Search Results (108)

While Federated Learning (FL) and Split Learning (SL) aim to uphold data confidentiality by localized training, they remain susceptible to adversarial threats such as model poisoning and sophisticated inference attacks. To mitigate these vulnerabilities, we propose $\mathbf{SplitML}$, a secure and privacy-preserving framework for Federated Split Learning (FSL). By integrating $IND-CP{A}^D$ secure Fully Homomorphic Encryption (FHE) with Differential Privacy (DP), $\mathbf{SplitML}$ establishes a defense-in-depth strategy that minimizes information leakage and thwarts reconstructive inference attempts. The framework accommodates heterogeneous model architectures by allowing clients to collaboratively train only the common top layers while keeping their bottom layers exclusive to each participant. This partitioning strategy ensures that the layers closest to the sensitive input data are never exposed to the centralized server. During the training phase, participants utilize multi-key CKKS FHE to facilitate secure weight aggregation, which ensures that no single entity can access individual updates in plaintext. For collaborative inference, clients exchange activations protected by single-key CKKS FHE to achieve a consensus derived from Total Labels (TL) or Total Predictions (TP). This consensus mechanism enhances decision reliability by aggregating decentralized insights while obfuscating soft-label confidence scores that could be exploited by attackers. Our empirical evaluation demonstrates that $\mathbf{SplitML}$ provides substantial defense against Membership Inference (MI) attacks, reduces temporal training costs compared to standard encrypted FL, and improves inference precision via its consensus mechanism, all while maintaining a negligible impact on federation overhead. Full article

Statistical confidentiality focuses on protecting data to preserve its analytical value while preventing identity exposure, ensuring privacy and security in any system handling sensitive information. Homomorphic encryption allows computations on encrypted data without revealing it to anyone other than an owner or an authorized collector. When combined with other techniques, homomorphic encryption offers an ideal solution for ensuring statistical confidentiality. TFHE (Fast Fully Homomorphic Encryption over the Torus) is a fully homomorphic encryption scheme that supports efficient homomorphic operations on Booleans and integers. Building on TFHE, Zama’s Concrete project offers an open-source compiler that translates high-level Python code (version 3.9 or higher) into secure homomorphic computations. This study examines the feasibility of the Concrete compiler to perform core statistical analyses on encrypted data. We implement traditional algorithms for core statistical measures including the mean, variance, and five-point summary on encrypted datasets. Additionally, we develop a bitonic sort implementation to support the five-point summary. All implementations are executed within the Concrete framework, leveraging its built-in optimizations. Their performance is systematically evaluated by measuring circuit complexity, programmable bootstrapping count (PBS), compilation time, and execution time. We compare these results to findings from previous studies wherever possible. The results show that the complexity of sorting and statistical computations on encrypted data with the Concrete implementation of TFHE increases rapidly, and the size and range of data that can be accommodated is small for most applications. Nevertheless, this work reinforces the theoretical promise of Fully Homomorphic Encryption (FHE) for statistical analysis and highlights a clear path forward: the development of optimized, FHE-compatible algorithms. Full article

While tremendous progress has been made towards achieving highly efficient and practical Private Set Intersection (PSI) protocols during the last decade, the development of post-quantum PSI is still far from satisfactory. Existing post-quantum PSI protocols encounter a dilemma: while those based on fully homomorphic encryption (FHE) achieve low online communication, they suffer from significant online computation; conversely, protocols based on post-quantum Oblivious Pseudorandom Functions (OPRFs) exhibit excellent online computational performance but incur substantially high online communication. To overcome this dilemma, we present a lattice-based PSI protocol that achieves optimal online performance in both communication and computation. Our solution introduces two core innovations: a robust signal comparison algorithm based on RLWE key exchange, which determines the intersection through signal consistency rather than direct shared key comparison, and an optimized Oblivious Key–Value Stores (OKVS) implementation featuring a composite key–value mapping for efficient handling of high-dimensional RLWE polynomials. We implement the protocol and conduct extensive benchmarks in both symmetric and asymmetric set-size settings. The results show that our construction achieves the lowest online overhead in both computation and communication among all tests. For example, with asymmetric set sizes $(2^{12},11041)$, the online phase requires only $0.132$ s, yielding $19\times$ and $282\times$ improvements over FHE-based (CCS’21) and OPRF-based (EUROCRYPT’25) protocols, respectively. Even at $(2^{24},11041)$, our online communication time is only 0.201 s, which is $226\times$ and $184\times$ that of FHE-based and OPRF-based PSI, respectively. Additionally, our online communication overhead is the lowest in all tests; however, this comes at the cost of heavy offline communication overhead for very large set sizes, revealing a clear trade-off between pre-computation and online efficiency. This work addresses a critical gap in post-quantum PSI by delivering a protocol that achieves balanced online communication and computational overhead, thereby enabling broader practical deployment. Full article

The Internet of Medical Things (IoMT) improves healthcare delivery through many medical applications. Because of medical data sensitivity and limited resources of wearable technology, privacy and security are significant challenges. Traditional encryption does not provide secure computation on encrypted data, and many blockchain-based IoMT solutions partially rely on centralized structures. IoMT with dynamic encryption is an innovative privacy-preserving system that combines sensitivity-based classification and advanced encryption to address these issues. The study proposes privacy-preserving IoMT framework that dynamically adapts its cryptographic strategy based on data sensitivity. The proposed approach uses a hybrid SDAIPA (SDAIA-HIPAA) classification model that integrates Saudi Data and Artificial Intelligence Authority (SDAIA) and Health Insurance Portability and Accountability Act (HIPAA) guidelines. This classification directly governs the selection of encryption mechanisms, where Advanced Encryption Standard (AES) is used for low-sensitivity data, and Fully Homomorphic Encryption (FHE) is used for high-sensitivity data. The Whale Optimization Algorithm (WOA) is used to maximize cryptographic entropy of FHE keys and improves security against attacks, resulting in an Optimized FHE that is conditionally used based on SDAIPA outputs. This proposed approach provides a novel scheme to dynamically align cryptographic intensity with data risk and avoids the overhead of uniform FHE use while ensuring strong privacy for critical records. Two datasets are used to assess the proposed approach with up to 806 samples. The results show that the hybrid OHE-WOA outperforms in the percentage of sensitivity of privacy index with dataset 1 by 78.3% and 12.5% and with dataset 2 by 89% and 19.7% compared to AES and RSA, respectively, which ensures its superior ability to preserve privacy. Full article

Homomorphic encryption enables computations to be performed directly on encrypted data, ensuring data confidentiality even in untrusted or distributed environments. Although this approach provides strong theoretical security, its practical adoption remains limited due to high computational and memory requirements. This study presents a comparative evaluation of three representative homomorphic encryption paradigms: partially, somewhat, and fully homomorphic encryption. The implementations are based on the GMP library, Microsoft SEAL, and OpenFHE. The analysis examines encryption and decryption time, ciphertext expansion, and memory usage under various parameter configurations, including different polynomial modulus degrees. The goal is to provide a transparent and reproducible comparison that illustrates the practical differences among these approaches. The results highlight the trade-offs between security, efficiency, and numerical precision, identifying cases where lightweight schemes can achieve acceptable performance for latency-sensitive or resource-constrained applications. These findings offer practical guidance for deploying homomorphic encryption in secure cloud-based computation and other privacy-preserving environments. Full article

Fully Homomorphic Encryption (FHE) enables privacy-preserving computation but is hindered by high computational overhead, with the key-switching operation being a primary performance bottleneck. This paper introduces the first CUDA-optimized GPU implementation of the Kim, Lee, Seo, and Son (KLSS) key-switching algorithm for three leading FHE schemes: BGV, BFV, and CKKS. Our solution achieves significant performance gains, delivering speedups of up to 181× against the original CPU implementation. Furthermore, we analyze the critical trade-off between the key-switching techniques on GPUs, providing insights for the choice between single- and double-decomposition methods. Our work provides a high-performance tool and offers clear guidelines on the trade-off between latency and hardware memory constraints. Full article

Botnet attacks on Internet of Things (IoT) devices are escalating at the 5G/6G multi-access edge, yet most federated learning frameworks for IoT malware detection (FL-IMD) still hinge on a central aggregator, enlarging the attack surface, weakening privacy, and creating a single point of failure. We propose a two-tier, fully decentralized FL architecture aligned with MEC’s Proximal Edge Server (PES)/Supplementary Edge Server (SES) hierarchy. PES nodes train locally and encrypt updates with the Cheon–Kim–Kim–Song (CKKS) scheme; SES nodes verify ECDSA-signed provenance, homomorphically aggregate ciphertexts, and finalize each round via an Algorand-style committee that writes a compact, tamper-evident record (update digests/URIs and a global-model hash) to an append-only ledger. Using the N-BaIoT benchmark with an unsupervised autoencoder, we evaluate known-device and leave-one-device-out regimes against a classical centralized baseline and a cryptographically hardened but server-centric variant. With the heavier CKKS profile, attack sensitivity is preserved (TPR $\ge 0.99$), and specificity (TNR) declines by only 0.20 percentage points relative to plaintext in both regimes; a lighter profile maintains TPR while trading 3.5–4.8 percentage points of TNR for about 71% smaller payloads. Decentralization adds only a negligible per-round overhead for committee finality, while homomorphic aggregation dominates latency. Overall, our FL-IMD design removes the trusted aggregator and provides verifiable, ledger-backed provenance suitable for trustless MEC deployments. Full article

This paper investigates whether ChatGPT, a large language model, can assist in the implementation of lattice-based cryptography and fully homomorphic encryption algorithms, specifically the Ring Learning-with-Errors encryption scheme and the Brakerski–Fan–Vercauteren FHE scheme. To the best of our knowledge, this study represents the first systematic exploration of ChatGPT’s ability to implement these cryptographic algorithms. Fully homomorphic encryption, despite its theoretical and practical significance, poses significant challenges due to its computational complexity and efficiency requirements. This study evaluates ChatGPT’s capability as a development tool from both algorithmic and implementation perspectives. At the algorithmic level, ChatGPT demonstrates a solid understanding of the Rring Learning-with-Errors lattice encryption scheme but faces limitations in comprehending the intricate structure of the Brakerski–Fan–Vercauteren FHE scheme. At the code level, ChatGPT can generate functional C++ implementations of both encryption schemes, significantly reducing manual coding effort. However, debugging and corrections remain necessary, particularly for the more complex Brakerski–Fan–Vercauteren scheme, where additional effort is required to ensure correctness. The findings highlight ChatGPT’s potential and limitations in supporting cryptographic algorithm development, offering insights into its application for advancing implementations of complex cryptographic systems. Full article

In the context of rapid advancements in big data and artificial intelligence, similarity measurement methods between samples have been widely applied in data mining, pattern recognition, medical diagnosis, financial risk control, and other fields. The Mahalanobis distance, due to its effectiveness in capturing correlations within high-dimensional data, has become a crucial tool in many practical scenarios. However, sample data often contains sensitive privacy information, making it essential to achieve secure and privacy-preserving computation of Mahalanobis distance. This paper proposes a secure Mahalanobis distance calculation scheme tailored for sample vectors that effectively resists malicious cheating behaviors. The designed multi-party computation algorithms ensure privacy protection while maintaining computational efficiency and minimizing communication overhead. The experimental results compare three algorithms in terms of execution time and communication delay across varying sample sizes and vector dimensions. The results demonstrate that our proposed scheme achieves a favorable balance between security and performance. This research provides a practical and robust solution for similarity measurement under privacy constraints and lays a theoretical and practical foundation for secure data collaboration in multi-party computing environments, offering significant application potential. Full article

Private information retrieval (PIR) is a typical application scenario of encrypted computing, which allows users to retrieve data from a database by providing only an encrypted index. In an academic research scenario, multiple parties may entrust their data to a third party and require collaborative retrieval. However, due to competitive relationships and mutual distrust between these parties, they do not share public–private keys, making single-key mechanisms inadequate for meeting actual privacy requirements. In this case, based on the multi-key fully homomorphic encryption (MKFHE) algorithm, we construct an efficient PIR scheme with an access permission verification mechanism and dynamic database. Specifically, we design an MKFHE algorithm to protect multi-user privacy information. The vector–matrix multiplication optimization algorithm is adopted to improve computational efficiency, the expand algorithm is used to reduce user communication traffic, and homomorphic multiplication with ciphertext chunking is used to avoid excessive noise caused by direct ciphertext multiplication. Experiments based on the SEAL library show that by transferring part of the computational pressure to the offline stage, the online query response efficiency of our scheme is improved by about 7.69%, and the online computational efficiency of vector–matrix multiplication is improved by about 19.7%. Full article

This paper enhances the multikey scenario in the Gentry–Sahai–Waters (GSW) fully homomorphic encryption scheme to increase its real-world applicability. We integrate the advantages of two existing GSW multikey approaches: one enabling distributed decryption and the other reducing memory requirements. We also apply the CRT decomposition and ciphertext compression techniques to the multikey settings. While leveraging the effectiveness of decomposition, we adapt the compression technique for practical cryptographic applications, as demonstrated through simulations in federated learning and multiparty communication scenarios. Our work’s potential impact on the cryptography field is significant, as it offers a more efficient and secure solution for distributed data processing in real-world scenarios, thereby advancing the state of the art in secure communication systems. Full article

Fully Homomorphic Encryption (FHE) allows a client to share their data with an external server without ever exposing their data. FHE serves as a potential solution for data breaches and the marketing of users’ private data. Unfortunately, FHE is much slower than conventional asymmetric cryptography, where data are encrypted only between endpoints. Within this work, we propose the Dynamic AcceleRaTor for Parallel Homomorphic pROGrams, DARTPHROG, as a potential tool for accelerating FHE. DARTPHROG is a superscalar architecture, allowing multiple homomorphic operations to be executed in parallel. Furthermore, DARTPHROG is the first to utilize the new Hardware Optimized Modular-Reduction (HOM-R) system, showcasing the uniquely efficient method compared to Barrett and Montgomery reduction. Coming in at 40.5 W, DARTPHROG is one of the smaller architectures for FHE acceleration. Our architecture offers speedups of up to 1860 times for primitive FHE operations such as ciphertext/plaintext and ciphertext/ciphertext addition, subtraction, and multiplication when operations are performed in parallel using the superscalar feature in DARTPHROG. The DARTPHROG system implements an assembler, a unique instruction set based on THUMB, and a homomorphic processor implemented on a Field Programmable Gate Array (FPGA). DARTPHROG is also the first superscalar evaluation of homomorphic operations when the Number Theoretic Transform (NTT) is excluded from the design. Our processor can therefore be used as a base case for evaluation when weighing the resource and execution impact of NTT implementations. Full article

Electric vehicle (EV) charging infrastructures raise significant concerns about data security and user privacy because traditional centralized authorization and billing frameworks expose sensitive information to breaches and profiling. To address these vulnerabilities, we propose a novel decentralized framework that couples a permissioned blockchain with fully homomorphic encryption (FHE). Unlike prior blockchain-only or blockchain-and-machine-learning solutions, our architecture performs all authorization and billing computations on encrypted data and records transactions immutably via smart contracts. We implemented the system on Hyperledger Fabric using the CKKS-based TenSEAL library, chosen for its efficient arithmetic on real-valued vectors, and show that homomorphic operations are executed off-chain within a secure computation layer while smart contracts handle only encrypted records. In a simulation involving 20 charging stations and up to 100 concurrent users, the proposed system achieved an average authorization latency of 610 ms, a billing computation latency of 310 ms, and transaction throughput of 102 Tx min while maintaining energy overhead below 0.14 kWh day per station. When compared to state-of-the-art blockchain-only approaches, our method reduces data exposure by 100%, increases privacy from “moderate” to “very high,” and achieves similar throughput with acceptable computational overhead. These results demonstrate that privacy-preserving EV charging is practical using present-day cryptography, paving the way for secure, scalable EV charging and billing services. Full article

With the explosive growth of Internet of Things (IoT) devices, massive amounts of heterogeneous data are continuously generated. However, IoT data transactions and sharing face multiple challenges such as limited device resources, untrustworthy network environment, highly sensitive user privacy, and serious data silos. How to achieve fine-grained access control and privacy protection for massive devices while ensuring secure and reliable data circulation has become a key issue that needs to be urgently addressed in the current IoT field. To address the above challenges, this paper proposes a blockchain-based data transaction and privacy protection framework. First, the framework builds a multi-layer security architecture that integrates blockchain and IPFS and adapts to the “end–edge–cloud” collaborative characteristics of IoT. Secondly, a data sharing mechanism that takes into account both access control and interest balance is designed. On the one hand, the mechanism uses attribute-based encryption (ABE) technology to achieve dynamic and fine-grained access control for massive heterogeneous IoT devices; on the other hand, it introduces a game theory-driven dynamic pricing model to effectively balance the interests of both data supply and demand. Finally, in response to the needs of confidential analysis of IoT data, a secure computing scheme based on CKKS fully homomorphic encryption is proposed, which supports efficient statistical analysis of encrypted sensor data without leaking privacy. Security analysis and experimental results show that this scheme is secure under standard cryptographic assumptions and can effectively resist common attacks in the IoT environment. Prototype system testing verifies the functional completeness and performance feasibility of the scheme, providing a complete and effective technical solution to address the challenges of data integrity, verifiable transactions, and fine-grained access control, while mitigating the reliance on a trusted central authority in IoT data sharing. Full article

The advent of quantum computing poses an existential threat to the security of cloud services that handle sensitive visual data. Simultaneously, the need for computational privacy requires the ability to process data without exposing it to the cloud provider. This paper introduces and evaluates a hybrid quantum-resistant framework that addresses both challenges by integrating NIST-standardized post-quantum cryptography with optimized fully homomorphic encryption (FHE). Our solution uses CRYSTALS-Kyber for secure channel establishment and the CKKS FHE scheme with SIMD batching to perform image processing tasks on a cloud server without ever decrypting the image. This work provides a comprehensive performance analysis of the complete, end-to-end system. Our empirical evaluation demonstrates the framework’s practicality, detailing the sub-millisecond PQC setup costs and the amortized transfer of 33.83 MB of public FHE materials. The operational performance shows remarkable scalability, with server-side computations and client-side decryption completing within low single-digit milliseconds. By providing a detailed analysis of a viable and efficient architecture, this framework establishes a practical foundation for the next generation of privacy-preserving cloud applications. Full article