Search Results (102)

Compliant cross-border data flows face persistent challenges from fragmented regulatory regimes, inconsistent enforcement, and limited trust among stakeholders. Current approaches typically rely on centralized oversight or excessive data disclosure, both compromising regulatory interoperability and operational security. This paper introduces a trust-oriented blockchain architecture that enables secure cross-border data exchange while ensuring verifiable compliance without revealing sensitive content. The architecture decouples policy enforcement, privacy-preserving validation, and cross-jurisdiction auditability, enabling entities to share cryptographically verifiable compliance proofs rather than raw data. To capture the behavioral dynamics across heterogeneous regulatory environments, we incorporate a strategic interaction layer that models how domestic firms, foreign enterprises, and cross-border data platforms adjust decisions under varying incentive structures. These insights guide the design of an adaptive compliance verification pipeline that maintains trust equilibrium across participants. Our design records only cryptographic digests and structured compliance evidence on-chain, while off-chain components execute privacy-preserving checks using secure computation and decentralized storage. Through a case-driven evaluation, we show that the proposed architecture reduces governance friction, enhances institutional trust, and achieves interoperable compliance validation with minimal disclosure overhead. Through component-level evaluation and architectural analysis, this work establishes a technical foundation for secure, transparent, and regulation-aligned cross-border data governance. The framework provides a blueprint for future multi-party pilot deployments in operational environments. Full article

The rapid convergence of artificial intelligence (AI), cloud computing, and 5G communication has positioned extended reality (XR) as a core technology bridging the physical and virtual worlds. Encompassing virtual reality (VR), augmented reality (AR), and mixed reality (MR), XR has demonstrated transformative potential across sectors such as healthcare, industry, education, and defense. However, the compact architecture and limited computational capabilities of XR devices render conventional cryptographic authentication schemes inefficient, while the real-time transmission of biometric and positional data introduces significant privacy and security vulnerabilities. To overcome these challenges, this study introduces PXRA (PUF-based XR authentication), a lightweight and secure authentication and key distribution protocol optimized for cloud-assisted XR environments. PXRA utilizes a physically unclonable function (PUF) for device-level hardware authentication and offloads elliptic curve cryptography (ECC) operations to the cloud to enhance computational efficiency. Authenticated encryption with associated data (AEAD) ensures message confidentiality and integrity, while formal verification through ProVerif confirms the protocol’s robustness under the Dolev–Yao adversary model. Experimental results demonstrate that PXRA reduces device-side computational overhead by restricting XR terminals to lightweight PUF and hash functions, achieving an average authentication latency below 15 ms sufficient for real-time XR performance. Formal analysis verifies PXRA’s resistance to replay, impersonation, and key compromise attacks, while preserving user anonymity and session unlinkability. These findings establish the feasibility of integrating hardware-based PUF authentication with cloud-assisted cryptographic computation to enable secure, scalable, and real-time XR systems. The proposed framework lays a foundation for future XR applications in telemedicine, remote collaboration, and immersive education, where both performance and privacy preservation are paramount. Our contribution lies in a hybrid PUF–cloud ECC architecture, context-bound AEAD for session-splicing resistance, and a noise-resilient BCH-based fuzzy extractor supporting up to 15% BER. Full article

Simultaneous ascending auctions find extensive applications in spectrum licensing and advertising space allocation. However, existing quantum sealed-bid auction protocols suffer from dual limitations: they cannot support multi-item simultaneous bidding scenarios, and their reliance on complex quantum resources along with requiring full quantum operational capabilities from bidders fails to accommodate practical constraints of quantum resource-limited users. To address these challenges, this paper proposes a multi-party semi-quantum simultaneous ascending auction protocol based on single-particle states. The protocol employs a trusted honest third party (HTP) responsible for quantum state generation, distribution, and security verification. Bidders determine their groups through quantum measurements and privately encode their bid vectors. Upon successful HTP authentication, each bidder obtains a unique identity code. During the bidding phase, HTP dynamically updates quantum sequences, allowing bidders to submit bids for multiple items by performing only simple unitary operations. HTP announces the highest bid for each item in real time and iteratively generates auction sequences until no new highest bid emerges, thereby achieving simultaneous ascending auctions for multiple items. It acts as a quantum-secured signaling layer, ensuring unconditional security for bid transmission and identity verification while maintaining classical auction logic. Quantum circuit simulations validate the protocol’s feasibility with current technology while satisfying critical security requirements, including anonymity, verifiability, non-repudiation, and privacy preservation. It provides a scalable semi-quantum auction solution for resource-constrained scenarios. Full article

Real-time peer-to-peer communication in web browsers typically relies on centralized signaling servers, creating single points of failure, privacy vulnerabilities, and censorship risks. We present WebRTC Swarms, a fully decentralized signaling architecture integrated into GRIDNET OS that combines onion-routed relay circuits with designated verifier zero-knowledge authentication and cryptoeconomic incentives. The proposed system empowers peers to discover and connect without exposing identities or IP addresses through an overlay of incentivized full nodes that carry signaling traffic using transmission tokens. We introduce a MAC-based designated verifier ZK authentication protocol allowing peers sharing a pre-shared key to mutually authenticate without revealing the key, ensuring only authorized participants can join sessions while preserving unlinkability to outsiders across sessions. Through formal verification using TLA+, we prove key safety and liveness properties of both the signaling protocol and the authentication mechanism. Empirical evaluation demonstrates near-100% NAT traversal success via incentivized decentralized TURN relaying (compared to approximately 85% for STUN-only approaches), join latencies under 2 s for swarms of dozens of peers, and strong resilience against Sybil and denial-of-service attacks through token-based rate limiting. Our work represents the first practical integration of decentralized WebRTC signaling with designated verifier cryptographic authentication and built-in economic incentives, providing a privacy-first substrate for secure, community-governed communication networks. Full article

Privacy-preserving machine learning (PPML) constitutes a core element of responsible AI by supporting model training and inference without exposing sensitive information. This survey presents a comprehensive examination of the major cryptographic PPML techniques and introduces a unified taxonomy covering technical models, verification criteria, and evaluation dimensions. The study consolidates findings from both survey and experimental works using structured comparison tables and emphasizes that recent research increasingly adopts hybrid and verifiable PPML designs. In addition, we map PPML applications across domains such as healthcare, finance, Internet of Things (IoT), and edge systems, indicating that cryptographic approaches are progressively transitioning from theoretical constructs to deployable solutions. Finally, the survey outlines emerging trends—including the growth of zero-knowledge proofs (ZKPs)-based verification and domain-specific hybrid architectures—and identifies practical considerations that shape PPML adoption in real systems. Full article

The rapid proliferation of Electric Vehicle (EV) infrastructures has led to the massive generation of high-frequency streaming data uploaded to cloud platforms for real-time analysis, while such data supports intelligent energy management and behavioral analytics, it also encapsulates sensitive user information, the disclosure or misuse of which can lead to significant privacy and security threats. This work addresses these challenges by developing a secure and scalable scheme for protecting and verifying streaming data during storage and collaborative analysis. The proposed scheme ensures end-to-end confidentiality, forward security, and integrity verification while supporting efficient encrypted aggregation and fine-grained, time-based authorization. It introduces a lightweight mechanism that hierarchically organizes cryptographic keys and ciphertexts over time, enabling privacy-preserving queries without decrypting individual data points. Building on this foundation, an electric vehicle key management and query system is further designed to integrate the proposed encryption and verification scheme into practical V2X environments. The system supports privacy-preserving data sharing, verifiable statistical analytics, and flexible access control across heterogeneous cloud and edge infrastructures. Analytical and experimental evidence show that the designed system attains rigorous security guarantees alongside excellent efficiency and scalability, rendering it ideal for large-scale electric vehicle data protection and analysis tasks. Full article

With the rapid development of geological blockchains and Internet of Things-based data acquisition technologies, massive amounts of heterogeneous data are constantly emerging. However, this data is stored in a distributed manner across different organizational or business blockchains. Data sharing among multiple geological blockchains faces numerous challenges, either exposing sensitive data during verification or lacking effective authorization mechanisms. Therefore, how to achieve fine-grained access control and privacy protection across multiple blockchains has become a critical issue that must be addressed in geological data sharing. In this paper, we propose GeoCross, a cross-chain geological data sharing framework that enables fine-grained authorization management and privacy protection. First, GeoCross provides a hierarchical hybrid encryption mechanism that uses symmetric encryption for geological data protection and ciphertext-policy attribute-based encryption to enable flexible cross-chain access policies. Second, we integrate a Groth16-based zero-knowledge proof mechanism, which allows a chain to verify the existence, integrity, and accessibility of off-chain data without revealing the content. Furthermore, we introduce a Reputation-based Non-interactive Relay node Selection protocol (RNRS), which enhances the trustworthiness and fairness of cross-chain routing. Finally, we implement GeoCross in a multi-chain Hyperledger Fabric environment and evaluate its performance under real-world workloads. Results show that Groth16 verification requires only three bilinear pairings, achieving a throughput of up to 390 tps on a single chain and 1550 tps in a concurrent multi-chain environment. Even with 50% malicious nodes, the RNRS protocol still maintains a success rate of over 91%. These results demonstrate that GeoCross provides an efficient and practical solution for secure and privacy-preserving cross-chain geological data sharing. Full article

Because of the advancement of IT, cross-domain environments have emerged where independent clouds with different security policies share data. However, sharing data between clouds with heterogeneous security levels is a challenging task, and most existing access control schemes focus on a single cloud domain. Among various access control models, RBAC is suitable for cross-domain data sharing, but existing RBAC schemes cannot provide strong role privacy and do not support freshness in role verification, so they are vulnerable to replay-based misuse of credentials. In this paper, we propose an RBAC scheme for cross-domain cloud environments based on a hash-chain-augmented zk-SNARK and identity-based signatures. The TA issues IBS-based role signing keys to users, and the user proves, through a zk-SNARK circuit, that there exists a valid role signing key satisfying the access policy without revealing the concrete role information to the CDS. In addition, a synchronized hash chain between the user and the CDS is embedded into the proof so that each proof is tied to the current hash-chain state and any previously used proof fails verification when replayed. We formalize role privacy, replay resistance, and MitM resistance in the cross-domain setting and analyze the proposed scheme by comparing it with Saxena and Alam’s I-RBAC, Xu et al.’s RBAC, MO-RBE, and PE-RBAC. The security analysis shows that the proposed scheme achieves robust role privacy against both the CDS and external attackers and prevents replay and man-in-the-middle attacks. Furthermore, the computational cost evaluation based on the number of pairing, exponentiation, point addition, and hash operations confirms that the verifier-side overhead remains comparable to existing schemes, while the additional prover cost is the price for achieving stronger privacy and security. Therefore, the proposed scheme can be applied to cross-domain cloud systems that require secure and privacy-preserving role verification, such as military, healthcare, and government cloud infrastructures. Full article

In light of the rapid advancement of information technology, data privacy and security have emerged as critical societal concerns. There is an urgent need for the effective implementation of data access control and traceability mechanisms regarding the management of sensitive information.To address this issue, this paper presents an efficient traceable Oblivious Transfer with Access Control (AC-TOT) scheme that integrates traceability and access control mechanisms, with its core design rooted in cryptographic symmetry principles—specifically leveraging the symmetric properties of bilinear pairings to achieve consistent bidirectional verification of security parameters between protocol participants. Our scheme could ensure that only authorized users can access services from the server in a privacy-preserving manner, with the server being aware solely of the number of accessible services while remaining oblivious to their specific content. Furthermore, the scheme permits recipients to access services without undergoing identity verification, thereby mitigating the risk of personal information disclosure. The security analysis demonstrates that the proposed scheme effectively prevents user abuse and enables the sender to trace improper behaviors. Full article

The large-scale deployment of distributed devices in the Internet of Things (IoT) brings urgent demands for secure, scalable, and lightweight identity authentication. For example, virtual power plants integrate numerous heterogeneous energy terminals to support grid dispatch and market operations, while posing challenges such as real-time access, resource constraints, and identity privacy protection. To address these challenges, this paper proposes NIABIAuth, a non-interactive attribute binding identity authentication protocol for IoT terminals. NIABIAuth supports dynamic challenge computation and binds cryptographic identity proofs with terminal attributes, enabling fine-grained and privacy preserving access control. By storing identity credentials and verification records on the chain, this protocol ensures traceability and tamper resistance. Experiments demonstrate that NIABIAuth maintains low authentication latency and is consistent throughput, even under constrained conditions. Compared with baseline methods, NIABIAuth achieves substantial reductions in communication and computation cost. The proposed NIABIAuth was formally verified using the AVISPA tool, which proved that it could resist common attacks, including replay attacks, man-in-the-middle attacks, etc. A large number of simulation experiments have demonstrated that the proposed protocol can provide real-time identity authentication for Internet of Things terminals. Full article

Frequent data sharing in Vehicular Ad Hoc Networks (VANETs) necessitates a robust foundation of secure access control to ensure data security. Existing ciphertext-policy attribute-based encryption schemes are constrained by the performance bottleneck of a single attribute authority. Furthermore, although many schemes adopt outsourced decryption, the verifiability of the decryption results is not guaranteed. Therefore, this paper proposes a Symmetrically Verifiable Outsourced Decryption Data Sharing Scheme with Privacy-Preserving for VANETs (VODDS). To balance the computational overhead across multiple authorities, VODDS introduces a distributed key distribution mechanism that organizes them into groups. Within each group, the key distribution credential is generated through a Group Key Agreement, with each round secured by a Byzantine consensus mechanism to achieve a balance between security and efficiency. User identities are converted into anonymous representations via hashing for embedding into the attribute keys. Furthermore, blockchain technology is used to record a hash commitment for the verification ciphertext. This enables the user to verify the outsourced result through a smart contract, which performs a symmetrical verification by matching the user’s locally computed hash against the on-chain record. Moreover, VODDS employs a linear secret sharing scheme to achieve policy hiding. We provide security analysis under the q-parallel Bilinear Diffie–Hellman Exponent and Decisional Diffie–Hellman assumptions, which proves the security of VODDS. In addition, VODDS exhibits higher efficiency compared to related schemes in the performance evaluation. Full article

One-Time Passwords (OTPs) are a core component of multi-factor authentication in banking, e-commerce, and digital platforms. However, conventional delivery channels such as SMS and email are increasingly vulnerable to SIM-swap fraud, phishing, spoofing, and session hijacking. This study proposes an end-to-end mobile authentication architecture that integrates a permissioned Hyperledger Fabric blockchain for tamper-evident identity management, an AI-driven risk engine for behavioral and SIM-swap anomaly detection, Zero-Knowledge Proofs (ZKPs) for privacy-preserving verification, and geolocation-bound OTP validation for contextual assurance. Hyperledger Fabric is selected for its permissioned governance, configurable endorsement policies, and deterministic chaincode execution, which together support regulatory compliance and high throughput without the overhead of cryptocurrency. The system is implemented as a set of modular microservices that combine encrypted off-chain storage with on-chain hash references and smart-contract–enforced policies for geofencing and privacy protection. Experimental results show sub-0.5 s total verification latency (including ZKP overhead), approximately 850 transactions per second throughput under an OR-endorsement policy, and an F1-score of 0.88 for SIM-swap detection. Collectively, these findings demonstrate a scalable, privacy-centric, and interoperable solution that strengthens OTP-based authentication while preserving user confidentiality, operational transparency, and regulatory compliance across mobile network operators. Full article

As electric vehicles (EVs) gain popularity, the existing public charging infrastructure is struggling to keep pace with the rapidly growing demand for the immediate charging needs of EVs. V2V power trading has gradually attracted widespread attention and development. EVs need to transmit sensitive information, such as transaction plans, through communication entities in the Internet of Vehicles (IoV). This could lead to leaks of sensitive information, thereby threatening the fairness of transactions. In addition, due to the differences in the cryptographic systems of entities, communication between entities faces challenges. Therefore, a privacy-preserving scheme for V2V double auction power trading based on heterogeneous signcryption and IoV is proposed. Firstly, a heterogeneous signcryption algorithm is designed to realize secure communication from certificateless cryptography to identity-based cryptography. Secondly, the scheme employs a pseudonym mechanism to protect the real identities of EVs. Furthermore, a verification algorithm is designed to verify the information sent by EVs and ensure the traceability and revocation of malicious EVs. The theoretical analysis shows that the proposed scheme could serve common security functions, and the experiment demonstrates that the proposed scheme reduces communication costs by about 14.56% and the computational cost of aggregate decryption by 80.51% compared with other schemes in recent years. Full article

Cloud storage uses proofs of ownership to avoid redundant uploads while keeping file contents secret. Many existing schemes need extra round trips, or rely on predictable sampling. These choices reduce security when an adversary knows part of the file. We present MiS-PoW, a zero knowledge and non-interactive proof of ownership. The protocol derives a synchronized challenge seed from the existing HTTPS/TLS session. The seed binds a discretized time window and the file identifier. Both parties compute the same challenges locally, and the protocol adds no new messages. MiS-PoW samples blocks with a stratified policy without duplicates. The policy enforces coverage across partitions and reduces the advantage of contiguous knowledge and near duplicate files. The proof layer uses STARKs with simple AIR constraints. The constraints check that indices come from the seed, lie in range, are unique, and meet per partition counts. We analyze security and show seed unpredictability, resistance to replay, and bounds under partial knowledge with limited grinding. A prototype shows that verification time does not grow with file size, and proof and bandwidth costs remain modest. MiS-PoW is deployable, privacy preserving, and scalable for cloud storage. Full article

Blockchain technologies offer transformative potential in terms of addressing the security, trust, and identity management issues that exist in large-scale Internet of Things (IoT) deployments. This narrative review provides a comprehensive survey of various studies, focusing on decentralized identity management, trust mechanisms, smart contracts, privacy preservation, and real-world IoT applications. According to the literature, blockchain-based solutions provide robust authentication through mechanisms such as Physical Unclonable Functions (PUFs), enhance transparency via smart contract-enabled reputation systems, and significantly mitigate vulnerabilities, including single points of failure and Sybil attacks. Smart contracts enable secure interactions by automating resource allocation, access control, and verification. Cryptographic tools, including zero-knowledge proofs (ZKPs), proxy re-encryption, and Merkle trees, further improve data privacy and device integrity. Despite these advantages, challenges persist in areas such as scalability, regulatory and compliance issues, privacy and security concerns, resource constraints, and interoperability. By reviewing the current state-of-the-art literature, this review emphasizes the importance of establishing standardized protocols, performance benchmarks, and robust regulatory frameworks to achieve scalable and secure blockchain-integrated IoT solutions, and provides emerging trends and future research directions for the integration of blockchain technology into the IoT ecosystem. Full article