Cryptography

32 pages, 33846 KB

Open AccessArticle

Unbreakable QR Code Watermarks: A High-Robustness Technique for Digital Image Security Using DWT, SVD, and Schur Factorization

by Bashar Suhail Khassawneh, Issa AL-Aiash, Mahmoud AlJamal, Omar Aljamal, Latifa Abdullah Almusfar, Bashair Faisal AlThani and Waad Aldossary

Cryptography 2026, 10(1), 4; https://doi.org/10.3390/cryptography10010004 - 30 Dec 2025

Abstract

In the digital era, protecting the integrity and ownership of digital content is increasingly crucial, particularly against unauthorized copying and tampering. Traditional watermarking techniques often struggle to remain robust under various image manipulations, leading to a need for more resilient methods. To address [...] Read more.

In the digital era, protecting the integrity and ownership of digital content is increasingly crucial, particularly against unauthorized copying and tampering. Traditional watermarking techniques often struggle to remain robust under various image manipulations, leading to a need for more resilient methods. To address this challenge, we propose a novel watermarking technique that integrates the Discrete Wavelet Transform (DWT), Singular Value Decomposition (SVD), and Schur matrix factorization to embed a QR code as a watermark into digital images. Our method was rigorously tested across a range of common image attacks, including histogram equalization, salt-and-pepper noise, ripple distortions, smoothing, and extensive cropping. The results demonstrate that our approach significantly outperforms existing methods, achieving high normalized correlation (NC) values such as 0.9949 for histogram equalization, 0.9846 for salt-and-pepper noise (2%), 0.96063 for ripple distortion, 0.9670 for smoothing, and up to 0.9995 under 50% cropping. The watermark consistently maintained its integrity and scannability under all tested conditions, making our method a reliable solution for enhancing digital copyright protection. Full article

(This article belongs to the Special Issue Advanced Techniques in Watermarking, Encryption and Steganography for Secure Communication)

► Show Figures

Figure 1

18 pages, 325 KB

Open AccessArticle

Large Pages, Large Leaks? Hugepage-Induced Side-Channels vs. Performance Improvements in Cryptographic Computations

by Xinyao Li and Akhilesh Tyagi

Cryptography 2026, 10(1), 3; https://doi.org/10.3390/cryptography10010003 - 30 Dec 2025

Abstract

Side-channel attacks leveraging microarchitectural components such as caches and translation lookaside buffers (TLBs) pose increasing risks to cryptographic and machine-learning workloads. This paper presents a comparative study of performance and side-channel leakage under two page-size configurations—standard 4 KB pages and 2 MB huge [...] Read more.

Side-channel attacks leveraging microarchitectural components such as caches and translation lookaside buffers (TLBs) pose increasing risks to cryptographic and machine-learning workloads. This paper presents a comparative study of performance and side-channel leakage under two page-size configurations—standard 4 KB pages and 2 MB huge pages—using paired attacker–victim experiments instrumented with both Performance Monitoring Unit (PMU) counters and precise per-access timing using rdtscp(). The victim executes repeated, key-dependent memory accesses across eight cryptographic modes (AES, ChaCha20, RSA, and ECC variants) while the attacker records eight PMU features per access (cpu-cycles, instructions, cache-references, cache-misses, etc.) and precise rdtscp() timing. The resulting traces are analyzed using a multilayer perceptron classifier to quantify key-dependent leakage. Results show that the 2 MB huge-page configuration achieves a comparable key-classification accuracy (mean 0.79 vs. 0.77 for 4 KB) while reducing average CPU cycles by approximately 11%. Page-index identification remains near random chance (3.6–3.7% for PMU side-channels and 1.5% for timing side-channel), indicating no increase in measurable leakage at the page level. These findings suggest that huge-page mappings can improve runtime efficiency without amplifying observable side-channel vulnerabilities, offering a practical configuration for balancing performance and security in user-space cryptographic workloads. Full article

(This article belongs to the Section Hardware Security)

► Show Figures

Figure 1

14 pages, 319 KB

Open AccessArticle

AI-Enhanced Perceptual Hashing with Blockchain for Secure and Transparent Digital Copyright Management

by Zhaoxiong Meng, Rukui Zhang, Bin Cao, Meng Zhang, Yajun Li, Huhu Xue and Meimei Yang

Cryptography 2026, 10(1), 2; https://doi.org/10.3390/cryptography10010002 - 29 Dec 2025

Abstract

This study presents a novel framework for digital copyright management that integrates AI-enhanced perceptual hashing, blockchain technology, and digital watermarking to address critical challenges in content protection and verification. Traditional watermarking approaches typically employ content-independent metadata and rely on centralized authorities, introducing risks [...] Read more.

This study presents a novel framework for digital copyright management that integrates AI-enhanced perceptual hashing, blockchain technology, and digital watermarking to address critical challenges in content protection and verification. Traditional watermarking approaches typically employ content-independent metadata and rely on centralized authorities, introducing risks of tampering and operational inefficiencies. The proposed system utilizes a pre-trained convolutional neural network (CNN) to generate a robust, content-based perceptual hash value, which serves as an unforgeable watermark intrinsically linked to the image content. This hash is embedded as a QR code in the frequency domain and registered on a blockchain, ensuring tamper-proof timestamping and comprehensive traceability. The blockchain infrastructure further enables verification of multiple watermark sequences, thereby clarifying authorship attribution and modification history. Experimental results demonstrate high robustness against common image modifications, strong discriminative capabilities, and effective watermark recovery, supported by decentralized storage via the InterPlanetary File System (IPFS). The framework provides a transparent, secure, and efficient solution for digital rights management, with potential future enhancements including post-quantum cryptography integration. Full article

(This article belongs to the Special Issue Interdisciplinary Cryptography)

► Show Figures

Figure 1

25 pages, 709 KB

Open AccessArticle

DLR-Auth: A Decentralized Lightweight and Revocable Authentication Framework for the Industrial Internet of Things

by Yijia Dai, Yitong Li, Ye Yuan, Xianwei Gao, Cong Bian and Meici Liu

Cryptography 2026, 10(1), 1; https://doi.org/10.3390/cryptography10010001 - 20 Dec 2025

Abstract

The integration of operational technology (OT) and information technology (IT) within the Industrial Internet of Things (IIoT) has posed prominent security challenges for resource-constrained devices. Existing authentication architectures often suffer from critical vulnerabilities: one is their reliance on centralized trusted third parties, which [...] Read more.

The integration of operational technology (OT) and information technology (IT) within the Industrial Internet of Things (IIoT) has posed prominent security challenges for resource-constrained devices. Existing authentication architectures often suffer from critical vulnerabilities: one is their reliance on centralized trusted third parties, which creates single points of failure; the other is their use of static credentials like biometrics, which pose severe privacy risks if compromised. To address these limitations, this paper proposes DLR-Auth, which combines chaotic synchronization of semiconductor superlattice physically unclonable functions (SSL-PUFs) with Shamir’s secret sharing (SSS) to enable decentralized registration and revocable templates. Notably, DLR-Auth is a two-party authentication framework that removes the need for a separate online registration authority that operates directly between a user device (

U D_{i}

) and a server (S). In our setting, the server S still acts as the central relying party and hardware authority embedding the matched SSL-PUF module. The protocol also includes an efficient multi-access mechanism optimized for high-frequency interactions. Formal security analysis with the Real-or-Random (ROR) model proves the semantic security of the session key, while performance evaluations demonstrate that DLR-Auth has significant advantages in computational and communication efficiency. DLR-Auth thus offers a robust, scalable, lightweight solution for next-generation secure IIoT systems. Full article

► Show Figures

Figure 1

20 pages, 809 KB

Open AccessArticle

Role-Based Efficient Proactive Secret Sharing with User Revocation

by Yixuan He, Yuta Kodera, Yasuyuki Nogami and Samsul Huda

Cryptography 2025, 9(4), 80; https://doi.org/10.3390/cryptography9040080 - 11 Dec 2025

Abstract

Proactive secret sharing (PSS), an extension of secret-sharing schemes, safeguards sensitive data in dynamic distributed networks by periodically refreshing shares to counter adversarial attacks. In our previous work, we constructed a non-interactive proactive secret scheme by integrating threshold homomorphic encryption (ThHE) while reducing [...] Read more.

Proactive secret sharing (PSS), an extension of secret-sharing schemes, safeguards sensitive data in dynamic distributed networks by periodically refreshing shares to counter adversarial attacks. In our previous work, we constructed a non-interactive proactive secret scheme by integrating threshold homomorphic encryption (ThHE) while reducing the communication complexity to

O (n)

. Not only is refreshing shares important but revoking the shares of users who have left the system is also essential in practical dynamic membership scenarios. However, the previous work was insufficient for supporting explicit user revocation. This study strengthens the description of roles for authorized users and proposes a scheme to achieve non-interactive share refresh and dynamic user management. In each epoch, authorized users are classified into three roles: retain, newly join, and rejoin, and they receive a broadcast of the compact ciphertext encoding both the refresh information and the revocation instructions from the trusted center (dealer). Authorized users independently derive new shares through homomorphic computations, whereas revoked users are unable to generate new shares. Hash functions are used to bind revocation parameters to the cryptographic hashes of valid users in order to guarantee integrity during revocation, allowing for effective verification without compromising non-interactivity. Our new scheme not only extends the revocation structure but also preserves the

O (n)

communication complexity. Full article

► Show Figures

Figure 1

23 pages, 442 KB

Open AccessArticle

Efficient CCA2-Secure IBKEM from Lattices in the Standard Model

by Ngoc Ai Van Nguyen, Dung Hoang Duong and Minh Thuy Truc Pham

Cryptography 2025, 9(4), 79; https://doi.org/10.3390/cryptography9040079 - 10 Dec 2025

Abstract

Recent work at SCN 2020 by Boyen, Izabachène, and Li introduced a lattice-based key-encapsulation mechanism (KEM) that achieves CCA2-security in the standard model without relying on generic transformations. Their proof, however, leaves a few gaps that prevent a fully rigorous security justification. Building [...] Read more.

Recent work at SCN 2020 by Boyen, Izabachène, and Li introduced a lattice-based key-encapsulation mechanism (KEM) that achieves CCA2-security in the standard model without relying on generic transformations. Their proof, however, leaves a few gaps that prevent a fully rigorous security justification. Building on the same design rationale, we revisit that construction and refine it to obtain a more compact and provably secure KEM under the Learning With Errors assumption. Furthermore, we extend this framework to derive an identity-based variant (IBKEM) whose security is established in the same model. The resulting schemes combine conceptual simplicity with improved efficiency and complete proofs of adaptive-ciphertext security. Full article

16 pages, 434 KB

Open AccessArticle

Flexible and Area-Efficient Codesign Implementation of AES on FPGA

by Oussama Azzouzi, Mohamed Anane, Mohamed Chahine Ghanem, Yassine Himeur and Dominik Wojtczak

Cryptography 2025, 9(4), 78; https://doi.org/10.3390/cryptography9040078 - 1 Dec 2025

Cited by 1

Abstract

As embedded and IoT systems demand secure and compact encryption, developing cryptographic solutions that are both lightweight and efficient remains a major challenge. Many existing AES implementations either lack flexibility or consume excessive hardware resources. This paper presents an area-efficient and flexible AES-128 [...] Read more.

As embedded and IoT systems demand secure and compact encryption, developing cryptographic solutions that are both lightweight and efficient remains a major challenge. Many existing AES implementations either lack flexibility or consume excessive hardware resources. This paper presents an area-efficient and flexible AES-128 implementation based on a hardware/software (HW/SW) co-design, specifically optimized for platforms with limited hardware resources, resulting in reduced power consumption. In this approach, key expansion is performed in software on a lightweight MicroBlaze processor, while encryption and decryption are accelerated by dedicated hardware IP cores optimized at the Look-up Table (LuT) level. The design is implemented on a Xilinx XC5VLX50T Virtex-5 FPGA, synthesized using Xilinx ISE 14.7, and tested at a 100 MHz system clock. It achieves a throughput of 13.3 Gbps and an area efficiency of 5.44 Gbps per slice, requiring only 2303 logic slices and 7 BRAMs on a Xilinx FPGA. It is particularly well-suited for resource-constrained applications such as IoT nodes, secure mobile devices, and smart cards. Since key expansion is executed only once per session, the runtime is dominated by AES core operations, enabling efficient processing of large data volumes. Although the present implementation targets AES-128, the HW/SW partitioning allows straightforward extension to AES-192 and AES-256 by modifying only the software Key expansion module, ensuring practical scalability with no hardware changes. Moreover, the architecture offers a balanced trade-off between performance, flexibility and resource utilization without relying on complex pipelining. Experimental results demonstrate the effectiveness and flexibility of the proposed lightweight design. Full article

► Show Figures

Figure 1

25 pages, 857 KB

Open AccessArticle

Evaluation of the Impact of AES Encryption on Query Read Performance Across Oracle, MySQL, and SQL Server Databases

by Márcio Carvalho, Filipe Sá and Jorge Bernardino

Cryptography 2025, 9(4), 77; https://doi.org/10.3390/cryptography9040077 - 29 Nov 2025

Abstract

Data security is essential for protecting sensitive information that could compromise both the sender and the receiver. Encryption mechanisms, such as the Advanced Encryption Standard (AES), play a key role in this protection. However, encrypting or decrypting data can significantly impact the performance [...] Read more.

Data security is essential for protecting sensitive information that could compromise both the sender and the receiver. Encryption mechanisms, such as the Advanced Encryption Standard (AES), play a key role in this protection. However, encrypting or decrypting data can significantly impact the performance of the database. This study aims to evaluate the impact of AES on the performance of SQL Server, Oracle, and MySQL when using Transparent Data Encryption (TDE) with the Transaction Processing Performance Council-H (TPC-H) benchmark at different Scale Factors. Performance was assessed using metrics such as elapsed time and system resource usage. In terms of scalability and performance efficiency, SQL Server proved to be the best among the databases tested. However, TDE introduced performance overhead compared to non-encryption test cases. Full article

► Show Figures

Figure 1

27 pages, 5275 KB

Open AccessArticle

Verifiable Multi-Authority Attribute-Based Encryption with Keyword Search Based on MLWE

by Saba Karimani and Taraneh Eghlidos

Cryptography 2025, 9(4), 76; https://doi.org/10.3390/cryptography9040076 - 28 Nov 2025

Abstract

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often [...] Read more.

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often suffer from limited security and functionality, such as lack of verifiability, vulnerability to collusion, and insider keyword-guessing attacks (IKGA), or inefficiency in multi-authority and post-quantum settings, restricting their practical deployment in real-world distributed systems. In this paper, we propose a verifiable ciphertext-policy multi-authority ABKS (MA-CP-ABKS) scheme based on the Module Learning with Errors (MLWE) problem, which provides post-quantum security, verifiability, and resistance to both collusion and IKGA. Moreover, the proposed scheme supports multi-keyword searchability and forward security, enabling secure and efficient keyword search in dynamic environments. We formally prove the correctness, verifiability, completeness, and security of the scheme under the MLWE assumption against selective chosen-keyword attacks (SCKA) in the standard model and IKGA in the random oracle model. The scheme also maintains efficient computation and manageable communication overhead. Implementation results confirm its practical performance, demonstrating that the proposed MA-CP-ABKS scheme offers a secure, verifiable, and efficient solution for multi-organizational cloud environments. Full article

► Show Figures

Figure 1

16 pages, 720 KB

Open AccessArticle

STAR: Self-Training Assisted Refinement for Side-Channel Analysis on Cryptosystems

by Yuheng Qian, Jing Gao, Yuhan Qian, Yaoling Ding and An Wang

Cryptography 2025, 9(4), 75; https://doi.org/10.3390/cryptography9040075 - 27 Nov 2025

Abstract

Reconstructing cryptographic operation sequences through side-channel analysis is essential for recovering private keys, but practical attacks are hindered by unlabeled, noisy, and high-dimensional power traces that challenge accurate classification. To address this, we propose STAR, a two-stage unsupervised clustering correction framework. First, a [...] Read more.

Reconstructing cryptographic operation sequences through side-channel analysis is essential for recovering private keys, but practical attacks are hindered by unlabeled, noisy, and high-dimensional power traces that challenge accurate classification. To address this, we propose STAR, a two-stage unsupervised clustering correction framework. First, a Gaussian Mixture Model (GMM) performs an initial clustering to generate reliable pseudo-labels from high-confidence samples. Next, a self-training mechanism uses these pseudo-labels to train a Convolutional Neural Network (CNN), which then iteratively reclassifies low-confidence samples to refine the entire dataset. Validated on standard ECC, RSA, and SM2 datasets, our framework achieved 100% classification accuracy, demonstrating a significant improvement of 12% to 48% over state-of-the-art methods. These findings confirm that STAR is an effective and robust framework for enhancing the precision of unsupervised side-channel analysis, thereby strengthening key recovery attacks. Full article

(This article belongs to the Section Hardware Security)

► Show Figures

Figure 1

34 pages, 1196 KB

Open AccessReview

A Review on Blockchain-Based Trust and Reputation Schemes in Metaverse Environments

by Firdous Kausar, Hafiz M. Asif, Sajid Hussain and Shahid Mumtaz

Cryptography 2025, 9(4), 74; https://doi.org/10.3390/cryptography9040074 - 25 Nov 2025

Abstract

The metaverse represents a transformative integration of virtual and physical worlds, offering unprecedented opportunities for social interaction, commerce, education, healthcare, and entertainment. Establishing trust in these expansive and decentralized environments remains a critical challenge. Blockchain technology, with its decentralized, secure, and immutable nature, [...] Read more.

The metaverse represents a transformative integration of virtual and physical worlds, offering unprecedented opportunities for social interaction, commerce, education, healthcare, and entertainment. Establishing trust in these expansive and decentralized environments remains a critical challenge. Blockchain technology, with its decentralized, secure, and immutable nature, is emerging as an essential pillar of trust and digital asset ownership within the metaverse. This paper provides an extensive review of blockchain-enabled trust and reputation frameworks specifically tailored to metaverse ecosystems. We present an in-depth analysis of existing blockchain solutions across diverse metaverse domains, including gaming, virtual real estate, healthcare, and education. Our core contributions include a comprehensive taxonomy that classifies current trust and reputation schemes by their underlying mechanisms, threat models addressed, and their architectural strategies. We provide a comparative benchmark analysis evaluating key performance metrics such as security robustness, scalability, user privacy, and cross-platform interoperability, revealing critical trade-offs inherent in current designs. Our analysis finds that score-based designs trade scalability for nuanced reputation representation, while SSI- and SBT-based approaches improve Sybil-resistance but introduce significant privacy governance challenges. Finally, we outline unresolved research challenges, including cross-platform reputation portability, privacy-preserving computation, real-time trust management, and standardized governance structures. Full article

(This article belongs to the Section Blockchain Security)

► Show Figures

Figure 1

24 pages, 1028 KB

Open AccessArticle

Post-Quantum Key Exchange in TLS 1.3: Further Analysis on Performance of New Cryptographic Standards

by Konstantina Souvatzidaki and Konstantinos Limniotis

Cryptography 2025, 9(4), 73; https://doi.org/10.3390/cryptography9040073 - 21 Nov 2025

Abstract

The emergence of quantum computing presents a significant threat to classical cryptographic primitives, particularly those employed in securing internet communications via widely used protocols such as Transport Layer Security (TLS). As conventional key exchange mechanisms will become increasingly vulnerable in the post-quantum era, [...] Read more.

The emergence of quantum computing presents a significant threat to classical cryptographic primitives, particularly those employed in securing internet communications via widely used protocols such as Transport Layer Security (TLS). As conventional key exchange mechanisms will become increasingly vulnerable in the post-quantum era, the integration of post-quantum cryptographic (PQC) algorithms into existing security protocols is of utmost importance. This study investigates the impact of incorporating PQC key encapsulation mechanisms—specifically, the recent standards CRYSTALS-Kyber and HQC, in conjunction with the candidate standard BIKE—into the TLS 1.3 handshake. A comprehensive experimental evaluation was conducted to measure handshake latency under emulated network conditions with varying packet loss probabilities. The findings offer useful insights into the performance trade-offs introduced by PQC integration and further highlight the necessity of a timely transition to post-quantum cryptographic standards. Full article

► Show Figures

Figure 1

30 pages, 2917 KB

Open AccessArticle

A Post-Quantum Cryptography Enabled Feature-Level Fusion Framework for Privacy-Preserving Multimodal Biometric Recognition

by David Palma and Pier Luca Montessoro

Cryptography 2025, 9(4), 72; https://doi.org/10.3390/cryptography9040072 - 19 Nov 2025

Abstract

As quantum computing continues to advance, it threatens the long-term protection of traditional cryptographic methods, especially in biometric authentication systems where it is important to protect sensitive data. To overcome this challenge, we present a comprehensive, privacy-preserving framework for multimodal biometric authentication that [...] Read more.

As quantum computing continues to advance, it threatens the long-term protection of traditional cryptographic methods, especially in biometric authentication systems where it is important to protect sensitive data. To overcome this challenge, we present a comprehensive, privacy-preserving framework for multimodal biometric authentication that can easily integrate any two binary-encoded modalities through feature-level fusion, ensuring that all sensitive information remains encrypted under a CKKS-based homomorphic encryption scheme resistant to both classical and quantum-enabled attacks. To demonstrate its versatility and effectiveness, we apply this framework to the retinal vascular patterns and palm vein features, which are inherently spoof-resistant and particularly well suited to high-security applications. This method not only ensures the secrecy of the combined biometric sample, but also enables the complete assessment of recognition performance and resilience against adversarial attacks. The results show that our approach provides protection against threats such as data leakage and replay attacks while maintaining high recognition performance and operational efficiency. These findings demonstrate the feasibility of integrating multimodal biometrics with post-quantum cryptography, giving a strong, privacy-oriented authentication solution suitable for mission-critical applications in the post-quantum era. Full article

► Show Figures

Figure 1

22 pages, 958 KB

Open AccessArticle

A Privacy-Preserving Scheme for V2V Double Auction Power Trading Based on Heterogeneous Signcryption and IoV

by Shaomin Zhang, Yiheng Huang and Baoyi Wang

Cryptography 2025, 9(4), 71; https://doi.org/10.3390/cryptography9040071 - 11 Nov 2025

Abstract

As electric vehicles (EVs) gain popularity, the existing public charging infrastructure is struggling to keep pace with the rapidly growing demand for the immediate charging needs of EVs. V2V power trading has gradually attracted widespread attention and development. EVs need to transmit sensitive [...] Read more.

As electric vehicles (EVs) gain popularity, the existing public charging infrastructure is struggling to keep pace with the rapidly growing demand for the immediate charging needs of EVs. V2V power trading has gradually attracted widespread attention and development. EVs need to transmit sensitive information, such as transaction plans, through communication entities in the Internet of Vehicles (IoV). This could lead to leaks of sensitive information, thereby threatening the fairness of transactions. In addition, due to the differences in the cryptographic systems of entities, communication between entities faces challenges. Therefore, a privacy-preserving scheme for V2V double auction power trading based on heterogeneous signcryption and IoV is proposed. Firstly, a heterogeneous signcryption algorithm is designed to realize secure communication from certificateless cryptography to identity-based cryptography. Secondly, the scheme employs a pseudonym mechanism to protect the real identities of EVs. Furthermore, a verification algorithm is designed to verify the information sent by EVs and ensure the traceability and revocation of malicious EVs. The theoretical analysis shows that the proposed scheme could serve common security functions, and the experiment demonstrates that the proposed scheme reduces communication costs by about 14.56% and the computational cost of aggregate decryption by 80.51% compared with other schemes in recent years. Full article

► Show Figures

Figure 1

28 pages, 415 KB

Open AccessArticle

A Scalable Symmetric Cryptographic Scheme Based on Latin Square, Permutations, and Reed-Muller Codes for Resilient Encryption

by Hussain Ahmad and Carolin Hannusch

Cryptography 2025, 9(4), 70; https://doi.org/10.3390/cryptography9040070 - 31 Oct 2025

Abstract

Symmetric cryptography is essential for secure communication as it ensures confidentiality by using shared secret keys. This paper proposes a novel substitution-permutation network (SPN) that integrates Latin squares, permutations, and Reed-Muller (RM) codes to achieve robust security and resilience. As an adaptive design [...] Read more.

Symmetric cryptography is essential for secure communication as it ensures confidentiality by using shared secret keys. This paper proposes a novel substitution-permutation network (SPN) that integrates Latin squares, permutations, and Reed-Muller (RM) codes to achieve robust security and resilience. As an adaptive design using binary representation with base-n Latin square mappings for non-linear substitutions, it supports any n (Codeword length and Latin square order), k (RM code dimension), d (RM code minimum distance) parameters aligned with the Latin square and

RM (n, k, d)

codes. The scheme employs

2 {log}_{2} n

-round transformations using

{log}_{2} n

permutations

ρ_{z}

, where in the additional

{log}_{2} n

rounds, row and column pairs are swapped for each pair of rounds, with key-dependent

π_{z}

permutations for round outputs and fixed

ρ_{z}

permutations for codeword shuffling, ensuring strong diffusion. The scheme leverages dynamic Latin square substitutions for confusion and a vast key space, with permutations ensuring strong diffusion and

RM (n, k, d)

codes correcting transmission errors and enhancing robustness against fault-based attacks. Precomputed components optimize deployment efficiency. The paper presents mathematical foundations, security primitives, and experimental results, including avalanche effect analysis, demonstrating flexibility and balancing enhanced security with computational and storage overhead. Full article

23 pages, 1008 KB

Open AccessArticle

A Lightweight Decentralized Medical Data Sharing Scheme with Dual Verification

by Shaobo Zhang, Yijie Yin, Nangui Chen and Honghui Ning

Cryptography 2025, 9(4), 69; https://doi.org/10.3390/cryptography9040069 - 30 Oct 2025

Abstract

The rapid growth of smart healthcare improves medical efficiency through electronic data sharing but introduces security risks like privacy leaks and data tampering. However, existing ciphertext-policy attribute-based encryption faces challenges such as single points of failure, weak authentication, and inadequate integrity protection, hindering [...] Read more.

The rapid growth of smart healthcare improves medical efficiency through electronic data sharing but introduces security risks like privacy leaks and data tampering. However, existing ciphertext-policy attribute-based encryption faces challenges such as single points of failure, weak authentication, and inadequate integrity protection, hindering secure, efficient medical data sharing. Therefore, we propose LDDV, a lightweight decentralized medical data sharing scheme with dual verification. LDDV constructs a lightweight multi-authority collaborative key management architecture based on elliptic curve cryptography, which eliminates the risk of single point of failure and balances reliability and efficiency. Meanwhile, a lightweight dual verification mechanism based on elliptic curve digital signature provides identity authentication and data integrity verification. Security analysis and experimental results show that LDDV achieves 28–42% faster decryption speeds compared to existing schemes and resists specific threats such as chosen plaintext attacks. Full article

► Show Figures

Figure 1

33 pages, 4531 KB

Open AccessArticle

Enhancing Multi-Factor Authentication with Templateless 2D/3D Biometrics and PUF Integration for Securing Smart Devices

by Saloni Jain, Amisha Bagri, Maxime Cambou, Dina Ghanai Miandoab and Bertrand Cambou

Cryptography 2025, 9(4), 68; https://doi.org/10.3390/cryptography9040068 - 27 Oct 2025

Abstract

Secure authentication in smart device ecosystems remains a critical challenge, particularly due to the irrevocability of compromised biometric templates in server-based systems. This paper presents a post-quantum secure multi-factor authentication protocol that combines templateless 2D and 3D facial biometrics, liveness detection, and Physical [...] Read more.

Secure authentication in smart device ecosystems remains a critical challenge, particularly due to the irrevocability of compromised biometric templates in server-based systems. This paper presents a post-quantum secure multi-factor authentication protocol that combines templateless 2D and 3D facial biometrics, liveness detection, and Physical Unclonable Functions (PUFs) to achieve robust identity assurance. The protocol exhibits zero-knowledge properties, preventing adversaries from identifying whether authentication failure is due to the biometric, password, PUF, or liveness factor. The proposed protocol utilizes advanced facial landmark detection via dlib or mediapipe, capturing multi-angle facial data and mapping it. By applying a double-masking technique and measuring distances between randomized points, stabilized facial landmarks are selected through multiple images captured during enrollment to ensure template stability. The protocol creates high-entropy cryptographic keys, securely erasing all raw biometric data and sensitive keys immediately after processing. All key cryptographic operations and challenge-response exchanges employ post-quantum algorithms, providing resistance to both classical and quantum adversaries. To further enhance reliability, advanced error-correction methods mitigate noise in biometric and PUF responses, resulting in minimal FAR and FRR that meets industrial standards and resilience against spoofing. Our experimental results demonstrate this protocol’s suitability for smart devices and IoT deployments requiring high-assurance, scalable, and quantum-resistant authentication. Full article

(This article belongs to the Topic Recent Advances in Security, Privacy, and Trust)

► Show Figures

Figure 1

23 pages, 13031 KB

Open AccessArticle

Constructing 8 × 8 S-Boxes with Optimal Boolean Function Nonlinearity

by Phuc-Phan Duong and Cong-Kha Pham

Cryptography 2025, 9(4), 67; https://doi.org/10.3390/cryptography9040067 - 21 Oct 2025

Abstract

Substitution boxes (S-Boxes) are the core components of modern block ciphers, responsible for introducing the essential nonlinearity that protects against attacks like linear and differential cryptanalysis. For an 8-bit S-Box, the highest possible nonlinearity for a balanced Boolean function is 116. The best [...] Read more.

Substitution boxes (S-Boxes) are the core components of modern block ciphers, responsible for introducing the essential nonlinearity that protects against attacks like linear and differential cryptanalysis. For an 8-bit S-Box, the highest possible nonlinearity for a balanced Boolean function is 116. The best results previously reported in the literature achieved an average nonlinearity of 114.5 across the coordinate Boolean functions of 8 × 8 S-boxes. Our proposed method surpasses this record, producing S-boxes whose coordinate functions exhibit an average nonlinearity of 116. This is a significant achievement as it reaches the best result to date for the nonlinearity of the coordinate Boolean functions of an S-Box. Our S-Box generation method is based on multiplication over the field

G F (2^{4})

and

4 \times 4

component S-Boxes. The approach is also highly effective, capable of producing a large number of S-Boxes with good cryptographic properties. Other cryptographic criteria, such as BIC, SAC, DAP, and LAP, though not fully optimal, remain within acceptable ranges when compared with other reported designs. In addition, a side-channel attack evaluation is presented, covering both parameter analysis and experimental results on a real system when applying the proposed S-Box in the AES algorithm. These results make it a leading solution for block cipher design. Full article

► Show Figures

Figure 1

28 pages, 444 KB

Open AccessArticle

On the Homomorphic Properties of Kyber and McEliece with Application to Post-Quantum Private Set Intersection

by Anas A. Abudaqa, Khaled Alshehri and Muhamad Felemban

Cryptography 2025, 9(4), 66; https://doi.org/10.3390/cryptography9040066 - 20 Oct 2025

Cited by 1

Abstract

Crystals-Kyber and Classic-McEliece are two prominent post-quantum key encapsulation mechanisms (KEMs) designed to address the challenges posed by quantum computing to classical cryptographic schemes. While the former has been standardized by the National Institute of Standards and Technology (NIST), the latter is well-known [...] Read more.

Crystals-Kyber and Classic-McEliece are two prominent post-quantum key encapsulation mechanisms (KEMs) designed to address the challenges posed by quantum computing to classical cryptographic schemes. While the former has been standardized by the National Institute of Standards and Technology (NIST), the latter is well-known for its exceptional robustness and as one of the finalists of the fourth round of post-quantum cryptography standardization. Private set intersection (PSI) is a privacy-preserving technique that enables two parties, each possessing a dataset, to compute the intersection of their sets without revealing anything else. This can be achieved thanks to homomorphic encryption (HE), which allows computations on encrypted data. In this paper, firstly, we study Kyber and McEliece, apart from being KEMs, as post-quantum public key encryption (PKE), and examine their homomorphic properties. Secondly, we design two different two-party PSI protocols that utilize the homomorphic capabilities of Kyber and McEliece. Thirdly, a practical performance evaluation under NIST’s security levels 1, 3, and 5 is conducted, focusing on three key metrics: storage overhead, communication overhead, and computation cost. Insights indicate that the Kyber-based PSI Protocol, which utilizes the multiplicative homomorphic property, is secure but less efficient. In contrast, the McEliece-based PSI protocol, while efficient in practice, raises concerns regarding its security as a homomorphic encryption scheme. Full article

► Show Figures

Figure 1

Journal Description

Cryptography

Latest Articles

Journal Menu

Journal Browser

Highly Accessed Articles

Latest Books

E-Mail Alert

News

Topics

Conferences

Special Issues

Topical Collections

Further Information

Guidelines

MDPI Initiatives

Follow MDPI