This work proposes IPK-pq, an identity-based post-quantum public key infrastructure (PKI) framework designed to overcome the efficiency bottlenecks of traditional certificate-based PKI in large-scale environments such as industrial IoT, challenges further exacerbated by the integration of post-quantum cryptography. By integrating NIST’s ML-DSA signatures, random matrix theory, and an enhanced identity-mapping mechanism, IPK-pq preserves the advantages of Composite Public Key (CPK) systems while effectively mitigating their linear collusion vulnerability. Notably, this is the first formal application of identity-based post-quantum key management to the Resource Public Key Infrastructure (RPKI) system. Experimental results demonstrate that IPK-pq significantly enhances public key management efficiency and system scalability, offering a practical foundation for next-generation secure routing infrastructure.

With the rapid evolution of the Industrial Internet of Things (IIoT), the boundaries and scale of the Internet are continuously expanding. Consequently, the limitations of traditional certificate-based Public Key Infrastructure (PKI) have become increasingly evident, particularly in scenarios requiring large-scale certificate storage, verification, and frequent transmission. These challenges are expected to be further amplified by the widespread adoption of post-quantum cryptography. In this paper, we propose a novel identity-based public key management framework for PKI based on post-quantum cryptography, termed \textit{IPK-pq}. This approach implements an identity key generation protocol leveraging NIST ML-DSA and random matrix theory. Building on the concept of the Composite Public Key (CPK), \textit{IPK-pq} addresses the linear collusion problem inherent in CPK through an enhanced identity mapping mechanism. Furthermore, it simplifies the verification of the declared public key's authenticity, effectively reducing the complexity associated with certificate-based key management. We also provide a formal security proof for \textit{IPK-pq}, covering both individual private key components and the composite private key. To validate our approach, formally, we directly implement and evaluate \textit{IPK-pq} within a typical PKI application scenario: Resource PKI (RPKI). Comparative experimental results demonstrate that an RPKI system based on \textit{IPK-pq} yields significant improvements in efficiency and scalability. These results validate the feasibility and rationality of \textit{IPK-pq}, positioning it as a strong candidate for next-generation RPKI systems capable of securely managing large-scale routing information.