{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T19:27:33Z","timestamp":1769542053333,"version":"3.49.0"},"reference-count":132,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/access.2026.3654143","type":"journal-article","created":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T20:40:58Z","timestamp":1768423258000},"page":"10595-10614","source":"Crossref","is-referenced-by-count":0,"title":["SoK: Evolution of the Key Encapsulation Mechanism\u2019s Role in Cryptographic Migrations for IoT Systems"],"prefix":"10.1109","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0183-3613","authenticated-orcid":false,"given":"Silonosov","family":"Alexandr","sequence":"first","affiliation":[{"name":"Blekinge Institute of Technology, Karlskrona, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3118-5058","authenticated-orcid":false,"given":"Emiliano","family":"Casalicchio","sequence":"additional","affiliation":[{"name":"Blekinge Institute of Technology, Karlskrona, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0518-6532","authenticated-orcid":false,"given":"Lawrence","family":"Henesey","sequence":"additional","affiliation":[{"name":"Blekinge Institute of Technology, Karlskrona, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","first-page":"353","article-title":"CRYSTALS-kyber: A CCA-secure module-lattice-based KEM","volume-title":"Proc. IEEE Eur. Symp. Secur. Privacy (EuroS P)","author":"Bos"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.26599\/tst.2023.9010059"},{"key":"ref3","article-title":"Transition to post-quantum cryptography standards","author":"Moody","year":"2024"},{"key":"ref4","volume-title":"The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously","year":"2023"},{"key":"ref5","volume-title":"Directive (EU) 2022\/2555 of the European Parliament and of the Council of 14 December 2022 on Measures for a High Common Level of Cybersecurity Across the Union, Amending Regulation (EU), no. 910\/2014 and Directive (EU) 2018\/1972, and Repealing Directive (EU) 2016\/1148 (NIS 2 Directive) (Text With EEA Relevance)","year":"2022"},{"key":"ref6","volume-title":"Datalagring Och \u00c5tkomst Till Elektronisk Information"},{"key":"ref7","article-title":"Identifying research challenges in post quantum cryptography migration and cryptographic agility","author":"Ott","year":"2019","journal-title":"arXiv:1909.07353"},{"issue":"4","key":"ref8","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1109\/MSP.2017.3151339","article-title":"Cryptography standards in quantum time: New wine in an old wineskin?","volume":"15","author":"Chen","year":"2017","journal-title":"IEEE Secur. Privacy"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-42001-6_16"},{"issue":"4","key":"ref10","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1109\/TIT.1985.1057074","article-title":"A public key cryptosystem and a signature scheme based on discrete logarithms","volume":"IT-31","author":"Elgamal","year":"1985","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/359340.359342"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44448-3_3"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/103418.103474"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0055718"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0055717"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1137\/s0097539702403773"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36362-7_17"},{"key":"ref18","first-page":"266","article-title":"Authenticated key exchange for SIDH","volume":"2018","author":"Galbraith","year":"2018","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref19","article-title":"Authenticated encryption in the public-key setting: Security notions and analyses","author":"An","year":"2001"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-69659-1_7"},{"key":"ref21","first-page":"143","article-title":"They\u2019re not that hard to mitigate: What cryptographic library developers think about timing attacks","volume":"2024","author":"Jancar","year":"2024","journal-title":"Gesellschaft F\u00fcr Informatik"},{"issue":"2","key":"ref22","doi-asserted-by":"crossref","first-page":"403","DOI":"10.56553\/popets-2023-0060","article-title":"SoK: Content moderation for end-to-end encryption","volume":"2023","author":"Scheffler","year":"2023","journal-title":"Proc. Privacy Enhancing Technol."},{"key":"ref23","first-page":"341","article-title":"Model-driven application-level encryption for the privacy of e-health data","volume-title":"Proc. Int. Conf. Availability, Rel. Secur.","author":"Ding"},{"key":"ref24","first-page":"1","article-title":"Cryptographic agility: Defending against the sneakers scenario","volume":"24","author":"Sullivan","year":"2009","journal-title":"MSDN Mag."},{"key":"ref25","article-title":"ELCA: Introducing enterprise-level cryptographic agility for a post-quantum era","author":"Sikeridis","year":"2023"},{"key":"ref26","article-title":"On the state of crypto-agility","author":"Alnahawi","year":"2023"},{"key":"ref27","article-title":"The challenges of bringing cryptography from research papers to products: Results from an interview study with experts","volume-title":"Proc. 33rd USENIX Secur. Symp.","author":"Fischer"},{"key":"ref28","first-page":"1289","article-title":"Three lessons from threema: Analysis of a secure messenger","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Paterson"},{"key":"ref29","volume-title":"The Cyber Security Body of Knowledge V1.1.0, 2021","author":"Paterson","year":"2021"},{"key":"ref30","first-page":"7249","article-title":"\u2019You have to read 50 different RFCs that contradict each other\u2019: An interview study on the experiences of implementing cryptographic standards","volume-title":"Proc. 33rd USENIX Security Symp.","author":"Huaman"},{"key":"ref31","first-page":"154","article-title":"Comparing the usability of cryptographic APIs","volume-title":"Proc. IEEE Symp. Secur. Privacy (SP)","author":"Acar"},{"key":"ref32","first-page":"265","article-title":"Developers deserve security warnings, too: On the effect of integrated security advice on cryptographic API misuse","volume-title":"Proc. 14th Symp. Usable Privacy Security","author":"Gorski"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2637166.2637237"},{"key":"ref34","first-page":"65","article-title":"Towards cryptographic agility manifesto in end-to-end encryption systems: A position paper from the perspective of crypto-consumers","volume-title":"Proc. IEEE Conf. Dependable, Autonomic Secure Comput. (DASC)","author":"Silonosov"},{"key":"ref35","volume-title":"Post-Quantum Cryptography\u2014Integration Study\u2014ENISA","author":"Bernstein","year":"2022"},{"key":"ref36","article-title":"Status report on the third round of the NIST post-quantum cryptography standardization process","author":"Alagic","year":"2022"},{"key":"ref37","article-title":"Recommendations for key-encapsulation mechanisms","author":"Alagic","year":"2025"},{"key":"ref38","article-title":"SoK: Post-quantum TLS handshake","author":"Alnahawi","year":"2023"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-57728-4_2"},{"key":"ref40","first-page":"169","article-title":"SoK: Delay-based cryptography","volume-title":"Proc. IEEE Comput. Soc.","author":"Medley"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-75539-3_19"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3422178"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623185"},{"issue":"11","key":"ref44","doi-asserted-by":"crossref","first-page":"8269","DOI":"10.1109\/JIOT.2022.3154039","article-title":"A survey on attribute-based encryption schemes suitable for the Internet of Things","volume":"9","author":"Rasori","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3450306"},{"key":"ref46","article-title":"On PQC migration and crypto-agility","author":"Wiesmaier","year":"2021","journal-title":"arXiv:2106.09599"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3657012"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/s42979-023-01724-1"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3579375.3579388"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2023-0075"},{"key":"ref51","article-title":"Too many options: A survey of ABE libraries for developers","author":"Mosteiro-Sanchez","year":"2022","journal-title":"arXiv:2209.12742"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-023-05233-z"},{"key":"ref53","article-title":"SoK: Multi-device secure instant messaging","author":"Dimeo","year":"2021"},{"key":"ref54","article-title":"On end-to-end encryption","author":"Hale","year":"2022"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.17487\/rfc9420"},{"key":"ref56","doi-asserted-by":"crossref","first-page":"44","DOI":"10.59543\/ijmscs.v2i.7971","article-title":"Comparing several encrypted cloud storage platforms","volume":"2","author":"Manthiramoorthy","year":"2023","journal-title":"Int. J. Math., Statist., Comput. Sci."},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690309"},{"key":"ref58","article-title":"How to think about end-to-end encryption and AI: Training, processing, disclosure, and consent","author":"Knodel","year":"2024"},{"key":"ref59","doi-asserted-by":"crossref","DOI":"10.1016\/j.cosrev.2024.100676","article-title":"Quantum secure authentication and key agreement protocols for IoT-enabled applications: A comprehensive survey and open challenges","volume":"54","author":"Babu","year":"2024","journal-title":"Comput. Sci. Rev."},{"key":"ref60","article-title":"Post-quantum cryptography for Internet of Things: A survey on performance and optimization","author":"Liu","year":"2024","journal-title":"arXiv:2401.17538"},{"key":"ref61","article-title":"SoK: The engineer\u2019s guide to post-quantum cryptography for embedded devices","author":"Pursche","year":"2024"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.4946"},{"issue":"3","key":"ref63","first-page":"291","article-title":"A survey on Internet of Things architectures","volume":"30","author":"Ray","year":"2016","journal-title":"EAI Endorsed Trans. Internet Things"},{"key":"ref64","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1016\/j.comnet.2018.11.025","article-title":"Current research on Internet of Things (IoT) security: A survey","volume":"148","author":"Noor","year":"2019","journal-title":"Comput. Netw."},{"key":"ref65","article-title":"(PDF) SoK: Evaluating IoT security strategies across diverse architectures","author":"Patel","year":"2025"},{"key":"ref66","doi-asserted-by":"crossref","first-page":"36038","DOI":"10.1109\/ACCESS.2021.3062201","article-title":"Post-quantum era privacy protection for intelligent infrastructures","volume":"9","author":"Malina","year":"2021","journal-title":"IEEE Access"},{"key":"ref67","first-page":"3","article-title":"Validating search processes in systematic literature reviews","volume-title":"Proc. 1st Int. Workshop Evidential Assessment Softw. Technol.","author":"Kitchenham"},{"key":"ref68","article-title":"SOK: Research motivations of public-key cryptography","author":"Guo","year":"2023"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1186\/s13643-021-01626-4"},{"issue":"6","key":"ref70","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New directions in cryptography","volume":"IT-22","author":"Diffie","year":"1976","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref71","article-title":"Pairing-based cryptographic protocols: A survey","author":"Dutta","year":"2004"},{"issue":"7","key":"ref72","first-page":"6457","article-title":"From pre-quantum to post-quantum IoT security: A survey on quantum-resistant cryptosystems for the Internet of Things","volume-title":"Proc. IEEE Internet Things J.","volume":"7","author":"Fern\u00e1ndez-Caram\u00e9s"},{"issue":"2","key":"ref73","doi-asserted-by":"crossref","first-page":"489","DOI":"10.3390\/s22020489","article-title":"A comparative study of post-quantum cryptosystems for Internet-of-Things applications","volume":"22","author":"Septien-Hernandez","year":"2022","journal-title":"Sensors"},{"key":"ref74","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2022\/3223509","article-title":"A survey on public key encryption with keyword search: Taxonomy and methods","volume":"2022","author":"Noorallahzade","year":"2022","journal-title":"Int. J. Math. Math. Sci."},{"issue":"3","key":"ref75","doi-asserted-by":"crossref","first-page":"40","DOI":"10.3390\/cryptography7030040","article-title":"A survey of post-quantum cryptography: Start of a new race","volume":"7","author":"Dam","year":"2023","journal-title":"Cryptography"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.3934\/amc.2021049"},{"key":"ref77","article-title":"A comprehensive survey of cryptography key management systems","volume":"78","author":"Rana","year":"2023","journal-title":"J. Inf. Secur. Appl."},{"key":"ref78","first-page":"141","article-title":"A survey of post quantum key encapsulation mechanism","volume-title":"Proc. 5th Int. Conf. Mobile Comput. Sustain. Informat. (ICMCSI)","author":"Harmalkar"},{"key":"ref79","volume-title":"Module-Lattice-Based Key-Encapsulation Mechanism Standard","year":"2024"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-40061-5_29"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.22331\/q-2021-04-15-433"},{"key":"ref82","article-title":"A public key cryptosystem based on algebraic coding theory","author":"McEliece","year":"1978"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/2090236.2090262"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/237814.237838"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0054868"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1145\/1568318.1568324"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-76578-5_7"},{"issue":"1","key":"ref88","first-page":"1","article-title":"X-wing","volume":"1","author":"Barbosa","year":"2024","journal-title":"IACR Commun. Cryptol."},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39799-X_31"},{"key":"ref90","first-page":"103","article-title":"LUC: A new public key system","volume-title":"Proc. IFIP TC","author":"Smith"},{"key":"ref91","first-page":"92","article-title":"Optimal asymmetric encryption-how to encrypt with RSA","volume-title":"Proc. Eurocrypt","author":"Bellare"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0028457"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0054122"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48405-1_34"},{"key":"ref95","article-title":"DHAES: An encryption scheme based on the Diffie\u2013Hellman problem","author":"Abdalla","year":"1999"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44647-8_13"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45353-9_13"},{"key":"ref98","article-title":"A proposal for an ISO standard for public key encryption","author":"Shoup","year":"2001"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36178-2_34"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1007\/11426639_27"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1007\/11426639_8"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180418"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/11745853_14"},{"key":"ref104","first-page":"321","article-title":"Ciphertext-policy attribute-based encryption","volume-title":"Proc. IEEE Symp. Secur. Privacy (SP)","author":"Bethencourt"},{"key":"ref105","first-page":"19","article-title":"Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies","volume-title":"Proc. Int. Workshop Post-Quantum Cryptogr.","author":"Feo"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36594-2_8"},{"key":"ref107","article-title":"Ed448-goldilocks, a new elliptic curve","author":"Hamburg","year":"2015"},{"key":"ref108","first-page":"327","article-title":"Post-quantum key exchange\u2014A new hope","volume-title":"Proc. 25th USENIX Security Symp.","author":"Alkim"},{"key":"ref109","article-title":"BIKE: Bit flipping key encapsulation","author":"Aragon","year":"2017"},{"key":"ref110","volume-title":"SIKE: Supersingular isogeny key encapsulation","author":"Jao","year":"2017"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-03332-3_15"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-79063-3_1"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-21548-4_11"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-44223-1_26"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-77870-5_4"},{"key":"ref116","first-page":"283","article-title":"Towards discovering quantum-threats for applications using open-cource libraries","volume-title":"Proc. Appl. Cryptogr. Netw. Secur. Workshops","author":"Ye"},{"key":"ref117","first-page":"68","article-title":"Safe and secure? On the timing analysability of cryptographic implementations","volume-title":"Proc. IEEE 30th Real-Time Embedded Technol. Appl. Symp. (RTAS)","author":"Stegmeier"},{"key":"ref118","first-page":"88","article-title":"Enhanced analysis of cryptographic library usage patterns and trends in Android applications","volume-title":"Proc. IEEE Conf. Dependable Secure Comput. (DSC)","author":"Kanaoka"},{"key":"ref119","first-page":"19","article-title":"Improving software quality in cryptography standardization projects","volume-title":"Proc. IEEE Eur. Symp. Secur. Privacy Workshops (EuroS PW)","author":"Kannwischer"},{"key":"ref120","volume-title":"Elliptic Curve Cryptography. Java Platform Implementations","year":"2009"},{"key":"ref121","first-page":"11","article-title":"Comparative analysis of software libraries for public key cryptography","volume-title":"Proc. Softw. Perform. Enhancement Encryption Decryption, SPEED","author":"Abusharekh"},{"key":"ref122","article-title":"RELIC is an efficient library for cryptography","author":"Aranha","year":"2011"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33481-8_9"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-013-0057-3"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134043"},{"key":"ref126","article-title":"PQM4: Post-quantum crypto library for the ARM cortex-M4","author":"Kannwischer","year":"2018"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-69453-5_2"},{"key":"ref128","article-title":"HACSPEC: A gateway to high-assurance cryptography","author":"Kiefer","year":"2023"},{"key":"ref129","article-title":"Provable security of cryptographic primitives: From algorithms to assembly","author":"Gr\u00e9goire","year":"2024"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-76578-5_6"},{"key":"ref131","first-page":"1","article-title":"A formal security analysis of the signal messaging protocol","volume-title":"Proc. IEEE EuroSP","author":"Cohn-Gordon"},{"key":"ref132","article-title":"Understanding the role of key encapsulation mechanisms in cryptographic migrations: Towards cryptographic-agility in IoT systems based on end-to-end encryption approach","author":"Silonosov","year":"2025"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/11323511\/11352720.pdf?arnumber=11352720","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T05:59:53Z","timestamp":1769493593000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11352720\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":132,"URL":"https:\/\/doi.org\/10.1109\/access.2026.3654143","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}