A Survey of Post-Quantum Cryptography Migration in Vehicles

The advent of quantum computers makes asymmetric cryptographic algorithms insecure and vulnerable. A promising solution to ensure the continued security attributes of confidentiality, integrity, and availability is the use of Post-Quantum Cryptography (PQC) algorithms. The adoption of quantum-safe algorithms takes place at a vastly different pace in different industries. In some industries, adoption processes are slow due to the required adaptation of regulations and standards. At the same time, long-lived products with non-PQC algorithms are more likely to become insecure during their lifetime. Vehicles are a prime example of long-lived products where the adoption of PQC proceeds slowly. When quantum computers are able to break relevant key lengths of asymmetric cryptography and, thus, render current vehicle systems insecure, vehicles that are developed and produced today will most likely remain in use. In this work, we provide a structured and comprehensive overview of the current migration state of PQC algorithms in the automotive area. We address use cases involving asymmetric cryptography in the automotive context that face the challenge of adapting PQC, such as internal vehicle networks, manufacturer-specific communication, and vehicle-to-everything communication. In addition, we review the standards concerning vehicle security and their relevance to PQC. Finally, we identify and discuss open research challenges regarding the adoption of PQC in the automotive domain and further steps towards quantum-safe vehicles.