Pharmacovigilance systems handle sensitive healthcare and drug-safety data, including adverse event reports and clinical observations. As quantum computing advances, classical public-key cryptographic systems such as RSA and elliptic-curve cryptography may become vulnerable, creating long-term risks for healthcare data that must remain confidential for many years. This paper presents an educational prototype of a post-quantum secure pharmacovigilance data pipeline. The system uses ML-KEM-768 for post-quantum key establishment, HKDF-SHA-256 for deriving an AES key, AES-256-GCM for efficient file encryption, and ML-DSA-65 for digital signatures and tamper detection. The pipeline supports multiple file formats, including TXT, CSV, JSON, and PDF, by treating files as raw bytes and preserving metadata for reconstruction at the receiver. The prototype includes separate hospital, gateway, pharma receiver, attacker, benchmarking, and dashboard components. We evaluate the system using synthetic pharmacovigilance datasets of different sizes and formats. Our results show that ML-KEM adds a small constant overhead, while AES encryption and ML-DSA signing dominate runtime as file size increases. This work is not a production-ready healthcare system, but rather an educational systems-level exploration of how post-quantum cryptographic primitives can be integrated into healthcare-style data pipelines.
翻译:药物警戒系统处理敏感的医疗与药物安全数据,包括不良事件报告及临床观察记录。随着量子计算技术的发展,RSA、椭圆曲线密码学等传统公钥密码体系可能面临安全威胁,这对需要长期保密的医疗数据构成持久风险。本文提出一种面向量子计算后安全药物警戒数据管道的教学原型系统。该系统采用ML-KEM-768实现量子安全密钥协商协议,通过HKDF-SHA-256派生AES密钥,运用AES-256-GCM进行高效文件加密,并借助ML-DSA-65实现数字签名与篡改检测。数据管道通过将文件视为原始字节流并保留元数据供接收端重建,支持TXT、CSV、JSON、PDF等多种文件格式。原型系统包含医院、网关、制药接收端、攻击者、基准测试及仪表盘等独立组件。我们采用不同规模与格式的合成药物警戒数据集进行性能评估。实验结果表明,ML-KEM引入恒定微小开销,而随着文件规模增长,AES加密与ML-DSA签名的运行时占比显著提升。本工作并非生产级医疗系统,而是从系统层面探索将量子安全密码原语集成到医疗风格数据管道的教学实践。