Search Results (47)

To address the issues of insufficient privacy protection, lack of confidentiality, and absence of traceability mechanisms in resource-constrained application scenarios such as IoT nodes or mobile network group communications, this paper proposes a traceable ring signcryption privacy protection scheme based on the SM9 algorithm. In detail, the ring signcryption structure is designed based on the SM9 identity-based cryptography algorithm framework. Additionally, the scheme introduces a dynamic accumulator to compress ciphertext length and optimizes the algorithm to improve computational efficiency. Under the random oracle model, it is proved that the scheme has unforgeability, confidentiality, and conditional anonymity, and it is also demonstrated that conditional anonymity can be used to trace the identity of the actual signcryptor in the event of a dispute. Performance analysis shows that, compared with related schemes, this scheme improves the efficiency of signcryption, and the size of the signcryption ciphertext remains at a constant level. Full article

With the rapid advancement of technology, data transmission security has become an increasingly critical issue. Visual Cryptography Scheme (VCS) provides a secure method for sharing secret images without complex computation—by stacking multiple shares, the secret image can be visually recognized. The earliest visual cryptography scheme was proposed. However, traditional VCS are limited to the encryption and decryption of a single secret. To address the evolving demands of modern information security, numerous enhanced VCS have been introduced by researchers, offering new perspectives and capabilities. This paper proposes a novel XOR-based visual cryptography scheme that supports fully independent secrets within a (k, n)-threshold framework for 2 ≤ k < n. In the proposed scheme, n shares can simultaneously encrypt C(n, k) distinct secrets. Each secret can be reconstructed by one subset of k shares out of the n, and all shares are designed to be meaningful images so as not to be identified as hiding a secret. This approach significantly enhances the flexibility of VCS, enabling its application in scenarios where different groups hold different secrets or where the reconstructed secret identifies the associated group, which can help administrators know which group has accessed the secret. As such, the proposed scheme is more suitable for a wide range of practical applications. Full article

The rapid expansion of satellite networks for advanced communication and space exploration has ensured that robust cybersecurity for inter-satellite links has become a critical challenge. Traditional security models rely on centralized trust authorities, and node-specific protections are no longer sufficient, particularly when system failures or attacks affect groups of satellites or agent clusters. To address this problem, we propose a blockchain-enabled decentralized zero-trust model based on post-quantum cryptography (BEDZTM-PQC) to improve the security of satellite communications via continuous authentication and anomaly detection. This model introduces a group-based security framework, where satellite teams operate under a zero-trust architecture (ZTA) enforced by blockchain smart contracts and threshold cryptographic mechanisms. Each group shares the responsibility for local anomaly detection and policy enforcement while maintaining decentralized coordination through hierarchical federated learning, allowing for collaborative model training without centralizing sensitive telemetry data. A post-quantum cryptography (PQC) algorithm is employed for future-proof communication and authentication protocols against quantum computing threats. Furthermore, the system enhances network reliability by incorporating redundant communication channels, consensus-based anomaly validation, and group trust scoring, thus eliminating single points of failure at both the node and team levels. The proposed BEDZTM-PQC is implemented in MATLAB, and its performance is evaluated using key metrics, including accuracy, latency, security robustness, trust management, anomaly detection accuracy, performance scalability, and security rate with respect to different numbers of input satellite users. Full article

As medical technology develops and digital demands grow, personal health records (PHRs) are becoming more patient-centered than before based on cloud-based health information exchanges. While enhancing data accessibility and sharing, these systems present privacy and security issues, including data breaches and unauthorized access. We developed a post-quantum, group-oriented encryption scheme using the Crystal-Kyber Key encapsulation mechanism (KEM). Leveraging lattice-based post-quantum cryptography, this scheme ensures quantum resilience and chosen ciphertext attack security for layered cloud PHR environments. It supports four encryption modes: individual, group, subgroup-specific, and authorized subgroup decryption, meeting diverse data access needs. With efficient key management requiring only one private key per user, the developed scheme strengthens the privacy and security of PHRs in a future-proof, flexible, and scalable manner. Full article

Today, blockchain technologies are a separate, rapidly developing area. With rapid development, they open up a number of scientific problems. One of these problems is the problem of reliability, which is primarily associated with the use of cryptographic primitives. The threat of the emergence of quantum computers is now widely discussed, in connection with which the direction of post-quantum cryptography is actively developing. Nevertheless, the most popular blockchain platforms (such as Bitcoin and Ethereum) use asymmetric cryptography based on elliptic curves. Here, cryptographic primitives for blockchain systems are divided into four groups according to their functionality: keyless, single-key, dual-key, and hybrid. The main attention in the work is paid to the most significant cryptographic primitives for blockchain systems: keyless and single-key. This manuscript discusses possible scenarios in which, during practical implementation, the mathematical foundations embedded in the algorithms for generating a digital signature and encrypting data using algorithms based on elliptic curves are violated. In this case, vulnerabilities arise that can lead to the compromise of a private key or a substitution of a digital signature. We consider cases of vulnerabilities in a blockchain system due to incorrect use of a cryptographic primitive, describe the problem, formulate the problem statement, and assess its complexity for each case. For each case, strict calculations of the maximum computational costs are given when the conditions of the case under consideration are met. Among other things, we present a new version of the encryption algorithm for data stored in blockchain systems or transmitted between blockchain systems using elliptic curves. This algorithm is not the main blockchain algorithm and is not included in the core of modern blockchain systems. This algorithm allows the use of the same keys that system users have in order to store sensitive user data in an open blockchain database in encrypted form. At the same time, possible vulnerabilities that may arise from incorrect implementation of this algorithm are considered. The scenarios formulated in the article can be used to test the reliability of both newly created blockchain platforms and to study long-existing ones. Full article

A fuzzy extractor is a foundational cryptographic component that enables the extraction of reproducible and uniformly random strings from sources with inherent noise, such as biometric traits. Reusable fuzzy extractor guarantees the security of multiple extractions from the same noisy source. In addition, although isogeny-based cryptography has become an important branch in post-quantum cryptography, the study of fuzzy extractors based on isogeny assumptions is still in its early stages and holds much room for improvement. In this paper, we give two reusable fuzzy extractor schemes derived from isogeny-based assumptions: one is based on the linear hidden shift assumption over group actions, while the other is built upon the group-action decisional Diffie–Hellman assumption within the isogeny framework. Both proposed constructions achieve post-quantum security and are capable of correcting a linear proportion of errors. They rely solely on fundamental cryptographic primitives, which ensure simplicity and efficiency. Additionally, the second construction is based on restricted effective group action, which is weaker than the effective group action used in the first construction, thereby offering greater practical applicability. Full article

This paper investigates the role of solvable and nilpotent Lie algebras in the domains of cryptography and steganography, emphasizing their potential in enhancing security protocols and covert communication methods. In the context of cryptography, we explore their application in public-key infrastructure, secure data verification, and the resolution of commutator-based problems that underpin data protection strategies. In steganography, we examine how the algebraic properties of solvable Lie algebras can be leveraged to embed confidential messages within multimedia content, such as images and video, thereby reinforcing secure communication in dynamic environments. We introduce a key exchange protocol founded on the structural properties of solvable Lie algebras, offering an alternative to traditional number-theoretic approaches. The proposed Lie Exponential Diffie–Hellman Problem (LEDHP) introduces a novel cryptographic challenge based on Lie group structures, offering enhanced security through the complexity of non-commutative algebraic operations. The protocol utilizes the non-commutative nature of Lie brackets and the computational difficulty of certain algebraic problems to ensure secure key agreement between parties. A detailed security analysis is provided, including resistance to classical attacks and discussion of post-quantum considerations. The algebraic complexity inherent to solvable Lie algebras presents promising potential for developing cryptographic protocols resilient to quantum adversaries, positioning these mathematical structures as candidates for future-proof security systems. Additionally, we propose a method for secure message embedding using the Lie algebra in combination with frame deformation techniques in animated objects, offering a novel approach to steganography in motion-based media. Full article

This paper presents HERMEES—Holistic Evaluation and Ranking Model for Energy Efficient Systems. HERMEES is based on a multi-criteria decision-making (MCDM) model designed to select the optimal combination of lightweight cryptography (LWC) and topology construction protocol (TCP) algorithms for wireless sensor networks (WSNs) based on user-defined scenarios. The proposed model is evaluated using a scenario based on a medium-sized agricultural field. The Simple Additive Weighting (SAW) method is used to assign scores to the candidate algorithm pairs by weighting the scenario-specific criteria according to their significance in the decision-making process. To further refine the selection, mean shift clustering is utilized to group and identify the highest scored candidates. The resulting model is versatile and adaptable, enabling WSNs to be configured according to specific operational needs. The provided pseudocode elucidates the model workflow and aids in an effective implementation. The presented model establishes a solid foundation for the development of guided self-configuring context-aware WSNs capable of dynamically adapting to a wide range of application requirements. Full article

A group signature scheme allows a user to sign a message anonymously on behalf of a group and provides accountability by using an opening authority who can “open” a signature and reveal the signer’s identity. Group signature schemes have been widely used in privacy-preserving applications, including anonymous attestation and anonymous authentication. Fully dynamic group signature schemes allow new members to join the group and existing members to be revoked if needed. Symmetric-key based group signature schemes are post-quantum group signatures whose security rely on the security of symmetric-key primitives, and cryptographic hash functions. In this paper, we design a symmetric-key based fully dynamic group signature scheme, called DGMT, that redesigns DGM (Buser et al. ESORICS 2019) and removes its two important shortcomings that limit its application in practice: (i) interaction with the group manager for signature verification, and (ii) the need for storing and managing an unacceptably large amount of data by the group manager. We prove security of DGMT (unforgeability, anonymity, and traceability) and give a full implementation of the system. Compared to all known post-quantum group signature schemes with the same security level, DGMT has the shortest signature size. We also analyze DGM signature revocation approach and show that despite its conceptual novelty, it has significant hidden costs that makes it much more costly than using the traditional revocation list approach. Full article

Vehicular ad hoc networks (VANETs), which are the backbone of intelligent transportation systems (ITSs), facilitate critical data exchanges between vehicles. This necessitates secure transmission, which requires guarantees of message availability, integrity, source authenticity, and user privacy. Moreover, the traceability of network participants is essential as it deters malicious actors and allows lawful authorities to identify message senders for accountability. This introduces a challenge: balancing privacy with traceability. Conditional privacy-preserving authentication (CPPA) schemes are designed to mitigate this conflict. CPPA schemes utilize cryptographic protocols, including certificate-based schemes, group signatures, identity-based schemes, and certificateless schemes. Due to the critical time constraints in VANETs, efficient batch verification techniques are crucial. Combining certificateless schemes with batch verification leads to certificateless aggregate signature (CLAS) schemes. In this paper, cryptanalysis of Xiong’s CLAS scheme revealed its vulnerabilities to partial key replacement and identity replacement attacks, alongside mathematical errors in the batch verification process. Our proposed CLAS scheme remedies these issues by incorporating an identity authentication module that leverages chameleon hashing within elliptic curve cryptography (CHAM-CLAS). The signature and verification modules are also redesigned to address the identified vulnerabilities in Xiong’s scheme. Additionally, we implemented the small exponents test within the batch verification module to achieve Type III security. While this enhances security, it introduces a slight performance trade-off. Our scheme has been subjected to formal security and performance analyses to ensure robustness. Full article

Data security is one of the biggest concerns in the modern world due to advancements in technology, and cryptography ensures that the privacy, integrity, and authenticity of such information are safeguarded in today’s digitally connected world. In this article, we introduce a new technique for the construction of non-linear components in block ciphers. The proposed S-box generation process is a transformational procedure through which the elements of a finite field are mapped onto highly nonlinear permutations. This transformation is achieved through a series of algebraic and combinatorial operations. It involves group actions on some pairs of two Galois fields to create an initial S-box $P_{r}Sbox$, which induces a rich algebraic structure. The post S-box $P_{o}Sbox$, which is derived from heuristic group-based optimization, leads to high nonlinearity and other important cryptographic parameters. The proposed S-box demonstrates resilience against various attacks, making the system resistant to statistical vulnerabilities. The investigation reveals remarkable attributes, including a nonlinearity score of 112, an average Strict Avalanche Criterion score of 0.504, and LAP (Linear Approximation Probability) score of 0.062, surpassing well-established S-boxes that exhibit desired cryptographic properties. This novel methodology suggests an encouraging approach for enhancing the security framework of block ciphers. In addition, we also proposed a three-step image encryption technique comprising of Row Permutation, Bitwise XOR, and block-wise substitution using $P_{o}Sbox$. These operations contribute to adding more levels of randomness, which improves the dispersion across the cipher image and makes it equally intense. Therefore, we were able to establish that the approach works to mitigate against statistical and cryptanalytic attacks. The PSNR, UACI, MSE, NCC, AD, SC, MD, and NAE data comparisons with existing methods are also provided to prove the efficiency of the encryption algorithm. Full article

This paper is aimed at using a lookup table method to improve the scalar multiplication performance of elliptic curve cryptography. The lookup table must be divided into two polynomials and requires two iterations of point doubling operation, for which negation operations are needed. It is well known that an inversion operation requires a lot of multiplication time. The advantage of this paper is that we are able to reduce one inverse element calculation for this problem and also improve the basic operations of finite fields through segmentation methods. If the normal basis method is used in the design of the inverse element operation, it must be converted to the normal basis through the standard basis. However, the conversion process requires a lot of matrix operations. Though the anti-element operation has good speed performance, it also increases the computational complexity. Using number theory and grouping methods will greatly improve the performance of inverse element operations. With application of the two-time point doubling operation in the hardware implementation, the developed approach reduces the computing time by 48% as compared with the conventional approach. The computational time of the scalar multiplication using the presented method is further improved by 67% over the traditional algorithm with only an area increase of 12%. Finally, the proposed lookup table-based technique can be utilized for software and hardware implementation, as the developed arithmetic operations are simple and are consistent in their execution. Full article

The advent of the big data era has brought unprecedented data demands. The integration of computing resources with network resources in the computing force network enables the possibility of distributed collaborative training. However, unencrypted collaborative training is vulnerable to threats such as gradient inversion attacks and model theft. To address this issue, the data in collaborative training are usually protected by cryptographic methods. However, the semantic meaninglessness of encrypted data makes it difficult to prevent potential data poisoning attacks and free-riding attacks. In this paper, we propose a fairness guarantee approach for privacy-preserving collaborative training, employing blockchain technology to enable participants to share data and exclude potential violators from normal users. We utilize a cryptography-based secure aggregation method to prevent data leakage during blockchain transactions, and employ a contribution evaluation method for encrypted data to prevent data poisoning and free-riding attacks. Additionally, utilizing Shamir’s secret sharing for secret key negotiation within the group, the negotiated key is directly introduced as noise into the model, ensuring the encryption process is computationally lightweight. Decryption is efficiently achieved through the aggregation of encrypted models within the group, without incurring additional computational costs, thereby enhancing the computational efficiency of the encryption and decryption processes. Finally, the experimental results demonstrate the effectiveness and efficiency of our proposed approach. Full article

We propose highly efficient certificate-less (CL) protocols for the infrastructure used by authenticated key exchange (AKE). The construction is based on elliptic curves (EC) without pairing, which means it can be easily supported by most industrial cryptography libraries on constrained devices. Compared with other pairing-free CL solutions, the new CL-AKE protocol enjoys the least number of scalar multiplications over EC groups. We use a unified game-based model to formalize the security of each protocol, while most previous works only assess the security against a list of attacks, provide informal theorems without proper modeling, or use separate models for protocols in different stages. We also present an efficient integration of the core protocols into the TLS cipher suites and a stand-alone implementation for constrained devices. The performance is evaluated on constrained devices in real-world settings, which further confirms the efficiency of our proposal. Full article

In this paper, we introduce secure groups as a cryptographic scheme representing finite groups together with a range of operations, including the group operation, inversion, random sampling, and encoding/decoding maps. We construct secure groups from oblivious group representations combined with cryptographic protocols, implementing the operations securely. We present both generic and specific constructions, in the latter case specifically for number-theoretic groups commonly used in cryptography. These include Schnorr groups (with quadratic residues as a special case), Weierstrass and Edwards elliptic curve groups, and class groups of imaginary quadratic number fields. For concreteness, we develop our protocols in the setting of secure multiparty computation based on Shamir secret sharing over a finite field, abstracted away by formulating our solutions in terms of an arithmetic black box for secure finite field arithmetic or for secure integer arithmetic. Secure finite field arithmetic suffices for many groups, including Schnorr groups and elliptic curve groups. For class groups, we need secure integer arithmetic to implement Shanks’ classical algorithms for the composition of binary quadratic forms, which we will combine with our adaptation of a particular form reduction algorithm due to Agarwal and Frandsen. As a main result of independent interest, we also present an efficient protocol for the secure computation of the extended greatest common divisor. The protocol is based on Bernstein and Yang’s constant-time 2-adic algorithm, which we adapt to work purely over the integers. This yields a much better approach for multiparty computation but raises a new concern about the growth of the Bézout coefficients. By a careful analysis, we are able to prove that the Bézout coefficients in our protocol will never exceed $3max(a,b)$ in absolute value for inputs a and b. We have integrated secure groups in the Python package MPyC and have implemented threshold ElGamal and threshold DSA in terms of secure groups. We also mention how our results support verifiable multiparty computation, allowing parties to jointly create a publicly verifiable proof of correctness for the results accompanying the results of a secure computation. Full article