Article Info
Feasibility of Post-Quantum Cryptography in Digital Signature Systems: From Theory to Proof of Concept
Nurul Syafiqah Norihsan, Azana Hafizah Mohd Aman, Fakrul Radzi Ab Rahim, Hazhar Ismail
dx.doi.org/10.17576/apjitm-2026-1501-05
Abstract
The advancement of quantum technology is increasingly pressuring the security of traditional cryptographic algorithms such as RSA and ECDSA, which are widely used in Public Key Infrastructure (PKI). As a preventive measure, the digital security community is paying closer attention to post-quantum cryptographic (PQC) algorithms that are resilient against quantum-computing threats. Among the PQC algorithms approved by NIST are CRYSTALS-Dilithium and SPHINCS+, as announced during the third round of the NIST PQC selection process in 2022. Therefore, this project aims to develop a proof-of-concept (PoC) platform as a web application using Java Spring Boot, the Bouncy Castle cryptographic library, and Bootstrap. The system supports RSA, ECDSA, CRYSTALS-Dilithium, and SPHINCS+ algorithms for key pair generation, file signing, and digital signature verification. The user interface allows users to select algorithms, sign files, and quickly check the signature status. A benchmarking module is also provided to measure key generation time, signing and verification time, and signature size for each output produced by the tested algorithms. Benchmarking results demonstrate that CRYSTALS-Dilithium offers superior computational efficiency compared to legacy algorithms, achieving verification times as low as 1 ms, while SPHINCS+ presents a distinct trade-off, characterized by high signing latency and a significantly larger signature footprint of 17,088 bytes. The paper's results show that integrating PQC algorithms into digital certificate systems is technically feasible and has the potential to enhance long-term security in the post-quantum era.
keyword
RSA, ECDSA, CRYSTALS-Dilithium, SPHINCS+, PQC

