Cryptography

Over years of development in secure multi-party computation (MPC), many sophisticated functionalities have been made practical, and multi-dimensional operations occur more and more frequently in MPC protocols, especially in protocols involving datasets of vector elements, such as privacy-preserving biometric identification and privacy-preserving machine learning. In this paper, we introduce a new kind of correlation, called tensor triples, which is designed to make multi-dimensional MPC protocols more efficient. We will discuss the generation process, the usage, and the applications of tensor triples and show that they can accelerate privacy-preserving biometric identification protocols, such as FingerCode, Eigenfaces, and FaceNet, by more than 1000 times, with reasonable offline costs, and grant pre-computability for the secure matrix multiplication process in privacy-preserving machine learning protocols, such as SecureML and SecureNN, while achieving similar efficiency. Full article

A dual watermark and DNA image encryption based on a chaotic map is proposed. Firstly, a new discrete chaotic map is proposed, and the dynamic characteristics are analyzed. Then, the hash value changes initial conditions, and the pseudo-random sequence is generated. The encrypted copyright image is fused with the feature value of the original image and then encrypted again to form zero-watermarking, which is registered with the copyright certification authority. The zero-watermarking is taken as a robust watermark and embedded into the original image based on a chaotic sequence to ensure its invisibility. Finally, a cross-mutation DNA encryption is proposed. The experimental results verify the performance of encryption and dual watermark copyright authentication, and the ability to resist attacks. Full article

As the demand for expansive back-end systems in online applications continues to grow, novel frameworks are necessitated to address the escalating operational demands, energy consumption, and associated costs. Traditional Client–Server models, while offering centralized security and reliability, are characterized by their high deployment and maintenance expenses. Conversely, Peer-to-Peer (P2P) models, despite being cost-effective and scalable, are hindered by inherent security and data integrity challenges. Moreover, the lack of a central authority in P2P systems complicates a definitive resolution of scenarios involving stakes, where users cannot withdraw without incurring a tangible loss. In this research work, a hybrid back-end framework is introduced, combining the advantages of both models through the utilization of cryptographic algorithms and Secure Multi-Party Computation (MPC) protocols. The baseline solution is lightweight and fully composable, making it capable of utilizing different more complex slot-in MPC techniques. The proposed framework’s effectiveness is demonstrated through a simplified two-player Spades game, although it is fully generalizable to any application. Evaluations across multiple case studies reveal substantial performance enhancements compared to conventional approaches, particularly post-initialization, highlighting the scheme’s potential as a cost-effective, energy-efficient, and secure solution for modern online applications. Full article

We present the first implementation of an FPGA-based PUF that leverages the usually contradictory requirements of stability and response time. Many state-of-the-art implementations of PUFs are either slow with a low error rate, like the ring oscillator-PUF, or fast with a higher error rate, like the arbiter-PUF. The presented implementation of an eye-opening PUF uses the phase-integrating effect of a ring oscillator to realize the shortest possible response for the required stability of the readout. This principle also allows for new automatic detection of unstable bits based on counting the number of oscillations required until an arbitration is conducted. This first implementation of an eye-opening PUF reduces the bit error rate to a number under our measurement limits, while the readout time is simultaneously kept as low as ≤1.54 μs, with an average of 0.85 μs. In addition, environmental temperature changes are evaluated, and methods for limiting these effects are discussed. Full article

Modular multiplication is a pivotal operation in public-key cryptosystems such as RSA, ElGamal, and ECC. Modular multiplication design is crucial for improving overall system performance due to the large-bit-width operation with high computational complexity. This paper provides a classification of integer multiplication algorithms based on their implementation principles. Furthermore, the core concepts, implementation challenges, and research advancements of multiplication algorithms are systematically summarized. This paper also gives a brief overview of modular reduction algorithms for various types of moduli and discusses the implementation principles, application scenarios, and current research results. Finally, the detailed research development of modular multiplication algorithms in four major classes over prime fields is deeply analyzed and summarized, making it essential as a guide for future research. Full article

Among the multiple important properties that characterize strong S-boxes for symmetric cryptography and are used in their designs, this study focuses on two: the non-linearity property, a classical security metric, and the confusion coefficient variance property, a statistical proxy for side channel resistance under the Hamming weight leakage model. Given an S-box, two sets can be created: the set of affine-shifted S-boxes, where S-boxes have the same non-linearity value, and the set of Hamming weight classes, where S-boxes have the same confusion coefficient variance value. The inherent values of these two properties ensure resistance to cryptographic attacks; however, if the value of one property increases, it will imply a decrease in the value of the other property. In view of the aforementioned fact, attaining a trade-off becomes a complex undertaking. The impetus for this research stems from the following hypothesis: if an initial S-box already exhibits a trade-off, it would be advantageous to employ a method that generates new S-boxes while preserving the balance. A thorough review of the extant literature reveals the absence of any methodology that encompasses the aforementioned elements. The present paper proposes a novel methodology for generating an affine-shifted subset of S-boxes, ensuring that the resulting subset possesses the same confusion coefficient variance value. We provide insights on the optimal search strategy to optimize non-linearity and confusion coefficient variance. The proposed methodology guarantees the preservation of constant values on the designated. It is possible to incorporate these properties into a comprehensive design scheme, in which case the remaining S-box properties are to be examined. We also demonstrate that, despite the fact that this subset contains S-boxes with the theoretical resistance to side channel attacks under the Hamming weight model, the S-boxes are in different Hamming weight classes. Full article

We propose a new framework for compile-time ciphertext synthesis in fully homomorphic encryption (FHE) systems. Instead of invoking encryption algorithms at runtime, our method synthesizes ciphertexts from precomputed encrypted basis vectors using only homomorphic additions, scalar multiplications, and randomized encryptions of zero. This decouples ciphertext generation from encryption and enables efficient batch encoding through algebraic reuse. We formalize this technique as a randomized module morphism and prove that it satisfies IND-CPA security. Our proof uses a hybrid game framework that interpolates between encrypted vector instances and reduces the adversarial advantage to the indistinguishability advantage of the underlying FHE scheme. This reduction structure captures the security implications of ciphertext basis reuse and structured noise injection. The proposed synthesis primitive supports fast, encryption-free ingestion in outsourced database systems and other high-throughput FHE pipelines. It is compatible with standard FHE APIs and preserves layout semantics for downstream homomorphic operations. Full article

Differential cryptanalysis is one of the fundamental cryptanalysis techniques to evaluate the security of the block cipher. In many cases, resistance to differential cryptanalysis is proven through the upper bound of the differential characteristic probability, not the differential probability. Since the attacker uses a differential rather than a differential characteristic, resistance based on a differential characteristic tends to overestimate the security level of the block cipher. Such an overestimation is notably observed in lightweight block ciphers SKINNY, Midori, and CRAFT. In this paper, we examine the gap between the differential characteristics and the differential probability of lightweight block ciphers. We present practical methods for computing differential probability using a multistage graph. Using these methods, we count the exact number of maximum differential characteristics with fixed plaintext/ciphertext difference and activity pattern. By the exact number of maximum differential characteristics, we can calculate the probability that is closer to the real differential probability. In addition, by modifying the method, we compute a more accurate differential probability by considering the characteristics of the lower probability. We find differential distinguishers of 9-round Midori64 with probability $2^{-61.58}$, 9-round SKINNY64 with $2^{-58.67}$ and 14-round CRAFT with $2^{-60.32}$. Furthermore, we find a related-tweakey differential distinguisher of 11-round SKINNY64-64 with $2^{-55.93}$ and a related-tweak differential distinguisher of 17-round CRAFT with probability $2^{-63.37}$. Finally, we explain why these gaps are notable in Midori64, SKINNY64 and CRAFT by relating the S-box differential distribution table. Full article

With the rapid development of the automotive industry, research on the internet of vehicles (IoV) has become a hot topic in the field of automobiles. Considering the privacy of data collected from vehicles, this paper proposes a novel multiparty homomorphic encryption scheme (MHE) for secure multiparty computation without the need for a trusted third party. The scheme ensures efficient computation of data while preserving the privacy of each party’s data. It consists of four phases: construction, computation, recombination, and refreshing. In the recombination phase, the key is reconstructed using a span program, enabling secure computation among participating parties under a semi-honest model. Finally, we compare the proposed scheme with mainstream approaches and conduct experiments within the framework of federated learning. Through both experimental and theoretical analyses, the performance of the proposed scheme is comprehensively evaluated, demonstrating its efficiency and correctness. Full article

In this paper, we present a novel method to solve trivariate polynomial modular equations of the form $x(y^2+Ay+B)+z\equiv 0 (mod e).$ Our approach integrates Coppersmith’s method with lattice basis reduction to efficiently solve the former equation. Several variants of RSA are based on the cubic Pell equation $x^3+f{y}^3+f^2{z}^3-3fxyz\equiv 1 (mod N)$, where f is a cubic nonresidue modulus $N=pq$. In these variants, the public exponent e and the private exponent d satisfy $ed\equiv 1 (mod \psi (N\left)\right)$ with $\psi \left(N\right)=\left(p^2+p+1\right)\left(q^2+q+1\right)$. Moreover, d can be written in the form $d\equiv {\displaystyle \frac{v_0}{z_0}} (mod \psi \left(N\right))$ with any $z_0$ satisfying $gcd(z_0,\psi \left(N\right))=1$. In this paper, we apply our method to attack the variants when $d\equiv {\displaystyle \frac{v_0}{z_0}} (mod \psi \left(N\right))$ and when $|z_0|$ and $|v_0|$ are suitably small. We also show that our method significantly improves the bounds of the private exponents d of the previous attacks on the variants, particularly in the scenario of small private exponents and in the scenarios where partial information about the primes is available. Full article

Traditional key derivation techniques, including the widely adopted PBKDF2, operate with static parameters that do not account for contextual factors such as device capabilities, data sensitivity, or password strength. In this paper, we propose a novel adaptive PBKDF2-based encryption scheme that adjusts its iteration count dynamically based on computational resource index (CRI), data risk level (DRL), and password strength assessment. We present the theoretical model, algorithmic design, and empirical validation of our approach through nine comprehensive experiments, covering performance, scalability, brute-force resistance, entropy quality, and cross-platform consistency. Our results confirm that the adaptive method achieves a secure balance between computational cost and cryptographic strength, outperforming static PBKDF2 in dynamic scenarios. Our framework enhances cryptographic resilience in real-world deployments and offers a forward-compatible foundation for adaptive security solutions. Full article

Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantum cryptography (PQC) public key digital signatures of Dilithium, Falcon, and SPHINCS⁺. Finding common ground to compare these algorithms can be difficult because of their design differences, including the fundamental math problems (lattice-based vs. hash-based). We use a visualization model to show the key/signature size vs. security trade-offs for all PQC algorithms. Our performance analyses compare the algorithms’ computational loads in the execution time. Building on the individual algorithms’ analyses, we analyze the communication costs and implementation overheads when integrated with Public Key Infrastructure (PKI) and with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our results show that the lattice-based algorithms of Dilithium and Falcon induce lower computational overheads than the hash-based algorithms of SPHINCS⁺. In addition, the lattice-based PQC can outperform the classical algorithm with comparable security strength; for example, Dilithium 2 and Falcon 512 outperform RSA 4096 in the TLS handshake time duration. Full article

The broadening adoption of interconnected systems within smart city environments is fundamental for the progression of digitally driven economies, enabling the refinement of city administration, the enhancement of public service delivery, and the fostering of ecologically sustainable progress, thereby aligning with global sustainability benchmarks. However, the pervasive distribution of Internet of things (IoT) apparatuses introduces substantial security risks, attributable to the confidential nature of processed data and the heightened susceptibility to cybernetic intrusions targeting essential infrastructure. Commonly, these devices exhibit deficiencies stemming from restricted computational capabilities and the absence of uniform security standards. The resolution of these security challenges is paramount for the full realization of the advantages afforded by IoT without compromising system integrity. Cryptographic protocols represent the most viable solutions for the mitigation of these security vulnerabilities. However, the limitations inherent in IoT edge nodes complicate the deployment of robust cryptographic algorithms, which are fundamentally reliant on finite-field multiplication operations. Consequently, the streamlined execution of this operation is pivotal, as it will facilitate the effective deployment of encryption algorithms on these resource-limited devices. Therefore, the presented research concentrates on the formulation of a spatially and energetically efficient hardware implementation for the finite-field multiplication operation. The proposed arithmetic unit demonstrates significant improvements in hardware efficiency and energy consumption compared to state-of-the-art designs, while its systolic architecture provides inherent timing-attack resistance through deterministic operation. The regular structure not only enables these performance advantages but also facilitates future integration of error-detection and masking techniques for comprehensive side-channel protection. This combination of efficiency and security makes the multiplier particularly suitable for integration within encryption processors in resource-constrained IoT edge nodes, where it can enable secure data communication in smart city applications without compromising operational effectiveness or urban development goals. Full article

The Ring Oscillator Physical Unclonable Function (RO-PUF) is a hardware security innovation that creates a secure and distinct identifier by utilizing the special physical properties of ring oscillators. Their unique response, low hardware overhead, and difficulty of reproduction are some of the security benefits that make them valuable in safe authentication systems. Numerous developments, such as temperature adjustment methods, aging mitigation, and better architecture and layout, have been created to increase its security, dependability, and efficiency. However, achieving the sacrifice metric makes it challenging to implement with additional complex circuits. This work focuses on stability improvement in terms of the reliability of the RO-PUF in enhanced challenge and response (CRP) by exploiting existing on-chip hard processors. This work establishes only ROs and their counters inside the chip. The built-in microprocessor performs the remaining process using the intermediary process of a Q factor and new frequency mapping. As a result, the reliability improves significantly to 95.8% compared to previous methods. The proper use of resources due to the limitation of on-chip resources has been emphasized by considering that a hard processor exists inside the new FPGA chip. Full article

As more Internet of Things (IoT) devices are being used, more sensitive data and services are also being hosted by, or accessed via, IoT devices. This leads to a need for a stronger authentication solution for the IoT context, and a stronger authentication solution tends to be based on several authentication factors. Existing multi-factor authentication solutions are mostly used for user-to-system identity verification scenarios, whereas, in the IoT context, there are device-to-device communication scenarios. Therefore, more work is necessary to investigate how to facilitate multi-factor authentication for device-to-device interactions. As part of our ongoing work on the design of the M2I (Multi-factor Multilevel and Interaction-based) framework to facilitate multi-factor authentication in IoT, this paper reports an extension to an authentication framework published previously that supports the multi-factor authentication of devices in device-to-device and device-to-multidevice interactions. In this extended framework, four authentication protocols are added to facilitate multi-factor group authentication between IoT devices. Analysis results show that the protocols satisfy the specified security requirements and are resilient against authentication-related attacks. The communication and computation overheads of the protocols are also analyzed and compared with those of IoT group authentication solutions and Kerberos. The results show that the symmetric-key-based version of the proposed protocols cut the communication and computational costs, respectively, by 70∼74% and 89∼92% in comparison with those of Kerberos. Full article

This research investigates the integration of quantum hardware-assisted security into critical applications, including the Industrial Internet-of-Things (IIoT), Smart Grid, and Smart Transportation. The Quantum Physical Unclonable Functions (QPUF) architecture has emerged as a robust security paradigm, harnessing the inherent randomness of quantum hardware to generate unique and tamper-resistant cryptographic fingerprints. This work explores the potential of Quantum Computing for Security-by-Design (SbD) in the Industrial Internet-of-Things (IIoT), aiming to establish security as a fundamental and inherent feature. SbD in Quantum Computing focuses on ensuring the security and privacy of Quantum computing applications by leveraging the fundamental principles of quantum mechanics, which underpin the quantum computing infrastructure. This research presents a scalable and sustainable security framework for the trusted attestation of smart industrial entities in Quantum Industrial Internet-of-Things (QIoT) applications within Industry 4.0. Central to this approach is the QPUF, which leverages quantum mechanical principles to generate unique, tamper-resistant fingerprints. The proposed QPUF circuit logic has been deployed on IBM quantum systems and simulators for validation. The experimental results demonstrate the enhanced randomness and an intra-hamming distance of approximately 50% on the IBM quantum hardware, along with improved reliability despite varying error rates, coherence, and decoherence times. Furthermore, the circuit achieved 100% reliability on Google’s Cirq simulator and 95% reliability on IBM’s quantum simulator, highlighting the QPUF’s potential in advancing quantum-centric security solutions. Full article

The requirement for privacy-aware machine learning increases as we continue to use PII (personally identifiable information) within machine training. To overcome the existing privacy issues, we can apply fully homomorphic encryption (FHE) to encrypt data before they are fed into a machine learning model. This involves generating a homomorphic encryption key pair, where the public key encrypts the input data and the private key decrypts the output. However, there is often a performance hit when we use homomorphic encryption, so this paper evaluates the performance overhead of using an SVM (support vector machine) machine learning technique with the OpenFHE homomorphic encryption library. This uses Python and the scikit-learn library to create an SVM model, which can then be used with homomorphically encrypted data inputs and then produce a homomorphically encrypted result. The experiments include a range of variables, such as multiplication depth, scale size, first modulus size, security level, batch size, and ring dimension, along with two different SVM models, SVM-poly and SVM-linear. Overall, the results show that the two main parameters that affect performance are ring dimension and modulus size, and SVM-poly and SVM-linear show similar performance levels. Full article

The emergence of large-scale quantum computing presents an imminent threat to contemporary public-key cryptosystems, with quantum algorithms such as Shor’s algorithm capable of efficiently breaking RSA and elliptic curve cryptography (ECC). This vulnerability has catalyzed accelerated standardization efforts for post-quantum cryptography (PQC) by the U.S. National Institute of Standards and Technology (NIST) and global security stakeholders. While theoretical security analysis of these quantum-resistant algorithms has advanced considerably, comprehensive real-world performance benchmarks spanning diverse computing environments—from high-performance cloud infrastructure to severely resource-constrained IoT devices—remain insufficient for informed deployment planning. This paper presents the most extensive cross-platform empirical evaluation to date of NIST-selected PQC algorithms, including CRYSTALS-Kyber and NTRU for key encapsulation mechanisms (KEMs), alongside BIKE as a code-based alternative, and CRYSTALS-Dilithium and Falcon for digital signatures. Our systematic benchmarking framework measures computational latency, memory utilization, key sizes, and protocol overhead across multiple security levels (NIST Levels 1, 3, and 5) in three distinct hardware environments and various network conditions. Results demonstrate that contemporary server architectures can implement these algorithms with negligible performance impact (<5% additional latency), making immediate adoption feasible for cloud services. In contrast, resource-constrained devices experience more significant overhead, with computational demands varying by up to 12× between algorithms at equivalent security levels, highlighting the importance of algorithm selection for edge deployments. Beyond standalone algorithm performance, we analyze integration challenges within existing security protocols, revealing that naive implementation of PQC in TLS 1.3 can increase handshake size by up to 7× compared to classical approaches. To address this, we propose and evaluate three optimization strategies that reduce bandwidth requirements by 40–60% without compromising security guarantees. Our investigation further encompasses memory-constrained implementation techniques, side-channel resistance measures, and hybrid classical-quantum approaches for transitional deployments. Based on these comprehensive findings, we present a risk-based migration framework and algorithm selection guidelines tailored to specific use cases, including financial transactions, secure firmware updates, vehicle-to-infrastructure communications, and IoT fleet management. This practical roadmap enables organizations to strategically prioritize systems for quantum-resistant upgrades based on data sensitivity, resource constraints, and technical feasibility. Our results conclusively demonstrate that PQC is deployment-ready for most applications, provided that implementations are carefully optimized for the specific performance characteristics and security requirements of target environments. We also identify several remaining research challenges for the community, including further optimization for ultra-constrained devices, standardization of hybrid schemes, and hardware acceleration opportunities. Full article