This study addresses the vulnerability of traditional MQTT communication—secured via TLS—to emerging quantum computing threats, which jeopardizes the long-term security of Internet of Things (IoT) systems. For the first time, the authors integrate FALCON, a lattice-based post-quantum digital signature algorithm selected by NIST, into a real-world MQTT network deployed on Raspberry Pi 5 devices to enable secure authentication between clients and brokers. Through empirical measurements, they systematically evaluate the latency and computational overhead associated with FALCON’s signing and verification operations, thereby assessing its feasibility and performance trade-offs on resource-constrained hardware. The results demonstrate that post-quantum cryptography can be practically deployed in lightweight IoT environments without prohibitive resource demands, offering a viable path toward quantum-resistant IoT security.

The rapid expansion of the Internet of Things (IoT) has introduced millions of resource-constrained devices into critical infrastructures, consumer environments, and industrial systems. These devices rely on lightweight communication protocols such as MQTT to support low-power, intermittent, and bandwidth-limited operation. However, common TLS algorithms used to secure MQTT communications are vulnerable to quantum attacks made feasible by Shor's algorithm. As a result, IoT infrastructures must evaluate and adopt post-quantum cryptographic (PQC) methods capable of providing long-term resilience. This report investigates the implementation of PQC algorithms within an MQTT-based IoT networks using three Raspberry Pis. Specifically, it integrates the FALCON digital signature scheme, one of NIST's selected post-quantum signature algorithms, to maintain message authenticity and integrity across resource-constrained MQTT clients and brokers. By measuring system performance, the research characterizes the practical trade-offs of deploying lattice-based PQC on lightweight hardware.