Abstract IoT devices face mounting security threats: tightly bounded computing budgets on one side, the imminent arrival of quantum adversaries on the other. We present a bidirectional authentication protocol that pairs Physical Unclonable Functions with hash-based primitives so that no long-term key ever sits in device-side non-volatile memory. The scheme is best characterised as Grover-tolerant rather than fully post-quantum: hash one-wayness incurs a quadratic-only slowdown under quantum search, and PUF unclonability adds a physical, non-cryptographic uniqueness assumption — we do not claim parity with NIST-standardised lattice or code-based schemes. Mutual authentication is achieved with conditional forward secrecy and weak unlinkability against external eavesdroppers, while delivering 24.3 ms latency, 15.7 mJ per-authentication energy, and a 136-byte exchange on ESP32. ProVerif symbolic verification, complemented by a sketched QROM reduction with explicit PUF-leakage modelling, covers replay, MITM, impersonation, and physical-capture adversaries. Environmental stressing from 0 °C to 70 °C confirms practical reliability. We deliberately omit ephemeral key exchange and anonymous credentials — the price of doing so is the conditional and partial (rather than full) flavours of forward secrecy and anonymity, which we make explicit throughout.
Qin et al. (Wed,) studied this question.