Design and Evaluation of a Post-Quantum Secure DevOps Pipeline Using Falcon, Dilithium, and Kyber
Presented at: QAHE Global Connect Conference 2026 Birmingham, United Kingdom
Open Access Preprint: https://doi.org/10.5281/zenodo.20137072
This repository demonstrates how secure DevOps environments can be prepared for the post-quantum era using open-source tools and reproducible workflows.
It implements a complete pipeline that integrates post-quantum cryptography (PQC) algorithms — particularly Falcon and Dilithium — into modern DevOps, CI/CD, and monitoring systems.
The project runs fully within GitHub Actions and Codespaces, eliminating the need for high local resources and ensuring a portable, cloud-based research environment.
To design and validate a quantum-resistant DevOps workflow that:
- Replaces classical RSA/ECDSA encryption with PQC algorithms (Falcon512, Dilithium)
- Integrates quantum-safe signing and verification into real automation pipelines
- Measures and visualizes handshake latency, CPU utilization, and performance trends
- Demonstrates how PQC can coexist with current infrastructure and monitoring tools
Developer Commit ──► GitHub Actions (PQC Signing)
│
▼
Docker Build ──► Falcon-Enabled OpenSSL / SSH
│
▼
Prometheus Exporter ──► Metrics Collection
│
▼
Grafana Dashboards ──► Live Visualization
│
▼
Python Report Generator ──► Markdown + PDF Reports
The architecture shows how PQC algorithms are applied throughout the pipeline — from code commits and Docker image signing to performance monitoring and reporting.
| Component | Function |
|---|---|
| OpenSSL + oqs-provider | Integrates Falcon and Dilithium algorithms for signing and verification |
| OQS-OpenSSH (Docker) | Demonstrates quantum-safe SSH key generation and authentication |
| Prometheus Exporter | Collects PQC handshake latency, CPU metrics, and system health |
| Grafana Dashboard | Visualizes real-time PQC vs RSA performance and efficiency |
| GitHub Actions | Automates signing, verification, and reporting in CI/CD |
| Python Reporter | Generates Markdown and PDF reports summarizing metrics |
- Post-Quantum Secure Signing (Falcon512, Dilithium)
- Quantum-Safe SSH Communication via Dockerized OQS-OpenSSH
- Real-Time Performance Monitoring (Prometheus + Grafana)
- CI/CD Artifact Signing and Verification
- Automated Reporting and Benchmarking
- Works entirely on free GitHub Actions and Codespaces environments
The monitoring system visualizes live data from the PQC pipeline using Prometheus and Grafana.
- RSA and Falcon handshake latency
- CPU usage percentage
- Efficiency and latency ratio (RSA/Falcon)
- PQC throughput (operations per second)
monitoring/grafana-dashboard.jsonmonitoring/quantum-comparative-dashboard.json
- Fork or clone the repository to your GitHub account
- Push any code change — the Secure CI (PQC) and Performance Report workflows will run automatically
- View results under the Actions tab
-
Open the repository in Codespaces
-
Run:
bash scripts/pqc_verify_openssl.sh
bash scripts/pqc_generate_keys.sh
bash scripts/sign_artifact.sh ./README.md
bash scripts/verify_artifact.sh ./README.md ./signatures/README.md.sig ./keys/pqc_cert.pem- Optional: Build and test PQC SSH
docker build -t oqs-ssh:latest docker/openssh-oqs
docker run --rm -it -p 2222:22 oqs-ssh:latestbash scripts/setup_macos.shBring up the complete monitoring stack:
cd monitoring
docker compose up -dPrometheus: http://localhost:9090
Grafana: http://localhost:3000
Username: admin
Password: admin
A Python-based script fetches live Prometheus metrics and generates a Markdown summary.
python3 monitoring/reports/report_generator.pymonitoring/reports/quantum_performance_report.md
pandoc monitoring/reports/quantum_performance_report.md -o docs/performance_summary.pdf
| Metric | RSA (s) | Falcon (s) | Ratio | CPU (%) |
|---|---|---|---|---|
| Avg (5 min) | 1.49 | 2.50 | 0.60× | 48.5 |
Falcon512 demonstrates slightly higher latency compared to RSA but remains within acceptable performance limits for CI/CD and infrastructure automation, proving that post-quantum algorithms can be practically integrated into production pipelines.
quantum-safe-devops-pipeline/
├── scripts/ # PQC signing, verification, CI utilities
├── docker/ # PQC OpenSSH container
├── monitoring/ # Prometheus, Grafana, Exporters, Reports
├── .github/workflows/ # Secure CI and Report pipelines
├── keys/ # PQC key pairs and certs
├── configs/ # OpenSSL and SSHD configurations
├── docs/ # Architecture diagrams and dashboard screenshots
└── README.md
This project demonstrates that quantum-safe cryptography can be embedded directly into operational DevOps systems today.
By combining containerization, automated workflows, and observability, the project provides a realistic path for organizations to adopt post-quantum security within CI/CD environments.
It also offers reproducible metrics and dashboards, helping bridge the gap between:
- Academic PQC research
- Practical enterprise deployment
- DevSecOps automation
- Quantum-safe infrastructure engineering
Presented at: QAHE Global Connect Conference 2026 Birmingham, United Kingdom
Research Focus:
- Post-Quantum Cryptography
- DevSecOps
- CI/CD Security
- Quantum-Safe Infrastructure
- Open Quantum Safe (OQS)
- Open Quantum Safe Project – https://openquantumsafe.org
- NIST Post-Quantum Cryptography Standardization Project
- Grafana Documentation
- Prometheus Documentation
- OpenSSH OQS Integration
@misc{ajith2026pqcdevops,
author = {Vishnu Ajith and Muhammad Ibrahim and Muhammad Sihan Haroon},
title = {Design and Evaluation of a Post-Quantum Secure DevOps Pipeline Using Falcon, Dilithium, and Kyber},
year = {2026},
publisher = {Zenodo},
doi = {10.5281/zenodo.20137072},
url = {https://doi.org/10.5281/zenodo.20137072}
}Research and Development Engineer – Post-Quantum Security
Lecturer in Computing
London, United Kingdom
GitHub: https://github.com/Vishnu2707
ORCID: https://orcid.org/0009-0008-6011-9245
Research Engineer – Post-Quantum Security & Cloud Architecture
Research Contributor – Quantum-Safe Infrastructure & DevSecOps