Cryptography

15 pages, 451 KB

Open AccessArticle

On Tabu Search for Block Cyphers Cryptanalysis

by Adrian Donatien-Charon, Mijail Borges-Quintana, Miguel A. Borges-Trenard, Omar Rojas and Guillermo Sosa-Gómez

Cryptography 2026, 10(1), 8; https://doi.org/10.3390/cryptography10010008 - 27 Jan 2026

Viewed by 202

Abstract

This article presents general methodologies for plaintext attacks on block ciphers using the Tabu Search algorithm. These methods treat the cipher as a black box, with the objective of finding the session key. The primary innovation of our approach is the division of [...] Read more.

This article presents general methodologies for plaintext attacks on block ciphers using the Tabu Search algorithm. These methods treat the cipher as a black box, with the objective of finding the session key. The primary innovation of our approach is the division of the key space into subsets based on a divisor, enabling the attack to focus on a specific portion of the total space. The following investigation demonstrates the successful application of these methods to a member of a block cipher family that includes the Advanced Encryption Standard (AES) cipher. One of the proposed methodologies, the subregions path attack, enables navigation of the key session space by applying specific predetermined strategies within these subregions. Full article

► Show Figures

Figure 1

25 pages, 367 KB

Open AccessArticle

Autopotency and Conjugacy of Non-Diagonalizable Matrices for Challenge–Response Authentication

by Daniel Alarcón-Narváez, Luis Adrián Lizama-Pérez and Fausto Abraham Jacques-García

Cryptography 2026, 10(1), 7; https://doi.org/10.3390/cryptography10010007 - 18 Jan 2026

Viewed by 269

Abstract

We present an algebraic framework for constructing challenge–response authentication protocols based on powers of non-diagonalizable matrices over finite fields. The construction relies on upper triangular Toeplitz matrices with a single Jordan block and on their structured power expansions, which induce nonlinear relations between [...] Read more.

We present an algebraic framework for constructing challenge–response authentication protocols based on powers of non-diagonalizable matrices over finite fields. The construction relies on upper triangular Toeplitz matrices with a single Jordan block and on their structured power expansions, which induce nonlinear relations between matrix parameters and exponents through an autopotency phenomenon. The protocol is built from a cyclic family of matrix products derived from secret matrices

{(A_{i})}_{i = 1}^{n} \subset G L_{k} (F_{p})

: for each index i, a product

P_{i} = A_{i} A_{i + 1} \dots A_{i + n - 1}

is formed (indices modulo n), and its power

P_{i}^{(x)}

is published for a secret exponent x. The resulting family of powered products is linked by conjugation via the unknown factors

A_{i}

, enabling an interactive authentication mechanism in which the prover demonstrates the knowledge of selected factors by satisfying explicit conjugacy relations. We formalize the underlying algebraic problems in terms of factor recovery and conjugacy identification from powered products, and analyze how the enforced non-diagonalizable structure and Toeplitz constraints lead to coupled multivariate polynomial systems. These systems arise naturally from the algebraic design of the construction and do not admit immediate reductions to classical discrete logarithm settings. The framework illustrates how non-diagonalizable matrix structures and structured conjugacy relations can be used to define concrete authentication primitives in noncommutative algebraic settings, and provides a basis for further cryptanalytic and cryptographic investigation. Full article

► Show Figures

Figure 1

26 pages, 2937 KB

Open AccessArticle

Secure Implementation of RISC-V’s Scalar Cryptography Extension Set

by Asmaa Kassimi, Abdullah Aljuffri, Christian Larmann, Said Hamdioui and Mottaqiallah Taouil

Cryptography 2026, 10(1), 6; https://doi.org/10.3390/cryptography10010006 - 17 Jan 2026

Viewed by 221

Abstract

Instruction Set Architecture (ISA) extensions, particularly scalar cryptography extensions (Zk), combine the performance advantages of hardware with the adaptability of software, enabling the direct and efficient execution of cryptographic functions within the processor pipeline. This integration eliminates the need to communicate with external [...] Read more.

Instruction Set Architecture (ISA) extensions, particularly scalar cryptography extensions (Zk), combine the performance advantages of hardware with the adaptability of software, enabling the direct and efficient execution of cryptographic functions within the processor pipeline. This integration eliminates the need to communicate with external cores, substantially reducing latency, power consumption, and hardware overhead, making it especially suitable for embedded systems with constrained resources. However, current scalar cryptography extension implementations remain vulnerable to physical threats, notably power side-channel attacks (PSCAs). These attacks allow adversaries to extract confidential information, such as secret keys, by analyzing the power consumption patterns of the hardware during operation. This paper presents an optimized and secure implementation of the RISC-V scalar Advanced Encryption Standard (AES) extension (Zkne/Zknd) using Domain-Oriented Masking (DOM) to mitigate first-order PSCAs. Our approach features optimized assembly implementations for partial rounds and key scheduling alongside pipeline-aware microarchitecture optimizations. We evaluated the security and performance of the proposed design using the Xilinx Artix7 FPGA platform. The results indicate that our design is side-channel-resistant while adding a very low area overhead of 0.39% to the full 32-bit CV32E40S RISC-V processor. Moreover, the performance overhead is zero when the extension-related instructions are properly scheduled. Full article

(This article belongs to the Topic Recent Advances in Security, Privacy, and Trust)

► Show Figures

Figure 1

19 pages, 436 KB

Open AccessFeature PaperArticle

Lower Bound on the Overlattice-Based Sieve Algorithm

by Tongchen Shen, Xiangxue Li and Licheng Wang

Cryptography 2026, 10(1), 5; https://doi.org/10.3390/cryptography10010005 - 1 Jan 2026

Viewed by 330

Abstract

Lattice-based cryptography stands as one of the most pivotal candidates in post-quantum cryptography. To configure the parameters of lattice-based cryptographic schemes, a thorough comprehension of their concrete security is indispensable. Lattice sieving algorithms represent among the most critical tools for conducting concrete security [...] Read more.

Lattice-based cryptography stands as one of the most pivotal candidates in post-quantum cryptography. To configure the parameters of lattice-based cryptographic schemes, a thorough comprehension of their concrete security is indispensable. Lattice sieving algorithms represent among the most critical tools for conducting concrete security analysis. Currently, the state-of-the-art BDGL-sieve (SODA 2016) achieves a time complexity of

2^{0.292 n + o (n)}

, and Kirshanova and Laarhoven (CRYPTO 2021) have proven that the BDGL-sieve attains the lower bound under the technical paradigm of the Nearest Neighbor Search (NNS) problem. A natural question emerges: whether overlattice-based sieving algorithms (ANTS 2014) can outperform the BDGL-sieve within an alternative technical framework. This work provides an almost negative response to this question. Specifically, we propose a generalized overlattice tower model, which facilitates the proof of the lower bound for the overlattice-based method. Our findings indicate that the original Overlattice-sieve has already reached this lower bound. Consequently, the BDGL-sieve will maintain its status as the sieving algorithm with optimal time complexity, unless a revolutionary technical optimization is developed in the future. Full article

► Show Figures

Figure 1

32 pages, 33846 KB

Open AccessArticle

Unbreakable QR Code Watermarks: A High-Robustness Technique for Digital Image Security Using DWT, SVD, and Schur Factorization

by Bashar Suhail Khassawneh, Issa AL-Aiash, Mahmoud AlJamal, Omar Aljamal, Latifa Abdullah Almusfar, Bashair Faisal AlThani and Waad Aldossary

Cryptography 2026, 10(1), 4; https://doi.org/10.3390/cryptography10010004 - 30 Dec 2025

Viewed by 501

Abstract

In the digital era, protecting the integrity and ownership of digital content is increasingly crucial, particularly against unauthorized copying and tampering. Traditional watermarking techniques often struggle to remain robust under various image manipulations, leading to a need for more resilient methods. To address [...] Read more.

In the digital era, protecting the integrity and ownership of digital content is increasingly crucial, particularly against unauthorized copying and tampering. Traditional watermarking techniques often struggle to remain robust under various image manipulations, leading to a need for more resilient methods. To address this challenge, we propose a novel watermarking technique that integrates the Discrete Wavelet Transform (DWT), Singular Value Decomposition (SVD), and Schur matrix factorization to embed a QR code as a watermark into digital images. Our method was rigorously tested across a range of common image attacks, including histogram equalization, salt-and-pepper noise, ripple distortions, smoothing, and extensive cropping. The results demonstrate that our approach significantly outperforms existing methods, achieving high normalized correlation (NC) values such as 0.9949 for histogram equalization, 0.9846 for salt-and-pepper noise (2%), 0.96063 for ripple distortion, 0.9670 for smoothing, and up to 0.9995 under 50% cropping. The watermark consistently maintained its integrity and scannability under all tested conditions, making our method a reliable solution for enhancing digital copyright protection. Full article

(This article belongs to the Special Issue Advanced Techniques in Watermarking, Encryption and Steganography for Secure Communication)

► Show Figures

Figure 1

18 pages, 325 KB

Open AccessArticle

Large Pages, Large Leaks? Hugepage-Induced Side-Channels vs. Performance Improvements in Cryptographic Computations

by Xinyao Li and Akhilesh Tyagi

Cryptography 2026, 10(1), 3; https://doi.org/10.3390/cryptography10010003 - 30 Dec 2025

Viewed by 349

Abstract

Side-channel attacks leveraging microarchitectural components such as caches and translation lookaside buffers (TLBs) pose increasing risks to cryptographic and machine-learning workloads. This paper presents a comparative study of performance and side-channel leakage under two page-size configurations—standard 4 KB pages and 2 MB huge [...] Read more.

Side-channel attacks leveraging microarchitectural components such as caches and translation lookaside buffers (TLBs) pose increasing risks to cryptographic and machine-learning workloads. This paper presents a comparative study of performance and side-channel leakage under two page-size configurations—standard 4 KB pages and 2 MB huge pages—using paired attacker–victim experiments instrumented with both Performance Monitoring Unit (PMU) counters and precise per-access timing using rdtscp(). The victim executes repeated, key-dependent memory accesses across eight cryptographic modes (AES, ChaCha20, RSA, and ECC variants) while the attacker records eight PMU features per access (cpu-cycles, instructions, cache-references, cache-misses, etc.) and precise rdtscp() timing. The resulting traces are analyzed using a multilayer perceptron classifier to quantify key-dependent leakage. Results show that the 2 MB huge-page configuration achieves a comparable key-classification accuracy (mean 0.79 vs. 0.77 for 4 KB) while reducing average CPU cycles by approximately 11%. Page-index identification remains near random chance (3.6–3.7% for PMU side-channels and 1.5% for timing side-channel), indicating no increase in measurable leakage at the page level. These findings suggest that huge-page mappings can improve runtime efficiency without amplifying observable side-channel vulnerabilities, offering a practical configuration for balancing performance and security in user-space cryptographic workloads. Full article

(This article belongs to the Section Hardware Security)

► Show Figures

Figure 1

14 pages, 319 KB

Open AccessArticle

AI-Enhanced Perceptual Hashing with Blockchain for Secure and Transparent Digital Copyright Management

by Zhaoxiong Meng, Rukui Zhang, Bin Cao, Meng Zhang, Yajun Li, Huhu Xue and Meimei Yang

Cryptography 2026, 10(1), 2; https://doi.org/10.3390/cryptography10010002 - 29 Dec 2025

Viewed by 421

Abstract

This study presents a novel framework for digital copyright management that integrates AI-enhanced perceptual hashing, blockchain technology, and digital watermarking to address critical challenges in content protection and verification. Traditional watermarking approaches typically employ content-independent metadata and rely on centralized authorities, introducing risks [...] Read more.

This study presents a novel framework for digital copyright management that integrates AI-enhanced perceptual hashing, blockchain technology, and digital watermarking to address critical challenges in content protection and verification. Traditional watermarking approaches typically employ content-independent metadata and rely on centralized authorities, introducing risks of tampering and operational inefficiencies. The proposed system utilizes a pre-trained convolutional neural network (CNN) to generate a robust, content-based perceptual hash value, which serves as an unforgeable watermark intrinsically linked to the image content. This hash is embedded as a QR code in the frequency domain and registered on a blockchain, ensuring tamper-proof timestamping and comprehensive traceability. The blockchain infrastructure further enables verification of multiple watermark sequences, thereby clarifying authorship attribution and modification history. Experimental results demonstrate high robustness against common image modifications, strong discriminative capabilities, and effective watermark recovery, supported by decentralized storage via the InterPlanetary File System (IPFS). The framework provides a transparent, secure, and efficient solution for digital rights management, with potential future enhancements including post-quantum cryptography integration. Full article

(This article belongs to the Special Issue Interdisciplinary Cryptography)

► Show Figures

Figure 1

25 pages, 709 KB

Open AccessArticle

DLR-Auth: A Decentralized Lightweight and Revocable Authentication Framework for the Industrial Internet of Things

by Yijia Dai, Yitong Li, Ye Yuan, Xianwei Gao, Cong Bian and Meici Liu

Cryptography 2026, 10(1), 1; https://doi.org/10.3390/cryptography10010001 - 20 Dec 2025

Viewed by 369

Abstract

The integration of operational technology (OT) and information technology (IT) within the Industrial Internet of Things (IIoT) has posed prominent security challenges for resource-constrained devices. Existing authentication architectures often suffer from critical vulnerabilities: one is their reliance on centralized trusted third parties, which [...] Read more.

The integration of operational technology (OT) and information technology (IT) within the Industrial Internet of Things (IIoT) has posed prominent security challenges for resource-constrained devices. Existing authentication architectures often suffer from critical vulnerabilities: one is their reliance on centralized trusted third parties, which creates single points of failure; the other is their use of static credentials like biometrics, which pose severe privacy risks if compromised. To address these limitations, this paper proposes DLR-Auth, which combines chaotic synchronization of semiconductor superlattice physically unclonable functions (SSL-PUFs) with Shamir’s secret sharing (SSS) to enable decentralized registration and revocable templates. Notably, DLR-Auth is a two-party authentication framework that removes the need for a separate online registration authority that operates directly between a user device (

U D_{i}

) and a server (S). In our setting, the server S still acts as the central relying party and hardware authority embedding the matched SSL-PUF module. The protocol also includes an efficient multi-access mechanism optimized for high-frequency interactions. Formal security analysis with the Real-or-Random (ROR) model proves the semantic security of the session key, while performance evaluations demonstrate that DLR-Auth has significant advantages in computational and communication efficiency. DLR-Auth thus offers a robust, scalable, lightweight solution for next-generation secure IIoT systems. Full article

► Show Figures

Figure 1

Journal Menu

Journal Browser

Cryptography, Volume 10, Issue 1 (February 2026) – 8 articles

Further Information

Guidelines

MDPI Initiatives

Follow MDPI