Cryptography

We propose a new framework for compile-time ciphertext synthesis in fully homomorphic encryption (FHE) systems. Instead of invoking encryption algorithms at runtime, our method synthesizes ciphertexts from precomputed encrypted basis vectors using only homomorphic additions, scalar multiplications, and randomized encryptions of zero. This decouples ciphertext generation from encryption and enables efficient batch encoding through algebraic reuse. We formalize this technique as a randomized module morphism and prove that it satisfies IND-CPA security. Our proof uses a hybrid game framework that interpolates between encrypted vector instances and reduces the adversarial advantage to the indistinguishability advantage of the underlying FHE scheme. This reduction structure captures the security implications of ciphertext basis reuse and structured noise injection. The proposed synthesis primitive supports fast, encryption-free ingestion in outsourced database systems and other high-throughput FHE pipelines. It is compatible with standard FHE APIs and preserves layout semantics for downstream homomorphic operations. Full article

Differential cryptanalysis is one of the fundamental cryptanalysis techniques to evaluate the security of the block cipher. In many cases, resistance to differential cryptanalysis is proven through the upper bound of the differential characteristic probability, not the differential probability. Since the attacker uses a differential rather than a differential characteristic, resistance based on a differential characteristic tends to overestimate the security level of the block cipher. Such an overestimation is notably observed in lightweight block ciphers SKINNY, Midori, and CRAFT. In this paper, we examine the gap between the differential characteristics and the differential probability of lightweight block ciphers. We present practical methods for computing differential probability using a multistage graph. Using these methods, we count the exact number of maximum differential characteristics with fixed plaintext/ciphertext difference and activity pattern. By the exact number of maximum differential characteristics, we can calculate the probability that is closer to the real differential probability. In addition, by modifying the method, we compute a more accurate differential probability by considering the characteristics of the lower probability. We find differential distinguishers of 9-round Midori64 with probability $2^{-61.58}$, 9-round SKINNY64 with $2^{-58.67}$ and 14-round CRAFT with $2^{-60.32}$. Furthermore, we find a related-tweakey differential distinguisher of 11-round SKINNY64-64 with $2^{-55.93}$ and a related-tweak differential distinguisher of 17-round CRAFT with probability $2^{-63.37}$. Finally, we explain why these gaps are notable in Midori64, SKINNY64 and CRAFT by relating the S-box differential distribution table. Full article

With the rapid development of the automotive industry, research on the internet of vehicles (IoV) has become a hot topic in the field of automobiles. Considering the privacy of data collected from vehicles, this paper proposes a novel multiparty homomorphic encryption scheme (MHE) for secure multiparty computation without the need for a trusted third party. The scheme ensures efficient computation of data while preserving the privacy of each party’s data. It consists of four phases: construction, computation, recombination, and refreshing. In the recombination phase, the key is reconstructed using a span program, enabling secure computation among participating parties under a semi-honest model. Finally, we compare the proposed scheme with mainstream approaches and conduct experiments within the framework of federated learning. Through both experimental and theoretical analyses, the performance of the proposed scheme is comprehensively evaluated, demonstrating its efficiency and correctness. Full article

In this paper, we present a novel method to solve trivariate polynomial modular equations of the form $x(y^2+Ay+B)+z\equiv 0 (mod e).$ Our approach integrates Coppersmith’s method with lattice basis reduction to efficiently solve the former equation. Several variants of RSA are based on the cubic Pell equation $x^3+f{y}^3+f^2{z}^3-3fxyz\equiv 1 (mod N)$, where f is a cubic nonresidue modulus $N=pq$. In these variants, the public exponent e and the private exponent d satisfy $ed\equiv 1 (mod \psi (N\left)\right)$ with $\psi \left(N\right)=\left(p^2+p+1\right)\left(q^2+q+1\right)$. Moreover, d can be written in the form $d\equiv {\displaystyle \frac{v_0}{z_0}} (mod \psi \left(N\right))$ with any $z_0$ satisfying $gcd(z_0,\psi \left(N\right))=1$. In this paper, we apply our method to attack the variants when $d\equiv {\displaystyle \frac{v_0}{z_0}} (mod \psi \left(N\right))$ and when $|z_0|$ and $|v_0|$ are suitably small. We also show that our method significantly improves the bounds of the private exponents d of the previous attacks on the variants, particularly in the scenario of small private exponents and in the scenarios where partial information about the primes is available. Full article

Traditional key derivation techniques, including the widely adopted PBKDF2, operate with static parameters that do not account for contextual factors such as device capabilities, data sensitivity, or password strength. In this paper, we propose a novel adaptive PBKDF2-based encryption scheme that adjusts its iteration count dynamically based on computational resource index (CRI), data risk level (DRL), and password strength assessment. We present the theoretical model, algorithmic design, and empirical validation of our approach through nine comprehensive experiments, covering performance, scalability, brute-force resistance, entropy quality, and cross-platform consistency. Our results confirm that the adaptive method achieves a secure balance between computational cost and cryptographic strength, outperforming static PBKDF2 in dynamic scenarios. Our framework enhances cryptographic resilience in real-world deployments and offers a forward-compatible foundation for adaptive security solutions. Full article

Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantum cryptography (PQC) public key digital signatures of Dilithium, Falcon, and SPHINCS⁺. Finding common ground to compare these algorithms can be difficult because of their design differences, including the fundamental math problems (lattice-based vs. hash-based). We use a visualization model to show the key/signature size vs. security trade-offs for all PQC algorithms. Our performance analyses compare the algorithms’ computational loads in the execution time. Building on the individual algorithms’ analyses, we analyze the communication costs and implementation overheads when integrated with Public Key Infrastructure (PKI) and with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our results show that the lattice-based algorithms of Dilithium and Falcon induce lower computational overheads than the hash-based algorithms of SPHINCS⁺. In addition, the lattice-based PQC can outperform the classical algorithm with comparable security strength; for example, Dilithium 2 and Falcon 512 outperform RSA 4096 in the TLS handshake time duration. Full article

The broadening adoption of interconnected systems within smart city environments is fundamental for the progression of digitally driven economies, enabling the refinement of city administration, the enhancement of public service delivery, and the fostering of ecologically sustainable progress, thereby aligning with global sustainability benchmarks. However, the pervasive distribution of Internet of things (IoT) apparatuses introduces substantial security risks, attributable to the confidential nature of processed data and the heightened susceptibility to cybernetic intrusions targeting essential infrastructure. Commonly, these devices exhibit deficiencies stemming from restricted computational capabilities and the absence of uniform security standards. The resolution of these security challenges is paramount for the full realization of the advantages afforded by IoT without compromising system integrity. Cryptographic protocols represent the most viable solutions for the mitigation of these security vulnerabilities. However, the limitations inherent in IoT edge nodes complicate the deployment of robust cryptographic algorithms, which are fundamentally reliant on finite-field multiplication operations. Consequently, the streamlined execution of this operation is pivotal, as it will facilitate the effective deployment of encryption algorithms on these resource-limited devices. Therefore, the presented research concentrates on the formulation of a spatially and energetically efficient hardware implementation for the finite-field multiplication operation. The proposed arithmetic unit demonstrates significant improvements in hardware efficiency and energy consumption compared to state-of-the-art designs, while its systolic architecture provides inherent timing-attack resistance through deterministic operation. The regular structure not only enables these performance advantages but also facilitates future integration of error-detection and masking techniques for comprehensive side-channel protection. This combination of efficiency and security makes the multiplier particularly suitable for integration within encryption processors in resource-constrained IoT edge nodes, where it can enable secure data communication in smart city applications without compromising operational effectiveness or urban development goals. Full article

The Ring Oscillator Physical Unclonable Function (RO-PUF) is a hardware security innovation that creates a secure and distinct identifier by utilizing the special physical properties of ring oscillators. Their unique response, low hardware overhead, and difficulty of reproduction are some of the security benefits that make them valuable in safe authentication systems. Numerous developments, such as temperature adjustment methods, aging mitigation, and better architecture and layout, have been created to increase its security, dependability, and efficiency. However, achieving the sacrifice metric makes it challenging to implement with additional complex circuits. This work focuses on stability improvement in terms of the reliability of the RO-PUF in enhanced challenge and response (CRP) by exploiting existing on-chip hard processors. This work establishes only ROs and their counters inside the chip. The built-in microprocessor performs the remaining process using the intermediary process of a Q factor and new frequency mapping. As a result, the reliability improves significantly to 95.8% compared to previous methods. The proper use of resources due to the limitation of on-chip resources has been emphasized by considering that a hard processor exists inside the new FPGA chip. Full article

As more Internet of Things (IoT) devices are being used, more sensitive data and services are also being hosted by, or accessed via, IoT devices. This leads to a need for a stronger authentication solution for the IoT context, and a stronger authentication solution tends to be based on several authentication factors. Existing multi-factor authentication solutions are mostly used for user-to-system identity verification scenarios, whereas, in the IoT context, there are device-to-device communication scenarios. Therefore, more work is necessary to investigate how to facilitate multi-factor authentication for device-to-device interactions. As part of our ongoing work on the design of the M2I (Multi-factor Multilevel and Interaction-based) framework to facilitate multi-factor authentication in IoT, this paper reports an extension to an authentication framework published previously that supports the multi-factor authentication of devices in device-to-device and device-to-multidevice interactions. In this extended framework, four authentication protocols are added to facilitate multi-factor group authentication between IoT devices. Analysis results show that the protocols satisfy the specified security requirements and are resilient against authentication-related attacks. The communication and computation overheads of the protocols are also analyzed and compared with those of IoT group authentication solutions and Kerberos. The results show that the symmetric-key-based version of the proposed protocols cut the communication and computational costs, respectively, by 70∼74% and 89∼92% in comparison with those of Kerberos. Full article

This research investigates the integration of quantum hardware-assisted security into critical applications, including the Industrial Internet-of-Things (IIoT), Smart Grid, and Smart Transportation. The Quantum Physical Unclonable Functions (QPUF) architecture has emerged as a robust security paradigm, harnessing the inherent randomness of quantum hardware to generate unique and tamper-resistant cryptographic fingerprints. This work explores the potential of Quantum Computing for Security-by-Design (SbD) in the Industrial Internet-of-Things (IIoT), aiming to establish security as a fundamental and inherent feature. SbD in Quantum Computing focuses on ensuring the security and privacy of Quantum computing applications by leveraging the fundamental principles of quantum mechanics, which underpin the quantum computing infrastructure. This research presents a scalable and sustainable security framework for the trusted attestation of smart industrial entities in Quantum Industrial Internet-of-Things (QIoT) applications within Industry 4.0. Central to this approach is the QPUF, which leverages quantum mechanical principles to generate unique, tamper-resistant fingerprints. The proposed QPUF circuit logic has been deployed on IBM quantum systems and simulators for validation. The experimental results demonstrate the enhanced randomness and an intra-hamming distance of approximately 50% on the IBM quantum hardware, along with improved reliability despite varying error rates, coherence, and decoherence times. Furthermore, the circuit achieved 100% reliability on Google’s Cirq simulator and 95% reliability on IBM’s quantum simulator, highlighting the QPUF’s potential in advancing quantum-centric security solutions. Full article

The requirement for privacy-aware machine learning increases as we continue to use PII (personally identifiable information) within machine training. To overcome the existing privacy issues, we can apply fully homomorphic encryption (FHE) to encrypt data before they are fed into a machine learning model. This involves generating a homomorphic encryption key pair, where the public key encrypts the input data and the private key decrypts the output. However, there is often a performance hit when we use homomorphic encryption, so this paper evaluates the performance overhead of using an SVM (support vector machine) machine learning technique with the OpenFHE homomorphic encryption library. This uses Python and the scikit-learn library to create an SVM model, which can then be used with homomorphically encrypted data inputs and then produce a homomorphically encrypted result. The experiments include a range of variables, such as multiplication depth, scale size, first modulus size, security level, batch size, and ring dimension, along with two different SVM models, SVM-poly and SVM-linear. Overall, the results show that the two main parameters that affect performance are ring dimension and modulus size, and SVM-poly and SVM-linear show similar performance levels. Full article

The emergence of large-scale quantum computing presents an imminent threat to contemporary public-key cryptosystems, with quantum algorithms such as Shor’s algorithm capable of efficiently breaking RSA and elliptic curve cryptography (ECC). This vulnerability has catalyzed accelerated standardization efforts for post-quantum cryptography (PQC) by the U.S. National Institute of Standards and Technology (NIST) and global security stakeholders. While theoretical security analysis of these quantum-resistant algorithms has advanced considerably, comprehensive real-world performance benchmarks spanning diverse computing environments—from high-performance cloud infrastructure to severely resource-constrained IoT devices—remain insufficient for informed deployment planning. This paper presents the most extensive cross-platform empirical evaluation to date of NIST-selected PQC algorithms, including CRYSTALS-Kyber and NTRU for key encapsulation mechanisms (KEMs), alongside BIKE as a code-based alternative, and CRYSTALS-Dilithium and Falcon for digital signatures. Our systematic benchmarking framework measures computational latency, memory utilization, key sizes, and protocol overhead across multiple security levels (NIST Levels 1, 3, and 5) in three distinct hardware environments and various network conditions. Results demonstrate that contemporary server architectures can implement these algorithms with negligible performance impact (<5% additional latency), making immediate adoption feasible for cloud services. In contrast, resource-constrained devices experience more significant overhead, with computational demands varying by up to 12× between algorithms at equivalent security levels, highlighting the importance of algorithm selection for edge deployments. Beyond standalone algorithm performance, we analyze integration challenges within existing security protocols, revealing that naive implementation of PQC in TLS 1.3 can increase handshake size by up to 7× compared to classical approaches. To address this, we propose and evaluate three optimization strategies that reduce bandwidth requirements by 40–60% without compromising security guarantees. Our investigation further encompasses memory-constrained implementation techniques, side-channel resistance measures, and hybrid classical-quantum approaches for transitional deployments. Based on these comprehensive findings, we present a risk-based migration framework and algorithm selection guidelines tailored to specific use cases, including financial transactions, secure firmware updates, vehicle-to-infrastructure communications, and IoT fleet management. This practical roadmap enables organizations to strategically prioritize systems for quantum-resistant upgrades based on data sensitivity, resource constraints, and technical feasibility. Our results conclusively demonstrate that PQC is deployment-ready for most applications, provided that implementations are carefully optimized for the specific performance characteristics and security requirements of target environments. We also identify several remaining research challenges for the community, including further optimization for ultra-constrained devices, standardization of hybrid schemes, and hardware acceleration opportunities. Full article

Homomorphic Encryption (HE) allows secure and privacy-protected computation on encrypted data without the need to decrypt it. Since Shor’s algorithm rendered prime factorisation and discrete logarithm-based ciphers insecure with quantum computations, researchers have been working on building post-quantum homomorphic encryption (PQHE) algorithms. Most of the current PQHE algorithms are secured by Lattice-based problems and there have been limited attempts to build ciphers based on error-correcting code-based problems. This review presents an overview of the current approaches to building PQHE schemes and justifies code-based encryption as a novel way to diversify post-quantum algorithms. We present the mathematical underpinnings of existing code-based cryptographic frameworks and their security and efficiency guarantees. We compare lattice-based and code-based homomorphic encryption solutions identifying challenges that have inhibited the progress of code-based schemes. We finally propose five new research directions to advance post-quantum code-based homomorphic encryption. Full article

Algebraic persistent fault analysis (APFA) combines algebraic analysis with persistent fault analysis, providing a novel approach for examining block cipher implementation security. Since its introduction, APFA has attracted considerable attention. Traditionally, APFA has assumed that fault injection occurs solely within the S-box during the encryption process. Yet, algorithms like PRESENT and AES also utilize S-boxes in the key scheduling phase, sharing the same S-box implementation as encryption. This presents a previously unaddressed challenge for APFA. In this work, we extend APFA’s fault injection and analysis capabilities to encompass the key scheduling stage, validating our approach on PRESENT. Our experimental findings indicate that APFA continues to be a viable approach. However, due to faults arising during the key scheduling process, the number of feasible candidate keys does not converge. To address this challenge, we expanded the depth of our fault analysis without increasing the number of faulty ciphertexts, effectively narrowing the key search space to near-uniqueness. By employing a compact S-box modeling approach, we were able to construct more concise algebraic equations with solving efficiency improvements ranging from tens to hundreds of times for PRESENT, SKINNY and CRAFT block ciphers. The efficiency gains became even more pronounced as the depth of the fault leakage increased, demonstrating the robustness and scalability of our approach. Full article

Virtual reality (VR)/the metaverse is transforming into a ubiquitous technology by leveraging smart devices to provide highly immersive experiences at an affordable price. Cryptographically securing such augmented reality schemes is of paramount importance. Securely transferring the same secret key, i.e., obfuscated, between several parties is the main issue with symmetric cryptography, the workhorse of modern cryptography, because of its ease of use and quick speed. Typically, asymmetric cryptography establishes a shared secret between parties, after which the switch to symmetric encryption can be made. However, several SoTA (State-of-The-Art) security research schemes lack flexibility and scalability for industrial Internet-of-Things (IoT)-sized applications. In this paper, we present the full architecture of the PRIVocular framework. PRIVocular (i.e., PRIV(acy)-ocular) is a VR-ready hardware–software integrated system that is capable of visually transmitting user data over three versatile modes of encapsulation, encrypted—without loss of generality—using an asymmetric-key cryptosystem. These operation modes can be optical character-based or QR-tag-based. Encryption and decryption primarily depend on each mode’s success ratio of correct encoding and decoding. We investigate the most efficient means of ocular (encrypted) data transfer by considering several designs and contributing to each framework component. Our pre-prototyped framework can provide such privacy preservation (namely virtual proof of privacy (VPP)) and visually secure data transfer promptly (<1000 ms), as well as the physical distance of the smart glasses (∼50 cm). Full article

The development of Smart Grids (SGs) is a current trend and an indispensable essential living requirement. Due to economic development and improved quality of life, electricity demand has rapidly increased. However, the power grids in major cities have become outdated, leading to uneven power distribution and frequent power outages. SGs can adjust distribution strategies based on consumers’ real-time electricity demands, which requires continuous transmission of consumer electricity data within the grid. If the privacy and security of these data cannot be ensured, consumers’ habits will be exposed, and unnecessary waste may occur. In this article, we propose a key distribution process based on QKD, enabling entities within the SG to encrypt and authenticate each other’s data, ensuring the security and privacy of communication channels and transmitted data. Full article

We present a new construction of a one-time pad (OTP) with inherent diffusive properties and a redundancy injection mechanism that benefits from them. The construction is based on interpreting the plaintext and key as members of a permutation group in the Lehmer code representation after conversion to factoradic. The so-constructed OTP translates any perturbation of the ciphertext to an unpredictable, metrically large random perturbation of the plaintext. This allows us to provide unconditional integrity assurance without extra key material. The redundancy is injected using Foata’s “pun”: the reading of the one-line representation as the cyclic one; we call this Pseudo Foata Injection. We obtain algorithms of quadratic complexity that implement both mechanisms. Full article

This paper presents a new encryption technique, which combines affine ciphers and the residue number system. This makes it possible to eliminate the shortcomings and vulnerabilities of affine ciphers, which are sensitive to cryptanalysis, using the advantages of the residue number system, i.e., the parallelization of calculation processes, performing operations on low bit numbers, and the linear combination of encrypted residues. A mathematical apparatus and a graphic scheme of affine encryption using the residue number system is developed, and a corresponding example is given. Special cases of affine ciphers such as shift and linear ciphers are considered. The cryptographic strength of the proposed cryptosystem when the moduli are prime numbers is estimated, and an example of its estimation is given. The number of bits and the number of moduli of the residue number system, which ensure the same cryptographic strength as the longest key of the AES algorithm, are determined. Full article