43 Terms in Quantum-IoT & Post-Quantum Security

The vocabulary behind the research—spanning quantum machine learning, post-quantum cryptography, industrial control security, IoT standards, and blockchain consensus.

Quantum Computing (7 terms)

ZZFeatureMap: A parameterized quantum circuit that encodes classical data into quantum states using ZZ entangling gates. Used in quantum kernel methods to compute similarity measures in Hilbert space.
NISQ Noisy Intermediate-Scale Quantum: Current-generation quantum processors (50–1000+ qubits) operating without full error correction. IBM's 156-qubit ibm_fez is a NISQ device used in quantum kernel experiments.
QSVM Quantum Support Vector Machine: Kernel-based classifier computing inner products on quantum hardware. Quantum kernels capture correlations classical kernels miss.
Quantum Kernel: Function measuring similarity between data points by encoding them into quantum states and computing their overlap. Hardware-agnostic kernels run on different backends without retraining.
Quantum Bootstrap: Numerical method using positivity constraints on expectation-value matrices to bound eigenenergies without solving Schrödinger directly. See research.
Qubit: Basic unit of quantum information. Unlike classical bits, qubits exist in superposition of both states until measured. Entangled qubits enable quantum parallelism.
Quantum Volume: IBM metric measuring quantum computer capability, accounting for qubit count, connectivity, and gate error rates. Higher QV indicates more complex circuits can run reliably.

Post-Quantum Cryptography (13 terms)

CRYSTALS-Kyber ML-KEM: Lattice-based key encapsulation mechanism standardized by NIST (FIPS 203). Resistant to quantum attacks. Used in quantum-resilient IoT.
CRYSTALS-Dilithium ML-DSA: Lattice-based digital signature algorithm standardized by NIST (FIPS 204). Compact signatures suitable for constrained IoT devices.
SPHINCS+ SLH-DSA: Hash-based signature scheme standardized by NIST (FIPS 205). Larger signatures but relies only on hash function security.
Falcon: Lattice-based signature using NTRU lattices. Compact signatures ideal for bandwidth-constrained applications. NIST Round 4 selection.
ML-KEM: Module-Lattice Key Encapsulation Mechanism: NIST's official name for standardized Kyber in FIPS 203. Deployed in smart-grid IoT pilots.
ML-DSA: Module-Lattice Digital Signature Algorithm: NIST's official name for standardized Dilithium in FIPS 204. Used for device authentication in resilient IoT.
SLH-DSA: Stateless Hash-Based Digital Signature Algorithm: NIST's official name for standardized SPHINCS+ in FIPS 205.
Harvest Now, Decrypt Later HNDL: Attack strategy where adversaries store encrypted traffic today to decrypt once quantum computers break current encryption. Motivates urgent PQC migration.
Lattice-Based Cryptography: Schemes built on hardness of lattice problems (Learning With Errors, NTRU). Basis for most NIST post-quantum standards.
PQ-EDHOC: Post-Quantum EDHOC: extension to IETF LAKE protocol integrating Kyber/Dilithium for quantum-resistant IoT device onboarding.
Hybrid Cryptography: Combining classical (RSA/ECDH) and post-quantum algorithms. If either survives cryptanalysis, connection remains secure.
Crypto-Agility: Designing systems to rapidly switch cryptographic algorithms without major architectural changes. Essential for PQC migration.
HSM Hardware Security Module: Dedicated cryptographic processor for managing and protecting digital keys. Provides tamper-resistant key storage and accelerated crypto operations for PQC migration.

ICS/SCADA Security (8 terms)

ICS Industrial Control System: Systems monitoring and controlling physical processes in manufacturing, utilities, and critical infrastructure. Primary target of nation-state cyber operations; defended via quantum-kernel anomaly detection.
SCADA Supervisory Control and Data Acquisition: Architecture for remote monitoring of distributed infrastructure (pipelines, power grids, water treatment). Legacy systems often lack encryption, motivating ML-based intrusion detection.
SWaT Secure Water Treatment: Six-stage water treatment testbed at SUTD Singapore. Provides labeled attack datasets for ICS anomaly detection. Used to validate quantum kernels.
HAI HIL-based Augmented ICS: Hardware-in-the-loop ICS testbed combining real PLCs with simulated processes. Complements SWaT for cross-testbed validation.
ISA/IEC 62443: International standard series for industrial automation security. Defines security levels (SL 1–4), zones, conduits, and lifecycle requirements.
OT Operational Technology: Hardware/software detecting or causing changes in physical processes. OT security prioritizes availability over confidentiality.
Purdue Model: Reference architecture separating industrial networks into hierarchical zones (0–5) from physical process to enterprise network.
Zone and Conduit: ISA-62443 concept grouping assets by security requirements (zones) and controlling data flows between them (conduits).

IoT & Standards (6 terms)

oneM2M: Global standard for M2M and IoT interoperability. Defines resource-oriented architecture and protocol bindings. See lightweight implementation.
MQTT Message Queuing Telemetry Transport: Lightweight publish-subscribe messaging for constrained devices. Default for many IoT platforms. Requires TLS for security.
CoAP Constrained Application Protocol: RESTful protocol for constrained networks. UDP-based with optional DTLS security. Used alongside oneM2M bindings; EDHOC provides lightweight key exchange.
EDHOC Ephemeral Diffie-Hellman Over COSE: Lightweight authenticated key exchange producing OSCORE security context in 3 messages. IETF LAKE working group specification.
Edge Computing: Processing data near its source rather than centralized clouds. Reduces latency, bandwidth, and privacy exposure for real-time ICS.
Smart Grid: Electricity network using digital communication for monitoring and optimization. Smart meters are ideal PQC deployment targets. See quantum-resilient metering.

Machine Learning (4 terms)

POMDP Partially Observable Markov Decision Process: Decision framework where agent cannot directly observe true state. See Compressed Suffix Memory for efficient POMDP learning.
Reinforcement Learning RL: Learning paradigm where agents maximize cumulative reward through trial-and-error. Used in cognitive radio and VLSI optimization.
Deep RL: Reinforcement learning with neural network function approximation. Handles high-dimensional spaces intractable for tabular methods, including partially observable wireless control.
Anomaly Detection: Identifying patterns deviating from expected behavior. Critical for ICS security where attacks manifest as subtle process deviations.

Blockchain & Consensus (5 terms)

Proof of Stake PoS: Consensus selecting validators by staked tokens rather than computational work. More energy-efficient than PoW but vulnerable to tails switching.
Nothing at Stake: PoS vulnerability where validators can costlessly vote on multiple branches. Addressed by slashing conditions and finality gadgets.
Tails Switching: Attack on multibranch PoS exploiting low-probability chain tails to reorganize history. Quantum-inspired direct-measure functions suppress this. See research.
Finality Gadget: Mechanism (e.g., Casper FFG) periodically checkpointing blocks as irreversible. Complements chain-selection rules and mitigates tails-switching attacks.
Permissioned Blockchain: Blockchain where participants are known and authorized. Lower latency than public chains. Suitable for enterprise IoT and smart grid.