Cryptography doi: 10.3390/cryptography10030031

Authors: Shouvik Paul Garima Bajwa

Electroencephalography (EEG)-based brain–computer interface (BCI) systems pose significant privacy risks, as EEG data remain vulnerable to inference and reconstruction attacks. Conventional privacy-preserving techniques, including data anonymization, encryption, and perturbation, frequently compromise data utility or prove ineffective against advanced adversaries. To address these limitations and balance utility and privacy, we propose a quantum-inspired, differential privacy-based generative adversarial network (Q-DP-GAN). Unlike classical GANs, which lack adaptive privacy mechanisms during training, our method uses quantum-inspired stochasticity to dynamically calibrate noise and the privacy budget. The experimental results demonstrate that Q-DP-GAN is more robust to membership inference and reconstruction attacks than existing approaches. Evaluation on the widely used BCI Competition IV Datasets 2A and 2B indicates that our framework produces high-quality synthetic EEG data while maintaining utility and data confidentiality for BCI classification tasks.

Cryptography doi: 10.3390/cryptography10030030

Authors: Marevac Kadušić Živić Nesimović Ruland

Deploying post-quantum cryptography on highly constrained devices remains challenging due to the large key sizes and substantial storage and memory-traffic demands of leading lattice-based schemes. Although constructions such as Kyber, Dilithium, and NTRU offer strong resistance against quantum adversaries, their multi-kilobyte public keys and intensive memory access patterns limit practical adoption in microcontrollers, smart cards, and low-power edge environments. This work proposes a hybrid key-encapsulation mechanism that integrates a compact, seed-generated Module-LWE structure with a quantum-secure hash-based authentication layer. The design employs a small public seed to instantiate lattice matrices on demand via a lightweight pseudorandom generator and incorporates a Merkle-tree commitment to represent compressed auxiliary error information. Additional design considerations—including sparsity-aware secret keys, SIMD-friendly polynomial operations, and cache-efficient decryption paths—are intended to reduce runtime memory usage and computational overhead. The security of the proposed construction is analysed under both Module-LWE and hash-based one-way assumptions, with further consideration of constant-time execution and cache-line alignment to mitigate side-channel risks. This hybrid approach outlines a design pathway toward post-quantum key-encapsulation mechanisms suitable for deployment on memory-limited and energy-constrained platforms.

Cryptography doi: 10.3390/cryptography10030029

Authors: Eckhard Pfluegel Razi Arshad Mark Jones

Secret sharing schemes distribute a secret among participants so that only authorised subsets can reconstruct it. In this paper, we focus on space-efficient secret sharing and show that matrix normal forms can significantly reduce share sizes while achieving computational security properties. Our scheme is implemented within an online secret sharing architecture, where authenticated public data P is maintained and shares of private data Q are issued over a secure channel. We study an existing probabilistic matrix-based approach to share size reduction and prove that the expected number of iterations of the underlying cyclic vector algorithm is small, yielding an expected polynomial runtime. We then design a novel deterministic method based on the Frobenius canonical normal form, avoiding reliance on cyclic vector techniques, and derive its runtime complexity. This yields a space-efficient secret sharing scheme that is computationally secure under a suitably defined adversary model. We have implemented our algorithm in the computer algebra system Maple as an Open Source project and provide an evaluation of its performance. Our results demonstrate that matrix normal forms can provide a suitable mathematical framework for secure and practical secret sharing.

Cryptography doi: 10.3390/cryptography10030028

Authors: Alfonso F. De Abiega-L’Eglisse Kevin A. Delgado-Vargas Humberto A. Ortega Alcocer Gina Gallegos-García Eliseo Sarmiento-Rosales

Modern instant messaging systems require end-to-end (E2E) security guarantees while operating over server-mediated infrastructures that cannot be fully trusted. At the same time, the impending transition to post-quantum cryptography raises nontrivial challenges for the design of secure messaging protocols that preserve these guarantees. In this work, we present the design of a post-quantum end-to-end secure protocol for instant messaging applications under an untrusted relay model. The proposed construction relies on lattice-based primitives standardized by NIST, namely ML-KEM for key establishment and ML-DSA for authentication, and follows a Double-KEM pattern combined with explicit context binding to derive an E2E session key known only to the communicating clients. The server acts solely as an authenticated relay and never gains access to plaintext messages or session keys. In addition to the protocol design, we complement the protocol description with an automated symbolic verification using ProVerif, establishing injective mutual authentication and session-key secrecy under a Dolev–Yao adversary model. Finally, we characterize the computational cost of different authentication and verification policies and evaluate the performance of the handshake on heterogeneous cloud-based architectures. The results provide practical insight into the feasibility of deploying post-quantum end-to-end secure protocols within existing instant messaging infrastructures.

Cryptography doi: 10.3390/cryptography10020027

Authors: Maksim Iavich Tamari Kuchukhidze Razvan Bocu

Polynomial commitment schemes (PCS) enable a prover to commit to a polynomial and later reveal evaluations with succinct, verifiable proofs. As critical components of modern cryptographic systems like Verkle trees and zk-SNARKs, these methods are experiencing a significant transition from classical to post-quantum designs. This comprehensive research systematically compares the major scheme families to examine this progression, from pairing-based KZG and transparent Bulletproofs to lattice-based and hash-based post-quantum alternatives. We present a unified taxonomy that maps the classical-to-post-quantum transition across trust models, security assumptions, and efficiency measures after conducting a PRISMA-guided systematic review of 77 works. Our analysis reveals a fundamental trade-off between efficiency and security: classical schemes, which rely on quantum-vulnerable assumptions, provide optimal performance with constant-sized proofs, while post-quantum alternatives offer quantum resistance at the cost of larger proofs and higher computational overhead. By combining research works, we highlight recurrent problems with adaptive security, verification efficiency, and proof conciseness. We offer a specific research roadmap with prioritized short-, medium-, and long-term directions to close the performance gap between quantum-resistant and classical architectures based on our quantitative analysis. This study offers a technical reference and a strategic roadmap for constructing practical post-quantum polynomial commitments.

Cryptography doi: 10.3390/cryptography10020026

Authors: Alessandro Caniglia Felice Franchini Stefano Galantucci Giuseppe Pirlo Gianfranco Semeraro

Classical approaches to cryptography exhibit several limitations when applied to scenarios involving more than two users. The One-Time User Key (OTUK) meta-cryptographic model addresses these limitations by enabling multi-user encryption that is flexible, applicable to any cryptographic algorithm, and designed for systematic deployment without compromising system security. Each user possesses an individual key from which One-Time keys are derived; these keys feed a secret-sharing function (ω) that establishes the multi-user encrypted channel. In this paper, we present a polynomial-based implementation of the ω function under a (1,n) threshold model. The generated polynomial has roots at points corresponding to valid user keys and is mapped to the real encryption key. We provide a formal threat model, pseudocode for the complete protocol, and a detailed computational analysis across the numerical domains N, Z, and R. Furthermore, we present experimental benchmarks measuring encryption/decryption speed, scalability up to 30 users, parameter sensitivity, and a comparative evaluation against Shamir’s Secret Sharing scheme. A systematic security analysis examines partial-information attacks, derivative-root distance margins, and brute-force resistance, demonstrating that the effective security margin remains above 245 bits for configurations of up to 30 users with 256-bit keys. The proposed method offers a concrete, efficient, and secure foundation for multi-user encrypted communication in domains such as IoT, public administration, and e-health.

Cryptography doi: 10.3390/cryptography10020025

Authors: Antonio Francesco Gentile Maria Cilione

While general network dynamics have been extensively modeled using stochastic methods, the emergence of dense Internet of Things (IoT) ecosystems demands a more specialized analytical framework. IoT environments are characterized by extreme non-linearity and sensitivity to initial conditions, where traditional models often fail to account for chaotic latency and packet loss. This paper introduces a specialized approach that integrates Chaos Theory with the innovative paradigm of Vibe Coding—an AI-assisted development and analysis methodology that allows for the ‘encoding’ and interpretation of the dynamic ‘vibe’ or signature of network fluctuations in real-time. By categorizing network behavior into four distinct scenarios (quiescent, perturbed, attacked, and perturbed–Attacked), the proposed framework utilizes deep learning to transform chaotic signals into actionable intelligence. Our findings demonstrate that this specialized synergy between chaos analysis and Vibe Coding provides superior classification of adversarial threats, such as DoS and injection attacks, fostering intelligent native security for next-generation IoT infrastructures.

Cryptography doi: 10.3390/cryptography10020024

Authors: Dušan Čatloch Peter Pekarčík Eva Chovancová

Post-quantum cryptography represents one of the most promising areas of modern cryptography. The development in this discipline significantly accelerated after it became of interest to the National Institute of Standards and Technology (NIST). One of the important research directions in this area is the practical deployment of post-quantum cryptographic algorithms on resource-constrained devices. In this article, we investigate the possibility of deploying post-quantum cryptography on small processors with limited random access memory (RAM) capacity. These processors are commonly used in Internet of Things (IoT) devices, where the practical deployment of post-quantum algorithms remains challenging due to computational and memory constraints. We select a suitable algorithm and perform several implementation modifications that enable its execution on microcontrollers with limited memory resources.

Cryptography doi: 10.3390/cryptography10020023

Authors: Zhen Li Kexin Qiang Yiming Yang Zongyue Wang An Wang

In side-channel analysis, simple power analysis (SPA) is a widely used technique for recovering secret information by exploiting differences between operations in traces. However, in realistic measurement environments, SPA is often hindered by noise, temporal misalignment, and weak or transient leakage, which obscure secret-dependent features in single or very few power traces. In this paper, we provide a systematic analysis of moving-skewness-based trace preprocessing for enhancing asymmetric leakage characteristics relevant to SPA. The method computes local skewness within a moving window along the trace, transforming the original signal into a skewness trace that emphasizes distributional asymmetry while suppressing noise. Unlike conventional smoothing-based preprocessing techniques, the proposed approach preserves and can even amplify subtle leakage patterns and spike-like transient events that are often attenuated by low-pass filtering or moving-average methods. To further improve applicability under different leakage conditions, we introduce feature-driven window-selection strategies that align preprocessing parameters with various leakage characteristics. Both simulated datasets and real measurement traces collected from multiple cryptographic platforms are used to evaluate the effectiveness of the approach. The experimental results indicate that moving-skewness preprocessing improves leakage visibility and achieves higher SPA success rates compared to commonly used preprocessing methods.

Cryptography doi: 10.3390/cryptography10020022

Authors: Minghui Zheng Anqi Xiao Shicheng Huang Deju Kong

With the advancement in quantum computing technology, the number theory-based hard problems underlying traditional searchable encryption algorithms are now vulnerable to efficient quantum attacks. To address this challenge, this paper proposes Dilithium-PAEKS (Dilithium-Public Authenticated Encryption with Keyword Search), a searchable encryption scheme based on the post-quantum cryptographic algorithm CRYSTALS-Dilithium. By transforming the verification relationship of digital signatures into a matching relationship between trapdoors and ciphertexts, the scheme not only meets the functional requirements of searchable encryption but also demonstrates quantum resistance. The implementation enhances algorithm efficiency through keyword-based signatures and dynamic matching testing mechanisms. The security of the scheme is defined by the MLWE and MSIS hard problems, with proofs of keyword ciphertext indistinguishability and trapdoor indistinguishability under the random oracle model. Additionally, the scheme provides strong resistance against both outside and insider keyword guessing attacks through sender–receiver binding mechanisms and trapdoor indistinguishability properties. Experimental results show that, compared to the post-quantum schemes CP-Absel and LB-FSSE, the proposed scheme demonstrates superior overall computational efficiency while maintaining stronger quantum resistance than the traditional scheme SM9-PAEKS.

Cryptography doi: 10.3390/cryptography10020021

Authors: Yuqun Lin Yi Huang Xiaomeng Tang Jingjing Fan Qifei Xu Zoe-Lin Jiang Xiaosong Zhang Junbin Fang

Fully homomorphic encryption (FHE) offers a promising solution for privacy-preserving machine learning by enabling arbitrary computations on encrypted data. However, the efficient evaluation of non-linear functions—such as the ReLU activation function over large integers—remains a major obstacle in practical deployments, primarily due to high bootstrapping overhead and limited precision support in existing schemes. In this paper, we propose LargeIntReLU, a novel framework that enables efficient homomorphic ReLU evaluation over large integers (7–11 bits) via full-domain bootstrapping. Central to our approach is a signed digit decomposition algorithm, SignedDecomp, that partitions a large integer ciphertext into signed 6-bit segments using three new low-level primitives: LeftShift, HomMod, and CipherClean. This decomposition preserves arithmetic consistency, avoids cross-segment carry propagation, and allows parallelized bootstrapping. By segmenting the large integer and processing each chunk independently with optimized small-integer bootstrapping, we achieve homomorphic ReLU with full-domain bootstrapping, which significantly reduces the total number of sequential bootstrapping operations required. The security of our scheme is guaranteed by TFHE. Experimental results demonstrate that the proposed method reduces the bootstrapping cost by an average of 28.58% compared to state-of-the-art approaches while maintaining 95.2% accuracy. With execution times ranging from 1.16 s to 1.62 s across 7–11 bit integers, our work bridges a critical gap toward a scalable and efficient homomorphic ReLU function, which is useful in privacy-preserving machine learning. Furthermore, an end-to-end encrypted inference test on a CNN model with the MNIST dataset confirms its practicality, achieving 88.85% accuracy and demonstrating a complete pipeline for privacy-preserving neural network evaluation.

Cryptography doi: 10.3390/cryptography10020020

Authors: Paul Rochford William J. Buchanan Rich Macfarlane Madjid Tehrani

The decentralisation of autonomous Unmanned Aircraft Systems (UASs) introduces significant challenges in terms of establishing secure communication and consensus in contested, resource-constrained environments. This research addresses these challenges by conducting a comprehensive performance evaluation of two cryptographic technologies: Messaging Layer Security (MLS) for group key exchange, and threshold signatures (FROST and BLS) for decentralised consensus. Seven leading open-source libraries were methodically assessed through a series of static, network-simulated, and novel bulk-signing benchmarks to measure their computational efficiency and practical resilience. This paper confirms that MLS is a viable solution, capable of supporting the group sizes and throughput requirements of a UAS swarm. It corroborates prior work by identifying the Cisco MLSpp library as unsuitable for dynamic environments due to poorly scaling group management functions, while demonstrating that OpenMLS is a highly performant and scalable alternative. Furthermore, the findings show that operating MLS in a ‘key management’ mode offers a dramatic increase in performance and resilience, a critical trade-off for UAS operations. For consensus, the benchmarks reveal a range of compromises for developers to consider, while identifying the Zcash FROST implementation as the most effective all-around performer for sustained, high-volume use cases due to its balance of security features and efficient verification.

Cryptography doi: 10.3390/cryptography10020019

Authors: Luthando Mletshe Mnoneleli Nogwina Colin Chibaya

Organizations have been moving on-premises data functionalities to cloud storage environments. The need for advanced hybrid cryptography is deemed a promising solution for securing data on cloud storage. This scoping review explores the application of hybrid cryptographic systems for data hiding in cloud storage. It focuses on identifying global research trends, technological approaches, and contextual gaps in implementation. The review systematically examines the literature from major scholarly databases to identify existing models that combine traditional and modern cryptographic techniques to enhance data confidentiality, integrity, and authenticity against cloud-based security threats. Out of the 8250 eligible papers, 24 were included in the review. The findings reveal that the majority of scholarly contributions originate from Asia, averaging 87.5%, as reflected in the distribution of included articles by continent. Particularly, India and China dominate in the space, with a complete absence of studies from Africa, including South Africa. This geographical disparity underscores a significant research gap in the contextualization of hybrid cryptographic frameworks suited to Africa’s unique infrastructural and regulatory environments. The review further reveals a limited focus on the development of lightweight, scalable, and adaptable hybrid cryptographic schemes. Such approaches are essential for addressing challenges related to bandwidth limitations, computational efficiency, and regulatory compliance in developing regions. Consequently, this study contributes by establishing a comprehensive knowledge map of hybrid cryptography for cloud security, emphasizing the necessity for region-specific, context-aware frameworks. The findings provide a foundation for future investigations aimed at developing robust efficient hybrid cryptographic models that can strengthen data security in African cloud infrastructures.

Cryptography doi: 10.3390/cryptography10020018

Authors: Konstantinos Limniotis

Pseudonymisation constitutes an essential technical and organisational measure for implementing personal data-protection safeguards. Its main goal is to hide identities of individuals, thus reducing data protection and privacy risks through facilitating the fulfilment of several principles such as data minimisation and security. However, selecting and deploying appropriate pseudonymisation mechanisms in a risk-based approach, tailored to the specific data processing context, remains a non-trivial task. This survey paper aims to present especially how cryptography can be used at the service of pseudonymisation, putting emphasis not only on traditional approaches but also on advanced cryptographic techniques that have been proposed to address special pseudonymisation challenges. To this end, we systematically classify existing approaches according to a taxonomy that captures key design dimensions that are relevant to specific data-protection challenges. Finally, since the notion of pseudonymisation adopted in this work is grounded in European data-protection law, we also discuss recent legal developments, in particular the CJEU’s latest judgment, which refined the interpretation of pseudonymous data.

Cryptography doi: 10.3390/cryptography10020017

Authors: Tongchen Shen Xiangxue Li

The rapid advancement of quantum computing poses a severe threat to traditional public key cryptosystems. Lattice-based cryptography has emerged as a core candidate for post-quantum cryptography due to its presumed quantum resistance, robust security foundations, and functional versatility, with its concrete security relying on the computational hardness of lattice problems. Existing lattice-based cryptography surveys mainly focus on cryptosystem design, scheme comparisons, and post-quantum cryptography standardization progress, with only cursory coverage of classical lattice algorithms that underpin the concrete security of lattice-based cryptography. We present the first systematic survey of classical lattice algorithms, focusing on two core categories of algorithms for solving lattice problems: approximate algorithms and exact algorithms. The approximate algorithms cover mainstream lattice basis reduction methods such as Lenstra–Lenstra–Lovász (LLL), Block Korkine–Zolotarev (BKZ), and General Sieve Kernel (G6K) algorithms, as well as alternative frameworks. The exact algorithms encompass dominant techniques like enumeration and sieving algorithms, along with alternative strategies. We systematically trace the evolutionary trajectory and inherent logical connections of various algorithms, clarify their core mechanisms, and identify promising future research directions. This survey not only serves as an introductory guide for beginners but also provides a valuable reference for seasoned researchers, facilitating the concrete security evaluation of lattice-based cryptosystems and the design of novel lattice algorithms.

Cryptography doi: 10.3390/cryptography10020016

Authors: Sahara A. S. Almola Hameed A. Younis Raidah S. Khudeyer

This article presents a novel framework for encrypting color images to enhance digital data security using deep learning and artificial intelligence techniques. The system employs a two-model neural architecture: the first, a Convolutional Neural Network (CNN), verifies sender authenticity during user authentication, while the second extracts unique fingerprint features. These features are converted into high-entropy encryption keys using Particle Swarm Optimization (PSO), minimizing key similarity and ensuring that no key is reused or transmitted. Keys are generated in real time simultaneously at both the sender and receiver ends, preventing interception or leakage and providing maximum confidentiality. Encrypted images are secured using the Advanced Encryption Standard (AES-256) with keys uniquely bound to each user’s biometric identity, ensuring personalized privacy. Evaluation using security and encryption metrics yielded strong results: entropy of 7.9991, correlation coefficient below 0.00001, NPCR of 99.66%, UACI of 33.9069%, and key space of 2256. Although the final encryption employs an AES-256 key (key space of 2256), this key is derived from a much larger deep-key space of 28192 generated by multi-layer neural feature extraction and optimized via PSO, thereby significantly enhancing the overall cryptographic strength. The system also demonstrated robustness against common attacks, including noise and cropping, while maintaining recoverable original content. Furthermore, the neural models achieved classification accuracy exceeding 99.83% with an error rate below 0.05%, confirming the framework’s reliability and practical applicability. This approach provides a secure, dynamic, and efficient image encryption paradigm, combining biometric authentication and AI-based feature extraction for advanced cybersecurity applications.

Cryptography doi: 10.3390/cryptography10020015

Authors: Mohammad Alkhatib

Deepfake technology can produce highly realistic manipulated media which pose as significant cybersecurity threats, including fraud, misinformation, and privacy violations. This research proposes a deepfake prevention approach based on symmetric and asymmetric ciphers. Post-quantum asymmetric ciphers were utilized to perform digital signature operations, which offer essential security services, including integrity, authentication, and non-repudiation. Symmetric ciphers were also employed to provide confidentiality and authentication. Unlike classical ciphers that are vulnerable to quantum attacks, this study adopts quantum-resilient ciphers to offer long-term security. The proposed approach enables entities to digitally sign media content before public release on other platforms. End users can subsequently verify the authenticity of content using the public keys of the media creators. To identify the most efficient ciphers to perform cryptography operations required for deepfake prevention, the study explores the implementation of quantum-resilient symmetric and asymmetric ciphers standardized by NIST, including Dilithium, Falcon, SPHINCS+, and Ascon-80pq. Additionally, this research provides comprehensive comparisons between the various classical and post-quantum ciphers in both categories: symmetric and asymmetric. Experimental results revealed that Dilithium-5 and Falcon-512 algorithms outperform other post-quantum ciphers, with a time delay of 2.50 and 251 ms, respectively, for digital signature operations. The Falcon-512 algorithm also demonstrates superior resource efficiency, making it a cost-effective choice for digital signature operations. With respect to symmetric ciphers, Ascon-80pq achieved the lowest time consumption, taking just 0.015 ms to perform encryption and decryption operations. Also, it is a significant option for constrained devices, since it consumes fewer resources compared to standard symmetric ciphers, such as AES. Through comprehensive evaluations and comparisons of various symmetric and asymmetric ciphers, this study serves as a blueprint to identify the most efficient ciphers to perform the cryptography operations necessary for deepfake prevention.

Cryptography doi: 10.3390/cryptography10010014

Authors: Magdalena Bertram Benjamin Zengin Nicolas Buchmann Marian Margraf

In the context of digital certification systems, the demand for privacy-preserving authentication is increasingly vital, particularly for critical applications that involve sensitive personal data. Traditional digital signatures provide a robust means of implementing such systems. However, they raise significant privacy concerns due to their public verifiability, which allows verifiers to prove the authenticity of the received sensitive data to third parties. Universal designated verifier signature (UDVS) schemes address these privacy risks by offering non-transferability, ensuring that only the specified verifier can confirm the validity of the designated verifier signature (DVS). However, despite their advantages, existing UDVS models exhibit vulnerabilities that may allow tracking of the user’s authentications among cooperating verifiers and enable third parties to be convinced of the authenticity of sensitive user data by retrieving DVSs from different, non-cooperating verifiers. This paper presents a strategy to achieve strong non-transferability, which effectively addresses these vulnerabilities, by being the first to extend the concept of randomizability to UDVS schemes and their security properties. Our findings demonstrate that a randomizable UDVS scheme can serve as a solid foundation for constructing strong non-transferable UDVS schemes. Finally, we propose an efficient, strong, non-transferable UDVS scheme as an instantiation of our strategy, utilizing state-of-the-art Type 3 pairings, significantly improving upon previous constructions.

Cryptography doi: 10.3390/cryptography10010013

Authors: Valli Kumari Vatsavayi Dinesh Reddy Bommireddy

Communication is defined as the process of transferring data and exchanging information between interconnected systems. Due to the increasing reliance on digital infrastructures by the military, financial, and healthcare sectors, it is important to ensure the confidential, authentication, and tamper-proof nature of communications. In addition, the increasing need for secure communications in the fields of network security and cryptography have led to the development of numerous systems. The basic requirement of these systems is that under the same key, identical plaintexts do not result in identical ciphertexts. The most significant contribution to this requirement has came from block cipher modes. There are many traditional modes of operation such as the Electronic Code Book (ECB) compromises between simplicity and security. Probabilistic Modes such as the Cipher Block Chaining Mode (CBC) provide a method to randomize data so that the potential for pattern analysis is eliminated, while Deterministic Modes such as ECB enable potential access to the patterns within the plaintexts. Conversely, since the randomization is in the Probabilistic Mode, there is no access to the patterns; however, the sequentiality of the blocks creates dependence and increases the computing overhead. To address these issues, a novel block cipher mode that provides the highest level of security and the most effective method for performing encryption and decryption will be proposed in this paper. It is anticipated that the improved security features and efficient encryption and decryption procedures will significantly improve confidentiality. The methods proposed will utilize compact key structures, parallel processing, a header generation based on multiple random values, and a Key-derived S Box. The experimental results show that SEBCM is more effective than CBC with respect to speed in both encryption and decryption.

Cryptography doi: 10.3390/cryptography10010012

Authors: Sang-Yoon Chang Qaiser Khan

Post-quantum cryptography (PQC) provides the essential cryptographic algorithms needed to secure digital networking systems against future adversaries equipped with quantum computing. This paper reviews the PQC research landscape and identifies open challenges and future directions for the critical transition to PQC in digital networking systems. Building on the NIST standardization process which has hardened the PQC cipher algorithm security, this paper analyzes and describes the recent research on PQC implementations and integrations into scalable and standardized networking systems (Internet, web and cellular networks). We review research on the security, side-channel threats, performances, overheads, and compatibility of PQC ciphers. We also study the research incorporating PQC into the standardized web and cellular networking protocols, ranging from testing the PQC feasibility to proposing protocol solutions and mechanisms to enable PQC. Our study highlights the PQC challenge of large parameter sizes, common across the PQC cipher algorithms, and the research proposing protocol- and system-level mechanisms to address them. Informed by the survey, this paper identifies and highlights the research gaps and future directions to facilitate further research and development for PQC and to secure next-generation digital networking systems.

Cryptography doi: 10.3390/cryptography10010011

Authors: Maya Thabet Antonia Tsili Konstantinos Krilakis Dimitris Syvridis

Post-quantum cryptography (PQC) is, and should be, currently dominating the field of cybersecurity, with many works designing and evaluating the transition of communications security to quantum-safe solutions. As the security level and implementations of post-quantum algorithms become more mature, the research on their application to realistic conditions changes accordingly, especially their application to widely adopted network architectures and corresponding protocols such as the Public Key Infrastructure (PKI). In this survey, we identified articles presenting ways of integrating PQC algorithms to PKI and classified related work according to the employed methods and benchmarking choices. The main results from many evaluations converge to similar conclusions on the performance of the most popular PC digital signature algorithms; however, modeling choices concerning architecture variants, hardware and measurement metrics vary. The diversity of the results and experimental setups makes comparison difficult and arrival at an objective conclusion regarding PKI requirements almost impossible. Ultimately, this review reveals a fragmented landscape of benchmarking practices for post-quantum PKI systems. The absence of standardized evaluation frameworks and common test environments limits the comparability and reproducibility of the findings. We aim to provide reference implementations, which are essential to guide the transition of PKI infrastructures toward robust, scalable, and quantum-resistant deployments.

Cryptography doi: 10.3390/cryptography10010010

Authors: Chuanming Zong

In 1994, P. Shor discovered quantum algorithms that can break both the RSA cryptosystem and the ElGamal cryptosystem. In 2007, D-Wave demonstrated the first quantum computer. These events and further developments have brought a crisis to secret communication. In 2016, the National Institute of Standards and Technology (NIST) launched a global project to solicit and select a handful of encryption algorithms with the ability to resist quantum computer attacks. In 2022, it announced four candidates, CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and Sphincs+, for post-quantum cryptography standards. The first three are based on lattice theory and the last on a hash function. The security of lattice-based cryptosystems relies on the computational complexity of the shortest vector problem (SVP), the closest vector problem (CVP), and their generalizations. As we will explain, the SVP is a ball-packing problem, and the CVP is a ball-covering problem. Furthermore, both the SVP and CVP are equivalent to arithmetic problems for positive definite quadratic forms. This paper will briefly describe the mathematical problems on which lattice-based cryptography is built so that cryptographers can extend their views and learn something useful.

Cryptography doi: 10.3390/cryptography10010009

Authors: Jimmy Dani Kalyan Nakka Nitesh Saxena

Indistinguishability is a fundamental principle of cryptographic security, crucial for securing data transmitted between Internet of Things (IoT) devices. This principle ensures that an attacker cannot distinguish between the encrypted data, also known as ciphertext, and random data or the ciphertexts of two messages encrypted with the same key. This research investigates the ability of machine learning (ML) to assess the indistinguishability property in encryption systems, with a focus on lightweight ciphers. As our first case study, we consider the SPECK32/64 and SIMON32/64 lightweight block ciphers, designed for IoT devices operating under significant energy constraints. In this research, we introduce MIND-Crypt (a Machine-learning-based framework for assessing the INDistinguishability of Cryptographic algorithms), a novel ML-based framework designed to assess the cryptographic indistinguishability of lightweight block ciphers, specifically the SPECK32/64 and SIMON32/64 encryption algorithms in CBC, CFB, OFB, and CTR modes, under Known Plaintext Attacks (KPAs). Our approach involves training ML models using ciphertexts from two plaintext messages encrypted with the same key to determine whether ML algorithms can identify meaningful cryptographic patterns or leakage. Our experiments show that modern ML techniques consistently achieve accuracy equivalent to random guessing, indicating that no statistically exploitable patterns exist in the ciphertexts generated by the considered lightweight block ciphers. Although some models exhibit mode-dependent bias (e.g., collapsing to a single-class prediction in CBC and CFB), their overall accuracy remains at random guessing levels, reinforcing that no meaningful distinguishing patterns are learned. Furthermore, we demonstrate that, when ML algorithms are trained on all possible combinations of ciphertexts for given plaintext messages, their behavior reflects memorization rather than generalization to unseen ciphertexts. Collectively, these findings suggest that existing block ciphers have secure cryptographic designs against ML-based indistinguishability assessments, reinforcing their security even under round-reduced conditions.

Cryptography doi: 10.3390/cryptography10010008

Authors: Adrian Donatien-Charon Mijail Borges-Quintana Miguel A. Borges-Trenard Omar Rojas Guillermo Sosa-Gómez

This article presents general methodologies for plaintext attacks on block ciphers using the Tabu Search algorithm. These methods treat the cipher as a black box, with the objective of finding the session key. The primary innovation of our approach is the division of the key space into subsets based on a divisor, enabling the attack to focus on a specific portion of the total space. The following investigation demonstrates the successful application of these methods to a member of a block cipher family that includes the Advanced Encryption Standard (AES) cipher. One of the proposed methodologies, the subregions path attack, enables navigation of the key session space by applying specific predetermined strategies within these subregions.

Cryptography doi: 10.3390/cryptography10010007

Authors: Daniel Alarcón-Narváez Luis Adrián Lizama-Pérez Fausto Abraham Jacques-García

We present an algebraic framework for constructing challenge–response authentication protocols based on powers of non-diagonalizable matrices over finite fields. The construction relies on upper triangular Toeplitz matrices with a single Jordan block and on their structured power expansions, which induce nonlinear relations between matrix parameters and exponents through an autopotency phenomenon. The protocol is built from a cyclic family of matrix products derived from secret matrices (Ai)i=1n⊂GLk(Fp): for each index i, a product Pi=AiAi+1…Ai+n−1 is formed (indices modulo n), and its power Pi(x) is published for a secret exponent x. The resulting family of powered products is linked by conjugation via the unknown factors Ai, enabling an interactive authentication mechanism in which the prover demonstrates the knowledge of selected factors by satisfying explicit conjugacy relations. We formalize the underlying algebraic problems in terms of factor recovery and conjugacy identification from powered products, and analyze how the enforced non-diagonalizable structure and Toeplitz constraints lead to coupled multivariate polynomial systems. These systems arise naturally from the algebraic design of the construction and do not admit immediate reductions to classical discrete logarithm settings. The framework illustrates how non-diagonalizable matrix structures and structured conjugacy relations can be used to define concrete authentication primitives in noncommutative algebraic settings, and provides a basis for further cryptanalytic and cryptographic investigation.

Cryptography doi: 10.3390/cryptography10010006

Authors: Asmaa Kassimi Abdullah Aljuffri Christian Larmann Said Hamdioui Mottaqiallah Taouil

Instruction Set Architecture (ISA) extensions, particularly scalar cryptography extensions (Zk), combine the performance advantages of hardware with the adaptability of software, enabling the direct and efficient execution of cryptographic functions within the processor pipeline. This integration eliminates the need to communicate with external cores, substantially reducing latency, power consumption, and hardware overhead, making it especially suitable for embedded systems with constrained resources. However, current scalar cryptography extension implementations remain vulnerable to physical threats, notably power side-channel attacks (PSCAs). These attacks allow adversaries to extract confidential information, such as secret keys, by analyzing the power consumption patterns of the hardware during operation. This paper presents an optimized and secure implementation of the RISC-V scalar Advanced Encryption Standard (AES) extension (Zkne/Zknd) using Domain-Oriented Masking (DOM) to mitigate first-order PSCAs. Our approach features optimized assembly implementations for partial rounds and key scheduling alongside pipeline-aware microarchitecture optimizations. We evaluated the security and performance of the proposed design using the Xilinx Artix7 FPGA platform. The results indicate that our design is side-channel-resistant while adding a very low area overhead of 0.39% to the full 32-bit CV32E40S RISC-V processor. Moreover, the performance overhead is zero when the extension-related instructions are properly scheduled.

Cryptography doi: 10.3390/cryptography10010005

Authors: Tongchen Shen Xiangxue Li Licheng Wang

Lattice-based cryptography stands as one of the most pivotal candidates in post-quantum cryptography. To configure the parameters of lattice-based cryptographic schemes, a thorough comprehension of their concrete security is indispensable. Lattice sieving algorithms represent among the most critical tools for conducting concrete security analysis. Currently, the state-of-the-art BDGL-sieve (SODA 2016) achieves a time complexity of 20.292n+o(n), and Kirshanova and Laarhoven (CRYPTO 2021) have proven that the BDGL-sieve attains the lower bound under the technical paradigm of the Nearest Neighbor Search (NNS) problem. A natural question emerges: whether overlattice-based sieving algorithms (ANTS 2014) can outperform the BDGL-sieve within an alternative technical framework. This work provides an almost negative response to this question. Specifically, we propose a generalized overlattice tower model, which facilitates the proof of the lower bound for the overlattice-based method. Our findings indicate that the original Overlattice-sieve has already reached this lower bound. Consequently, the BDGL-sieve will maintain its status as the sieving algorithm with optimal time complexity, unless a revolutionary technical optimization is developed in the future.

Cryptography doi: 10.3390/cryptography10010004

Authors: Bashar Suhail Khassawneh Issa AL-Aiash Mahmoud AlJamal Omar Aljamal Latifa Abdullah Almusfar Bashair Faisal AlThani Waad Aldossary

In the digital era, protecting the integrity and ownership of digital content is increasingly crucial, particularly against unauthorized copying and tampering. Traditional watermarking techniques often struggle to remain robust under various image manipulations, leading to a need for more resilient methods. To address this challenge, we propose a novel watermarking technique that integrates the Discrete Wavelet Transform (DWT), Singular Value Decomposition (SVD), and Schur matrix factorization to embed a QR code as a watermark into digital images. Our method was rigorously tested across a range of common image attacks, including histogram equalization, salt-and-pepper noise, ripple distortions, smoothing, and extensive cropping. The results demonstrate that our approach significantly outperforms existing methods, achieving high normalized correlation (NC) values such as 0.9949 for histogram equalization, 0.9846 for salt-and-pepper noise (2%), 0.96063 for ripple distortion, 0.9670 for smoothing, and up to 0.9995 under 50% cropping. The watermark consistently maintained its integrity and scannability under all tested conditions, making our method a reliable solution for enhancing digital copyright protection.

Cryptography doi: 10.3390/cryptography10010003

Authors: Xinyao Li Akhilesh Tyagi

Side-channel attacks leveraging microarchitectural components such as caches and translation lookaside buffers (TLBs) pose increasing risks to cryptographic and machine-learning workloads. This paper presents a comparative study of performance and side-channel leakage under two page-size configurations—standard 4 KB pages and 2 MB huge pages—using paired attacker–victim experiments instrumented with both Performance Monitoring Unit (PMU) counters and precise per-access timing using rdtscp(). The victim executes repeated, key-dependent memory accesses across eight cryptographic modes (AES, ChaCha20, RSA, and ECC variants) while the attacker records eight PMU features per access (cpu-cycles, instructions, cache-references, cache-misses, etc.) and precise rdtscp() timing. The resulting traces are analyzed using a multilayer perceptron classifier to quantify key-dependent leakage. Results show that the 2 MB huge-page configuration achieves a comparable key-classification accuracy (mean 0.79 vs. 0.77 for 4 KB) while reducing average CPU cycles by approximately 11%. Page-index identification remains near random chance (3.6–3.7% for PMU side-channels and 1.5% for timing side-channel), indicating no increase in measurable leakage at the page level. These findings suggest that huge-page mappings can improve runtime efficiency without amplifying observable side-channel vulnerabilities, offering a practical configuration for balancing performance and security in user-space cryptographic workloads.

Cryptography doi: 10.3390/cryptography10010002

Authors: Zhaoxiong Meng Rukui Zhang Bin Cao Meng Zhang Yajun Li Huhu Xue Meimei Yang

This study presents a novel framework for digital copyright management that integrates AI-enhanced perceptual hashing, blockchain technology, and digital watermarking to address critical challenges in content protection and verification. Traditional watermarking approaches typically employ content-independent metadata and rely on centralized authorities, introducing risks of tampering and operational inefficiencies. The proposed system utilizes a pre-trained convolutional neural network (CNN) to generate a robust, content-based perceptual hash value, which serves as an unforgeable watermark intrinsically linked to the image content. This hash is embedded as a QR code in the frequency domain and registered on a blockchain, ensuring tamper-proof timestamping and comprehensive traceability. The blockchain infrastructure further enables verification of multiple watermark sequences, thereby clarifying authorship attribution and modification history. Experimental results demonstrate high robustness against common image modifications, strong discriminative capabilities, and effective watermark recovery, supported by decentralized storage via the InterPlanetary File System (IPFS). The framework provides a transparent, secure, and efficient solution for digital rights management, with potential future enhancements including post-quantum cryptography integration.

Cryptography doi: 10.3390/cryptography10010001

Authors: Yijia Dai Yitong Li Ye Yuan Xianwei Gao Cong Bian Meici Liu

The integration of operational technology (OT) and information technology (IT) within the Industrial Internet of Things (IIoT) has posed prominent security challenges for resource-constrained devices. Existing authentication architectures often suffer from critical vulnerabilities: one is their reliance on centralized trusted third parties, which creates single points of failure; the other is their use of static credentials like biometrics, which pose severe privacy risks if compromised. To address these limitations, this paper proposes DLR-Auth, which combines chaotic synchronization of semiconductor superlattice physically unclonable functions (SSL-PUFs) with Shamir’s secret sharing (SSS) to enable decentralized registration and revocable templates. Notably, DLR-Auth is a two-party authentication framework that removes the need for a separate online registration authority that operates directly between a user device (UDi) and a server (S). In our setting, the server S still acts as the central relying party and hardware authority embedding the matched SSL-PUF module. The protocol also includes an efficient multi-access mechanism optimized for high-frequency interactions. Formal security analysis with the Real-or-Random (ROR) model proves the semantic security of the session key, while performance evaluations demonstrate that DLR-Auth has significant advantages in computational and communication efficiency. DLR-Auth thus offers a robust, scalable, lightweight solution for next-generation secure IIoT systems.

Cryptography doi: 10.3390/cryptography9040080

Authors: Yixuan He Yuta Kodera Yasuyuki Nogami Samsul Huda

Proactive secret sharing (PSS), an extension of secret-sharing schemes, safeguards sensitive data in dynamic distributed networks by periodically refreshing shares to counter adversarial attacks. In our previous work, we constructed a non-interactive proactive secret scheme by integrating threshold homomorphic encryption (ThHE) while reducing the communication complexity to O(n). Not only is refreshing shares important but revoking the shares of users who have left the system is also essential in practical dynamic membership scenarios. However, the previous work was insufficient for supporting explicit user revocation. This study strengthens the description of roles for authorized users and proposes a scheme to achieve non-interactive share refresh and dynamic user management. In each epoch, authorized users are classified into three roles: retain, newly join, and rejoin, and they receive a broadcast of the compact ciphertext encoding both the refresh information and the revocation instructions from the trusted center (dealer). Authorized users independently derive new shares through homomorphic computations, whereas revoked users are unable to generate new shares. Hash functions are used to bind revocation parameters to the cryptographic hashes of valid users in order to guarantee integrity during revocation, allowing for effective verification without compromising non-interactivity. Our new scheme not only extends the revocation structure but also preserves the O(n) communication complexity.

Cryptography doi: 10.3390/cryptography9040079

Authors: Ngoc Ai Van Nguyen Dung Hoang Duong Minh Thuy Truc Pham

Recent work at SCN 2020 by Boyen, Izabachène, and Li introduced a lattice-based key-encapsulation mechanism (KEM) that achieves CCA2-security in the standard model without relying on generic transformations. Their proof, however, leaves a few gaps that prevent a fully rigorous security justification. Building on the same design rationale, we revisit that construction and refine it to obtain a more compact and provably secure KEM under the Learning With Errors assumption. Furthermore, we extend this framework to derive an identity-based variant (IBKEM) whose security is established in the same model. The resulting schemes combine conceptual simplicity with improved efficiency and complete proofs of adaptive-ciphertext security.

Cryptography doi: 10.3390/cryptography9040078

Authors: Oussama Azzouzi Mohamed Anane Mohamed Chahine Ghanem Yassine Himeur Dominik Wojtczak

As embedded and IoT systems demand secure and compact encryption, developing cryptographic solutions that are both lightweight and efficient remains a major challenge. Many existing AES implementations either lack flexibility or consume excessive hardware resources. This paper presents an area-efficient and flexible AES-128 implementation based on a hardware/software (HW/SW) co-design, specifically optimized for platforms with limited hardware resources, resulting in reduced power consumption. In this approach, key expansion is performed in software on a lightweight MicroBlaze processor, while encryption and decryption are accelerated by dedicated hardware IP cores optimized at the Look-up Table (LuT) level. The design is implemented on a Xilinx XC5VLX50T Virtex-5 FPGA, synthesized using Xilinx ISE 14.7, and tested at a 100 MHz system clock. It achieves a throughput of 13.3 Gbps and an area efficiency of 5.44 Gbps per slice, requiring only 2303 logic slices and 7 BRAMs on a Xilinx FPGA. It is particularly well-suited for resource-constrained applications such as IoT nodes, secure mobile devices, and smart cards. Since key expansion is executed only once per session, the runtime is dominated by AES core operations, enabling efficient processing of large data volumes. Although the present implementation targets AES-128, the HW/SW partitioning allows straightforward extension to AES-192 and AES-256 by modifying only the software Key expansion module, ensuring practical scalability with no hardware changes. Moreover, the architecture offers a balanced trade-off between performance, flexibility and resource utilization without relying on complex pipelining. Experimental results demonstrate the effectiveness and flexibility of the proposed lightweight design.

Cryptography doi: 10.3390/cryptography9040077

Authors: Márcio Carvalho Filipe Sá Jorge Bernardino

Data security is essential for protecting sensitive information that could compromise both the sender and the receiver. Encryption mechanisms, such as the Advanced Encryption Standard (AES), play a key role in this protection. However, encrypting or decrypting data can significantly impact the performance of the database. This study aims to evaluate the impact of AES on the performance of SQL Server, Oracle, and MySQL when using Transparent Data Encryption (TDE) with the Transaction Processing Performance Council-H (TPC-H) benchmark at different Scale Factors. Performance was assessed using metrics such as elapsed time and system resource usage. In terms of scalability and performance efficiency, SQL Server proved to be the best among the databases tested. However, TDE introduced performance overhead compared to non-encryption test cases.

Cryptography doi: 10.3390/cryptography9040076

Authors: Saba Karimani Taraneh Eghlidos

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often suffer from limited security and functionality, such as lack of verifiability, vulnerability to collusion, and insider keyword-guessing attacks (IKGA), or inefficiency in multi-authority and post-quantum settings, restricting their practical deployment in real-world distributed systems. In this paper, we propose a verifiable ciphertext-policy multi-authority ABKS (MA-CP-ABKS) scheme based on the Module Learning with Errors (MLWE) problem, which provides post-quantum security, verifiability, and resistance to both collusion and IKGA. Moreover, the proposed scheme supports multi-keyword searchability and forward security, enabling secure and efficient keyword search in dynamic environments. We formally prove the correctness, verifiability, completeness, and security of the scheme under the MLWE assumption against selective chosen-keyword attacks (SCKA) in the standard model and IKGA in the random oracle model. The scheme also maintains efficient computation and manageable communication overhead. Implementation results confirm its practical performance, demonstrating that the proposed MA-CP-ABKS scheme offers a secure, verifiable, and efficient solution for multi-organizational cloud environments.

Cryptography doi: 10.3390/cryptography9040075

Authors: Yuheng Qian Jing Gao Yuhan Qian Yaoling Ding An Wang

Reconstructing cryptographic operation sequences through side-channel analysis is essential for recovering private keys, but practical attacks are hindered by unlabeled, noisy, and high-dimensional power traces that challenge accurate classification. To address this, we propose STAR, a two-stage unsupervised clustering correction framework. First, a Gaussian Mixture Model (GMM) performs an initial clustering to generate reliable pseudo-labels from high-confidence samples. Next, a self-training mechanism uses these pseudo-labels to train a Convolutional Neural Network (CNN), which then iteratively reclassifies low-confidence samples to refine the entire dataset. Validated on standard ECC, RSA, and SM2 datasets, our framework achieved 100% classification accuracy, demonstrating a significant improvement of 12% to 48% over state-of-the-art methods. These findings confirm that STAR is an effective and robust framework for enhancing the precision of unsupervised side-channel analysis, thereby strengthening key recovery attacks.

Cryptography doi: 10.3390/cryptography9040074

Authors: Firdous Kausar Hafiz M. Asif Sajid Hussain Shahid Mumtaz

The metaverse represents a transformative integration of virtual and physical worlds, offering unprecedented opportunities for social interaction, commerce, education, healthcare, and entertainment. Establishing trust in these expansive and decentralized environments remains a critical challenge. Blockchain technology, with its decentralized, secure, and immutable nature, is emerging as an essential pillar of trust and digital asset ownership within the metaverse. This paper provides an extensive review of blockchain-enabled trust and reputation frameworks specifically tailored to metaverse ecosystems. We present an in-depth analysis of existing blockchain solutions across diverse metaverse domains, including gaming, virtual real estate, healthcare, and education. Our core contributions include a comprehensive taxonomy that classifies current trust and reputation schemes by their underlying mechanisms, threat models addressed, and their architectural strategies. We provide a comparative benchmark analysis evaluating key performance metrics such as security robustness, scalability, user privacy, and cross-platform interoperability, revealing critical trade-offs inherent in current designs. Our analysis finds that score-based designs trade scalability for nuanced reputation representation, while SSI- and SBT-based approaches improve Sybil-resistance but introduce significant privacy governance challenges. Finally, we outline unresolved research challenges, including cross-platform reputation portability, privacy-preserving computation, real-time trust management, and standardized governance structures.

Cryptography doi: 10.3390/cryptography9040073

Authors: Konstantina Souvatzidaki Konstantinos Limniotis

The emergence of quantum computing presents a significant threat to classical cryptographic primitives, particularly those employed in securing internet communications via widely used protocols such as Transport Layer Security (TLS). As conventional key exchange mechanisms will become increasingly vulnerable in the post-quantum era, the integration of post-quantum cryptographic (PQC) algorithms into existing security protocols is of utmost importance. This study investigates the impact of incorporating PQC key encapsulation mechanisms—specifically, the recent standards CRYSTALS-Kyber and HQC, in conjunction with the candidate standard BIKE—into the TLS 1.3 handshake. A comprehensive experimental evaluation was conducted to measure handshake latency under emulated network conditions with varying packet loss probabilities. The findings offer useful insights into the performance trade-offs introduced by PQC integration and further highlight the necessity of a timely transition to post-quantum cryptographic standards.

Cryptography doi: 10.3390/cryptography9040072

Authors: David Palma Pier Luca Montessoro

As quantum computing continues to advance, it threatens the long-term protection of traditional cryptographic methods, especially in biometric authentication systems where it is important to protect sensitive data. To overcome this challenge, we present a comprehensive, privacy-preserving framework for multimodal biometric authentication that can easily integrate any two binary-encoded modalities through feature-level fusion, ensuring that all sensitive information remains encrypted under a CKKS-based homomorphic encryption scheme resistant to both classical and quantum-enabled attacks. To demonstrate its versatility and effectiveness, we apply this framework to the retinal vascular patterns and palm vein features, which are inherently spoof-resistant and particularly well suited to high-security applications. This method not only ensures the secrecy of the combined biometric sample, but also enables the complete assessment of recognition performance and resilience against adversarial attacks. The results show that our approach provides protection against threats such as data leakage and replay attacks while maintaining high recognition performance and operational efficiency. These findings demonstrate the feasibility of integrating multimodal biometrics with post-quantum cryptography, giving a strong, privacy-oriented authentication solution suitable for mission-critical applications in the post-quantum era.

Cryptography doi: 10.3390/cryptography9040071

Authors: Shaomin Zhang Yiheng Huang Baoyi Wang

As electric vehicles (EVs) gain popularity, the existing public charging infrastructure is struggling to keep pace with the rapidly growing demand for the immediate charging needs of EVs. V2V power trading has gradually attracted widespread attention and development. EVs need to transmit sensitive information, such as transaction plans, through communication entities in the Internet of Vehicles (IoV). This could lead to leaks of sensitive information, thereby threatening the fairness of transactions. In addition, due to the differences in the cryptographic systems of entities, communication between entities faces challenges. Therefore, a privacy-preserving scheme for V2V double auction power trading based on heterogeneous signcryption and IoV is proposed. Firstly, a heterogeneous signcryption algorithm is designed to realize secure communication from certificateless cryptography to identity-based cryptography. Secondly, the scheme employs a pseudonym mechanism to protect the real identities of EVs. Furthermore, a verification algorithm is designed to verify the information sent by EVs and ensure the traceability and revocation of malicious EVs. The theoretical analysis shows that the proposed scheme could serve common security functions, and the experiment demonstrates that the proposed scheme reduces communication costs by about 14.56% and the computational cost of aggregate decryption by 80.51% compared with other schemes in recent years.

Cryptography doi: 10.3390/cryptography9040070

Authors: Hussain Ahmad Carolin Hannusch

Symmetric cryptography is essential for secure communication as it ensures confidentiality by using shared secret keys. This paper proposes a novel substitution-permutation network (SPN) that integrates Latin squares, permutations, and Reed-Muller (RM) codes to achieve robust security and resilience. As an adaptive design using binary representation with base-n Latin square mappings for non-linear substitutions, it supports any n (Codeword length and Latin square order), k (RM code dimension), d (RM code minimum distance) parameters aligned with the Latin square and RM(n,k,d) codes. The scheme employs 2log2n-round transformations using log2n permutations ρz, where in the additional log2n rounds, row and column pairs are swapped for each pair of rounds, with key-dependent πz permutations for round outputs and fixed ρz permutations for codeword shuffling, ensuring strong diffusion. The scheme leverages dynamic Latin square substitutions for confusion and a vast key space, with permutations ensuring strong diffusion and RM(n,k,d) codes correcting transmission errors and enhancing robustness against fault-based attacks. Precomputed components optimize deployment efficiency. The paper presents mathematical foundations, security primitives, and experimental results, including avalanche effect analysis, demonstrating flexibility and balancing enhanced security with computational and storage overhead.

Cryptography doi: 10.3390/cryptography9040069

Authors: Shaobo Zhang Yijie Yin Nangui Chen Honghui Ning

The rapid growth of smart healthcare improves medical efficiency through electronic data sharing but introduces security risks like privacy leaks and data tampering. However, existing ciphertext-policy attribute-based encryption faces challenges such as single points of failure, weak authentication, and inadequate integrity protection, hindering secure, efficient medical data sharing. Therefore, we propose LDDV, a lightweight decentralized medical data sharing scheme with dual verification. LDDV constructs a lightweight multi-authority collaborative key management architecture based on elliptic curve cryptography, which eliminates the risk of single point of failure and balances reliability and efficiency. Meanwhile, a lightweight dual verification mechanism based on elliptic curve digital signature provides identity authentication and data integrity verification. Security analysis and experimental results show that LDDV achieves 28–42% faster decryption speeds compared to existing schemes and resists specific threats such as chosen plaintext attacks.

Cryptography doi: 10.3390/cryptography9040068

Authors: Saloni Jain Amisha Bagri Maxime Cambou Dina Ghanai Miandoab Bertrand Cambou

Secure authentication in smart device ecosystems remains a critical challenge, particularly due to the irrevocability of compromised biometric templates in server-based systems. This paper presents a post-quantum secure multi-factor authentication protocol that combines templateless 2D and 3D facial biometrics, liveness detection, and Physical Unclonable Functions (PUFs) to achieve robust identity assurance. The protocol exhibits zero-knowledge properties, preventing adversaries from identifying whether authentication failure is due to the biometric, password, PUF, or liveness factor. The proposed protocol utilizes advanced facial landmark detection via dlib or mediapipe, capturing multi-angle facial data and mapping it. By applying a double-masking technique and measuring distances between randomized points, stabilized facial landmarks are selected through multiple images captured during enrollment to ensure template stability. The protocol creates high-entropy cryptographic keys, securely erasing all raw biometric data and sensitive keys immediately after processing. All key cryptographic operations and challenge-response exchanges employ post-quantum algorithms, providing resistance to both classical and quantum adversaries. To further enhance reliability, advanced error-correction methods mitigate noise in biometric and PUF responses, resulting in minimal FAR and FRR that meets industrial standards and resilience against spoofing. Our experimental results demonstrate this protocol’s suitability for smart devices and IoT deployments requiring high-assurance, scalable, and quantum-resistant authentication.

Cryptography doi: 10.3390/cryptography9040067

Authors: Phuc-Phan Duong Cong-Kha Pham

Substitution boxes (S-Boxes) are the core components of modern block ciphers, responsible for introducing the essential nonlinearity that protects against attacks like linear and differential cryptanalysis. For an 8-bit S-Box, the highest possible nonlinearity for a balanced Boolean function is 116. The best results previously reported in the literature achieved an average nonlinearity of 114.5 across the coordinate Boolean functions of 8 × 8 S-boxes. Our proposed method surpasses this record, producing S-boxes whose coordinate functions exhibit an average nonlinearity of 116. This is a significant achievement as it reaches the best result to date for the nonlinearity of the coordinate Boolean functions of an S-Box. Our S-Box generation method is based on multiplication over the field GF(24) and 4×4 component S-Boxes. The approach is also highly effective, capable of producing a large number of S-Boxes with good cryptographic properties. Other cryptographic criteria, such as BIC, SAC, DAP, and LAP, though not fully optimal, remain within acceptable ranges when compared with other reported designs. In addition, a side-channel attack evaluation is presented, covering both parameter analysis and experimental results on a real system when applying the proposed S-Box in the AES algorithm. These results make it a leading solution for block cipher design.

Cryptography doi: 10.3390/cryptography9040066

Authors: Anas A. Abudaqa Khaled Alshehri Muhamad Felemban

Crystals-Kyber and Classic-McEliece are two prominent post-quantum key encapsulation mechanisms (KEMs) designed to address the challenges posed by quantum computing to classical cryptographic schemes. While the former has been standardized by the National Institute of Standards and Technology (NIST), the latter is well-known for its exceptional robustness and as one of the finalists of the fourth round of post-quantum cryptography standardization. Private set intersection (PSI) is a privacy-preserving technique that enables two parties, each possessing a dataset, to compute the intersection of their sets without revealing anything else. This can be achieved thanks to homomorphic encryption (HE), which allows computations on encrypted data. In this paper, firstly, we study Kyber and McEliece, apart from being KEMs, as post-quantum public key encryption (PKE), and examine their homomorphic properties. Secondly, we design two different two-party PSI protocols that utilize the homomorphic capabilities of Kyber and McEliece. Thirdly, a practical performance evaluation under NIST’s security levels 1, 3, and 5 is conducted, focusing on three key metrics: storage overhead, communication overhead, and computation cost. Insights indicate that the Kyber-based PSI Protocol, which utilizes the multiplicative homomorphic property, is secure but less efficient. In contrast, the McEliece-based PSI protocol, while efficient in practice, raises concerns regarding its security as a homomorphic encryption scheme.

Cryptography doi: 10.3390/cryptography9040065

Authors: Lingling Xia Tao Zhu Zhengjun Jing Qun Wang Zhuo Ma Zimo Huang Ziyu Yin

Digital currencies, led by Bitcoin and USDT, are characterized by decentralization and anonymity, which obscure the identities of traders and create a conducive environment for illicit activities such as drug trafficking, money laundering, cyber fraud, and terrorism financing. Focusing on the USDT-TRC20 token on the Tron blockchain, we propose a two-layer transaction network-based approach for virtual currency address identity recognition for digging out hidden relationships and encrypted assets. Specifically, a two-layer transaction network is constructed: Layer A describes the flow of USDT-TRC20 between on-chain addresses over time, while Layer B represents the flow of TRX between on-chain addresses over time. Subsequently, an identity metric is proposed to determine whether a pair of addresses belongs to the same user or group. Furthermore, transaction records are systematically acquired through blockchain explorers, and the efficacy of the proposed recognition method is empirically validated using dataset from the Key Laboratory of Digital Forensics. Finally, the transaction topology is visualized using Neo4j, providing a comprehensive and intuitive representation of the traced transaction pathways.

Cryptography doi: 10.3390/cryptography9040064

Authors: Munkhbaatar Chinbat Liji Wu Xiangmin Zhang Yifan Yang Man Wei

Deep learning-based side-channel analysis is one of the most effective techniques for extracting and classifying sensitive information from a target device. This paper demonstrates the best-performing deep learning model for the target implementation by evaluating various deep learning architectures, including MLP, CNN, and RNN, while systematically optimizing their hyperparameters to achieve the best performance. The paper uses a case study of the Number Theoretic Transform accelerator for the CRYSTALS-Kyber key encapsulation mechanism to show that enhanced deep learning analysis can be used to break security. The best-performing deep learning-based model achieved a 96.64% accuracy in classifying pairwise coefficients of the s vector, which is used to generate the secret key with the NTT accelerator for Kyber768 and Kyber1024. For Kyber512, the model achieved an accuracy of 95.71%. The proposed approach significantly improves average training efficiency, with POIs achieving up to 1.45 times faster performance for MLP models, 10.53 times faster for CNNs, and 10.28 times faster for RNNs compared to deep learning methods without POIs, while maintaining high accuracy in side-channel analysis.

Cryptography doi: 10.3390/cryptography9040063

Authors: Noha E. El-Attar Marwa H. Salama Mohamed Abdelfattah Sanaa Taha

Detecting, tracking, and preventing cryptocurrency money laundering within blockchain systems is a major challenge for governments worldwide. This paper presents an anomaly detection model based on blockchain technology and machine learning to identify cryptocurrency money-laundering accounts within Ethereum blockchain networks. The proposed model employs Particle Swarm Optimization (PSO) to select optimal feature subsets. Additionally, three machine learning algorithms—XGBoost, Isolation Forest (IF), and Support Vector Machine (SVM)—are employed to detect suspicious accounts. A Genetic Algorithm (GA) is further applied to determine the optimal hyperparameters for each machine learning model. The evaluations demonstrate the superiority of the XGBoost algorithm over SVM and IF, particularly when enhanced with GA. It achieved accuracy, precision, recall, and F1-score values of 0.98, 0.97, 0.98, and 0.97, respectively. After applying GA, XGBoost’s performance metrics improved to 0.99 across all categories.

Cryptography doi: 10.3390/cryptography9040062

Authors: Altana Khutsaeva Anton Leevik Sergey Bezzateev

Modern distributed computing systems and applications with strict privacy requirements demand robust data confidentiality. A primary challenge involves enabling parties to exchange data or perform joint computations. These interactions must avoid revealing private information about the data. Protocols with the obliviousness property, known as oblivious protocols, address this issue. They ensure that no party learns more than necessary. This survey analyzes the security and performance of post-quantum oblivious protocols, with a focus on oblivious transfer and oblivious pseudorandom functions. The evaluation assesses resilience against malicious adversaries in the Universal Composability framework. Efficiency is quantified through communication and computational overhead. It identifies optimal scenarios for these protocols. This paper also surveys related primitives, such as oblivious signatures and data structures, along with their applications. Key findings highlight the inherent trade-offs between computational cost and communication complexity in post-quantum oblivious constructions. Open challenges and future research directions are outlined. Emphasis is placed on quantum-resistant designs and formal security proofs in stronger adversarial models.

Cryptography doi: 10.3390/cryptography9040061

Authors: Hanwei Qian Lingling Xia Ruihao Ge Yiming Fan Qun Wang Zhengjun Jing

As deepfake technology matures, its risks in spreading false information and threatening personal and societal security are escalating. Despite significant accuracy improvements in existing detection models, their inherent opacity limits their practical application in high-risk areas such as forensic investigations and news verification. To address this gap in trust, explainability has become a key research focus. This paper provides a systematic review of explainable deepfake detection methods, categorizing them into three main approaches: forensic analysis, which identifies physical or algorithmic manipulation traces; model-centric methods, which enhance transparency through post hoc explanations or pre-designed processes; and multimodal and natural language explanations, which translate results into human-understandable reports. The paper also examines evaluation frameworks, datasets, and current challenges, underscoring the necessity for trustworthy, reliable, and interpretable detection technologies in combating digital misinformation.

Cryptography doi: 10.3390/cryptography9040060

Authors: Sidra Anwar Jonathan Anderson

Digital contact-tracing (CT) systems differ in how they process risk and expose data, and the centralized–decentralized dichotomy obscures these choices. We propose a modular six-model classification and evaluate 18 platforms across 12 countries (July 2020–April 2021) using a 24-indicator rubric spanning privacy, security, functionality, and governance. Methods include double-coding with Cohen’s κ for inter-rater agreement and a 1000-draw weight-sensitivity check; assumptions and adversaries are stated in a concise threat model. Results: No single model dominates; Bulletin Board and Custodian consistently form the top tier on privacy goals, while Fully Centralized eases verification/notification workflows. Timelines show rapid GAEN uptake and near-contemporaneous open-source releases, with one late outlier. Contributions: (i) A practical, generalizable classification that makes compute-locus and data addressability explicit; (ii) a transparent indicator rubric with an evidence index enabling traceable scoring; and (iii) empirically grounded guidance aligning deployments with goals G1–G3 (PII secrecy, notification authenticity, unlinkability). Limitations include reliance on public documentation and architecture-level (not mechanized) verification; future work targets formal proofs and expanded double-coding. The framework and findings generalize beyond COVID-19 to privacy-preserving digital-health workflows.

Cryptography doi: 10.3390/cryptography9030059

Authors: Kwan Yin Chan Tsz Hon Yuen Siu Ming Yiu

Traceable ring signatures (TRSs) allow a signer to create a signature that maintains anonymity while enabling traceability if needed. It merges the characteristics of traditional ring signatures with the ability to trace signers, making it ideal for applications that demand both confidentiality and accountability. In a TRS scheme, a ring of potential signers generates a signature on a message without disclosing the actual signer’s identity. However, the identity can be traced if the signer uses the same tag for multiple signatures. This paper introduces a novel formal construction of TRS under universally composable (UC) security. We integrate verifiable random functions (VRFs) and zero-knowledge proofs for membership, employing Pedersen commitments. Our signature schemes maintain a logarithmic size while preserving the UC security guarantees. Additionally, we explore the potential to extend the property of one-time anonymity in TRS to K-time anonymity.

Cryptography doi: 10.3390/cryptography9030058

Authors: Alexandru Dinu

Chaotic systems, governed by deterministic nonlinear equations yet exhibiting highly complex and unpredictable behaviors, have emerged as valuable tools at the intersection of mathematics, engineering, and information security. This paper presents a comparative study of the Lorenz and Rössler systems, focusing on their dynamic complexity and statistical independence—two critical properties for applications in chaos-based cryptography. By integrating techniques from nonlinear dynamics (e.g., Lyapunov exponents, KS entropy, Kaplan–Yorke dimension) and statistical testing (e.g., chi-square and Gaussian transformation-based independence tests), we provide a quantitative framework to evaluate the pseudo-randomness potential of chaotic trajectories. Our results show that the Lorenz system offers faster convergence to chaos and superior statistical independence over time, making it more suitable for rapid encryption schemes. In contrast, the Rössler system provides complementary insights due to its simpler attractor and longer memory. These findings contribute to a multidisciplinary methodology for selecting and optimizing chaotic systems in secure communication and signal processing contexts.

Cryptography doi: 10.3390/cryptography9030057

Authors: Xiyuan Cheng Tiancong Cheng Xinyu Yang Wenbin Cheng Yiting Lin

With the rapid development of big data and artificial intelligence, the problem of image privacy leakage has become increasingly prominent, especially for images containing sensitive information such as faces, which poses a higher security risk. In order to improve the security and efficiency of image privacy protection, this paper proposes an image encryption scheme that integrates face detection and multi-level encryption technology. Specifically, a multi-task convolutional neural network (MTCNN) is used to accurately extract the face area to ensure accurate positioning and high processing efficiency. For the extracted face area, a hierarchical encryption framework is constructed using chaotic systems, lightweight block permutations, RNA cryptographic systems, and bit diffusion, which increases data complexity and unpredictability. In addition, a key update mechanism based on dynamic feedback is introduced to enable the key to change in real time during the encryption process, effectively resisting known plaintext and chosen plaintext attacks. Experimental results show that the scheme performs well in terms of encryption security, robustness, computational efficiency, and image reconstruction quality. This study provides a practical and effective solution for the secure storage and transmission of sensitive face images, and provides valuable support for image privacy protection in intelligent systems.

Cryptography doi: 10.3390/cryptography9030056

Authors: Sunil Kumar Dharminder Chaudhary S. A. Lakshmanan Cheng-Chi Lee

In several stream cipher designs, Boolean functions (BFs) play a crucial role as non-linear components, either serving as filtering functions or being used within the combining process. The overall strength of stream ciphers mainly depends on certain cryptographic properties of BFs, including their balancedness, non-linearity, resistance to correlation, and algebraic degrees. In this paper, we present novel findings related to the algebraic degrees of BFs, which play an important role in the design of symmetric cryptographic systems, and propose a novel algorithm to directly deduce the algebraic degree of a Boolean function (BF) from its truth table. We also explore new results concerning balanced Boolean functions, specifically characterizing them by establishing new results regarding their support. Additionally, we propose a new approach for a subclass of affine equivalent Boolean functions and discuss well-known cryptographic properties in a very simple and lucid manner using this newly introduced approach. Moreover, we propose the first algorithm in the literature to construct non-quadratic balanced Boolean functions (NQBBFs) that possess no linear structure where their derivative equals 1. Finally, we discuss the complexity of this algorithm and present a table that shows the time taken by this algorithm, after its implementation in SageMath, for the generation of Boolean functions corresponding to different values of n (i.e., number of variables).

Cryptography doi: 10.3390/cryptography9030055

Authors: Kung-Wei Hu Wun-Ting Lin Huan-Chih Wang Ja-Ling Wu

This paper enhances the multikey scenario in the Gentry–Sahai–Waters (GSW) fully homomorphic encryption scheme to increase its real-world applicability. We integrate the advantages of two existing GSW multikey approaches: one enabling distributed decryption and the other reducing memory requirements. We also apply the CRT decomposition and ciphertext compression techniques to the multikey settings. While leveraging the effectiveness of decomposition, we adapt the compression technique for practical cryptographic applications, as demonstrated through simulations in federated learning and multiparty communication scenarios. Our work’s potential impact on the cryptography field is significant, as it offers a more efficient and secure solution for distributed data processing in real-world scenarios, thereby advancing the state of the art in secure communication systems.

Cryptography doi: 10.3390/cryptography9030054

Authors: Afef Kchaou Sehmi Saad Hatem Garrab Mohsen Machhout

This paper presents a comprehensive register transfer-level (RTL) fault injection study targeting the program counter (PC) of the LEON3 processor, a SPARC V8-compliant core widely used in safety-critical and radiation-prone embedded applications. Using the enhanced NETFI+ framework, over four million faults, including single-event upsets (SEUs), multiple-bit upsets (MBUs), and single-event transients (SETs), were systematically injected into the PC across all pipeline stages. The analysis reveals that early stages, particularly Fetch (FE), Decode (DE), Register Access (RA), and Execute (EX), are highly sensitive to SEU and MBU faults. The propagation of errors detected in the two early stages of the pipeline (FE and DE) is classified with an important percentage of halt execution and timeout traps. Intermediate stages, such as RA and EX, exhibited a higher incidence of silent data corruption and halt execution, while the Memory (ME) and Exception (XC) stages demonstrated greater resilience through fault masking. SET faults were mostly transient and masked, though they occasionally resulted in control flow anomalies. In addition to error classification, detailed trap and exception analysis was performed to characterize fault-induced failure mechanisms. The findings underscore the need for pipeline-stage-specific hardening strategies and highlight the value of simulation-based fault injection for early design validation in safety-critical embedded processors.

Cryptography doi: 10.3390/cryptography9030053

Authors: Sana Challi Mukul Kulkarni Taoufik Serraj

Identity-based cryptography introduced by Shamir (Crypto’84) has seen many advances through the years. In the context of post-quantum identity-based schemes, most of the efficient designs are based on lattices. In this work, we propose an identity-based identification (IBI) scheme and an identity-based signature (IBS) scheme based on codes. Our design combines the hash-and-sign signature scheme, Wave, with a Stern-like signature scheme, BGKM-SIG1, instantiated over a ternary field using the large-weight Syndrome Decoding Problem (SDP). Our scheme significantly outperforms existing code-based identity-based signature constructions.

Cryptography doi: 10.3390/cryptography9030052

Authors: Abdul Ghafoor Iraklis Symeonidis Anna Rydberg Cecilia Lindahl Abdul Qadus Abbasi

Cybersecurity represents a critical challenge for data-sharing platforms involving multiple stakeholders, particularly within complex and decentralized systems such as livestock supply chain networks. These systems demand novel approaches, robust security protocols, and advanced data management strategies to address key challenges such as data consistency, transparency, ownership, controlled access or exposure, and privacy-preserving analytics for value-added services. In this paper, we introduced the Framework for Livestock Empowerment and Decentralized Secure Data eXchange (FLEX), as a comprehensive solution grounded on five core design principles: (i) enhanced security and privacy, (ii) human-centric approach, (iii) decentralized and trusted infrastructure, (iv) system resilience, and (v) seamless collaboration across the supply chain. FLEX integrates interdisciplinary innovations, leveraging decentralized infrastructure-based protocols to ensure trust, traceability, and integrity. It employs secure data-sharing protocols and cryptographic techniques to enable controlled information exchange with authorized entities. Additionally, the use of data anonymization techniques ensures privacy. FLEX is designed and implemented using a microservices architecture and edge computing to support modularity and scalable deployment. These components collectively serve as a foundational pillar of the development of a digital product passport. The FLEX architecture adopts a layered design and incorporates robust security controls to mitigate threats identified using the STRIDE threat modeling framework. The evaluation results demonstrate the framework’s effectiveness in countering well-known cyberattacks while fulfilling its intended objectives. The performance evaluation of the implementation further validates its feasibility and stability, particularly as the volume of evidence associated with animal identities increases. All the infrastructure components, along with detailed deployment instructions, are publicly available as open-source libraries on GitHub, promoting transparency and community-driven development for wider public benefit.

Cryptography doi: 10.3390/cryptography9030051

Authors: Xinyao Li Akhilesh Tyagi

Modern x86 processors incorporate performance-enhancing features such as prefetching mechanisms, cache coherence protocols, and support for large memory pages (e.g., 2 MB huge pages). While these architectural innovations aim to reduce memory access latency, boost throughput, and maintain cache consistency across cores, they can also expose subtle microarchitectural side channels that adversaries may exploit. This study investigates how the combination of prefetching techniques and huge pages can significantly enhance the throughput and accuracy of covert channels in controlled computing environments. Building on prior work that examined the impact of the MESI cache coherence protocol using single-cache-line access without huge pages, our approach expands the attack surface by simultaneously accessing multiple cache lines across all 512 L1 lines under a 2 MB huge page configuration. As a result, our 9-bit covert channel achieves a peak throughput of 4940 KB/s—substantially exceeding previously reported benchmarks. We further validate our channel on AMD SEV-SNP virtual machines, achieving up to an 88% decoding accuracy using write-access encoding with 2 MB huge pages, demonstrating feasibility even under TEE-enforced virtualization environments. These findings highlight the need for careful consideration and evaluation of the security implications of common performance optimizations with respect to their side-channel potential.

Cryptography doi: 10.3390/cryptography9030050

Authors: Dongyu Wu Bei Liang Zijie Lu Jintai Ding

Over years of development in secure multi-party computation (MPC), many sophisticated functionalities have been made practical, and multi-dimensional operations occur more and more frequently in MPC protocols, especially in protocols involving datasets of vector elements, such as privacy-preserving biometric identification and privacy-preserving machine learning. In this paper, we introduce a new kind of correlation, called tensor triples, which is designed to make multi-dimensional MPC protocols more efficient. We will discuss the generation process, the usage, and the applications of tensor triples and show that they can accelerate privacy-preserving biometric identification protocols, such as FingerCode, Eigenfaces, and FaceNet, by more than 1000 times, with reasonable offline costs, and grant pre-computability for the secure matrix multiplication process in privacy-preserving machine learning protocols, such as SecureML and SecureNN, while achieving similar efficiency.

Cryptography doi: 10.3390/cryptography9030048

Authors: Nikola Hristov-Kalamov Raúl Fernández-Ruiz Agustín Álvarez-Marquina Julio Guillén-García Roberto Gallardo-Cava Daniel Palacios-Alonso

As the demand for expansive back-end systems in online applications continues to grow, novel frameworks are necessitated to address the escalating operational demands, energy consumption, and associated costs. Traditional Client–Server models, while offering centralized security and reliability, are characterized by their high deployment and maintenance expenses. Conversely, Peer-to-Peer (P2P) models, despite being cost-effective and scalable, are hindered by inherent security and data integrity challenges. Moreover, the lack of a central authority in P2P systems complicates a definitive resolution of scenarios involving stakes, where users cannot withdraw without incurring a tangible loss. In this research work, a hybrid back-end framework is introduced, combining the advantages of both models through the utilization of cryptographic algorithms and Secure Multi-Party Computation (MPC) protocols. The baseline solution is lightweight and fully composable, making it capable of utilizing different more complex slot-in MPC techniques. The proposed framework’s effectiveness is demonstrated through a simplified two-player Spades game, although it is fully generalizable to any application. Evaluations across multiple case studies reveal substantial performance enhancements compared to conventional approaches, particularly post-initialization, highlighting the scheme’s potential as a cost-effective, energy-efficient, and secure solution for modern online applications.

Cryptography doi: 10.3390/cryptography9030049

Authors: Ran Chu Jun Mou Yuanhui Cui

A dual watermark and DNA image encryption based on a chaotic map is proposed. Firstly, a new discrete chaotic map is proposed, and the dynamic characteristics are analyzed. Then, the hash value changes initial conditions, and the pseudo-random sequence is generated. The encrypted copyright image is fused with the feature value of the original image and then encrypted again to form zero-watermarking, which is registered with the copyright certification authority. The zero-watermarking is taken as a robust watermark and embedded into the original image based on a chaotic sequence to ensure its invisibility. Finally, a cross-mutation DNA encryption is proposed. The experimental results verify the performance of encryption and dual watermark copyright authentication, and the ability to resist attacks.

Cryptography doi: 10.3390/cryptography9030047

Authors: Holger Mandry Julian Spiess Bjoern Driemeyer Joachim Becker Maurits Ortmanns

We present the first implementation of an FPGA-based PUF that leverages the usually contradictory requirements of stability and response time. Many state-of-the-art implementations of PUFs are either slow with a low error rate, like the ring oscillator-PUF, or fast with a higher error rate, like the arbiter-PUF. The presented implementation of an eye-opening PUF uses the phase-integrating effect of a ring oscillator to realize the shortest possible response for the required stability of the readout. This principle also allows for new automatic detection of unstable bits based on counting the number of oscillations required until an arbitration is conducted. This first implementation of an eye-opening PUF reduces the bit error rate to a number under our measurement limits, while the readout time is simultaneously kept as low as ≤1.54 μs, with an average of 0.85 μs. In addition, environmental temperature changes are evaluated, and methods for limiting these effects are discussed.

Cryptography doi: 10.3390/cryptography9020046

Authors: Hai Huang Jiwen Zheng Zhengyu Chen Shilei Zhao Hongwei Wu Bin Yu Zhiwei Liu

Modular multiplication is a pivotal operation in public-key cryptosystems such as RSA, ElGamal, and ECC. Modular multiplication design is crucial for improving overall system performance due to the large-bit-width operation with high computational complexity. This paper provides a classification of integer multiplication algorithms based on their implementation principles. Furthermore, the core concepts, implementation challenges, and research advancements of multiplication algorithms are systematically summarized. This paper also gives a brief overview of modular reduction algorithms for various types of moduli and discusses the implementation principles, application scenarios, and current research results. Finally, the detailed research development of modular multiplication algorithms in four major classes over prime fields is deeply analyzed and summarized, making it essential as a guide for future research.

Cryptography doi: 10.3390/cryptography9020045

Authors: Ismel Martínez-Díaz Carlos Miguel Legón-Pérez Guillermo Sosa-Gómez

Among the multiple important properties that characterize strong S-boxes for symmetric cryptography and are used in their designs, this study focuses on two: the non-linearity property, a classical security metric, and the confusion coefficient variance property, a statistical proxy for side channel resistance under the Hamming weight leakage model. Given an S-box, two sets can be created: the set of affine-shifted S-boxes, where S-boxes have the same non-linearity value, and the set of Hamming weight classes, where S-boxes have the same confusion coefficient variance value. The inherent values of these two properties ensure resistance to cryptographic attacks; however, if the value of one property increases, it will imply a decrease in the value of the other property. In view of the aforementioned fact, attaining a trade-off becomes a complex undertaking. The impetus for this research stems from the following hypothesis: if an initial S-box already exhibits a trade-off, it would be advantageous to employ a method that generates new S-boxes while preserving the balance. A thorough review of the extant literature reveals the absence of any methodology that encompasses the aforementioned elements. The present paper proposes a novel methodology for generating an affine-shifted subset of S-boxes, ensuring that the resulting subset possesses the same confusion coefficient variance value. We provide insights on the optimal search strategy to optimize non-linearity and confusion coefficient variance. The proposed methodology guarantees the preservation of constant values on the designated. It is possible to incorporate these properties into a comprehensive design scheme, in which case the remaining S-box properties are to be examined. We also demonstrate that, despite the fact that this subset contains S-boxes with the theoretical resistance to side channel attacks under the Hamming weight model, the S-boxes are in different Hamming weight classes.

Cryptography doi: 10.3390/cryptography9020044

Authors: Dongfang Zhao

We propose a new framework for compile-time ciphertext synthesis in fully homomorphic encryption (FHE) systems. Instead of invoking encryption algorithms at runtime, our method synthesizes ciphertexts from precomputed encrypted basis vectors using only homomorphic additions, scalar multiplications, and randomized encryptions of zero. This decouples ciphertext generation from encryption and enables efficient batch encoding through algebraic reuse. We formalize this technique as a randomized module morphism and prove that it satisfies IND-CPA security. Our proof uses a hybrid game framework that interpolates between encrypted vector instances and reduces the adversarial advantage to the indistinguishability advantage of the underlying FHE scheme. This reduction structure captures the security implications of ciphertext basis reuse and structured noise injection. The proposed synthesis primitive supports fast, encryption-free ingestion in outsourced database systems and other high-throughput FHE pipelines. It is compatible with standard FHE APIs and preserves layout semantics for downstream homomorphic operations.

Cryptography doi: 10.3390/cryptography9020043

Authors: Cheng-Chi Lee Tuan-Vinh Le Chun-Ta Li Dinh-Thuan Do Agbotiname Lucky Imoize

Recent advancements in wireless communication systems have facilitated the development of cutting-edge applications in modern architecture, and these systems are rapidly transforming our daily activities and enabling critical industrial processes [...]

Cryptography doi: 10.3390/cryptography9020042

Authors: Dawoon Kwon Junghwan Song

Differential cryptanalysis is one of the fundamental cryptanalysis techniques to evaluate the security of the block cipher. In many cases, resistance to differential cryptanalysis is proven through the upper bound of the differential characteristic probability, not the differential probability. Since the attacker uses a differential rather than a differential characteristic, resistance based on a differential characteristic tends to overestimate the security level of the block cipher. Such an overestimation is notably observed in lightweight block ciphers SKINNY, Midori, and CRAFT. In this paper, we examine the gap between the differential characteristics and the differential probability of lightweight block ciphers. We present practical methods for computing differential probability using a multistage graph. Using these methods, we count the exact number of maximum differential characteristics with fixed plaintext/ciphertext difference and activity pattern. By the exact number of maximum differential characteristics, we can calculate the probability that is closer to the real differential probability. In addition, by modifying the method, we compute a more accurate differential probability by considering the characteristics of the lower probability. We find differential distinguishers of 9-round Midori64 with probability 2−61.58, 9-round SKINNY64 with 2−58.67 and 14-round CRAFT with 2−60.32. Furthermore, we find a related-tweakey differential distinguisher of 11-round SKINNY64-64 with 2−55.93 and a related-tweak differential distinguisher of 17-round CRAFT with probability 2−63.37. Finally, we explain why these gaps are notable in Midori64, SKINNY64 and CRAFT by relating the S-box differential distribution table.

Cryptography doi: 10.3390/cryptography9020041

Authors: Bo Mi Siyuan Zeng Ran Zeng Fuyuan Wang Qi Zhou

With the rapid development of the automotive industry, research on the internet of vehicles (IoV) has become a hot topic in the field of automobiles. Considering the privacy of data collected from vehicles, this paper proposes a novel multiparty homomorphic encryption scheme (MHE) for secure multiparty computation without the need for a trusted third party. The scheme ensures efficient computation of data while preserving the privacy of each party’s data. It consists of four phases: construction, computation, recombination, and refreshing. In the recombination phase, the key is reconstructed using a span program, enabling secure computation among participating parties under a semi-honest model. Finally, we compare the proposed scheme with mainstream approaches and conduct experiments within the framework of federated learning. Through both experimental and theoretical analyses, the performance of the proposed scheme is comprehensively evaluated, demonstrating its efficiency and correctness.

Cryptography doi: 10.3390/cryptography9020040

Authors: Mohammed Rahmani Abderrahmane Nitaj Abdelhamid Tadmori Mhammed Ziane

In this paper, we present a novel method to solve trivariate polynomial modular equations of the form x(y2+Ay+B)+z≡0 (mod e). Our approach integrates Coppersmith’s method with lattice basis reduction to efficiently solve the former equation. Several variants of RSA are based on the cubic Pell equation x3+fy3+f2z3−3fxyz≡1 (mod N), where f is a cubic nonresidue modulus N=pq. In these variants, the public exponent e and the private exponent d satisfy ed≡1 (mod ψ(N)) with ψ(N)=p2+p+1q2+q+1. Moreover, d can be written in the form d≡v0z0 (mod ψ(N)) with any z0 satisfying gcd(z0,ψ(N))=1. In this paper, we apply our method to attack the variants when d≡v0z0 (mod ψ(N)) and when |z0| and |v0| are suitably small. We also show that our method significantly improves the bounds of the private exponents d of the previous attacks on the variants, particularly in the scenario of small private exponents and in the scenarios where partial information about the primes is available.

Cryptography doi: 10.3390/cryptography9020039

Authors: Ali Abdullah S. AlQahtani

Traditional key derivation techniques, including the widely adopted PBKDF2, operate with static parameters that do not account for contextual factors such as device capabilities, data sensitivity, or password strength. In this paper, we propose a novel adaptive PBKDF2-based encryption scheme that adjusts its iteration count dynamically based on computational resource index (CRI), data risk level (DRL), and password strength assessment. We present the theoretical model, algorithmic design, and empirical validation of our approach through nine comprehensive experiments, covering performance, scalability, brute-force resistance, entropy quality, and cross-platform consistency. Our results confirm that the adaptive method achieves a secure balance between computational cost and cryptographic strength, outperforming static PBKDF2 in dynamic scenarios. Our framework enhances cryptographic resilience in real-world deployments and offers a forward-compatible foundation for adaptive security solutions.

Cryptography doi: 10.3390/cryptography9020038

Authors: Manohar Raavi Qaiser Khan Simeon Wuthier Pranav Chandramouli Yaroslav Balytskyi Sang-Yoon Chang

Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantum cryptography (PQC) public key digital signatures of Dilithium, Falcon, and SPHINCS+. Finding common ground to compare these algorithms can be difficult because of their design differences, including the fundamental math problems (lattice-based vs. hash-based). We use a visualization model to show the key/signature size vs. security trade-offs for all PQC algorithms. Our performance analyses compare the algorithms’ computational loads in the execution time. Building on the individual algorithms’ analyses, we analyze the communication costs and implementation overheads when integrated with Public Key Infrastructure (PKI) and with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our results show that the lattice-based algorithms of Dilithium and Falcon induce lower computational overheads than the hash-based algorithms of SPHINCS+. In addition, the lattice-based PQC can outperform the classical algorithm with comparable security strength; for example, Dilithium 2 and Falcon 512 outperform RSA 4096 in the TLS handshake time duration.

Cryptography doi: 10.3390/cryptography9020037

Authors: Atef Ibrahim Fayez Gebali

The broadening adoption of interconnected systems within smart city environments is fundamental for the progression of digitally driven economies, enabling the refinement of city administration, the enhancement of public service delivery, and the fostering of ecologically sustainable progress, thereby aligning with global sustainability benchmarks. However, the pervasive distribution of Internet of things (IoT) apparatuses introduces substantial security risks, attributable to the confidential nature of processed data and the heightened susceptibility to cybernetic intrusions targeting essential infrastructure. Commonly, these devices exhibit deficiencies stemming from restricted computational capabilities and the absence of uniform security standards. The resolution of these security challenges is paramount for the full realization of the advantages afforded by IoT without compromising system integrity. Cryptographic protocols represent the most viable solutions for the mitigation of these security vulnerabilities. However, the limitations inherent in IoT edge nodes complicate the deployment of robust cryptographic algorithms, which are fundamentally reliant on finite-field multiplication operations. Consequently, the streamlined execution of this operation is pivotal, as it will facilitate the effective deployment of encryption algorithms on these resource-limited devices. Therefore, the presented research concentrates on the formulation of a spatially and energetically efficient hardware implementation for the finite-field multiplication operation. The proposed arithmetic unit demonstrates significant improvements in hardware efficiency and energy consumption compared to state-of-the-art designs, while its systolic architecture provides inherent timing-attack resistance through deterministic operation. The regular structure not only enables these performance advantages but also facilitates future integration of error-detection and masking techniques for comprehensive side-channel protection. This combination of efficiency and security makes the multiplier particularly suitable for integration within encryption processors in resource-constrained IoT edge nodes, where it can enable secure data communication in smart city applications without compromising operational effectiveness or urban development goals.

Cryptography doi: 10.3390/cryptography9020036

Authors: Zulfikar Zulfikar Hubbul Walidainy Aulia Rahman Kahlil Muchtar

The Ring Oscillator Physical Unclonable Function (RO-PUF) is a hardware security innovation that creates a secure and distinct identifier by utilizing the special physical properties of ring oscillators. Their unique response, low hardware overhead, and difficulty of reproduction are some of the security benefits that make them valuable in safe authentication systems. Numerous developments, such as temperature adjustment methods, aging mitigation, and better architecture and layout, have been created to increase its security, dependability, and efficiency. However, achieving the sacrifice metric makes it challenging to implement with additional complex circuits. This work focuses on stability improvement in terms of the reliability of the RO-PUF in enhanced challenge and response (CRP) by exploiting existing on-chip hard processors. This work establishes only ROs and their counters inside the chip. The built-in microprocessor performs the remaining process using the intermediary process of a Q factor and new frequency mapping. As a result, the reliability improves significantly to 95.8% compared to previous methods. The proper use of resources due to the limitation of on-chip resources has been emphasized by considering that a hard processor exists inside the new FPGA chip.

Cryptography doi: 10.3390/cryptography9020035

Authors: Salem AlJanah Ning Zhang Siok Wah Tay

As more Internet of Things (IoT) devices are being used, more sensitive data and services are also being hosted by, or accessed via, IoT devices. This leads to a need for a stronger authentication solution for the IoT context, and a stronger authentication solution tends to be based on several authentication factors. Existing multi-factor authentication solutions are mostly used for user-to-system identity verification scenarios, whereas, in the IoT context, there are device-to-device communication scenarios. Therefore, more work is necessary to investigate how to facilitate multi-factor authentication for device-to-device interactions. As part of our ongoing work on the design of the M2I (Multi-factor Multilevel and Interaction-based) framework to facilitate multi-factor authentication in IoT, this paper reports an extension to an authentication framework published previously that supports the multi-factor authentication of devices in device-to-device and device-to-multidevice interactions. In this extended framework, four authentication protocols are added to facilitate multi-factor group authentication between IoT devices. Analysis results show that the protocols satisfy the specified security requirements and are resilient against authentication-related attacks. The communication and computation overheads of the protocols are also analyzed and compared with those of IoT group authentication solutions and Kerberos. The results show that the symmetric-key-based version of the proposed protocols cut the communication and computational costs, respectively, by 70∼74% and 89∼92% in comparison with those of Kerberos.

Cryptography doi: 10.3390/cryptography9020034

Authors: Venkata K. V. V. Bathalapalli Saraju P. Mohanty Chenyun Pan Elias Kougianos

This research investigates the integration of quantum hardware-assisted security into critical applications, including the Industrial Internet-of-Things (IIoT), Smart Grid, and Smart Transportation. The Quantum Physical Unclonable Functions (QPUF) architecture has emerged as a robust security paradigm, harnessing the inherent randomness of quantum hardware to generate unique and tamper-resistant cryptographic fingerprints. This work explores the potential of Quantum Computing for Security-by-Design (SbD) in the Industrial Internet-of-Things (IIoT), aiming to establish security as a fundamental and inherent feature. SbD in Quantum Computing focuses on ensuring the security and privacy of Quantum computing applications by leveraging the fundamental principles of quantum mechanics, which underpin the quantum computing infrastructure. This research presents a scalable and sustainable security framework for the trusted attestation of smart industrial entities in Quantum Industrial Internet-of-Things (QIoT) applications within Industry 4.0. Central to this approach is the QPUF, which leverages quantum mechanical principles to generate unique, tamper-resistant fingerprints. The proposed QPUF circuit logic has been deployed on IBM quantum systems and simulators for validation. The experimental results demonstrate the enhanced randomness and an intra-hamming distance of approximately 50% on the IBM quantum hardware, along with improved reliability despite varying error rates, coherence, and decoherence times. Furthermore, the circuit achieved 100% reliability on Google’s Cirq simulator and 95% reliability on IBM’s quantum simulator, highlighting the QPUF’s potential in advancing quantum-centric security solutions.

Cryptography doi: 10.3390/cryptography9020033

Authors: William J. Buchanan Hisham Ali

The requirement for privacy-aware machine learning increases as we continue to use PII (personally identifiable information) within machine training. To overcome the existing privacy issues, we can apply fully homomorphic encryption (FHE) to encrypt data before they are fed into a machine learning model. This involves generating a homomorphic encryption key pair, where the public key encrypts the input data and the private key decrypts the output. However, there is often a performance hit when we use homomorphic encryption, so this paper evaluates the performance overhead of using an SVM (support vector machine) machine learning technique with the OpenFHE homomorphic encryption library. This uses Python and the scikit-learn library to create an SVM model, which can then be used with homomorphically encrypted data inputs and then produce a homomorphically encrypted result. The experiments include a range of variables, such as multiplication depth, scale size, first modulus size, security level, batch size, and ring dimension, along with two different SVM models, SVM-poly and SVM-linear. Overall, the results show that the two main parameters that affect performance are ring dimension and modulus size, and SVM-poly and SVM-linear show similar performance levels.

Cryptography doi: 10.3390/cryptography9020032

Authors: Maryam Abbasi Filipe Cardoso Paulo Váz José Silva Pedro Martins

The emergence of large-scale quantum computing presents an imminent threat to contemporary public-key cryptosystems, with quantum algorithms such as Shor’s algorithm capable of efficiently breaking RSA and elliptic curve cryptography (ECC). This vulnerability has catalyzed accelerated standardization efforts for post-quantum cryptography (PQC) by the U.S. National Institute of Standards and Technology (NIST) and global security stakeholders. While theoretical security analysis of these quantum-resistant algorithms has advanced considerably, comprehensive real-world performance benchmarks spanning diverse computing environments—from high-performance cloud infrastructure to severely resource-constrained IoT devices—remain insufficient for informed deployment planning. This paper presents the most extensive cross-platform empirical evaluation to date of NIST-selected PQC algorithms, including CRYSTALS-Kyber and NTRU for key encapsulation mechanisms (KEMs), alongside BIKE as a code-based alternative, and CRYSTALS-Dilithium and Falcon for digital signatures. Our systematic benchmarking framework measures computational latency, memory utilization, key sizes, and protocol overhead across multiple security levels (NIST Levels 1, 3, and 5) in three distinct hardware environments and various network conditions. Results demonstrate that contemporary server architectures can implement these algorithms with negligible performance impact (<5% additional latency), making immediate adoption feasible for cloud services. In contrast, resource-constrained devices experience more significant overhead, with computational demands varying by up to 12× between algorithms at equivalent security levels, highlighting the importance of algorithm selection for edge deployments. Beyond standalone algorithm performance, we analyze integration challenges within existing security protocols, revealing that naive implementation of PQC in TLS 1.3 can increase handshake size by up to 7× compared to classical approaches. To address this, we propose and evaluate three optimization strategies that reduce bandwidth requirements by 40–60% without compromising security guarantees. Our investigation further encompasses memory-constrained implementation techniques, side-channel resistance measures, and hybrid classical-quantum approaches for transitional deployments. Based on these comprehensive findings, we present a risk-based migration framework and algorithm selection guidelines tailored to specific use cases, including financial transactions, secure firmware updates, vehicle-to-infrastructure communications, and IoT fleet management. This practical roadmap enables organizations to strategically prioritize systems for quantum-resistant upgrades based on data sensitivity, resource constraints, and technical feasibility. Our results conclusively demonstrate that PQC is deployment-ready for most applications, provided that implementations are carefully optimized for the specific performance characteristics and security requirements of target environments. We also identify several remaining research challenges for the community, including further optimization for ultra-constrained devices, standardization of hybrid schemes, and hardware acceleration opportunities.

Cryptography doi: 10.3390/cryptography9020031

Authors: Siddhartha Siddhiprada Bhoi Arathi Arakala Amy Beth Corman Asha Rao

Homomorphic Encryption (HE) allows secure and privacy-protected computation on encrypted data without the need to decrypt it. Since Shor’s algorithm rendered prime factorisation and discrete logarithm-based ciphers insecure with quantum computations, researchers have been working on building post-quantum homomorphic encryption (PQHE) algorithms. Most of the current PQHE algorithms are secured by Lattice-based problems and there have been limited attempts to build ciphers based on error-correcting code-based problems. This review presents an overview of the current approaches to building PQHE schemes and justifies code-based encryption as a novel way to diversify post-quantum algorithms. We present the mathematical underpinnings of existing code-based cryptographic frameworks and their security and efficiency guarantees. We compare lattice-based and code-based homomorphic encryption solutions identifying challenges that have inhibited the progress of code-based schemes. We finally propose five new research directions to advance post-quantum code-based homomorphic encryption.

Cryptography doi: 10.3390/cryptography9020030

Authors: Hanbing Li Kexin Qiao Ye Xu Changhai Ou An Wang

Algebraic persistent fault analysis (APFA) combines algebraic analysis with persistent fault analysis, providing a novel approach for examining block cipher implementation security. Since its introduction, APFA has attracted considerable attention. Traditionally, APFA has assumed that fault injection occurs solely within the S-box during the encryption process. Yet, algorithms like PRESENT and AES also utilize S-boxes in the key scheduling phase, sharing the same S-box implementation as encryption. This presents a previously unaddressed challenge for APFA. In this work, we extend APFA’s fault injection and analysis capabilities to encompass the key scheduling stage, validating our approach on PRESENT. Our experimental findings indicate that APFA continues to be a viable approach. However, due to faults arising during the key scheduling process, the number of feasible candidate keys does not converge. To address this challenge, we expanded the depth of our fault analysis without increasing the number of faulty ciphertexts, effectively narrowing the key search space to near-uniqueness. By employing a compact S-box modeling approach, we were able to construct more concise algebraic equations with solving efficiency improvements ranging from tens to hundreds of times for PRESENT, SKINNY and CRAFT block ciphers. The efficiency gains became even more pronounced as the depth of the fault leakage increased, demonstrating the robustness and scalability of our approach.

Cryptography doi: 10.3390/cryptography9020029

Authors: Anastasios N. Bikos

Virtual reality (VR)/the metaverse is transforming into a ubiquitous technology by leveraging smart devices to provide highly immersive experiences at an affordable price. Cryptographically securing such augmented reality schemes is of paramount importance. Securely transferring the same secret key, i.e., obfuscated, between several parties is the main issue with symmetric cryptography, the workhorse of modern cryptography, because of its ease of use and quick speed. Typically, asymmetric cryptography establishes a shared secret between parties, after which the switch to symmetric encryption can be made. However, several SoTA (State-of-The-Art) security research schemes lack flexibility and scalability for industrial Internet-of-Things (IoT)-sized applications. In this paper, we present the full architecture of the PRIVocular framework. PRIVocular (i.e., PRIV(acy)-ocular) is a VR-ready hardware–software integrated system that is capable of visually transmitting user data over three versatile modes of encapsulation, encrypted—without loss of generality—using an asymmetric-key cryptosystem. These operation modes can be optical character-based or QR-tag-based. Encryption and decryption primarily depend on each mode’s success ratio of correct encoding and decoding. We investigate the most efficient means of ocular (encrypted) data transfer by considering several designs and contributing to each framework component. Our pre-prototyped framework can provide such privacy preservation (namely virtual proof of privacy (VPP)) and visually secure data transfer promptly (<1000 ms), as well as the physical distance of the smart glasses (∼50 cm).

Cryptography doi: 10.3390/cryptography9020028

Authors: Iuon-Chang Lin Ko-Yu Lin Nan-I Wu Min-Shiang Hwang

The development of Smart Grids (SGs) is a current trend and an indispensable essential living requirement. Due to economic development and improved quality of life, electricity demand has rapidly increased. However, the power grids in major cities have become outdated, leading to uneven power distribution and frequent power outages. SGs can adjust distribution strategies based on consumers’ real-time electricity demands, which requires continuous transmission of consumer electricity data within the grid. If the privacy and security of these data cannot be ensured, consumers’ habits will be exposed, and unnecessary waste may occur. In this article, we propose a key distribution process based on QKD, enabling entities within the SG to encrypt and authenticate each other’s data, ensuring the security and privacy of communication channels and transmitted data.

Cryptography doi: 10.3390/cryptography9020027

Authors: Alex Shafarenko

We present a new construction of a one-time pad (OTP) with inherent diffusive properties and a redundancy injection mechanism that benefits from them. The construction is based on interpreting the plaintext and key as members of a permutation group in the Lehmer code representation after conversion to factoradic. The so-constructed OTP translates any perturbation of the ciphertext to an unpredictable, metrically large random perturbation of the plaintext. This allows us to provide unconditional integrity assurance without extra key material. The redundancy is injected using Foata’s “pun”: the reading of the one-line representation as the cyclic one; we call this Pseudo Foata Injection. We obtain algorithms of quadratic complexity that implement both mechanisms.

Cryptography doi: 10.3390/cryptography9020026

Authors: Mykhailo Kasianchuk Ruslan Shevchuk Bogdan Adamyk Vladlena Benson Inna Shylinska Mykhailo Holembiovskyi

This paper presents a new encryption technique, which combines affine ciphers and the residue number system. This makes it possible to eliminate the shortcomings and vulnerabilities of affine ciphers, which are sensitive to cryptanalysis, using the advantages of the residue number system, i.e., the parallelization of calculation processes, performing operations on low bit numbers, and the linear combination of encrypted residues. A mathematical apparatus and a graphic scheme of affine encryption using the residue number system is developed, and a corresponding example is given. Special cases of affine ciphers such as shift and linear ciphers are considered. The cryptographic strength of the proposed cryptosystem when the moduli are prime numbers is estimated, and an example of its estimation is given. The number of bits and the number of moduli of the residue number system, which ensure the same cryptographic strength as the longest key of the AES algorithm, are determined.

Cryptography doi: 10.3390/cryptography9020025

Authors: Ottó Hanyecz András Bodor Peter Adam Mátyás Koniorczyk

We present a detailed analysis of the effect of quantum loss and decoherence in the Bell-CHSH scenario. Adopting a device-independent approach, we study the change in the bipartite conditional probability distribution, i.e., the behavior of the realized nonlocal box pair when the elements of the entangled qubit pair subjected to independent noisy quantum channels modeled by completely positive maps. As the verification of Bell inequalities is crucial in device-independent quantum cryptography, our considerations are instructive from the perspective of quantum realizations of nonlocal box pairs. We find that the impact of quantum channels cannot be described by an equivalent classical noise channel.

Cryptography doi: 10.3390/cryptography9020024

Authors: Manar Alnasser Shancang Li

Healthcare data is often fragmented across different institutions (hospitals, clinics, research centers), creating data silos. Privacy-enhancing technologies (PETs) play a fundamental role in collaborative healthcare analysis, enabling healthcare providers to improve care while protecting patient privacy. By providing a compliant framework for data sharing and research, PETs facilitate collaboration while adhering to stringent regulations like HIPAA and GDPR. This work conducts a comprehensive survey to investigate PETs in healthcare industry. It investigates the privacy requirements and challenges specific to healthcare, and the key enabling PETs are explored. A review of recent research trends that identify challenges, and AI related concerns is presented.

Cryptography doi: 10.3390/cryptography9020023

Authors: Xiansong Qian Lifei Wei Jinjiao Zhang Lei Zhang

Threshold Multi-Party Private Set Intersection (TMP-PSI) is a cryptographic protocol that enables an element from the receiver’s set to be included in the intersection result if it appears in the sets of at least t−1 other participants, where t represents the threshold. This protocol is crucial for a variety of applications, such as anonymous electronic voting, online ride-sharing, and close-contact tracing programs. However, most existing TMP-PSI schemes are designed based on threshold homomorphic encryption, which faces significant challenges, including low computational efficiency and a high number of communication rounds. To overcome these limitations, this study introduces the Threshold Oblivious Pseudo-Random Function (tOPRF) to fulfill the requirements of threshold encryption and decryption. Additionally, we extend the concept of the Oblivious Programmable Pseudo-Random Function (OPPRF) to develop a novel cryptographic primitive termed the Partially OPPRF (P-OPPRF). This new primitive retains the critical properties of obliviousness and randomness, along with the security assurances inherited from the OPPRF, while also offering strong resistance against malicious adversaries. Leveraging this primitive, we propose the first malicious-secure TMP-PSI protocol, named QMP-PSI, specifically designed for applications like anonymous electronic voting systems. The protocol effectively counters collusion attacks among multiple parties, ensuring robust security in multi-party environments. To further enhance voting efficiency, this work presents a cloud-assisted QMP-PSI to outsource the computationally intensive phases. This ensures that the computational overhead for participants is solely dependent on the set size and statistical security parameters, thereby maintaining security while significantly reducing the computational burden on voting participants. Finally, this work validates the protocol’s performance through extensive experiments under various set sizes, participant numbers, and threshold values. The results demonstrate that the protocol surpasses existing schemes, achieving state-of-the-art (SOTA) performance in communication overhead. Notably, in small-scale voting scenarios, it exhibits exceptional performance, particularly when the threshold is small or close to the number of participants.

Cryptography doi: 10.3390/cryptography9020022

Authors: Dahhak Hajar Nadia Afifi Imane Hilal

Scalability and security restrictions are posing new challenges for blockchain networks, especially in the face of Distributed Denial-of-Service (DDoS) attacks and upcoming quantum threats. Previous research also found that post-quantum blockchains, despite their improved cryptographic algorithms, are still vulnerable to DDoS attacks, emphasizing the need for more resilient architectural solutions. This research studies the use of dynamic sharding, an innovative approach for post-quantum blockchains that allows for adaptive division of the network into shards based on workload and network conditions. Unlike static sharding, dynamic sharding optimizes resource allocation in real time, increasing transaction throughput and minimizing DDoS-induced disruptions. We provide a detailed study using Monte Carlo simulations to examine transaction success rates, resource consumption, and fault tolerance for both dynamic sharding-based and non-sharded post-quantum blockchains under simulated DDoS attack scenarios. The findings show that dynamic sharding leads to higher transaction success rates and more efficient resource use than non-sharded infrastructures, even in high-intensity attack scenarios. Furthermore, the combination of dynamic sharding and the Falcon post-quantum signature technique creates a layered strategy that combines cryptographic robustness, scalability, and resilience. This paper provides light on the potential of adaptive blockchain designs to address major scalability and security issues, opening the path for quantum-resilient systems.

Cryptography doi: 10.3390/cryptography9020021

Authors: Phuc-Phan Duong Tuan-Kiet Dang Trong-Thuc Hoang Cong-Kha Pham

Substitution boxes (S-Boxes) function as essential nonlinear elements in contemporary cryptographic systems, offering robust protection against cryptanalytic attacks. This study presents a novel technique for generating compact 8-bit S-Boxes based on multiplication in the Galois Field GF(24). The goal of this method is to create S-Boxes with low hardware implementation cost while ensuring cryptographic properties. Experimental results indicate that the suggested S-Boxes achieve a nonlinearity value of 112, matching the AES S-Box. They also maintain other cryptographic properties, such as the Bit Independence Criterion (BIC), the Strict Avalanche Criterion (SAC), Differential Approximation Probability, and Linear Approximation Probability, within acceptable security thresholds. Notably, compared to existing studies, the proposed S-Box architecture demonstrates enhanced hardware efficiency, significantly reducing resource utilization in implementations. Specifically, the implementation cost of the S-Box consists of 31 XOR gates, 32 two-input AND gates, 6 two-input OR gates, and 2 MUX21s. Moreover, this work provides a thorough assessment of the S-Box, covering cryptographic properties, side channel attacks, and implementation aspects. Furthermore, the study estimates the quantum resource requirements for implementing the S-Box, including an analysis of CNOT, Toffoli, and NOT gate counts.

Cryptography doi: 10.3390/cryptography9010020

Authors: Rares Ifrim Decebal Popescu

Popular technologies such as blockchain and zero-knowledge proof, which have already entered the enterprise space, heavily use cryptography as the core of their protocol stack. One of the most used systems in this regard is Elliptic Curve Cryptography, precisely the point multiplication operation, which provides the security assumption for all applications that use this system. As this operation is computationally intensive, one solution is to offload it to specialized accelerators to provide better throughput and increased efficiency. In this paper, we explore the use of Field Programmable Gate Arrays (FPGAs) and the High-Level Synthesis framework of AMD Vitis in designing an elliptic curve point arithmetic unit (point adder) for the secp256k1 curve. We show how task-level parallel programming and data streaming are used in designing a RISC processor-like architecture to provide pipeline parallelism and increase the throughput of the point adder unit. We also show how to efficiently use the proposed processor architecture by designing a point multiplication scheduler capable of scheduling multiple batches of elliptic curve points to utilize the point adder unit efficiently. Finally, we evaluate our design on an AMD-Xilinx Alveo-family FPGA and show that our point arithmetic processor has better throughput and frequency than related work.

Cryptography doi: 10.3390/cryptography9010019

Authors: Costin Ghiban Marios Omar Choudary

CRYSTALS-Kyber has been standardized as a general public-key post-quantum algorithm under the name of ML-KEM after NIST released its first three final post-quantum standards in August 2024. The resilience of post-quantum cryptography to side-channel attacks has been an important research endeavor, and there have been many attacks designed, including basic Correlation Power Analysis. This paper adapts existing Correlation Power Analysis attacks to the most recent ARM Cortex M4 optimized implementation that uses Plantard arithmetic. It also demonstrates an improved version of a CPA that results in a 50% speedup compared to the original attack. Data are gathered and the mathematical model is tested using a ChipWhisperer-Lite board.

Cryptography doi: 10.3390/cryptography9010018

Authors: Xinyue Zhang Daoguang Mu Wenzheng Zhang Xinfeng Dong

Authenticated encryption with associated data (AEAD) schemes based on stream ciphers, such as ASCON and MORUS, typically use nonlinear feedback shift registers (NFSRs) and linear feedback shift registers (LFSRs) to generate variable-length key streams. While these methods ensure message confidentiality and authenticity, they present challenges in security analysis, especially when automated evaluation is involved. In this paper, we present MLOL, a novel AEAD algorithm based on the LOL framework. MLOL combines authenticated encryption with optimizations to the LFSR structure to enhance both security and efficiency. The cost evaluation demonstrates that on specialized CPU platforms without SIMD instruction set support, MLOL achieves better performance in authenticated encryption speed compared to LOL-MINI with GHASH. Our security analysis confirms that MLOL provides 256-bit security against current cryptanalytic techniques. Experimental results demonstrate that MLOL not only inherits the excellent performance of LOL but also reduces the time complexity of the authenticated encryption process, providing more reliable security guarantees. It significantly simplifies security evaluation, making it suitable for automated analysis tools, and offers a feasible new approach for AEAD algorithm design.

Cryptography doi: 10.3390/cryptography9010017

Authors: Hamed Taherdoost Tuan-Vinh Le Khadija Slimani

With the rise in applications of artificial intelligence (AI) across various sectors, security concerns have become paramount. Traditional AI systems often lack robust security measures, making them vulnerable to adversarial attacks, data breaches, and privacy violations. Cryptography has emerged as a crucial component in enhancing AI security by ensuring data confidentiality, authentication, and integrity. This paper presents a comprehensive bibliometric review to understand the intersection between cryptography, AI, and security. A total of 495 journal articles and reviews were identified using Scopus as the primary database. The results indicate a sharp increase in research interest between 2020 and January 2025, with a significant rise in publications in 2023 and 2024. The key application areas include computer science, engineering, and materials science. Key cryptographic techniques such as homomorphic encryption, secure multiparty computation, and quantum cryptography have gained prominence in AI security. Blockchain has also emerged as an essential technology for securing AI-driven applications, particularly in data integrity and secure transactions. This paper highlights the crucial role of cryptography in safeguarding AI systems and provides future research directions to strengthen AI security through advanced cryptographic solutions.

Cryptography doi: 10.3390/cryptography9010016

Authors: Vasiliki Liagkou Panagiotis E. Nastou Paul Spirakis Yannis C. Stamatiou

The formal study of computer malware was initiated in the seminal work of Fred Cohen in the mid-80s, who applied elements of Computation Theory in the investigation of the theoretical limits of using the Turing Machine formal model of computation in detecting viruses. Cohen gave a simple but realistic formal definition of the characteristic actions of a computer virus as a Turing Machine that replicates itself and proved that detecting this behaviour, in general, is an undecidable problem. In this paper, we complement Cohen’s approach by providing a simple generalization of his definition of a computer virus so as to model any type of malware behaviour and showing that the malware/non-malware classification problem is, again, undecidable. Most importantly, beyond Cohen’s work, our work provides a generic theoretical framework for studying anti-malware applications and identifying, at an early stage, before their deployment, several of their inherent vulnerabilities which may lead to the construction of zero-day exploits and malware strains with stealth properties. To this end, we show that for any given formal system, which can be seen as an anti-malware formal model, there are infinitely many, effectively constructible programs for which no proof can be produced by the formal system that they are either malware or non-malware programs. Moreover, infinitely many of these programs are, indeed, malware programs which evade the detection powers of the given formal system.

Cryptography doi: 10.3390/cryptography9010015

Authors: Qinming Zhou Haozhi Xie Tao Su

Field-programmable gate arrays (FPGAs) are widely used in cloud servers as an acceleration solution for compute-intensive tasks. Cloud FPGAs are typically multi-tenant, enabling resource sharing among multiple users but are vulnerable to power side-channel analysis (SCA) attacks due to their programmability and runtime dynamic reconfigurability. It is well-known that the clock frequencies of the circuits on multi-tenant FPGAs affect power consumption, but their impact on remote correlation power analysis (CPA) attacks has largely been ignored in the literature. This work systematically evaluates how clock frequency variations influence the effectiveness of remote CPA attacks on multi-tenant FPGAs. We develop a theoretical model to quantify this impact and validate our findings through the CPA attacks on processors running AES-128 and SM4 cryptographic algorithms. Our results demonstrate that the runtime clock frequency significantly affects the performance of remote CPA attacks. Our work provides valuable insights into the security implications of frequency scaling in multi-tenant FPGAs and offers guidance on selecting clock frequencies to mitigate power side-channel risks.

Cryptography doi: 10.3390/cryptography9010014

Authors: Kung-Wei Hu Huan-Chih Wang Wun-Ting Lin Ja-Ling Wu

This paper explores advancements in the Gentry-Sahai-Waters (GSW) fully homomorphic encryption scheme (FHE), addressing challenges related to message data range limitations and ciphertext size constraints. We leverage the well-known parallelizing technology—the Chinese Remainder Theorem (CRT)—to tackle the message decomposition, significantly expanding the allowable input message range to the entire plaintext space. This approach enables unrestricted message selection in the GSW scheme and supports parallel homomorphic operations without intermediate decryption. Additionally, we adapt existing ciphertext compression techniques, such as the PVW-like scheme, to reduce the memory overhead associated with ciphertexts. Our experimental results demonstrate the effectiveness of combining the proposed CRT-based decomposition with the PVW-like compression in increasing the upper bound of message values and improving the scheme’s capacity for consecutive homomorphic operations. However, compression introduces a trade-off, necessitating a reduced message range due to error accumulation in successive HE operations. This research contributes to enhancing the practicality and efficiency of the GSW encryption scheme for complex computational scenarios while managing the balance between expanded message range, computational complexity, and storage requirements.

Cryptography doi: 10.3390/cryptography9010013

Authors: Ming Luo Mingsheng Wang

Private information retrieval (PIR) enables a client to retrieve a specific element from a server’s database without disclosing the index that was queried. This work introduces three improvements to the efficient single-server PIR protocol Spiral. We found that performing a modulus switching towards expanded ciphertexts can improve the server throughput. Secondly, we apply two techniques called the composite NTT algorithm and approximate decomposition to Spiral to further improve it. We conduct comprehensive experiments to evaluate the concrete performance of our protocol, and the results confirm an approximately 1.7 times faster overall throughput than Spiral.

Cryptography doi: 10.3390/cryptography9010012

Authors: Mojtaba Fadavi Sabyasachi Karati Aylar Erfanian Reihaneh Safavi-Naini

A group signature scheme allows a user to sign a message anonymously on behalf of a group and provides accountability by using an opening authority who can “open” a signature and reveal the signer’s identity. Group signature schemes have been widely used in privacy-preserving applications, including anonymous attestation and anonymous authentication. Fully dynamic group signature schemes allow new members to join the group and existing members to be revoked if needed. Symmetric-key based group signature schemes are post-quantum group signatures whose security rely on the security of symmetric-key primitives, and cryptographic hash functions. In this paper, we design a symmetric-key based fully dynamic group signature scheme, called DGMT, that redesigns DGM (Buser et al. ESORICS 2019) and removes its two important shortcomings that limit its application in practice: (i) interaction with the group manager for signature verification, and (ii) the need for storing and managing an unacceptably large amount of data by the group manager. We prove security of DGMT (unforgeability, anonymity, and traceability) and give a full implementation of the system. Compared to all known post-quantum group signature schemes with the same security level, DGMT has the shortest signature size. We also analyze DGM signature revocation approach and show that despite its conceptual novelty, it has significant hidden costs that makes it much more costly than using the traditional revocation list approach.