You are here

Cryptography for Hyper-scale Architectures in a Robust Internet Of Things (CHARIOT)



OBJECTIVE: CHARIOT will develop revolutionary approaches for fast, efficient, and quantum-resistant cryptographic operations for Internet of Things (IoT) devices. Confidential communications, message integrity, group membership, and scalable key management must be demonstrated.


The exponential price/performance improvements in semiconductor technology stemming from Moore's Law are enabling even the smallest and most application-specific devices, such as sensors and actuators, to include networking capabilities. The overwhelming majority of such devices will be cheap and power-constrained. Low device costs permit deployment in unprecedented numbers, with some estimates as high as a trillion devices, which for CHARIOT we call “hyper-scale.” Support for communication amongst such devices in, or using, 5G wireless networks makes them “hyper-connected” and collectively they form what is called an Internet of Things (IoT).

Revolutionary security technologies are needed for IoT devices. The emergence of public-key cryptography, such as the RSA (Rivest-Shamir-Adleman) scheme predicated on the hardness of factoring, usednumber-theoretic concepts to derive protocols for confidential communications, identity verification with digital signatures, message integrity checking with secure hashing, etc. A logistical challenge arises, however, as these protocols presume the legitimacy of the public key used. While no universal public key infrastructure (PKI) exists, legitimacy is now “certified” using a sequence of digital signatures starting from a trusted authority such as the Department of Defense.

A 10+ year deployment lifetime is expected for some types of IoT devices. Today, energy (such as battery power) consumed by cryptographic operations reduces deployment lifetimes, discouraging manufacturers from including security. Further, Shor's algorithm, which uses quantum computing to accelerate factoring, undermines the security model of RSA-based cryptography.Quantum computing may appear before today's deployments end.CHARIOT's objective is solutions that are fast, efficient, and quantum-resistant on even the cheapest devices.

CHARIOT will prototype low-cost, low-footprint, post-quantum cryptographic techniques with minimal energy use for devices in an IoT.Technical requirements should have their genesis in expected use cases.Vehicle-embedded and wearable uses with a zero-trust networking architecture are of particular interest, e.g., uses within a larger scenario of wearable-equipped passengers entering, traveling in and departing from a vehicle such as a troop carrier or school bus.


Phase I feasibility will be demonstrated through evidence of: completed evaluations of security risks and vulnerabilities of existing IoT devices; definition and characterization of post-quantum security core competencies and attributes (i.e., the properties desirable for both DoD and civilian use); and comparisons with alternative state-of-the-art methodologies (competing approaches).Proposers interested in submitting a Direct to Phase II (DP2) proposal must provide documentation to substantiate that the scientific and technical merit and feasibility described above has been met and describes the potential commercial applications. DP2 documentation should include:

  1. technical reports describing results and conclusions of existing work, particularly regarding the commercial opportunity or DoD insertion opportunity, and risks/mitigations assessments;
  2. presentation materials and/or white papers;
  3. technical papers;
  4. test and measurement data;
  5. prototype designs/models;
  6. performance projections, goals, or results on systems at multiple price points; and,
  7. documentation of related topics such as how the proposed CHARIOT solution can enable zero-trust networking.

This collection of material will verify mastery of the required content for DP2 consideration.

DP2 proposers must also demonstrate knowledge, skills, and ability in cybersecurity, advanced cryptographic applications, computer science, mathematics, and software engineering.

For detailed information on DP2 requirements and eligibility, please refer to Section 4.2,Direct to Phase II (DP2) Requirements, and Appendix B of HR001120S0019.


The goals of the Direct to Phase II (or DP2) (24 months in duration) are to develop a compelling technology consistent with the CHARIOT goals to develop revolutionary approaches for fast, efficient, and quantum-resistant cryptographic operations for IoT devices. DP2 proposals should:

  1. describe a proposed design/architecture to achieve these goals, along with application programming interfaces that allow for a secure IoT ecosystem (e.g., one based on zero-trust principles);
  2. present a plan for maturation of the architecture to a prototype system to demonstrate confidential communications, message integrity, group membership, and scalable key management; and,
  3. detail a test plan, complete with proposed metrics and scope (e.g., network structure, types/numbers of devices, etc.), for verification and validation of the system cryptography.

Phase II will culminate in a system demonstration using one or more compelling IoT use cases consistent with commercial opportunities and/or insertion into the DARPA/I2O Open Programmable Secure 5G (OPS-5G) program.

The below schedule of milestones and deliverables is provided to establish expectations and desired results/end products for the Phase II effort.

Schedule/Milestones/Deliverables During Phase II proposers will execute the Research and Development (R&D) plan as described in the proposal.

Proposers will also complete a commercialization plan that addresses relevant costs of materials, potential material and equipment suppliers, market opportunity and anticipated positioning, and unique intellectual property.

  • Month 1: Phase II Kickoff briefing (with annotated slides) to the DARPA PM (in-person or virtual, as needed) including: any updates to the proposed plan and technical approach, risks/mitigations, schedule (inclusive of dependencies) with planned capability milestones and deliverables, proposed metrics, and plan for prototype demonstration/validation.
  • Months 4, 7, 10: Quarterly technical progress reports detailing technical progress made, tasks accomplished, major risks/mitigations, a technical plan for the remainder of Phase II (while this will normally report progress against the plan detailed in the proposal or presented at the Kickoff briefing, it is understood that scientific discoveries, competition, and regulatory changes may all have impacts on the planned work and DARPA must be made aware of any revisions that result), planned activities, trip summaries, and any potential issues or problem areas that require the attention of the DARPA PM.
  • Month 12 Interim technical progress briefing (with annotated slides) to the DARPA PM (in-person or virtual as needed) detailing progress made (include quantitative assessment of capability developed to date), tasks accomplished, major risks/mitigations, planned activities and technical plan for second half of Phase II, the demonstration/verification plan for the end of Phase II, trip summaries, and any potential issues or problem areas that require the attention of the DARPA PM.
  • Month 15, 18, 21: Quarterly technical progress reports detailing technical progress made, tasks accomplished, major risks/mitigations, a technical plan for the remainder of Phase II (with necessary updates as in the parenthetical remark for Months 4, 7, and 10), planned activities, trip summaries, and any potential issues or problem areas that require the attention of the DARPA PM.
  • Month 24/Final Phase II Deliverables: security architecture with documented key management details, demonstrating secure communications amongst multiple independent and overlapping subgroups; documented application programming interfaces; any other necessary documentation (including, at a minimum, user manuals and a detailed system design document; and the end of phase commercialization plan).


The Phase III work will be oriented towards transition and commercialization of the developed security technology. The proposer is required to obtain funding from either the private sector, a non-SBIR Government source, or both, to develop the prototype software into a viable product or non-R&D service for sale in military or private sector markets. Phase III refers to work that derives from, extends, or completes an effort made under prior SBIR funding agreements, but is funded by sources other than the SBIR Program.

Primary CHARIOT support will be to national efforts to develop approaches to protect network infrastructure and technologies (e.g., 5G). Outcomes have the potential to significantly benefit the DoD and numerous commercial entities by providing protected and resilient capabilities. Specifically, in the commercial space, CHARIOT security technologies have applications to companies that develop digital entities (e.g., networks, clouds, devices participating in the IoT, etc.); in the DoD space, CHARIOT security technologies have value to all Service Components due to the widespread use and migration to such digital entities to support mission operations.

KEYWORDS: Internet of Things (IoT), Key Management, Post-quantum Security, 5G-connected Devices, Secure Digital Engagement, Zero-trust Architectures, System Cryptography


[1] Andersen, M.P., Kumar, S., AbdelBaky, M., Fierro, G., Kolb, J., Kim, H.-S., Culler, D.E., and Popa, R.A. (2019). WAVE: A Decentralized Authorization Framework with Transitive Delegation. Proc. USENIX Security 2019. Available at

[2] Arbaugh, W.A., Farber, D.J., and Smith, J.M. (1997). A Secure and Reliable Bootstrap Architecture. Proceedings, IEEE Symposium on Security and Privacy, Oakland, CA, May 4-7, 1997. Available at

[3] Barth, D. and Gilman, E. (2017). Zero Trust Networks: Building Secure Systems in Untrusted Networks. O’Reilly, 2017. Available at

[4] Daemen, J. and Rijmen, V. (1999) AES Proposal: Rijndael, AES Algorithm Submission, September 3, 1999. Available at;jsessionid=3964F91863050E5E2EF5BDBB3BA891C2?doi=; amended version (2001) available at

[5] Daemen, J. and Rijmen, V. (2002) The Design of Rijndael, AES - The Advanced Encryption Standard. Springer-Verlag 2002 (238 pp.). Available at

[6] DARPA Broad Agency Announcement, Open Programmable Secure 5G (OPS-5G), HR001120S0026, January 30, 2020. Available at

[7] FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, November 2001. Available at

[8] ITU-T E.118, 05/2006. The international telecommunication charge card. Available at

[9] Johnson, S. and Rizzo, D. (2018). Titan silicon root of trust for Google Cloud. Secure Enclaves Workshop, August 29, 2018. Available at

[10] Kindervag, J. (2020). Build Security Into Your Network’s DNA: The Zero Trust Network Architecture. Forrester Research, Inc. November 5, 2010. Available at

[11] Kiningham, K., Horowitz, M., Levis, P., & Boneh, D. (2016). CESEL: Securing a Mote for 20 Years. EWSN. Available at

[12] Kumar, S., Hu, Y., Andersen, M.P., Popa, R.A., and Culler, D.E. (2019) JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT. Proc. USENIX Security, 2019. Available at

[13] Rivest, R.L., Shamir, A., and Adleman, L. (1978). A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, February 1978. Available at

[14] Schneier, B. (1996) Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C. John Wiley & Sons, Inc. January 1, 1996. ISBN: 0471128457. Available at

[15] Shor, P.W. (1994). Algorithms for quantum computation: discrete logarithms and factoring. Proceedings of the 35th Annual Symposium on Foundations of Computer Science. IEEE Comput. Soc. Press: 124–134. doi:10.1109/sfcs.1994.365700. ISBN 0818665807. Available at

US Flag An Official Website of the United States Government