#quantumsecure

Introduced: QORE Framework Protects Future Networks and 5G against Quantum Threat

5G and Beyond

Modern telecommunications and secure 5G systems use public-key cryptography like Elliptic Curve Cryptography (ECC) and RSA, which are critically threatened by quantum computers' rapid advancement. Quantum computers, especially those using Shor's algorithm, can attack these standards, making 5G network security a major engineering and scientific priority. Long-lived sensitive data must be protected from future decryption, including “Harvest Now, Decrypt Later” assaults.

The QORE framework was developed by Vipin Rathi, Lakshya Chopra, Rudraksh Rawal, and others to address this massive challenge. QORE provides a simple transition path for 5G and Beyond 5G (B5G) Core Networks and User Equipment (UE) security to Post-Quantum Cryptography. For long-term network data and communications, QORE aims to provide quantum-secure confidentiality and integrity.

The Foundation is NIST-Standardized PQC

QORE's principle is to integrate NIST-standardized lattice-based PQC algorithms into the 5G SBA. This uses two primary algorithms:

Key establishment relies on the Module-Lattice Key Encapsulation Mechanism (ML-KEM) algorithm. It also uses the Post-Quantum Subscription Concealed Identifier (PQ-SUCI) for subscriber identification hiding.

The Module-Lattice Digital Signature Algorithm (ML-DSA) is used for digital signatures. This is important for Core Network Function (NF) authentication using Post-Quantum Public Key Infrastructure (PQ-PKI).

These lattice-based algorithms replace vulnerable RSA and ECC primitives in critical protocols.

Secure Every Interface: Protocols and Zero-Trust

The comprehensive QORE framework secures critical inter-functional channels in the 5G architecture.

PQ-mTLS (Post-Quantum Mutual TLS) secures Core Network Function communication over the Service-Based Interface (SBI) under the Zero-Trust security architecture. QORE pioneered the use of ML-KEM for key exchange and ML-DSA for digital signatures to secure 5G core network communication channels in TLS 1.3.

QORE's control and user plane interfaces (N2 and N3) with the RAN and Core Network use PQ-IPsec/PQ-DTLS. Adapting DTLS to safeguard latency-prone UDP-based 5G control plane signalling is one example. The PQ-SUCI method protects the Subscriber Permanent Identifier (SUPI) during transmission using ML-KEM. The framework suggests rebuilding TLS, IPsec, mTLS, and OAuth2.0 with NIST-standardized methods.

The framework also recommends using a Quantum Random Number Generator (QRNG) for really random key creation and bigger symmetric key sizes like AES-256 for ciphering and integrity protection.

Hybrid Strategy Smooths Transition

QORE recommends an HPQC configuration for a smooth conversion. This method combines Elliptic Curve Cryptography, classical primitives, and quantum-safe primitives like ML-KEM and ML-DSA. This hybrid method maintains 5G infrastructure compatibility and technology interoperability during the transition phase.

Carrier-Grade Performance with Low Overhead Experimental validation of QORE shows that the novel lattice-based algorithms meet carrier-grade 5G systems' low-latency, high-throughput requirements with minimum performance overhead.

Metrics show outstanding performance:

GPU acceleration allowed the ML-KEM-512 to generate 3.16 million keys per second. The suggested security level, ML-KEM-768, delivers AES-192-level security with 236,000 key generations per second. This improves quantum resistance and performance by 2.4 times over the classical X25519.

The ML-DSA-44 can collect 250,000 digital signatures per second, enough for standard transmission speeds. Verification is faster at 1.15 million per second.

Latency and Memory: Modern virtualised networks use ML-KEM and ML-DSA with a memory overhead of 30 to 50 KB per connection. PQ-TLS handshakes add 8–12 ms, 20–30% for 5GC control-plane transactions, while user-plane traffic is unaffected.

Scalability studies show that a single core can start over 50,000 PQ-TLS sessions per second, and OAuth token verification can handle millions of concurrent service requests with 1.15 million operations per second. The solution maintains IPsec throughput between 10 and 40 Gbps per core to meet 5G user-plane bandwidth requirements.