Search Results (7)

With the advancement in quantum computing technology, the number theory-based hard problems underlying traditional searchable encryption algorithms are now vulnerable to efficient quantum attacks. To address this challenge, this paper proposes Dilithium-PAEKS (Dilithium-Public Authenticated Encryption with Keyword Search), a searchable encryption scheme based on the post-quantum cryptographic algorithm CRYSTALS-Dilithium. By transforming the verification relationship of digital signatures into a matching relationship between trapdoors and ciphertexts, the scheme not only meets the functional requirements of searchable encryption but also demonstrates quantum resistance. The implementation enhances algorithm efficiency through keyword-based signatures and dynamic matching testing mechanisms. The security of the scheme is defined by the MLWE and MSIS hard problems, with proofs of keyword ciphertext indistinguishability and trapdoor indistinguishability under the random oracle model. Additionally, the scheme provides strong resistance against both outside and insider keyword guessing attacks through sender–receiver binding mechanisms and trapdoor indistinguishability properties. Experimental results show that, compared to the post-quantum schemes CP-Absel and LB-FSSE, the proposed scheme demonstrates superior overall computational efficiency while maintaining stronger quantum resistance than the traditional scheme SM9-PAEKS. Full article

In Social Internet of Vehicles (SIoV) environments, fog computing plays a crucial role in supporting real-time services by reducing the latency inherent in cloud-based architectures. However, fog nodes are typically deployed in physically exposed roadside environments and can be operated by several system operators, making them vulnerable to physical compromise and unauthorized access. Despite these threats, many existing authentication schemes assume fog nodes to be fully trusted or honest-but-curious, allowing them to decrypt transmitted data using a session key shared among vehicles, fog nodes, and cloud servers. To overcome these limitations, this paper proposes a quantum-secure pairwise key agreement scheme that establishes distinct session keys for vehicle–fog, fog–cloud, and vehicle–cloud communications. This design effectively prevents the disclosure of sensitive information even in the event of fog node compromise. Furthermore, Physical Unclonable Functions (PUFs) are employed to mitigate physical capture attacks, while lattice-based cryptography based on the Module Learning with Errors (MLWE) problem is integrated to ensure resistance against quantum computing attacks. The security of the proposed protocol is rigorously validated through formal analysis using AVISPA, BAN logic, and the Real-or-Random (RoR) model, in addition to informal security analysis. Comparative performance evaluations against related schemes demonstrate that the proposed approach achieves a balance between efficiency and security, making it well suited for practical deployment in SIoV environments. Full article

Following the completion of the NIST post-quantum cryptography standardization, Kyber has been adopted as a key encapsulation mechanism (KEM) for quantum-resistant communication. Although lattice-based KEMs provide strong security and efficiency, most existing designs restrict the cyclotomic ring dimension to powers of two, which limits parameter flexibility for heterogeneous and resource-constrained Internet of Things (IoT) devices. In this paper, we propose Fyber, a post-quantum KEM based on the Module Learning With Errors (M-LWE) problem over a module ring defined by the cyclotomic polynomial $f\left(x\right)=x^n-x^{n/2}+1$, where n is a product of powers of 2 and 3. This construction enables mixed-radix parameter selection and allows finer-grained trade-offs between security and efficiency. To further improve performance on constrained platforms, we introduce an efficient non-Gaussian sampling method. The proposed KEM supports flexible security-level stratification for IoT applications, achieving reduced public key and ciphertext sizes for selected parameter sets at the cost of moderately increased computational overhead compared to Kyber, and fills intermediate security gaps between existing standardized parameter sets. Full article

The integration of unmanned aerial vehicles (UAVs) into vehicular ad hoc networks (VANETs) has emerged as a promising solution to overcome the limited coverage of conventional roadside unit (RSU)-based infrastructures. However, UAVs operate in open environments and cannot be fully trusted, while the rapid advancement of quantum computing threatens the long-term security of classical public-key cryptographic systems. As a result, many existing UAV-based VANET authentication schemes face fundamental limitations in future deployments. Most existing schemes either lack post-quantum security or incur excessive computational and communication overhead, making them unsuitable for real-time and high-mobility vehicular environments. In addition, the common assumptions of trusted UAVs do not align with realistic threat models. To address these issues, this paper proposes a lightweight post-quantum authentication and key exchange protocol based on the module learning with errors (MLWE) problem and physically unclonable functions (PUFs). The proposed scheme treats UAVs as untrusted relay nodes and excludes them from session key generation. Its security is evaluated using informal analysis, the real-or-random (RoR) model, BAN logic, and AVISPA, while performance evaluation indicates improved efficiency compared to existing schemes. Full article

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often suffer from limited security and functionality, such as lack of verifiability, vulnerability to collusion, and insider keyword-guessing attacks (IKGA), or inefficiency in multi-authority and post-quantum settings, restricting their practical deployment in real-world distributed systems. In this paper, we propose a verifiable ciphertext-policy multi-authority ABKS (MA-CP-ABKS) scheme based on the Module Learning with Errors (MLWE) problem, which provides post-quantum security, verifiability, and resistance to both collusion and IKGA. Moreover, the proposed scheme supports multi-keyword searchability and forward security, enabling secure and efficient keyword search in dynamic environments. We formally prove the correctness, verifiability, completeness, and security of the scheme under the MLWE assumption against selective chosen-keyword attacks (SCKA) in the standard model and IKGA in the random oracle model. The scheme also maintains efficient computation and manageable communication overhead. Implementation results confirm its practical performance, demonstrating that the proposed MA-CP-ABKS scheme offers a secure, verifiable, and efficient solution for multi-organizational cloud environments. Full article

Key exchange mechanisms are foundational to secure communication, yet traditional methods face challenges from quantum computing. The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) is a post-quantum cryptographic key exchange protocol with unknown successful quantum vulnerabilities. This study evaluates the ML-KEM using experimental benchmarks. We implement the ML-KEM in Python for clarity and in C++ for performance, demonstrating the latter’s substantial performance improvements. The C++ implementation achieves microsecond-level execution times for key generation, encapsulation, and decapsulation. Python, while slower, provides a user-friendly introduction to the ML-KEM’s operation. Moreover, our Python benchmark confirmed that the ML-KEM consistently outperformed RSA in execution speed across all tested parameters. Beyond benchmarking, the ML-KEM is shown to handle the computational hardness of the Module Learning With Errors (MLWE) problem, ensuring resilience against quantum attacks, classical attacks, and Artificial Intelligence (AI)-based attacks, since the ML-KEM has no pattern that could be detected. To evaluate its practical feasibility on constrained devices, we also tested the C++ implementation on a Raspberry Pi 4B, representing IoT use cases. Additionally, we attempted to run integration and benchmark tests for the ML-KEM on microcontrollers such as the ESP32 DevKit, ESP32 Super Mini, ESP8266, and Raspberry Pi Pico, but these trials were unsuccessful due to memory constraints. The results showed that while the ML-KEM can operate effectively in such environments, only devices with sufficient resources and runtimes can support its computational demands. While resource-intensive, the ML-KEM offers scalable security across diverse domains such as IoT, cloud environments, and financial systems, making it a key solution for future cryptographic standards. Full article

The existing lattice-based cut-and-choose oblivious transfer protocol is constructed based on the learning-with-errors (LWE) problem, which generally has the problem of inefficiency. An efficient cut-and-choose oblivious transfer protocol is proposed based on the difficult module-learning-with-errors (MLWE) problem. Compression and decompression techniques are introduced in the LWE-based dual-mode encryption system to improve it to an MLWE-based dual-mode encryption framework, which is applied to the protocol as an intermediate scheme. Subsequently, the security and efficiency of the protocol are analysed, and the security of the protocol can be reduced to the shortest independent vector problem (SIVP) on the lattice, which is resistant to quantum attacks. Since the whole protocol relies on the polynomial ring of elements to perform operations, the efficiency of polynomial modulo multiplication can be improved by using fast Fourier transform (FFT). Finally, this paper compares the protocol with an LWE-based protocol in terms of computational and communication complexities. The analysis results show that the protocol reduces the computation and communication overheads by at least a factor of n while maintaining the optimal number of communication rounds under malicious adversary attacks. Full article