Post-Quantum Cryptography for Intelligent Transportation Systems: An Implementation-Focused Review

As quantum computing advances, the cryptographic algorithms that underpin confidentiality, integrity, and authentication in Intelligent Transportation Systems (ITS) face increasing vulnerability to quantum-enabled attacks. To address these risks, governments and industry stakeholders are turning toward post-quantum cryptography (PQC), a class of algorithms designed to resist adversaries equipped with quantum computing capabilities. However, existing studies provide limited insight into the implementation-focused aspects of PQC in the ITS domain. This review addresses that gap by evaluating the readiness of vehicular communication and security standards for adopting PQC. It examines in-vehicle networks and vehicle-to-everything (V2X) interfaces, and investigates vulnerabilities at the physical implementation layer of cryptographic hardware and embedded platforms, primarily exposure to side-channel and fault injection attacks. The review identifies thirteen research gaps: non-PQC-ready standards; constraints in embedded implementation and hybrid cryptography; interoperability and certificate-management barriers; a lack of real-world PQC deployment data in ITS; and physical-attack vulnerabilities in PQC-enabled vehicular communication. We present several future research directions, including updating vehicular communication and security standards, optimizing PQC for low-power devices, enhancing interoperability and certificate-management frameworks for PQC integration, conducting real-world evaluations of PQC-enabled communication and control functions across ITS deployments, and strengthening defenses against AI-assisted physical attacks. A phased roadmap is presented that aligns PQC deployment with regulatory, performance, and safety requirements, thereby guiding the secure evolution of ITS in the quantum computing era.