configuration capable of meeting current packet size constraints leverages Falcon-512 for CA-side signatures.
  • Unlinkability/Anonymity: Throughout the request/issuance protocol, linkability attacks by PCA, RA, or external adversaries are infeasible under the classical/quantum security assumptions for ML-KEM and DSA, confirmed both by protocol structure and entropy analysis (NIST SP 800-90B-compliant).
  • Practical Migration: Only five core entities (RCA, ICA, ECA, PCA, RA) require PQC enhancement; EEs can remain hybrid until quantum-efficient DSA schemes become available, and software/OTA updates are sufficient for EE migration without hardware recall.
  • Crypto-Agility and Forward Compatibility: The protocol supports future PQC DSAs with shorter signatures and keys (pending NIST standardization) with minimal certificate structure changes.

Theoretical and Practical Implications

The proposed system demonstrates that quantum-safe credential management in vehicular networks is feasible whilst respecting existing operational constraints (packet size, computational budget, privacy requirements). It provides a solid transitional architecture for PKI migration to PQC, leveraging crypto-agility in certificate design, and is deployable in current infrastructures that maintain support for standardized formats. Adoption of hybrid and pure PQC certificates delineates a pragmatic path for the automotive industry, with quantifiable parameters for certificate lifetime reduction as an interim tradeoff.

From a theoretical perspective, this scheme highlights the fundamental bottleneck posed by signature/message size in PQC DSAs for V2V, catalyzing further research into space-efficient and fast quantum-safe signature schemes compatible with vehicular low-latency real-time environments.

Conclusion

The hybrid certificate-based pseudonym scheme addresses quantum-resilient credential management for vehicular networks, providing both theoretical and implementation advances in SCMS. The approach achieves compliance with current operational constraints, substantiated by empirical analysis, and offers a clearly defined migration strategy toward pure PQC-backed security once more efficient DSAs become standardized. This work delineates the critical impact of NIST PQC progress on large-scale V2X deployments and informs ongoing standardization in both IEEE and ETSI vehicular security specifications.


Reference: "Pseudonym Scheme Based on Hybrid Certificates for Security Credential Management System in Vehicular Communications" (2606.14008).

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 2 tweets with 7 likes about this paper.