The Aquorypt project, carried out by the Technical University of Munich from 1 September 2019 to 28 February 2023 and funded under the German Ministry of Education and Research grant code 16KIS1017K, investigated the practical deployment of post‑quantum cryptographic (PQC) algorithms in two critical application domains: embedded systems for industrial automation and chip‑card‑based security solutions. The consortium was organised into seven work packages (AP1–AP7). While the university contributed to the evaluation, adaptation, hardware acceleration, implementation, security analysis, and coordination of the project, it did not participate in the crypto‑agility and migration work package (AP6). The partners included a mix of research institutes and industry collaborators, all working together to advance the integration of PQC into real‑world systems.

The scientific effort focused on selecting suitable PQC primitives, refining them for efficiency, and embedding them into hardware and software stacks. Work package AP1 performed a comprehensive assessment of existing PQC proposals, ranking them according to security, performance, and implementation complexity. AP2 then adapted the chosen algorithms, tailoring parameters to meet the stringent real‑time and power constraints of embedded controllers. In AP3 and AP4, the team designed and fabricated hardware accelerators and co‑processors based on the RISC‑V architecture, a choice driven by its open‑source nature and suitability for low‑power devices. These accelerators were integrated into the main processor pipeline, offloading cryptographic operations and thereby reducing latency and energy consumption for small‑core systems that would otherwise struggle to meet real‑time deadlines.

Security hardening was a central theme. AP5 carried out side‑channel resistance studies, applying masking and hiding techniques to the hardware designs and evaluating their resilience against differential power analysis and timing attacks. The results demonstrated that the co‑processor could achieve a 10‑fold reduction in side‑channel leakage compared to a software‑only implementation, while maintaining throughput within the required bounds for industrial control loops. The project also explored the use of lightweight PQC schemes for chip‑card environments, where cost and power budgets are extremely tight. Prototype chip‑cards incorporating the new accelerators achieved a 30 % reduction in power draw relative to baseline designs, without compromising the security margin.

The work package on migration paths (AP6) developed a framework for transitioning legacy systems to PQC, outlining step‑by‑step procedures for algorithm substitution and key management. Although the university did not directly contribute to this package, the framework was informed by the hardware and software insights gained in the earlier work packages. The final coordination package (AP7) ensured that all deliverables were aligned with the project’s objectives and that the results were disseminated to the broader research community.

In terms of impact, Aquorypt produced a set of validated PQC primitives ready for deployment in industrial and chip‑card contexts, a suite of hardware accelerators that significantly improve performance and energy efficiency, and a practical migration roadmap. The project’s findings feed directly into the ongoing NIST standardisation process for PQC, providing empirical data on real‑world performance and security that can inform the selection of final standards. By bridging the gap between theoretical PQC algorithms and their concrete implementation in constrained environments, Aquorypt has laid the groundwork for resilient, quantum‑safe cryptography in the next generation of embedded and secure‑card systems.