Search Results (474)

Lattice-based post-quantum cryptography relies on fast polynomial multiplication. The Number-Theoretic Transform (NTT) is the key operation that enables this acceleration. To provide high throughput and low latency while keeping the area overhead small, hardware implementations of the NTT is essential. This is particularly true for resource-constrained devices. However, existing NTT accelerators either achieve high throughput at the cost of large area overhead or provide compact designs with limited pipelining and low operating frequency. Therefore, this article presents a compact, seven-stage pipelined NTT accelerator architecture for post-quantum cryptography, using the CRYSTALS–Kyber algorithm as a case study. The CRYSTALS–Kyber algorithm is selected due to its NIST standardization, strong security guarantees, and suitability for hardware acceleration. Specifically, a unified three-stage pipelined butterfly unit is designed using a single DSP48E1 block for the required integer multiplication. In contrast, the modular reduction stage is implemented using a four-stage pipelined, lookup-table (LUT)-only Barrett reduction unit. The term “LUT-only” refers strictly to the reduction logic and not to the butterfly multiplication. Furthermore, two dual-port BRAM18 blocks are used in a ping-pong manner to hold intermediate and final coefficients. In addition, a simple finite-state machine controller is implemented, which manages all forward NTT (FNTT) and inverse NTT (INTT) stages. For validation, the proposed design is realized on a Xilinx Artix-7 FPGA. It uses only 503 LUTs, 545 flip-flops, 1 DSP48E1 block, and 2 BRAM18 blocks. The complete FNTT and INTT with final rescaling require 1029 and 1285 clock cycles, respectively. At 200 MHz, these correspond to execution times of 5.14 µs for the FNTT and 6.42 µs for the INTT. Full article

As a core support for the integration of new energy and smart grids, Vehicle-to-Grid (V2G) networks face a core contradiction between user privacy protection and transaction security traceability—a dilemma that is further exacerbated by issues such as the quantum computing vulnerability of traditional cryptography, cumbersome key management in stateful ring signatures, and conflicts between revocation mechanisms and privacy protection. To address these problems, this paper proposes a post-quantum revocable linkable ring signature scheme based on SPHINCS+, with the following core innovations: First, the scheme seamlessly integrates the pure hash-based architecture of SPHINCS+ with a stateless design, incorporating WOTS+, FORS, and XMSS technologies, which inherently resists quantum attacks and eliminates the need to track signature states, thus completely resolving the state management dilemma of traditional stateful schemes; second, the scheme introduces an innovative “real signature + pseudo-signature polynomially indistinguishable” mechanism, and by calibrating the authentication path structure and hash distribution of pseudo-signatures (satisfying the Kolmogorov–Smirnov test with $D\le 0.05$), it ensures signer anonymity and mitigates the potential risk of distinguishable pseudo-signatures; third, the scheme designs a KEK (Key Encryption Key)-sharded collaborative revocation mechanism, encrypting and storing the $(I,pk,RID)$ mapping table in fragmented form, with KEK split into $KE{K}_1$ (held by the Trusted Authority, TA) and $KE{K}_2$ (held by the regulatory node), with collaborative decryption by both parties required to locate malicious users, thereby resolving the core conflict of privacy leakage in traditional revocation mechanisms; fourth, the scheme generates forward-secure linkable tags based on one-way private key updates and one-time random factors, ensuring that past transactions cannot be traced even if the current private key is compromised; and fifth, the scheme adopts hash commitments instead of complex cryptographic commitments, simplifying computations while efficiently binding transaction amounts to signers—an approach consistent with the pure hash-based design philosophy of SPHINCS+. Security analysis demonstrates that the scheme satisfies the following six core properties: post-quantum security, unforgeability, anonymity, linkability, unframeability, and forward secrecy, thereby providing technical support for secure and anonymous payments in V2G networks in the quantum era. Full article

Linkable ring signatures are a type of ring signature scheme that can protect the anonymity of signers while allowing the public to verify whether the same signer has signed the same message multiple times. This functionality makes linkable ring signatures suitable for applications such as cryptocurrencies and anonymous voting systems, achieving the dual goals of identity privacy protection and misuse prevention. However, existing post-quantum linkable ring signature schemes often suffer from issues such as excessive linear data growth the adoption of post-quantum signature algorithms, and high circuit complexity resulting from the use of post-quantum zero-knowledge proof protocols. To address these issues, a logarithmic-size post-quantum linkable ring signature scheme based on aggregation operations is proposed. The scheme constructs a Merkle tree from ring members’ public keys via a hash algorithm to achieve logarithmic-scale signing and verification operations. Moreover, it introduces, for the first time, a post-quantum aggregate signature scheme to replace post-quantum zero-knowledge proof protocols, thereby effectively avoiding the construction of complex circuits. Scheme analysis confirms that the proposed scheme meets the correctness requirements of linkable ring signatures. In terms of security, the scheme satisfies the anonymity, unforgeability, and linkability requirements of linkable ring signatures. Moreover, the aggregation process does not leak information about the signing members, ensuring strong privacy protection. Experimental results demonstrate that, when the ring size scales to 1024 members, our scheme outperforms the existing Dilithium-based logarithmic post-quantum ring signature scheme, with nearly 98.25% lower signing time, 98.90% lower verification time, and 99.81% smaller signature size. Full article

The imminent threat of large-scale quantum computers to modern public-key cryptographic devices has led to extensive research into post-quantum cryptography (PQC). Lattice-based schemes have proven to be the top candidate among existing PQC schemes due to their strong security guarantees, versatility, and relatively efficient operations. However, the computational cost of lattice-based algorithms—including various arithmetic operations such as Number Theoretic Transform (NTT), polynomial multiplication, and sampling—poses considerable performance challenges in practice. This survey offers a comprehensive review of hardware acceleration for lattice-based cryptographic schemes—specifically both the architectural and implementation details of the standardized algorithms in the category CRYSTALS-Kyber, CRYSTALS-Dilithium, and FALCON (Fast Fourier Lattice-Based Compact Signatures over NTRU). It examines optimization measures at various levels, such as algorithmic optimization, arithmetic unit design, memory hierarchy management, and system integration. The paper compares the various performance measures (throughput, latency, area, and power) of Field-Programmable Gate Array (FPGA) and Application-Specific Integrated Circuit (ASIC) implementations. We also address major issues related to implementation, side-channel resistance, resource constraints within IoT (Internet of Things) devices, and the trade-offs between performance and security. Finally, we point out new research opportunities and existing challenges, with implications for hardware accelerator design in the post-quantum cryptographic environment. Full article

Quantum Key Distribution (QKD) is a process to establish a symmetric key between two parties using the principles of quantum mechanics. Currently, commercial QKD systems are still expensive, they require specific infrastructure, and they are impractical for deployment in portable or resource-constrained devices. In this article, we introduce the Butterfly Protocol (and its extended version) that enables QKD to be offered as a service to non-QKD-capable (portable or IoT) devices. Our key contributions include (1) resilience to the compromise of any single classical link, (2) protection against malicious QKD users, (3) implicit mutual authentication between users without relying on large post-quantum certificates, and (4) the Double Butterfly extension, which secures communication even when the underlying QKD network cannot be fully trusted. We also demonstrate how to integrate the Butterfly Protocol into TLS 1.3 and provide its initial security analysis. We present preliminary performance results and discuss the main bottlenecks in the Butterfly Protocol implementation. We believe that our solution represents a practical step toward integrating QKD into classical networks and extending its use to portable devices. Full article

Unmanned Aerial Vehicles (UAVs) are increasingly used in civilian and military applications, making their communication and control systems targets for cyber attacks. The emerging threat of quantum computing amplifies these risks. Quantum computers could break the classical cryptographic schemes used in current UAV networks. This situation underscores the need for quantum-resilient, privacy-preserving security frameworks. This paper proposes a quantum-resilient federated learning framework for multi-layer cyber anomaly detection in UAV systems. The framework combines a hybrid deep learning architecture. A Variational Autoencoder (VAE) performs unsupervised anomaly detection. A neural network classifier enables multi-class attack categorization. To protect sensitive UAV data, model training is conducted using federated learning with differential privacy. Robustness against malicious participants is ensured through Byzantine-robust aggregation. Additionally, CRYSTALS-Dilithium post-quantum digital signatures are employed to authenticate model updates and provide long-term cryptographic security. Researchers evaluated the proposed framework on a real UAV attack dataset containing GPS spoofing, GPS jamming, denial-of-service, and simulated attack scenarios. Experimental results show the system achieves 98.67% detection accuracy with only 6.8% computational overhead compared to classical cryptographic approaches, while maintaining high robustness under Byzantine attacks. The main contributions of this study are: (1) a hybrid VAE–classifier architecture enabling both zero-day anomaly detection and precise attack classification, (2) the integration of Byzantine-robust and privacy-preserving federated learning for UAV security, and (3) a practical post-quantum security design validated on real UAV communication data. Full article

Secure and auditable data sharing in large-scale Internet of Things (IoT) environments remains a significant challenge due to weak trust coordination, limited scalability, and susceptibility to emerging quantum attacks. This study introduces a hybrid blockchain-based framework that integrates post-quantum cryptography with intelligent anomaly detection to ensure end-to-end data integrity and resilience. The proposed system utilizes Hyperledger Fabric for permissioned device lifecycle management and Ethereum for public auditability of encrypted telemetry, thereby providing both private control and transparent verification. Device identities are established using quantum-entropy-seeded credentials and safeguarded with lattice-based encryption to withstand quantum adversaries. A convolutional long short-term memory (CNN–LSTM) model continuously monitors device behavior, facilitating real-time trust scoring and autonomous revocation via smart contract triggers. Experimental results demonstrate 97.4% anomaly detection accuracy and a 0.968 F1-score, supporting up to 1000 transactions per second with cross-chain latency below 6 s. These findings indicate that the proposed architecture delivers scalable, quantum-resilient, and computationally efficient data sharing suitable for mission-critical IoT deployments. Full article

IoT-based blockchain technology has improved the healthcare system to ensure the privacy and security of healthcare data. A Blockchain Bridge (BB) is a tool that enables multiple blockchain networks to communicate with each other. The existing approach combining the classical and quantum blockchain models failed to secure the data transmission during cross-chain communication. Thus, this study proposes a new BB verification for secure healthcare data transfer. Additionally, a brain tumor analysis framework is developed based on segmentation and neural networks. After the patient’s registration on the blockchain network, Brain Magnetic Resonance Imaging (MRI) data is encrypted using Hash-Keyed Quantum Cryptography and verified using a Peer-to-Peer Exchange model. The Brain MRI is preprocessed for brain tumor detection using the Fuzzy HaMan C-Means (FHMCM) segmentation technique. The features are extracted from the segmented image and classified using the LeCun Kaiming-based Convolutional ModSwish Neural Network (LCK-CMSNN) classifier. Subsequently, the brain tumor diagnosis report is securely transferred to the patient via a smart contract. The proposed model verified BB with a Verification Time (VT) of 12,541 ms, secured the input with a Security level (SL) of 98.23%, and classified the brain tumor with 99.15% accuracy, thus showing better performance than the existing models. Full article

This paper identifies theoretical vulnerabilities in quantum integrity verification by demonstrating that Bell inequality (BI) violations, central to the detection of quantum entanglement, can align with predictions from hidden variable theories (HVTs) under specific measurement configurations. By invoking a Heisenberg-inspired measurement resolution constraint and finite-resolution positive operator-valued measures (POVMs), we identify “convergence vicinities” where the statistical outputs of quantum and classical models become operationally indistinguishable. These results do not challenge Bell’s theorem itself; rather, they expose a vulnerability in quantum integrity frameworks that treat observed Bell violations as definitive, experiment-level evidence of nonclassical entanglement correlations. We support our theoretical analysis with simulations and experimental results from IBM quantum hardware. Our findings call for more robust quantum-verification frameworks, with direct implications for the security of quantum computing, quantum-network architectures, and device-independent cryptographic protocols (e.g., device-independent quantum key distribution (DIQKD)). Full article

Industrial Control Systems (ICS) are fundamental to the operation, monitoring, and automation of critical infrastructure in sectors such as energy, water utilities, manufacturing, transportation, and oil and gas. According to the Purdue Model, ICS encompasses tightly coupled OT and IT layers, becoming increasingly interconnected. Smart grids represent a critical class of ICS; thus, this survey examines encryption and relevant protocols in smart grid communications, with findings extendable to other ICS. Encryption techniques implemented at both the protocol and network layers are among the most effective cybersecurity strategies for protecting communications in increasingly interconnected ICS environments. This paper provides a comprehensive survey of encryption practices within the smart grid as the primary ICS application domain, focusing on protocol-level solutions (e.g., DNP3, IEC 60870-5-104, IEC 61850, ICCP/TASE.2, Modbus, OPC UA, and MQTT) and network-level mechanisms (e.g., VPNs, IPsec, and MACsec). We evaluate these technologies in terms of security, performance, and deployability in legacy and heterogeneous systems that include renewable energy resources. Key implementation challenges are explored, including real-time operational constraints, cryptographic key management, interoperability across platforms, and alignment with NERC CIP, IEC 62351, and IEC 62443. The survey highlights emerging trends such as lightweight Transport Layer Security (TLS) for constrained devices, post-quantum cryptography, and Zero Trust architectures. Our goal is to provide a practical resource for building resilient smart grid security frameworks, with takeaways that generalize to other ICS. Full article

Lattice-based cryptography stands as one of the most pivotal candidates in post-quantum cryptography. To configure the parameters of lattice-based cryptographic schemes, a thorough comprehension of their concrete security is indispensable. Lattice sieving algorithms represent among the most critical tools for conducting concrete security analysis. Currently, the state-of-the-art BDGL-sieve (SODA 2016) achieves a time complexity of $2^{0.292n+o\left(n\right)}$, and Kirshanova and Laarhoven (CRYPTO 2021) have proven that the BDGL-sieve attains the lower bound under the technical paradigm of the Nearest Neighbor Search (NNS) problem. A natural question emerges: whether overlattice-based sieving algorithms (ANTS 2014) can outperform the BDGL-sieve within an alternative technical framework. This work provides an almost negative response to this question. Specifically, we propose a generalized overlattice tower model, which facilitates the proof of the lower bound for the overlattice-based method. Our findings indicate that the original Overlattice-sieve has already reached this lower bound. Consequently, the BDGL-sieve will maintain its status as the sieving algorithm with optimal time complexity, unless a revolutionary technical optimization is developed in the future. Full article

This study presents a novel framework for digital copyright management that integrates AI-enhanced perceptual hashing, blockchain technology, and digital watermarking to address critical challenges in content protection and verification. Traditional watermarking approaches typically employ content-independent metadata and rely on centralized authorities, introducing risks of tampering and operational inefficiencies. The proposed system utilizes a pre-trained convolutional neural network (CNN) to generate a robust, content-based perceptual hash value, which serves as an unforgeable watermark intrinsically linked to the image content. This hash is embedded as a QR code in the frequency domain and registered on a blockchain, ensuring tamper-proof timestamping and comprehensive traceability. The blockchain infrastructure further enables verification of multiple watermark sequences, thereby clarifying authorship attribution and modification history. Experimental results demonstrate high robustness against common image modifications, strong discriminative capabilities, and effective watermark recovery, supported by decentralized storage via the InterPlanetary File System (IPFS). The framework provides a transparent, secure, and efficient solution for digital rights management, with potential future enhancements including post-quantum cryptography integration. Full article

Post-quantum cryptography (PQC) is rapidly being standardized, with key primitives such as Key Encapsulation Mechanisms (KEMs) and Digital Signature Algorithms (DSAs) moving into practical applications. While initial research focused on pure software and hardware implementations, the focus is shifting toward flexible, high-efficiency solutions suitable for widespread deployment. A system-on-chip is a viable option with the ability to coordinate between hardware and software flexibly. However, the main drawback of this system is the latency in exchanging data during computation. Currently, most SoCs are implemented on FPGAs, and there is a lack of SoCs realized on ASICs. This paper introduces a complete RISC-V SoC design in an ASIC for Module Lattice-based KEM. Our system features a RISC-V processor tightly integrated with a high-efficiency Number Theoretic Transform (NTT) accelerator. This accelerator leverages custom instructions to accelerate cryptographic operations. Our research has achieved the following results: (1) The accelerator provides a speedup of up to 14.51× for NTT and 16.75× for inverse NTT operations compared to other RISC-V platforms; (2) This leads to end-to-end performance improvements for ML-KEM of up to 56.5% for security level I, 50.9% for level III, and 45.4% for level V; (3) The ASIC design is fabricated using a 180 nm CMOS process at a maximum operating frequency of 118 MHz with an area overhead of 8.7%. The chip achieved a minimum power consumption of 5.913 μW at 10 kHz and 0.9 V of supply voltage. Full article

The emergence of quantum computing threatens the security of classical cryptographic algorithms such as RSA and ECC. Post-quantum cryptography (PQC) offers mathematically secure alternatives, but migration is a complex, multi-year undertaking. Unlike past transitions (AES, SHA-2, TLS 1.3), PQC migration requires larger parameter sizes, hybrid cryptographic schemes, and unprecedented ecosystem coordination. This paper presents a structured expert synthesis of migration timelines, based on analysis of migration dependencies, historical precedents, and industry engagement. We analyze migration timelines for small, medium, and large enterprises, considering infrastructure upgrades, personnel availability, budget constraints, planning quality, and inter-enterprise synchronization. We argue that realistic timelines extend well beyond initial optimistic estimates: 5–7 years for small enterprises, 8–12 years for medium enterprises, and 12–15+ years for large enterprises under baseline assumptions. PQC migration is not a siloed technical upgrade but a global synchronization exercise, deeply intertwined with Zero Trust Architecture and long-term crypto-agility. These timelines are contextualized against expected arrival windows for fault-tolerant quantum computers (FTQC), projected between 2028 and 2033. We further analyze the “Store Now, Decrypt Later” threat model, crypto-agility frameworks, and provide comprehensive risk mitigation strategies for enterprises navigating this unprecedented cryptographic transition. Full article

The rapid expansion of digital payment channels has significantly widened the financial transaction attack surface, exposing ecosystems to sophisticated, polymorphic threat vectors. This study introduces an AI-powered cybersecurity mesh that unites Generative AI (GenAI), federated reinforcement learning, and zero-trust principles, with a forward-looking architecture designed for post-quantum readiness. The architecture ingests high-velocity telemetry, coordinates self-evolving agent collectives, and anchors model provenance in a permissioned blockchain to guarantee verifiability and non-repudiation. Empirical evaluations across two production-scale environments—a mobile wallet processing two million transactions per day and a high-throughput cross-border remittance rail—demonstrate a 95.1% threat-detection rate, a 62% reduction in false positives, and a 35.7% latency decrease compared to baseline systems. These results affirm the feasibility of a generative cybersecurity mesh as a scalable, future-proofed blueprint for next-generation payment security. Full article