Cryptography, Volume 9, Issue 2 (June 2025) – 9 articles

Virtual reality (VR)/the metaverse is transforming into a ubiquitous technology by leveraging smart devices to provide highly immersive experiences at an affordable price. Cryptographically securing such augmented reality schemes is of paramount importance. Securely transferring the same secret key, i.e., obfuscated, between several parties is the main issue with symmetric cryptography, the workhorse of modern cryptography, because of its ease of use and quick speed. Typically, asymmetric cryptography establishes a shared secret between parties, after which the switch to symmetric encryption can be made. However, several SoTA (State-of-The-Art) security research schemes lack flexibility and scalability for industrial Internet-of-Things (IoT)-sized applications. In this paper, we present the full architecture of the PRIVocular framework. PRIVocular (i.e., PRIV(acy)-ocular) is a VR-ready hardware–software integrated system that is capable of visually transmitting user data over three versatile modes of encapsulation, encrypted—without loss of generality—using an asymmetric-key cryptosystem. These operation modes can be optical character-based or QR-tag-based. Encryption and decryption primarily depend on each mode’s success ratio of correct encoding and decoding. We investigate the most efficient means of ocular (encrypted) data transfer by considering several designs and contributing to each framework component. Our pre-prototyped framework can provide such privacy preservation (namely virtual proof of privacy (VPP)) and visually secure data transfer promptly (<1000 ms), as well as the physical distance of the smart glasses (∼50 cm). Full article

The development of Smart Grids (SGs) is a current trend and an indispensable essential living requirement. Due to economic development and improved quality of life, electricity demand has rapidly increased. However, the power grids in major cities have become outdated, leading to uneven power distribution and frequent power outages. SGs can adjust distribution strategies based on consumers’ real-time electricity demands, which requires continuous transmission of consumer electricity data within the grid. If the privacy and security of these data cannot be ensured, consumers’ habits will be exposed, and unnecessary waste may occur. In this article, we propose a key distribution process based on QKD, enabling entities within the SG to encrypt and authenticate each other’s data, ensuring the security and privacy of communication channels and transmitted data. Full article

We present a new construction of a one-time pad (OTP) with inherent diffusive properties and a redundancy injection mechanism that benefits from them. The construction is based on interpreting the plaintext and key as members of a permutation group in the Lehmer code representation after conversion to factoradic. The so-constructed OTP translates any perturbation of the ciphertext to an unpredictable, metrically large random perturbation of the plaintext. This allows us to provide unconditional integrity assurance without extra key material. The redundancy is injected using Foata’s “pun”: the reading of the one-line representation as the cyclic one; we call this Pseudo Foata Injection. We obtain algorithms of quadratic complexity that implement both mechanisms. Full article

This paper presents a new encryption technique, which combines affine ciphers and the residue number system. This makes it possible to eliminate the shortcomings and vulnerabilities of affine ciphers, which are sensitive to cryptanalysis, using the advantages of the residue number system, i.e., the parallelization of calculation processes, performing operations on low bit numbers, and the linear combination of encrypted residues. A mathematical apparatus and a graphic scheme of affine encryption using the residue number system is developed, and a corresponding example is given. Special cases of affine ciphers such as shift and linear ciphers are considered. The cryptographic strength of the proposed cryptosystem when the moduli are prime numbers is estimated, and an example of its estimation is given. The number of bits and the number of moduli of the residue number system, which ensure the same cryptographic strength as the longest key of the AES algorithm, are determined. Full article

We present a detailed analysis of the effect of quantum loss and decoherence in the Bell-CHSH scenario. Adopting a device-independent approach, we study the change in the bipartite conditional probability distribution, i.e., the behavior of the realized nonlocal box pair when the elements of the entangled qubit pair subjected to independent noisy quantum channels modeled by completely positive maps. As the verification of Bell inequalities is crucial in device-independent quantum cryptography, our considerations are instructive from the perspective of quantum realizations of nonlocal box pairs. We find that the impact of quantum channels cannot be described by an equivalent classical noise channel. Full article

Healthcare data is often fragmented across different institutions (hospitals, clinics, research centers), creating data silos. Privacy-enhancing technologies (PETs) play a fundamental role in collaborative healthcare analysis, enabling healthcare providers to improve care while protecting patient privacy. By providing a compliant framework for data sharing and research, PETs facilitate collaboration while adhering to stringent regulations like HIPAA and GDPR. This work conducts a comprehensive survey to investigate PETs in healthcare industry. It investigates the privacy requirements and challenges specific to healthcare, and the key enabling PETs are explored. A review of recent research trends that identify challenges, and AI related concerns is presented. Full article

Threshold Multi-Party Private Set Intersection (TMP-PSI) is a cryptographic protocol that enables an element from the receiver’s set to be included in the intersection result if it appears in the sets of at least $t-1$ other participants, where t represents the threshold. This protocol is crucial for a variety of applications, such as anonymous electronic voting, online ride-sharing, and close-contact tracing programs. However, most existing TMP-PSI schemes are designed based on threshold homomorphic encryption, which faces significant challenges, including low computational efficiency and a high number of communication rounds. To overcome these limitations, this study introduces the Threshold Oblivious Pseudo-Random Function (tOPRF) to fulfill the requirements of threshold encryption and decryption. Additionally, we extend the concept of the Oblivious Programmable Pseudo-Random Function (OPPRF) to develop a novel cryptographic primitive termed the Partially OPPRF (P-OPPRF). This new primitive retains the critical properties of obliviousness and randomness, along with the security assurances inherited from the OPPRF, while also offering strong resistance against malicious adversaries. Leveraging this primitive, we propose the first malicious-secure TMP-PSI protocol, named QMP-PSI, specifically designed for applications like anonymous electronic voting systems. The protocol effectively counters collusion attacks among multiple parties, ensuring robust security in multi-party environments. To further enhance voting efficiency, this work presents a cloud-assisted QMP-PSI to outsource the computationally intensive phases. This ensures that the computational overhead for participants is solely dependent on the set size and statistical security parameters, thereby maintaining security while significantly reducing the computational burden on voting participants. Finally, this work validates the protocol’s performance through extensive experiments under various set sizes, participant numbers, and threshold values. The results demonstrate that the protocol surpasses existing schemes, achieving state-of-the-art (SOTA) performance in communication overhead. Notably, in small-scale voting scenarios, it exhibits exceptional performance, particularly when the threshold is small or close to the number of participants. Full article

Scalability and security restrictions are posing new challenges for blockchain networks, especially in the face of Distributed Denial-of-Service (DDoS) attacks and upcoming quantum threats. Previous research also found that post-quantum blockchains, despite their improved cryptographic algorithms, are still vulnerable to DDoS attacks, emphasizing the need for more resilient architectural solutions. This research studies the use of dynamic sharding, an innovative approach for post-quantum blockchains that allows for adaptive division of the network into shards based on workload and network conditions. Unlike static sharding, dynamic sharding optimizes resource allocation in real time, increasing transaction throughput and minimizing DDoS-induced disruptions. We provide a detailed study using Monte Carlo simulations to examine transaction success rates, resource consumption, and fault tolerance for both dynamic sharding-based and non-sharded post-quantum blockchains under simulated DDoS attack scenarios. The findings show that dynamic sharding leads to higher transaction success rates and more efficient resource use than non-sharded infrastructures, even in high-intensity attack scenarios. Furthermore, the combination of dynamic sharding and the Falcon post-quantum signature technique creates a layered strategy that combines cryptographic robustness, scalability, and resilience. This paper provides light on the potential of adaptive blockchain designs to address major scalability and security issues, opening the path for quantum-resilient systems. Full article

Substitution boxes (S-Boxes) function as essential nonlinear elements in contemporary cryptographic systems, offering robust protection against cryptanalytic attacks. This study presents a novel technique for generating compact 8-bit S-Boxes based on multiplication in the Galois Field $GF\left(2^4\right)$. The goal of this method is to create S-Boxes with low hardware implementation cost while ensuring cryptographic properties. Experimental results indicate that the suggested S-Boxes achieve a nonlinearity value of 112, matching the AES S-Box. They also maintain other cryptographic properties, such as the Bit Independence Criterion (BIC), the Strict Avalanche Criterion (SAC), Differential Approximation Probability, and Linear Approximation Probability, within acceptable security thresholds. Notably, compared to existing studies, the proposed S-Box architecture demonstrates enhanced hardware efficiency, significantly reducing resource utilization in implementations. Specifically, the implementation cost of the S-Box consists of 31 XOR gates, 32 two-input AND gates, 6 two-input OR gates, and 2 MUX21s. Moreover, this work provides a thorough assessment of the S-Box, covering cryptographic properties, side channel attacks, and implementation aspects. Furthermore, the study estimates the quantum resource requirements for implementing the S-Box, including an analysis of CNOT, Toffoli, and NOT gate counts. Full article