Search Results (32)

In user–server authentication environments, persistent server-side verification tables, such as password verifiers, shared authentication records, or per-user secret tables, may become a critical point of failure once leaked. To address this problem in the post-quantum setting, this paper proposes an ML-DSA-specific verification-table-free authenticated key agreement (AKA) scheme based on the NIST-standardized Module-Lattice-Based Digital Signature Algorithm (ML-DSA). The main contribution is a protocol-level use of the signer-recoverable masking vector in ML-DSA as an on-demand reconstruction mechanism for user-related authentication material. This enables the server to reconstruct the required user-related authentication material from its own signature and long-term secret key. This architecture reduces the exposure associated with centralized verification-table leakage, but it should be understood as a storage-relocation tradeoff rather than a storage-free design, because each user must retain the issued signature and the corresponding hash-derived authentication value. By combining the recovered value with identity information through a quantum-resistant one-way hash function, the server can authenticate the user and establish a session key. Its security is analyzed within a Canetti–Krawczyk-style adversarial model and further discussed in the random-oracle setting through a sequence-of-games argument. The analysis supports session-key indistinguishability under the stated freshness and exposure assumptions, while explicitly excluding full forward secrecy under compromise of the server’s long-term ML-DSA secret key. In addition, an operation-level comparison is provided to clarify computational, storage, and communication tradeoffs relative to representative post-quantum AKA schemes. Since the present work does not include implementation-level benchmarking, the performance discussion should be interpreted as analytical rather than empirical validation. The proposed scheme is therefore most suitable for account-login-oriented applications in which reducing centralized verification-table leakage is a primary design objective and where user-side credential storage can be securely managed. Full article

The rapid advancement of quantum computing poses a fundamental threat to classical public-key cryptographic systems, necessitating the transition to post-quantum cryptography (PQC). While significant progress has been made in the standardization of quantum-resistant algorithms, their practical deployment in heterogeneous environments—particularly resource-constrained Internet of Things (IoT) devices—remains a critical challenge. This study presents a comprehensive experimental evaluation of four NIST-standardized PQC algorithms: CRYSTALS-Kyber (ML-KEM), CRYSTALS-Dilithium (ML-DSA), FALCON, and SPHINCS+. The scope of these findings is bounded by an empirical analysis conducted across two specific testing platforms, a high-performance x86-64 workstation (AMD Ryzen 7 5700U) and a resource-constrained embedded microcontroller (ESP32-WROOM), utilizing dedicated software environments implemented in Native C, Go, and Python. The evaluation isolates key performance indicators, including computational latency, memory consumption, communication overhead, and temporal determinism, based on benchmarking over 1000 iterations. Within this experimental setup, results demonstrate clear trade-offs between target security categories, execution performance, and structural memory limits. Lattice-based schemes such as Kyber and Falcon exhibit optimal efficiency and scalability on the tested embedded platform, while the specific memory limits of the ESP32 platform introduce architectural stability constraints for higher-tier Dilithium variants. In contrast, SPHINCS+ provides structural robustness at the cost of higher computational hashing latency within these evaluation environments. The findings highlight the critical role of hardware-specific constraints and language runtime design choices in enabling practical PQC deployment, providing context-specific insights supporting the secure migration of IoT infrastructures toward quantum-resilient systems. Full article

The standardisation of post-quantum cryptography (PQC) by NIST marks a critical transition away from classical public-key schemes towards quantum-resistant successors. As machine learning (ML) applications proliferate, the demand for efficient cryptographic primitives intensifies, requiring implementations that are simultaneously quantum-safe and resource-aware. Recent surveys have investigated the interplay between ML and PQC, with particular focus on ML-assisted parameter optimisation, privacy-preserving ML leveraging lattice-based cryptography, and neural-network implementations of quantum-resistant algorithms. Building on these findings, we propose QSafe-ML, a comprehensive four-stage framework that integrates hardware profiling, surrogate modelling via ML, constrained multi-objective optimisation, and continuous security validation to facilitate the tuning of PQC parameters and implementations. The framework targets NIST-standardised lattice-based schemes CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and NTRU across three heterogeneous hardware platforms. Experimental evaluation with $n=30$ repeated trials demonstrates mean latency reductions of 27.5–41.9% (95% CI ±1.1–1.7 pp), memory savings of 13.3–30.2%, and energy savings of 22.8–38.2% over NIST reference baselines, with all configurations maintaining ≥128-bit post-quantum security. An ablation study confirms that surrogate-guided search accounts for the dominant share of these gains. All code, data, and benchmark instructions are released at a public repository (available upon acceptance of this manuscript) to promote reproducibility in evaluating ML-assisted cryptographic systems. Full article

The security of Module Learning With Errors (MLWE) relies on the assumption that the public matrix is sampled uniformly and forms a full-rank operator. In this work, we examine the structural consequences of relaxing this assumption by considering public matrices that demonstrate slot-wise rank deficiency under the Number Theoretic Transform (NTT). Focusing on the case where each NTT slot matrix has rank 1, we show that this leads to enlarged left nullspace, which allows the elimination of the secret component $s_1$, reducing the original relation to a linear system consisting only of $s_2$. Given partial knowledge of $s_2$, this projected system admits a unique solution once a sufficient number of independent constraints is available. After recovering $s_2$, the problem of determining $s_1$ reduces to solving a bounded linear system, which can be viewed as a structured instance of the Short Integer Solution (SIS) problem. These results provide a dimension-based characterization of solvability under slot-wise rank-deficient public matrices. Using ML-DSA as a concrete instantiation, we illustrate how such structural deviations affect the behavior of the system and discuss simple safeguards, such as rank verification during key generation, to mitigate these issues. Full article

Proxy signatures enable the secure delegation of signing authority, which is particularly useful in resource-constrained Internet of Things (IoT) environments. However, most existing schemes rely on classical hardness assumptions and therefore cannot resist quantum attacks. To address the challenge, we propose a post-quantum proxy signature scheme based on Dilithium for IoT scenarios. We first propose an asynchronous remote key generation (ARKG) scheme based on CRYSTALS-Kyber, enabling the delegator and proxy signer to generate proxy keys of Dilithium without real-time interaction. We further integrate ARKG with the Dilithium signature scheme to construct a proxy signature scheme called DPS while ensuring the unlinkability of proxy signatures. Additionally, our proposed DPS achieves post-quantum security and provides unforgeability, distinguishability, verifiability, and undeniability with formal proofs. Experimental performance evaluation shows that our scheme yields significant efficiency gains over existing quantum-safe proxy signature solutions, with 10× speedup for both the delegation and proxy signing phases, as well as a 2.4× improvement in the verification phase. Full article

With the advancement in quantum computing technology, the number theory-based hard problems underlying traditional searchable encryption algorithms are now vulnerable to efficient quantum attacks. To address this challenge, this paper proposes Dilithium-PAEKS (Dilithium-Public Authenticated Encryption with Keyword Search), a searchable encryption scheme based on the post-quantum cryptographic algorithm CRYSTALS-Dilithium. By transforming the verification relationship of digital signatures into a matching relationship between trapdoors and ciphertexts, the scheme not only meets the functional requirements of searchable encryption but also demonstrates quantum resistance. The implementation enhances algorithm efficiency through keyword-based signatures and dynamic matching testing mechanisms. The security of the scheme is defined by the MLWE and MSIS hard problems, with proofs of keyword ciphertext indistinguishability and trapdoor indistinguishability under the random oracle model. Additionally, the scheme provides strong resistance against both outside and insider keyword guessing attacks through sender–receiver binding mechanisms and trapdoor indistinguishability properties. Experimental results show that, compared to the post-quantum schemes CP-Absel and LB-FSSE, the proposed scheme demonstrates superior overall computational efficiency while maintaining stronger quantum resistance than the traditional scheme SM9-PAEKS. Full article

The advent of quantum computing poses significant challenges to traditional cryptographic systems, threatening the confidentiality, integrity and authenticity of digital communications. This paper investigates the integration of post-quantum cryptography (PQC) algorithms into mobile communication systems to address these challenges. The study focuses on evaluating key PQC algorithms shortlisted by the National Institute of Standards and Technology (NIST), including CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon and SPHINCS+, within the context of 5G and future mobile network architectures. The research encompasses the design and implementation of an experimental framework involving mobile devices, servers, and cloud-based infrastructure to simulate real-world communication scenarios. Performance metrics such as key generation time, signature generation, encryption and decryption speed, and resource consumption were analyzed across various devices to identify algorithms suitable for mobile environments. The findings reveal that lattice-based algorithms, such as Kyber and Dilithium, offer a promising balance between security and efficiency, making them ideal for resource-constrained devices. In contrast, hash-based algorithms like SPHINCS+ exhibit higher computational demands, limiting their practicality in certain applications. This work highlights the importance of algorithm selection and hardware optimization in ensuring secure and efficient communications in the quantum era. By integrating theoretical advancements in PQC with practical applications, this research lays the foundation for quantum-resistant security in mobile networks, ensuring secure and future-ready digital communications. Full article

In 1994, P. Shor discovered quantum algorithms that can break both the RSA cryptosystem and the ElGamal cryptosystem. In 2007, D-Wave demonstrated the first quantum computer. These events and further developments have brought a crisis to secret communication. In 2016, the National Institute of Standards and Technology (NIST) launched a global project to solicit and select a handful of encryption algorithms with the ability to resist quantum computer attacks. In 2022, it announced four candidates, CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and Sphincs+, for post-quantum cryptography standards. The first three are based on lattice theory and the last on a hash function. The security of lattice-based cryptosystems relies on the computational complexity of the shortest vector problem (SVP), the closest vector problem (CVP), and their generalizations. As we will explain, the SVP is a ball-packing problem, and the CVP is a ball-covering problem. Furthermore, both the SVP and CVP are equivalent to arithmetic problems for positive definite quadratic forms. This paper will briefly describe the mathematical problems on which lattice-based cryptography is built so that cryptographers can extend their views and learn something useful. Full article

Quantum computing threatens widely deployed public-key cryptosystems, accelerating the adoption of Post-Quantum Cryptography (PQC) in practical systems. Beyond asymptotic security, the feasibility of PQC deployments depends on measured performance on real hardware and on implementation-level overheads. This paper presents an experimental evaluation of five post-quantum digital signature schemes (CRYSTALS-Dilithium, HAWK, SQISign, SNOVA, and SPHINCS+) and three key encapsulation mechanisms (Kyber, HQC, and BIKE) selected to cover multiple PQC design families and parameterizations used in practice. We implement a TCP client–server testbed in Python that invokes C implementations for each primitive—via standalone executables and, where provided, in-process dynamic libraries—and benchmarks key generation, encapsulation/decapsulation, and signature generation/verification on two Windows 11 commodity processors: an AMD Ryzen 7 4000 (8 cores, 16 threads, 1.8 GHz) and an Intel Core i5-1035G1 (4 cores, 8 threads, 1.0 GHz). Each operation is repeated ten times under a low-interference setup, and results are aggregated as mean (with 95% confidence intervals) timings over repeated runs. Across the evaluated configurations, lattice-based schemes (Kyber, Dilithium, HAWK) show the lowest computational cost, while code-based KEMs (HQC, BIKE), isogeny-based (SQISign), and multivariate (SNOVA) signatures incur higher overhead. Hash-based SPHINCS+ exhibits larger artifacts and higher signing latency depending on the parameterization. The AMD platform consistently outperforms the Intel platform, illustrating the impact of CPU characteristics on observed PQC overheads. These results provide comparative evidence to support primitive selection and capacity planning for quantum-resistant deployments, while motivating future end-to-end validation in protocol and web service settings. Full article

The imminent threat of large-scale quantum computers to modern public-key cryptographic devices has led to extensive research into post-quantum cryptography (PQC). Lattice-based schemes have proven to be the top candidate among existing PQC schemes due to their strong security guarantees, versatility, and relatively efficient operations. However, the computational cost of lattice-based algorithms—including various arithmetic operations such as Number Theoretic Transform (NTT), polynomial multiplication, and sampling—poses considerable performance challenges in practice. This survey offers a comprehensive review of hardware acceleration for lattice-based cryptographic schemes—specifically both the architectural and implementation details of the standardized algorithms in the category CRYSTALS-Kyber, CRYSTALS-Dilithium, and FALCON (Fast Fourier Lattice-Based Compact Signatures over NTRU). It examines optimization measures at various levels, such as algorithmic optimization, arithmetic unit design, memory hierarchy management, and system integration. The paper compares the various performance measures (throughput, latency, area, and power) of Field-Programmable Gate Array (FPGA) and Application-Specific Integrated Circuit (ASIC) implementations. We also address major issues related to implementation, side-channel resistance, resource constraints within IoT (Internet of Things) devices, and the trade-offs between performance and security. Finally, we point out new research opportunities and existing challenges, with implications for hardware accelerator design in the post-quantum cryptographic environment. Full article

Unmanned Aerial Vehicles (UAVs) are increasingly used in civilian and military applications, making their communication and control systems targets for cyber attacks. The emerging threat of quantum computing amplifies these risks. Quantum computers could break the classical cryptographic schemes used in current UAV networks. This situation underscores the need for quantum-resilient, privacy-preserving security frameworks. This paper proposes a quantum-resilient federated learning framework for multi-layer cyber anomaly detection in UAV systems. The framework combines a hybrid deep learning architecture. A Variational Autoencoder (VAE) performs unsupervised anomaly detection. A neural network classifier enables multi-class attack categorization. To protect sensitive UAV data, model training is conducted using federated learning with differential privacy. Robustness against malicious participants is ensured through Byzantine-robust aggregation. Additionally, CRYSTALS-Dilithium post-quantum digital signatures are employed to authenticate model updates and provide long-term cryptographic security. Researchers evaluated the proposed framework on a real UAV attack dataset containing GPS spoofing, GPS jamming, denial-of-service, and simulated attack scenarios. Experimental results show the system achieves 98.67% detection accuracy with only 6.8% computational overhead compared to classical cryptographic approaches, while maintaining high robustness under Byzantine attacks. The main contributions of this study are: (1) a hybrid VAE–classifier architecture enabling both zero-day anomaly detection and precise attack classification, (2) the integration of Byzantine-robust and privacy-preserving federated learning for UAV security, and (3) a practical post-quantum security design validated on real UAV communication data. Full article

The advent of quantum computers poses a significant threat to the security of classical cryptographic systems. To address this concern, researchers have been actively investigating the development of post-quantum cryptography, which aims to provide encryption schemes that remain secure even in the face of powerful quantum adversaries. To address this serious problem, the National Institute of Standards and Technology (NIST), a body of the US government, has been working on the selection and standardization of cryptographic algorithms through competitive and rigorous evaluation on different fronts. NIST has selected different candidate algorithms to standardize public-key encryption, including key establishment algorithms and digital signature algorithms. This paper reviews some selected cryptosystems, mainly based on lattice- and code-based cryptosystems. These include digital signature algorithms, such as CRYSTALS-Dilithium, code-based cryptosystems, such as McEliece, and key encapsulation methods, specifically, Classic McEliece, BIKE and HQC. We will review these algorithms and discuss their security aspects and the current state-of-the-art in the development of these algorithms post NIST 3rd finalized selection. We will also touch briefly on the differences and practical applications of each of these schema. This review is intended for engineers and practitioners alike. Full article

With the rapid advancement of quantum computing technology, traditional encryption methods are encountering unprecedented challenges in the Internet of Things (IoT), blockchain systems, and digital learning (e-learning) platforms. Therefore, we systematically reviewed the applications and countermeasures of lightweight post-quantum cryptographic techniques, focusing on the requirements of resource-constrained IoT devices and decentralized systems. We compared the encryption methods based on ring learning with errors (Ring-LWE), Binary Ring-LWE, ring-ExpLWE, the collaborative critical generation framework Q-SECURE, and hardware accelerators for the CRYSTALS-dilithium digital signature scheme. According to the high security and efficiency demands for data transmission and user interaction in e-learning platforms, we developed lightweight encryption schemes. By reviewing existing research achievements, we analyzed the application challenges in IoT, blockchain, and e-learning scenarios and explored strategies for optimizing post-quantum encryption schemes for effective deployment. Full article

Randomness plays an important role in data communication as well as in cybersecurity. In the simulation of communication systems, randomized bit sequences are often used to model a digital source information stream. Cryptographic outputs should look more random than deterministic in order to provide an attacker with as little information as possible. Therefore, the investigation of randomness, especially in cybersecurity, has attracted a lot of attention and research activities. Common tests regarding randomness are hypothesis-based and focus on analyzing the distribution and independence of zero and non-zero elements in a given random sequence. In this work, a novel approach grounded in a gap-based burst analysis is presented and analyzed. Such approaches have been successfully implemented, e.g., in data communication systems and data networks. The focus of the current work is on detecting deviations from the ideal gap-density function describing randomized bit sequences. For testing and verification purposes, the well-researched post-quantum cryptographic CRYSTALS suite, including its Kyber and Dilithium schemes, is utilized. The proposed technique allows for quickly verifying the level of randomness in given cryptographic outputs. The results for different sequence-generation techniques are presented, thus validating the approach. The results show that key-encapsulation and key-exchange algorithms, such as CRYSTALS-Kyber, achieve a lower level of randomness compared to digital signature algorithms, such as CRYSTALS-Dilithium. Full article

The emergence of large-scale quantum computing presents an imminent threat to contemporary public-key cryptosystems, with quantum algorithms such as Shor’s algorithm capable of efficiently breaking RSA and elliptic curve cryptography (ECC). This vulnerability has catalyzed accelerated standardization efforts for post-quantum cryptography (PQC) by the U.S. National Institute of Standards and Technology (NIST) and global security stakeholders. While theoretical security analysis of these quantum-resistant algorithms has advanced considerably, comprehensive real-world performance benchmarks spanning diverse computing environments—from high-performance cloud infrastructure to severely resource-constrained IoT devices—remain insufficient for informed deployment planning. This paper presents the most extensive cross-platform empirical evaluation to date of NIST-selected PQC algorithms, including CRYSTALS-Kyber and NTRU for key encapsulation mechanisms (KEMs), alongside BIKE as a code-based alternative, and CRYSTALS-Dilithium and Falcon for digital signatures. Our systematic benchmarking framework measures computational latency, memory utilization, key sizes, and protocol overhead across multiple security levels (NIST Levels 1, 3, and 5) in three distinct hardware environments and various network conditions. Results demonstrate that contemporary server architectures can implement these algorithms with negligible performance impact (<5% additional latency), making immediate adoption feasible for cloud services. In contrast, resource-constrained devices experience more significant overhead, with computational demands varying by up to 12× between algorithms at equivalent security levels, highlighting the importance of algorithm selection for edge deployments. Beyond standalone algorithm performance, we analyze integration challenges within existing security protocols, revealing that naive implementation of PQC in TLS 1.3 can increase handshake size by up to 7× compared to classical approaches. To address this, we propose and evaluate three optimization strategies that reduce bandwidth requirements by 40–60% without compromising security guarantees. Our investigation further encompasses memory-constrained implementation techniques, side-channel resistance measures, and hybrid classical-quantum approaches for transitional deployments. Based on these comprehensive findings, we present a risk-based migration framework and algorithm selection guidelines tailored to specific use cases, including financial transactions, secure firmware updates, vehicle-to-infrastructure communications, and IoT fleet management. This practical roadmap enables organizations to strategically prioritize systems for quantum-resistant upgrades based on data sensitivity, resource constraints, and technical feasibility. Our results conclusively demonstrate that PQC is deployment-ready for most applications, provided that implementations are carefully optimized for the specific performance characteristics and security requirements of target environments. We also identify several remaining research challenges for the community, including further optimization for ultra-constrained devices, standardization of hybrid schemes, and hardware acceleration opportunities. Full article