Search Results (41)

Linkable ring signatures are a type of ring signature scheme that can protect the anonymity of signers while allowing the public to verify whether the same signer has signed the same message multiple times. This functionality makes linkable ring signatures suitable for applications such as cryptocurrencies and anonymous voting systems, achieving the dual goals of identity privacy protection and misuse prevention. However, existing post-quantum linkable ring signature schemes often suffer from issues such as excessive linear data growth the adoption of post-quantum signature algorithms, and high circuit complexity resulting from the use of post-quantum zero-knowledge proof protocols. To address these issues, a logarithmic-size post-quantum linkable ring signature scheme based on aggregation operations is proposed. The scheme constructs a Merkle tree from ring members’ public keys via a hash algorithm to achieve logarithmic-scale signing and verification operations. Moreover, it introduces, for the first time, a post-quantum aggregate signature scheme to replace post-quantum zero-knowledge proof protocols, thereby effectively avoiding the construction of complex circuits. Scheme analysis confirms that the proposed scheme meets the correctness requirements of linkable ring signatures. In terms of security, the scheme satisfies the anonymity, unforgeability, and linkability requirements of linkable ring signatures. Moreover, the aggregation process does not leak information about the signing members, ensuring strong privacy protection. Experimental results demonstrate that, when the ring size scales to 1024 members, our scheme outperforms the existing Dilithium-based logarithmic post-quantum ring signature scheme, with nearly 98.25% lower signing time, 98.90% lower verification time, and 99.81% smaller signature size. Full article

The imminent threat of large-scale quantum computers to modern public-key cryptographic devices has led to extensive research into post-quantum cryptography (PQC). Lattice-based schemes have proven to be the top candidate among existing PQC schemes due to their strong security guarantees, versatility, and relatively efficient operations. However, the computational cost of lattice-based algorithms—including various arithmetic operations such as Number Theoretic Transform (NTT), polynomial multiplication, and sampling—poses considerable performance challenges in practice. This survey offers a comprehensive review of hardware acceleration for lattice-based cryptographic schemes—specifically both the architectural and implementation details of the standardized algorithms in the category CRYSTALS-Kyber, CRYSTALS-Dilithium, and FALCON (Fast Fourier Lattice-Based Compact Signatures over NTRU). It examines optimization measures at various levels, such as algorithmic optimization, arithmetic unit design, memory hierarchy management, and system integration. The paper compares the various performance measures (throughput, latency, area, and power) of Field-Programmable Gate Array (FPGA) and Application-Specific Integrated Circuit (ASIC) implementations. We also address major issues related to implementation, side-channel resistance, resource constraints within IoT (Internet of Things) devices, and the trade-offs between performance and security. Finally, we point out new research opportunities and existing challenges, with implications for hardware accelerator design in the post-quantum cryptographic environment. Full article

Unmanned Aerial Vehicles (UAVs) are increasingly used in civilian and military applications, making their communication and control systems targets for cyber attacks. The emerging threat of quantum computing amplifies these risks. Quantum computers could break the classical cryptographic schemes used in current UAV networks. This situation underscores the need for quantum-resilient, privacy-preserving security frameworks. This paper proposes a quantum-resilient federated learning framework for multi-layer cyber anomaly detection in UAV systems. The framework combines a hybrid deep learning architecture. A Variational Autoencoder (VAE) performs unsupervised anomaly detection. A neural network classifier enables multi-class attack categorization. To protect sensitive UAV data, model training is conducted using federated learning with differential privacy. Robustness against malicious participants is ensured through Byzantine-robust aggregation. Additionally, CRYSTALS-Dilithium post-quantum digital signatures are employed to authenticate model updates and provide long-term cryptographic security. Researchers evaluated the proposed framework on a real UAV attack dataset containing GPS spoofing, GPS jamming, denial-of-service, and simulated attack scenarios. Experimental results show the system achieves 98.67% detection accuracy with only 6.8% computational overhead compared to classical cryptographic approaches, while maintaining high robustness under Byzantine attacks. The main contributions of this study are: (1) a hybrid VAE–classifier architecture enabling both zero-day anomaly detection and precise attack classification, (2) the integration of Byzantine-robust and privacy-preserving federated learning for UAV security, and (3) a practical post-quantum security design validated on real UAV communication data. Full article

Modern high-performance network infrastructures must address the challenges of scalability and quantum-resistant security, particularly in multi-tenant and virtualized environments. In this work, we introduce a novel implementation of Post-Quantum Cryptography (PQC)-IPsec using the NVIDIA BlueField-3 Data Processing Unit (Santa Clara, CA, USA), capable of achieving 400 Gbit/s. We demonstrate line-rate performance through quantum-resilient communication channels using Kyber1024 (ML-KEM) and Dilithium5 (ML-DSA). We evaluate our implementation on two experimental setups; a host-to-host configuration and a 16 Virtual Machines (VMs)-to-host setup, both across a direct high-speed link. We set the Data Processing Unit (DPU) on both Network Interface Card (NIC) mode with no/crypto/full packet offload and on DPU mode by configuring Open vSwitch (OvS) on the ARM cores and offloading the packet processing to the hardware. We achieve 97.5% of the available line-rate for 14 VMs and 99.9% for 16 VMs, in DPU mode. Our findings confirm that PQC-enabled IPsec can operate at line-rate speeds in modern data centers, providing a practical and future-proof foundation for secure, high-throughput communication in the post-quantum computing era. Full article

As the Internet of Things (IoT) continues to expand into mission-critical and long-lived applications, securing low-power wide-area networks (LPWANs) such as Narrowband IoT (NB-IoT) against both classical and quantum threats becomes imperative. Existing NB-IoT security mechanisms terminate at the core network, leaving transmission payloads exposed. This paper proposes HySecure, an FPGA-based hybrid cryptographic platform that integrates both classical elliptic curve and post-quantum schemes to achieve end-to-end (E2E) security for NB-IoT communication. Our architecture, built upon the lightweight RISC-V PULPino platform, incorporates hardware accelerators for X25519, Kyber, Ed25519, and Dilithium. We design a hybrid key establishment protocol combining ECDH and Kyber through HKDF, and a dual-signature scheme using EdDSA and Dilithium to ensure authenticity and integrity during handshake. Cryptographic functions are evaluated on FPGA, achieving a 32.2× to 145.4× speedup. NS-3 simulations under realistic NB-IoT configurations demonstrate acceptable latency and throughput for the proposed hybrid schemes, validating their practicality for secure constrained IoT deployments and communications. Full article

The advent of quantum computers poses a significant threat to the security of classical cryptographic systems. To address this concern, researchers have been actively investigating the development of post-quantum cryptography, which aims to provide encryption schemes that remain secure even in the face of powerful quantum adversaries. To address this serious problem, the National Institute of Standards and Technology (NIST), a body of the US government, has been working on the selection and standardization of cryptographic algorithms through competitive and rigorous evaluation on different fronts. NIST has selected different candidate algorithms to standardize public-key encryption, including key establishment algorithms and digital signature algorithms. This paper reviews some selected cryptosystems, mainly based on lattice- and code-based cryptosystems. These include digital signature algorithms, such as CRYSTALS-Dilithium, code-based cryptosystems, such as McEliece, and key encapsulation methods, specifically, Classic McEliece, BIKE and HQC. We will review these algorithms and discuss their security aspects and the current state-of-the-art in the development of these algorithms post NIST 3rd finalized selection. We will also touch briefly on the differences and practical applications of each of these schema. This review is intended for engineers and practitioners alike. Full article

With the continuous development of quantum computing technology, the traditional public key cryptosystem is facing severe security challenges, especially in the resource-constrained UAV swarm communication scenario. To deal with this problem, this paper proposes a secure communication scheme for the post-quantum era, which combines the Kyber-based group key agreement mechanism and the lightweight identity authentication system constructed by sparse Merkle tree (SMT). The system is initialized by the edge node, and supports the dynamic joining and leaving of the UAV through the authentication and key management mechanism. To meet the security and performance requirements in different application scenarios, we design and integrate two mainstream post-quantum signature schemes to provide flexible identity authentication options. Experimental results show that the scheme has low resource overhead while ensuring security, which is suitable for the actual communication deployment of post-quantum UAV swarm. Full article

With the rapid advancement of quantum computing technology, traditional encryption methods are encountering unprecedented challenges in the Internet of Things (IoT), blockchain systems, and digital learning (e-learning) platforms. Therefore, we systematically reviewed the applications and countermeasures of lightweight post-quantum cryptographic techniques, focusing on the requirements of resource-constrained IoT devices and decentralized systems. We compared the encryption methods based on ring learning with errors (Ring-LWE), Binary Ring-LWE, ring-ExpLWE, the collaborative critical generation framework Q-SECURE, and hardware accelerators for the CRYSTALS-dilithium digital signature scheme. According to the high security and efficiency demands for data transmission and user interaction in e-learning platforms, we developed lightweight encryption schemes. By reviewing existing research achievements, we analyzed the application challenges in IoT, blockchain, and e-learning scenarios and explored strategies for optimizing post-quantum encryption schemes for effective deployment. Full article

Proxy re-signature enables transitive authentication of digital identities across different domains and has significant application value in areas such as digital rights management, cross-domain certificate validation, and distributed system access control. However, most existing proxy re-signature schemes, which are predominantly based on traditional public-key cryptosystems, face security vulnerabilities and certificate management bottlenecks. While identity-based schemes alleviate some issues, they introduce key escrow concerns. Certificateless schemes effectively resolve both certificate management and key escrow problems but remain vulnerable to quantum computing threats. To address these limitations, this paper constructs an efficient post-quantum certificateless proxy re-signature scheme based on algebraic lattices. Building upon algebraic lattice theory and leveraging the Dilithium algorithm, our scheme innovatively employs a lattice basis reduction-assisted parameter selection strategy to mitigate the potential algebraic attack vectors inherent in the NTRU lattice structure. This ensures the security and integrity of multi-party communication in quantum-threat environments. Furthermore, the scheme significantly reduces computational overhead and optimizes signature storage complexity through structured compression techniques, facilitating deployment on resource-constrained devices like Internet of Things (IoT) terminals. We formally prove the unforgeability of the scheme under the adaptive chosen-message attack model, with its security reducible to the hardness of the corresponding underlying lattice problems. Full article

Randomness plays an important role in data communication as well as in cybersecurity. In the simulation of communication systems, randomized bit sequences are often used to model a digital source information stream. Cryptographic outputs should look more random than deterministic in order to provide an attacker with as little information as possible. Therefore, the investigation of randomness, especially in cybersecurity, has attracted a lot of attention and research activities. Common tests regarding randomness are hypothesis-based and focus on analyzing the distribution and independence of zero and non-zero elements in a given random sequence. In this work, a novel approach grounded in a gap-based burst analysis is presented and analyzed. Such approaches have been successfully implemented, e.g., in data communication systems and data networks. The focus of the current work is on detecting deviations from the ideal gap-density function describing randomized bit sequences. For testing and verification purposes, the well-researched post-quantum cryptographic CRYSTALS suite, including its Kyber and Dilithium schemes, is utilized. The proposed technique allows for quickly verifying the level of randomness in given cryptographic outputs. The results for different sequence-generation techniques are presented, thus validating the approach. The results show that key-encapsulation and key-exchange algorithms, such as CRYSTALS-Kyber, achieve a lower level of randomness compared to digital signature algorithms, such as CRYSTALS-Dilithium. Full article

Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantum cryptography (PQC) public key digital signatures of Dilithium, Falcon, and SPHINCS⁺. Finding common ground to compare these algorithms can be difficult because of their design differences, including the fundamental math problems (lattice-based vs. hash-based). We use a visualization model to show the key/signature size vs. security trade-offs for all PQC algorithms. Our performance analyses compare the algorithms’ computational loads in the execution time. Building on the individual algorithms’ analyses, we analyze the communication costs and implementation overheads when integrated with Public Key Infrastructure (PKI) and with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our results show that the lattice-based algorithms of Dilithium and Falcon induce lower computational overheads than the hash-based algorithms of SPHINCS⁺. In addition, the lattice-based PQC can outperform the classical algorithm with comparable security strength; for example, Dilithium 2 and Falcon 512 outperform RSA 4096 in the TLS handshake time duration. Full article

The emergence of large-scale quantum computing presents an imminent threat to contemporary public-key cryptosystems, with quantum algorithms such as Shor’s algorithm capable of efficiently breaking RSA and elliptic curve cryptography (ECC). This vulnerability has catalyzed accelerated standardization efforts for post-quantum cryptography (PQC) by the U.S. National Institute of Standards and Technology (NIST) and global security stakeholders. While theoretical security analysis of these quantum-resistant algorithms has advanced considerably, comprehensive real-world performance benchmarks spanning diverse computing environments—from high-performance cloud infrastructure to severely resource-constrained IoT devices—remain insufficient for informed deployment planning. This paper presents the most extensive cross-platform empirical evaluation to date of NIST-selected PQC algorithms, including CRYSTALS-Kyber and NTRU for key encapsulation mechanisms (KEMs), alongside BIKE as a code-based alternative, and CRYSTALS-Dilithium and Falcon for digital signatures. Our systematic benchmarking framework measures computational latency, memory utilization, key sizes, and protocol overhead across multiple security levels (NIST Levels 1, 3, and 5) in three distinct hardware environments and various network conditions. Results demonstrate that contemporary server architectures can implement these algorithms with negligible performance impact (<5% additional latency), making immediate adoption feasible for cloud services. In contrast, resource-constrained devices experience more significant overhead, with computational demands varying by up to 12× between algorithms at equivalent security levels, highlighting the importance of algorithm selection for edge deployments. Beyond standalone algorithm performance, we analyze integration challenges within existing security protocols, revealing that naive implementation of PQC in TLS 1.3 can increase handshake size by up to 7× compared to classical approaches. To address this, we propose and evaluate three optimization strategies that reduce bandwidth requirements by 40–60% without compromising security guarantees. Our investigation further encompasses memory-constrained implementation techniques, side-channel resistance measures, and hybrid classical-quantum approaches for transitional deployments. Based on these comprehensive findings, we present a risk-based migration framework and algorithm selection guidelines tailored to specific use cases, including financial transactions, secure firmware updates, vehicle-to-infrastructure communications, and IoT fleet management. This practical roadmap enables organizations to strategically prioritize systems for quantum-resistant upgrades based on data sensitivity, resource constraints, and technical feasibility. Our results conclusively demonstrate that PQC is deployment-ready for most applications, provided that implementations are carefully optimized for the specific performance characteristics and security requirements of target environments. We also identify several remaining research challenges for the community, including further optimization for ultra-constrained devices, standardization of hybrid schemes, and hardware acceleration opportunities. Full article

The security of the digital certificates used in authenticating network devices relies on cryptographic algorithms like the RSA and ECC, which are vulnerable to quantum attacks. This study addresses the urgent need to secure the Simple Certificate Enrollment Protocol (SCEP), widely used in PKI-based systems, by integrating post-quantum cryptographic (PQC) algorithms—Dilithium, Falcon, and SPHINCS+. The experimental results show that Dilithium2 (1312 bytes) and Falcon512 (897 bytes) offer the best performance and throughput, with Falcon512 also being the most efficient in terms of the storage consumption. This research represents the first integration of PQC algorithms into the SCEP, establishing a foundation for scalable, quantum-resilient certificate enrollment in future PKI systems. Full article

Bulky NCN aryl-diamides featuring methyl groups in the benzyl positions were synthesized with the aim of creating a new class of meta-xylene-based trianionic pincer ligands where the common decomposition pathway of metal pincer complexes via C-H activation is prevented. Sterically demanding substituents on the ligands furthermore provide steric protection of the metal centre and can help prevent the dimerization of the complexes. While a double deprotonation of the ligands and the formation of a dilithium salt was straightforward, difficulties were encountered when attempting to deprotonate the ipso-CH proton on the central aryl ring to yield trianionic ligands. This stands in contrast to related pincer ligands without methyl groups in the benzylic positions. Experimental and theoretical investigations led to the conclusion that the challenges encountered when attempting the third deprotonation are likely caused by an interplay of increased electron density at the nitrogen atoms and steric hindrance. Both effects originate in the introduction of methyl groups in the benzylic positions, which make the targeted proton less accessible. These results provide further insight into the impact of methyl groups in the benzyl positions on both steric and electronic properties of NCN pincer ligands, which may find utility in coordination chemistry applications where metalation can be achieved by direct C-H activation rather than requiring triple deprotonation. Full article

Crypto wallets store and protect the private keys needed to sign transactions for crypto currencies; they are secured by multi-factor authentication schemes. However, the loss of a wallet, or a dysfunctional factor of authentication, can be catastrophic, as the keys are then lost as well as the crypto currencies. Such difficult tradeoffs between the protection of the private keys and factors of authentication that are easy to use are also present in public key infrastructures, banking cards, smartphones and smartcards. In this paper, we present protocols based on novel challenge–response pair mechanisms that protect private keys, while using factors of authentication that can be lost or misplaced without negative consequences. Examples of factors that are analyzed include passwords, tokens, wearable devices, biometry, and blockchain-based non-fungible tokens. In normal operations, the terminal device uses all factors of authentication to retrieve an ephemeral key, decrypt the private key, and finally sign a transaction. With our solution, users can download the software stack into multiple terminal devices, turning all of them into backups. We present a zero-knowledge multi-factor authentication scheme allowing the secure recovery of private keys when one of the factors is lost, such as the token. The challenge–response pair mechanisms also enable a novel key pair generation protocol in which private keys can be kept secret by the user, while a Keystore can securely authenticate the user and transmit the public key to a distributed network. The standardized LWE post-quantum cryptographic CRYSTALS Dilithium protocol was selected in the experimental section. Full article