Lightweight and Scalable Post-Quantum Authentication for Medical Internet of Things

The Medical Internet of Things (MIoT) harbors resource-limited medical embedded devices that collect security-sensitive data from users for analysis, monitoring, and diagnosis. Digital signatures play a foundational role in ensuring the authentication and integrity of this sensitive medical information, critical for the trustworthiness of MIoT applications. However, traditional signatures used in current IoT systems may lack the necessary long-term security and are vulnerable to emerging quantum computer threats. NISt's PQC standards impose heavy overhead unsuitable for battery-limited MIoT devices. Efforts to design more computationally efficient PQ signatures have faced challenges, either introducing significant memory overhead and potential vulnerabilities or relying on strong assumptions. Hence, this paper introduces INFinity-HORS (INF-HORS), a lightweight PQ digital signature. To the best of our knowledge, INF-HORS is the first signer-optimal hash-based signature offering polynomial unbounded signing capabilities under minimal architectural assumptions. Unlike other PQ signatures, INF-HORS does not require hyper-tree structures or incur the high memory usage seen in multivariate counterparts. Our performance analysis confirms that INF-HORS is significantly more computationally efficient than NIST PQC standards like Dilithium and SPHINCS+. We prove INF-HORS's security in the random oracle model and show through experiments that it achieves 20x faster signature generation and smaller signature and private key sizes compared to BLISS-I on an 8-bit ATxmega128A1 microcontroller. INF-HORS does not rely on non-colluding verification servers, secure enclaves, or trusted verification assisting entities, minimizing security risks and making it ideal for MIoT with minimal cryptographic overhead and strong security assumptions.