Cryptography, Volume 9, Issue 2 (June 2025) – 15 articles

As more Internet of Things (IoT) devices are being used, more sensitive data and services are also being hosted by, or accessed via, IoT devices. This leads to a need for a stronger authentication solution for the IoT context, and a stronger authentication solution tends to be based on several authentication factors. Existing multi-factor authentication solutions are mostly used for user-to-system identity verification scenarios, whereas, in the IoT context, there are device-to-device communication scenarios. Therefore, more work is necessary to investigate how to facilitate multi-factor authentication for device-to-device interactions. As part of our ongoing work on the design of the M2I (Multi-factor Multilevel and Interaction-based) framework to facilitate multi-factor authentication in IoT, this paper reports an extension to an authentication framework published previously that supports the multi-factor authentication of devices in device-to-device and device-to-multidevice interactions. In this extended framework, four authentication protocols are added to facilitate multi-factor group authentication between IoT devices. Analysis results show that the protocols satisfy the specified security requirements and are resilient against authentication-related attacks. The communication and computation overheads of the protocols are also analyzed and compared with those of IoT group authentication solutions and Kerberos. The results show that the symmetric-key-based version of the proposed protocols cut the communication and computational costs, respectively, by 70∼74% and 89∼92% in comparison with those of Kerberos. Full article

This research investigates the integration of quantum hardware-assisted security into critical applications, including the Industrial Internet-of-Things (IIoT), Smart Grid, and Smart Transportation. The Quantum Physical Unclonable Functions (QPUF) architecture has emerged as a robust security paradigm, harnessing the inherent randomness of quantum hardware to generate unique and tamper-resistant cryptographic fingerprints. This work explores the potential of Quantum Computing for Security-by-Design (SbD) in the Industrial Internet-of-Things (IIoT), aiming to establish security as a fundamental and inherent feature. SbD in Quantum Computing focuses on ensuring the security and privacy of Quantum computing applications by leveraging the fundamental principles of quantum mechanics, which underpin the quantum computing infrastructure. This research presents a scalable and sustainable security framework for the trusted attestation of smart industrial entities in Quantum Industrial Internet-of-Things (QIoT) applications within Industry 4.0. Central to this approach is the QPUF, which leverages quantum mechanical principles to generate unique, tamper-resistant fingerprints. The proposed QPUF circuit logic has been deployed on IBM quantum systems and simulators for validation. The experimental results demonstrate the enhanced randomness and an intra-hamming distance of approximately 50% on the IBM quantum hardware, along with improved reliability despite varying error rates, coherence, and decoherence times. Furthermore, the circuit achieved 100% reliability on Google’s Cirq simulator and 95% reliability on IBM’s quantum simulator, highlighting the QPUF’s potential in advancing quantum-centric security solutions. Full article

The requirement for privacy-aware machine learning increases as we continue to use PII (personally identifiable information) within machine training. To overcome the existing privacy issues, we can apply fully homomorphic encryption (FHE) to encrypt data before they are fed into a machine learning model. This involves generating a homomorphic encryption key pair, where the public key encrypts the input data and the private key decrypts the output. However, there is often a performance hit when we use homomorphic encryption, so this paper evaluates the performance overhead of using an SVM (support vector machine) machine learning technique with the OpenFHE homomorphic encryption library. This uses Python and the scikit-learn library to create an SVM model, which can then be used with homomorphically encrypted data inputs and then produce a homomorphically encrypted result. The experiments include a range of variables, such as multiplication depth, scale size, first modulus size, security level, batch size, and ring dimension, along with two different SVM models, SVM-poly and SVM-linear. Overall, the results show that the two main parameters that affect performance are ring dimension and modulus size, and SVM-poly and SVM-linear show similar performance levels. Full article

The emergence of large-scale quantum computing presents an imminent threat to contemporary public-key cryptosystems, with quantum algorithms such as Shor’s algorithm capable of efficiently breaking RSA and elliptic curve cryptography (ECC). This vulnerability has catalyzed accelerated standardization efforts for post-quantum cryptography (PQC) by the U.S. National Institute of Standards and Technology (NIST) and global security stakeholders. While theoretical security analysis of these quantum-resistant algorithms has advanced considerably, comprehensive real-world performance benchmarks spanning diverse computing environments—from high-performance cloud infrastructure to severely resource-constrained IoT devices—remain insufficient for informed deployment planning. This paper presents the most extensive cross-platform empirical evaluation to date of NIST-selected PQC algorithms, including CRYSTALS-Kyber and NTRU for key encapsulation mechanisms (KEMs), alongside BIKE as a code-based alternative, and CRYSTALS-Dilithium and Falcon for digital signatures. Our systematic benchmarking framework measures computational latency, memory utilization, key sizes, and protocol overhead across multiple security levels (NIST Levels 1, 3, and 5) in three distinct hardware environments and various network conditions. Results demonstrate that contemporary server architectures can implement these algorithms with negligible performance impact (<5% additional latency), making immediate adoption feasible for cloud services. In contrast, resource-constrained devices experience more significant overhead, with computational demands varying by up to 12× between algorithms at equivalent security levels, highlighting the importance of algorithm selection for edge deployments. Beyond standalone algorithm performance, we analyze integration challenges within existing security protocols, revealing that naive implementation of PQC in TLS 1.3 can increase handshake size by up to 7× compared to classical approaches. To address this, we propose and evaluate three optimization strategies that reduce bandwidth requirements by 40–60% without compromising security guarantees. Our investigation further encompasses memory-constrained implementation techniques, side-channel resistance measures, and hybrid classical-quantum approaches for transitional deployments. Based on these comprehensive findings, we present a risk-based migration framework and algorithm selection guidelines tailored to specific use cases, including financial transactions, secure firmware updates, vehicle-to-infrastructure communications, and IoT fleet management. This practical roadmap enables organizations to strategically prioritize systems for quantum-resistant upgrades based on data sensitivity, resource constraints, and technical feasibility. Our results conclusively demonstrate that PQC is deployment-ready for most applications, provided that implementations are carefully optimized for the specific performance characteristics and security requirements of target environments. We also identify several remaining research challenges for the community, including further optimization for ultra-constrained devices, standardization of hybrid schemes, and hardware acceleration opportunities. Full article

Homomorphic Encryption (HE) allows secure and privacy-protected computation on encrypted data without the need to decrypt it. Since Shor’s algorithm rendered prime factorisation and discrete logarithm-based ciphers insecure with quantum computations, researchers have been working on building post-quantum homomorphic encryption (PQHE) algorithms. Most of the current PQHE algorithms are secured by Lattice-based problems and there have been limited attempts to build ciphers based on error-correcting code-based problems. This review presents an overview of the current approaches to building PQHE schemes and justifies code-based encryption as a novel way to diversify post-quantum algorithms. We present the mathematical underpinnings of existing code-based cryptographic frameworks and their security and efficiency guarantees. We compare lattice-based and code-based homomorphic encryption solutions identifying challenges that have inhibited the progress of code-based schemes. We finally propose five new research directions to advance post-quantum code-based homomorphic encryption. Full article

Algebraic persistent fault analysis (APFA) combines algebraic analysis with persistent fault analysis, providing a novel approach for examining block cipher implementation security. Since its introduction, APFA has attracted considerable attention. Traditionally, APFA has assumed that fault injection occurs solely within the S-box during the encryption process. Yet, algorithms like PRESENT and AES also utilize S-boxes in the key scheduling phase, sharing the same S-box implementation as encryption. This presents a previously unaddressed challenge for APFA. In this work, we extend APFA’s fault injection and analysis capabilities to encompass the key scheduling stage, validating our approach on PRESENT. Our experimental findings indicate that APFA continues to be a viable approach. However, due to faults arising during the key scheduling process, the number of feasible candidate keys does not converge. To address this challenge, we expanded the depth of our fault analysis without increasing the number of faulty ciphertexts, effectively narrowing the key search space to near-uniqueness. By employing a compact S-box modeling approach, we were able to construct more concise algebraic equations with solving efficiency improvements ranging from tens to hundreds of times for PRESENT, SKINNY and CRAFT block ciphers. The efficiency gains became even more pronounced as the depth of the fault leakage increased, demonstrating the robustness and scalability of our approach. Full article

Virtual reality (VR)/the metaverse is transforming into a ubiquitous technology by leveraging smart devices to provide highly immersive experiences at an affordable price. Cryptographically securing such augmented reality schemes is of paramount importance. Securely transferring the same secret key, i.e., obfuscated, between several parties is the main issue with symmetric cryptography, the workhorse of modern cryptography, because of its ease of use and quick speed. Typically, asymmetric cryptography establishes a shared secret between parties, after which the switch to symmetric encryption can be made. However, several SoTA (State-of-The-Art) security research schemes lack flexibility and scalability for industrial Internet-of-Things (IoT)-sized applications. In this paper, we present the full architecture of the PRIVocular framework. PRIVocular (i.e., PRIV(acy)-ocular) is a VR-ready hardware–software integrated system that is capable of visually transmitting user data over three versatile modes of encapsulation, encrypted—without loss of generality—using an asymmetric-key cryptosystem. These operation modes can be optical character-based or QR-tag-based. Encryption and decryption primarily depend on each mode’s success ratio of correct encoding and decoding. We investigate the most efficient means of ocular (encrypted) data transfer by considering several designs and contributing to each framework component. Our pre-prototyped framework can provide such privacy preservation (namely virtual proof of privacy (VPP)) and visually secure data transfer promptly (<1000 ms), as well as the physical distance of the smart glasses (∼50 cm). Full article

The development of Smart Grids (SGs) is a current trend and an indispensable essential living requirement. Due to economic development and improved quality of life, electricity demand has rapidly increased. However, the power grids in major cities have become outdated, leading to uneven power distribution and frequent power outages. SGs can adjust distribution strategies based on consumers’ real-time electricity demands, which requires continuous transmission of consumer electricity data within the grid. If the privacy and security of these data cannot be ensured, consumers’ habits will be exposed, and unnecessary waste may occur. In this article, we propose a key distribution process based on QKD, enabling entities within the SG to encrypt and authenticate each other’s data, ensuring the security and privacy of communication channels and transmitted data. Full article

We present a new construction of a one-time pad (OTP) with inherent diffusive properties and a redundancy injection mechanism that benefits from them. The construction is based on interpreting the plaintext and key as members of a permutation group in the Lehmer code representation after conversion to factoradic. The so-constructed OTP translates any perturbation of the ciphertext to an unpredictable, metrically large random perturbation of the plaintext. This allows us to provide unconditional integrity assurance without extra key material. The redundancy is injected using Foata’s “pun”: the reading of the one-line representation as the cyclic one; we call this Pseudo Foata Injection. We obtain algorithms of quadratic complexity that implement both mechanisms. Full article

This paper presents a new encryption technique, which combines affine ciphers and the residue number system. This makes it possible to eliminate the shortcomings and vulnerabilities of affine ciphers, which are sensitive to cryptanalysis, using the advantages of the residue number system, i.e., the parallelization of calculation processes, performing operations on low bit numbers, and the linear combination of encrypted residues. A mathematical apparatus and a graphic scheme of affine encryption using the residue number system is developed, and a corresponding example is given. Special cases of affine ciphers such as shift and linear ciphers are considered. The cryptographic strength of the proposed cryptosystem when the moduli are prime numbers is estimated, and an example of its estimation is given. The number of bits and the number of moduli of the residue number system, which ensure the same cryptographic strength as the longest key of the AES algorithm, are determined. Full article

We present a detailed analysis of the effect of quantum loss and decoherence in the Bell-CHSH scenario. Adopting a device-independent approach, we study the change in the bipartite conditional probability distribution, i.e., the behavior of the realized nonlocal box pair when the elements of the entangled qubit pair subjected to independent noisy quantum channels modeled by completely positive maps. As the verification of Bell inequalities is crucial in device-independent quantum cryptography, our considerations are instructive from the perspective of quantum realizations of nonlocal box pairs. We find that the impact of quantum channels cannot be described by an equivalent classical noise channel. Full article

Healthcare data is often fragmented across different institutions (hospitals, clinics, research centers), creating data silos. Privacy-enhancing technologies (PETs) play a fundamental role in collaborative healthcare analysis, enabling healthcare providers to improve care while protecting patient privacy. By providing a compliant framework for data sharing and research, PETs facilitate collaboration while adhering to stringent regulations like HIPAA and GDPR. This work conducts a comprehensive survey to investigate PETs in healthcare industry. It investigates the privacy requirements and challenges specific to healthcare, and the key enabling PETs are explored. A review of recent research trends that identify challenges, and AI related concerns is presented. Full article

Threshold Multi-Party Private Set Intersection (TMP-PSI) is a cryptographic protocol that enables an element from the receiver’s set to be included in the intersection result if it appears in the sets of at least $t-1$ other participants, where t represents the threshold. This protocol is crucial for a variety of applications, such as anonymous electronic voting, online ride-sharing, and close-contact tracing programs. However, most existing TMP-PSI schemes are designed based on threshold homomorphic encryption, which faces significant challenges, including low computational efficiency and a high number of communication rounds. To overcome these limitations, this study introduces the Threshold Oblivious Pseudo-Random Function (tOPRF) to fulfill the requirements of threshold encryption and decryption. Additionally, we extend the concept of the Oblivious Programmable Pseudo-Random Function (OPPRF) to develop a novel cryptographic primitive termed the Partially OPPRF (P-OPPRF). This new primitive retains the critical properties of obliviousness and randomness, along with the security assurances inherited from the OPPRF, while also offering strong resistance against malicious adversaries. Leveraging this primitive, we propose the first malicious-secure TMP-PSI protocol, named QMP-PSI, specifically designed for applications like anonymous electronic voting systems. The protocol effectively counters collusion attacks among multiple parties, ensuring robust security in multi-party environments. To further enhance voting efficiency, this work presents a cloud-assisted QMP-PSI to outsource the computationally intensive phases. This ensures that the computational overhead for participants is solely dependent on the set size and statistical security parameters, thereby maintaining security while significantly reducing the computational burden on voting participants. Finally, this work validates the protocol’s performance through extensive experiments under various set sizes, participant numbers, and threshold values. The results demonstrate that the protocol surpasses existing schemes, achieving state-of-the-art (SOTA) performance in communication overhead. Notably, in small-scale voting scenarios, it exhibits exceptional performance, particularly when the threshold is small or close to the number of participants. Full article

Scalability and security restrictions are posing new challenges for blockchain networks, especially in the face of Distributed Denial-of-Service (DDoS) attacks and upcoming quantum threats. Previous research also found that post-quantum blockchains, despite their improved cryptographic algorithms, are still vulnerable to DDoS attacks, emphasizing the need for more resilient architectural solutions. This research studies the use of dynamic sharding, an innovative approach for post-quantum blockchains that allows for adaptive division of the network into shards based on workload and network conditions. Unlike static sharding, dynamic sharding optimizes resource allocation in real time, increasing transaction throughput and minimizing DDoS-induced disruptions. We provide a detailed study using Monte Carlo simulations to examine transaction success rates, resource consumption, and fault tolerance for both dynamic sharding-based and non-sharded post-quantum blockchains under simulated DDoS attack scenarios. The findings show that dynamic sharding leads to higher transaction success rates and more efficient resource use than non-sharded infrastructures, even in high-intensity attack scenarios. Furthermore, the combination of dynamic sharding and the Falcon post-quantum signature technique creates a layered strategy that combines cryptographic robustness, scalability, and resilience. This paper provides light on the potential of adaptive blockchain designs to address major scalability and security issues, opening the path for quantum-resilient systems. Full article

Substitution boxes (S-Boxes) function as essential nonlinear elements in contemporary cryptographic systems, offering robust protection against cryptanalytic attacks. This study presents a novel technique for generating compact 8-bit S-Boxes based on multiplication in the Galois Field $GF\left(2^4\right)$. The goal of this method is to create S-Boxes with low hardware implementation cost while ensuring cryptographic properties. Experimental results indicate that the suggested S-Boxes achieve a nonlinearity value of 112, matching the AES S-Box. They also maintain other cryptographic properties, such as the Bit Independence Criterion (BIC), the Strict Avalanche Criterion (SAC), Differential Approximation Probability, and Linear Approximation Probability, within acceptable security thresholds. Notably, compared to existing studies, the proposed S-Box architecture demonstrates enhanced hardware efficiency, significantly reducing resource utilization in implementations. Specifically, the implementation cost of the S-Box consists of 31 XOR gates, 32 two-input AND gates, 6 two-input OR gates, and 2 MUX21s. Moreover, this work provides a thorough assessment of the S-Box, covering cryptographic properties, side channel attacks, and implementation aspects. Furthermore, the study estimates the quantum resource requirements for implementing the S-Box, including an analysis of CNOT, Toffoli, and NOT gate counts. Full article