Search Results (152)

In 1994, P. Shor discovered quantum algorithms that can break both the RSA cryptosystem and the ElGamal cryptosystem. In 2007, D-Wave demonstrated the first quantum computer. These events and further developments have brought a crisis to secret communication. In 2016, the National Institute of Standards and Technology (NIST) launched a global project to solicit and select a handful of encryption algorithms with the ability to resist quantum computer attacks. In 2022, it announced four candidates, CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and Sphincs+, for post-quantum cryptography standards. The first three are based on lattice theory and the last on a hash function. The security of lattice-based cryptosystems relies on the computational complexity of the shortest vector problem (SVP), the closest vector problem (CVP), and their generalizations. As we will explain, the SVP is a ball-packing problem, and the CVP is a ball-covering problem. Furthermore, both the SVP and CVP are equivalent to arithmetic problems for positive definite quadratic forms. This paper will briefly describe the mathematical problems on which lattice-based cryptography is built so that cryptographers can extend their views and learn something useful. Full article

As a non-contact identification technology, RFID (Radio Frequency Identification) is widely used in various Internet of Things applications. However, RFID systems are highly vulnerable to diverse attacks due to the openness of communication links between readers and tags, leading to serious security and privacy concerns. Numerous RFID authentication protocols have been designed that employ hash functions and symmetric cryptography to secure communications. Despite these efforts, such schemes generally exhibit limitations in key management flexibility and scalability, which significantly restricts their applicability in large-scale RFID deployments. Confronted with this challenge, public key cryptography offers an effective solution. Taking into account factors such as parameter size, computational complexity, and resistance to quantum attacks, the NTRU algorithm emerges as one of the most promising choices. Since the NTRU signature algorithm is highly complex and requires large parameters, there are currently only a few NTRU encryption-based RFID authentication protocols available, all of which exhibit significant security flaws—such as supporting only one-way authentication, failing to address public key distribution, and so on. Moreover, performance evaluations of the algorithm in these contexts are often incomplete. This paper proposes a mutual authentication protocol for RFID based on the NTRU encryption algorithm to address security and privacy issues. The security of the protocol is analyzed using the BAN-logic tools and some non-formalized methods, and it is further validated through simulation with the AVISPA tool. With the parameter set (N, p, q) = (443, 3, 2048), the NTRU algorithm can provide 128 bits of post-quantum security strength. This configuration not only demonstrates greater foresight at the theoretical security level but also offers significant advantages in practical energy consumption and computation time when compared to traditional algorithms such as ECC, making it a highly competitive candidate in the field of post-quantum cryptography. Full article

Cybersecurity threats are evolving constantly, and the arrival of quantum computing raises serious doubts about whether today’s cryptographic methods will hold up over time. This concern has motivated interest in algorithms designed to resist future attacks, with CRYSTALS-Kyber emerging as a practical candidate and forming the basis of an NIST post-quantum standard. This study focuses on protecting data exchanged between a vehicle sensor suite and cloud services over the Message Queuing Telemetry Transport protocol. Performance must remain acceptable; therefore, attention centers on lightweight and efficient execution while leveraging the board’s hardware capabilities to keep latency and resource usage low. Adding this layer of post-quantum encryption helps limit the exposure of critical telemetry and control data to sophisticated adversaries. It also aims to preserve integrity and confidentiality in vehicular communications as the Internet of Things becomes increasingly connected. This approach maintains a practical balance between forward-looking security and real-world deployability. Full article

As a core support for the integration of new energy and smart grids, Vehicle-to-Grid (V2G) networks face a core contradiction between user privacy protection and transaction security traceability—a dilemma that is further exacerbated by issues such as the quantum computing vulnerability of traditional cryptography, cumbersome key management in stateful ring signatures, and conflicts between revocation mechanisms and privacy protection. To address these problems, this paper proposes a post-quantum revocable linkable ring signature scheme based on SPHINCS+, with the following core innovations: First, the scheme seamlessly integrates the pure hash-based architecture of SPHINCS+ with a stateless design, incorporating WOTS+, FORS, and XMSS technologies, which inherently resists quantum attacks and eliminates the need to track signature states, thus completely resolving the state management dilemma of traditional stateful schemes; second, the scheme introduces an innovative “real signature + pseudo-signature polynomially indistinguishable” mechanism, and by calibrating the authentication path structure and hash distribution of pseudo-signatures (satisfying the Kolmogorov–Smirnov test with $D\le 0.05$), it ensures signer anonymity and mitigates the potential risk of distinguishable pseudo-signatures; third, the scheme designs a KEK (Key Encryption Key)-sharded collaborative revocation mechanism, encrypting and storing the $(I,pk,RID)$ mapping table in fragmented form, with KEK split into $KE{K}_1$ (held by the Trusted Authority, TA) and $KE{K}_2$ (held by the regulatory node), with collaborative decryption by both parties required to locate malicious users, thereby resolving the core conflict of privacy leakage in traditional revocation mechanisms; fourth, the scheme generates forward-secure linkable tags based on one-way private key updates and one-time random factors, ensuring that past transactions cannot be traced even if the current private key is compromised; and fifth, the scheme adopts hash commitments instead of complex cryptographic commitments, simplifying computations while efficiently binding transaction amounts to signers—an approach consistent with the pure hash-based design philosophy of SPHINCS+. Security analysis demonstrates that the scheme satisfies the following six core properties: post-quantum security, unforgeability, anonymity, linkability, unframeability, and forward secrecy, thereby providing technical support for secure and anonymous payments in V2G networks in the quantum era. Full article

As smart education evolves, there is an increasing need for the cloud-centric management and sharing of student exercise physiological data gathered through wearable devices in the physical education domain. However, challenges arise in achieving authentication for data sources, ensuring the security of sensitive data, and implementing efficient dynamic access control. Traditional cryptographic schemes face limitations in resisting quantum attacks, authenticating data sources, protecting identity privacy, handling dynamic permission changes, and computational efficiency. To tackle these challenges, we put forward a lattice-based Online/Offline Identity-Based Matchmaking Proxy Re-Encryption (OO-IB-MPRE) scheme. The scheme offers post-quantum security assurances grounded in lattice cryptography (under the LWE/ISIS assumptions); incorporates Identity-Based matchmaking encryption (IB-ME) to realize bidirectional identity matching, which not only enables identity authentication for data sources but also safeguards the sender’s identity privacy from exposure to other entities; leverages Proxy Re-Encryption (PRE) to support dynamic management of access control; and combines online/offline encryption to adapt to resource constrained sensors. The security of the OO-IB-MPRE scheme is verified under standard lattice assumptions to meet the security requirements of semi-selective privacy and authenticity. Performance analysis and experimental validation demonstrate that in comparison to existing lattice-based PRE schemes, the devised scheme shows notable advantages in both space and computational overhead. Therefore, the proposed OO-IB-MPRE offers a secure, efficient, and scalable solution for the sensitive health data in smart physical education. Full article

Face recognition systems are widely used for biometric authentication but face two major problems. First, processing high-resolution images and large databases requires extensive computational time. Second, emerging quantum computers threaten to break the encryption methods that protect stored facial templates. Quantum computers will soon be able to decrypt current security systems, putting biometric data at permanent risk since facial features cannot be changed like passwords. This paper presents a solution that uses quantum computing to speed up face recognition while adding quantum-resistant security. It applies quantum principal component analysis (QPCA) and the SWAP test to reduce the computational complexity and implement lattice-based cryptography, which quantum computers cannot break. Experimental evaluation demonstrates a significant overall speedup with improved accuracy. The proposed framework achieves a significant improvement in performance, provides 125-bit security against quantum attacks and compresses the data storage requirements significantly. These results demonstrate that quantum-enhanced face recognition can solve both the speed and security challenges facing current biometric systems, making it practical for real-world deployment as quantum technology advances. Full article

The Loop-Back Quantum Key Distribution (LB-QKD) protocol establishes a bidirectional architecture in which a single photon travels forth and back through the same optical channel. Unlike conventional one-way schemes such as BB84, Alice performs both state preparation and measurement, while Bob acts as a passive polarization modulator and reflector. This design eliminates detectors at Bob’s side, minimizes synchronization requirements, and enables compact, low-power implementations suitable for quantum-mobile and IoT platforms. An extended three-basis configuration $\{X,Y,Z\}$ is introduced, preserving the simplicity of the two-basis scheme while improving noise tolerance through enhanced orthogonality-based filtering. Analytical modeling shows that the effective protocol error decreases from $E_{\mathrm{protocol}}^{\left(2\right)}=e/2$ to $E_{\mathrm{protocol}}^{\left(3\right)}=e/3$, achieving a 33% improvement in noise resilience. Despite its slightly lower sifting efficiency ($\eta =1/6$), the total information gain reaches $G=0.26$ bits per pulse, maintaining post-sifting throughput comparable to BB84. The protocol doubles the tolerable QBER of conventional QKD, sustaining secure operation up to $22\%$ for two bases and approximately $47.58\%$ for three bases. Its passive, self-verifying architecture enhances resistance to man-in-the-middle, photon-number-splitting, and side-channel attacks, providing a scalable and energy-efficient framework for secure key distribution and authentication in next-generation mobile and distributed quantum networks. Full article

Key agreement protocols based on neural synchronization with Tree Parity Machines (TPMs) offer promising security advantages: they do not rely on trapdoor functions, making them resistant to quantum attacks, and they avoid the need for specialized hardware required by quantum-based schemes. Nevertheless, these protocols face a significant vulnerability: the large number of public message exchanges required for synchronization increases the risk that an attacker, acting as a Man-in-the-Middle, can successfully synchronize their own TPMs with those of the legitimate parties and ultimately recover the shared key. Motivated by the need to reduce this risk, we propose a novel probabilistic protocol that enables two parties to securely estimate the size of the shared key during intermediate steps, without revealing any key material. This estimation allows the protocol to terminate as soon as sufficient key material has been established, thereby reducing the number of synchronization rounds and limiting the opportunity for an attacker to synchronize. We integrate our estimation mechanism into a neural key agreement protocol and evaluate its performance and security, demonstrating improved efficiency and enhanced resistance to attacks compared to existing approaches. Full article

Current private comparison schemes primarily focus on comparing single secret integers using quantum technologies, while the area of private array content comparison remains relatively unexplored. To bridge this gap, we introduce a quantum private array content comparison (QPACC) scheme based on multi-qubit swap test. This scheme integrates rotation operation, quantum homomorphic encryption (QHE), and multi-qubit swap test to facilitate the equality comparison of array contents while ensuring their confidentiality. In our approach, participants encode their array elements into the phases of quantum states using rotation operations, which are then encrypted via QHE. These encrypted quantum states are sent to a semi-honest third party (TP) who decrypts the encoded quantum states and computes the modulus squared sum of the inner products of these decoded quantum states using the multi-qubit swap test, thereby determining the equality relationship of the array contents. To verify the feasibility of the proposed scheme, we conduct a case simulation using IBM Qiskit. Security analysis indicates that the proposed scheme is resistant to quantum attacks (including intercept-resend, entangle-measure, and quantum Trojan horse attacks) from outsider eavesdroppers and attempts by curious participants. Full article

Searchable Encryption (SE) schemes enable data users to securely search over outsourced encrypted data stored in the cloud. To support fine-grained access control, Attribute-Based Encryption with Keyword Search (ABKS) extends SE by associating access policies with user attributes. However, existing ABKS schemes often suffer from limited security and functionality, such as lack of verifiability, vulnerability to collusion, and insider keyword-guessing attacks (IKGA), or inefficiency in multi-authority and post-quantum settings, restricting their practical deployment in real-world distributed systems. In this paper, we propose a verifiable ciphertext-policy multi-authority ABKS (MA-CP-ABKS) scheme based on the Module Learning with Errors (MLWE) problem, which provides post-quantum security, verifiability, and resistance to both collusion and IKGA. Moreover, the proposed scheme supports multi-keyword searchability and forward security, enabling secure and efficient keyword search in dynamic environments. We formally prove the correctness, verifiability, completeness, and security of the scheme under the MLWE assumption against selective chosen-keyword attacks (SCKA) in the standard model and IKGA in the random oracle model. The scheme also maintains efficient computation and manageable communication overhead. Implementation results confirm its practical performance, demonstrating that the proposed MA-CP-ABKS scheme offers a secure, verifiable, and efficient solution for multi-organizational cloud environments. Full article

As quantum computing continues to advance, it threatens the long-term protection of traditional cryptographic methods, especially in biometric authentication systems where it is important to protect sensitive data. To overcome this challenge, we present a comprehensive, privacy-preserving framework for multimodal biometric authentication that can easily integrate any two binary-encoded modalities through feature-level fusion, ensuring that all sensitive information remains encrypted under a CKKS-based homomorphic encryption scheme resistant to both classical and quantum-enabled attacks. To demonstrate its versatility and effectiveness, we apply this framework to the retinal vascular patterns and palm vein features, which are inherently spoof-resistant and particularly well suited to high-security applications. This method not only ensures the secrecy of the combined biometric sample, but also enables the complete assessment of recognition performance and resilience against adversarial attacks. The results show that our approach provides protection against threats such as data leakage and replay attacks while maintaining high recognition performance and operational efficiency. These findings demonstrate the feasibility of integrating multimodal biometrics with post-quantum cryptography, giving a strong, privacy-oriented authentication solution suitable for mission-critical applications in the post-quantum era. Full article

The increasing adoption of electric vehicles (EVs) and the integration of 5G/6G networks are driving the demand for secure, intelligent, and interoperable charging infrastructure within the Internet of Vehicles (IoV) ecosystem. Electric Vehicle Charging Stations (EVCS) face growing cyber–physical threats, including spoofing, data injection, and firmware tampering, risking user privacy, grid stability, and EVCS reliability. While artificial intelligence (AI), blockchain, and cryptography have been applied in cybersecurity, comprehensive solutions tailored to EVCS challenges, such as real-time threat mitigation and scalability, are often lacking. This paper addresses these critical cybersecurity gaps by presenting a comprehensive overview of novel strategies for enhancing EVCS security through the Internet of Digital Twins (IoDT) technology. The primary objective is to evaluate advanced frameworks that synergize digital twins with artificial intelligence, blockchain, and quantum-resistant cryptography. Through systematic literature analysis, global threat assessments, and review of international standards, this study identifies key attack vectors and their impacts on EVCS. Key findings demonstrate that digital twin-driven solutions facilitate real-time monitoring, anomaly detection, predictive threat mitigation, and secure system governance. This review offers actionable insights for researchers, industry stakeholders, and policymakers to strengthen the cybersecurity and resilience of next-generation electric mobility infrastructure, addressing challenges like scalability and implementation barriers. Full article

Zero-trust security and federated learning have emerged as promising paradigms for edge computing, yet existing solutions struggle to balance security, privacy, and performance requirements effectively. This paper presents ZT-IoTrust, a zero-trust framework that integrates device-specific trust evaluation with quantum-resistant security mechanisms for secure IoT access control. The framework incorporates several key innovations: quantum-resistant cryptographic protocols based on lattice problems for long-term security, a dynamic federated trust evaluation system that continuously assesses individual IoT device behaviors, and an adaptive access control architecture that implements continuous verification principles while maintaining efficiency for resource-constrained environments. Experimental evaluation on CICIDS2017 and KDD Cup 1999 datasets demonstrates effectiveness across network-layer security metrics, achieving a 92.5% attack detection rate with 1.2% false positives and 0.5% privacy leakage. The device-specific trust evaluation mechanism achieves 93.0% accuracy within 12 federation rounds while maintaining 98.8% reliability under high concurrent loads. Performance analysis shows robust scalability, with response times remaining under 125 ms and throughput reaching 1250 requests per second as the system scales from 5 to 20 nodes. These results establish ZT-IoTrust as a practical solution for implementing zero-trust security in IoT environments, effectively balancing continuous verification with system performance requirements. Full article

This paper proposes a post-quantum secure key agreement protocol tailored for vehicular networks (V2X), addressing the dual challenges of quantum resistance and lightweight deployment. The hybrid scheme integrates two lattice-based Key Encapsulation Mechanisms (KEMs)—Kyber and Saber—to construct a dual-path handshake framework that enhances cryptographic redundancy and ensures robustness against quantum attacks. The protocol achieves secure and authenticated key exchange through RSU public-key broadcasting, OBU dual-path encapsulation, and session-key derivation using HMAC and timestamps. To support efficient execution in embedded vehicular environments, several algorithm-level optimizations are incorporated, including Number Theoretic Transform (NTT) acceleration for Kyber, AVX2-based parallelism for Saber, and integer inner-product techniques to minimize computational overhead. Experimental validation on a Veins + SUMO vehicular simulation platform demonstrates that the proposed protocol reduces handshake latency by nearly 60% compared with RSA, achieves delay performance comparable to ECDH, and lowers total resource consumption by around 40%. These results confirm that the Kyber + Saber hybrid protocol provides a practical, scalable, and quantum-resistant solution for secure V2X communication in dynamic, resource-constrained, and latency-sensitive environments. Full article

This paper presents a semi-quantum secret sharing (SQSS) protocol based on three-particle W states, designed for efficient and secure secret sharing in quantum-resource-constrained scenarios. In the protocol, a fully quantum-capable sender encodes binary secrets using W, while receivers with limited quantum capabilities reconstruct the secret through collaborative Z basis measurements and classical communication, ensuring no single participant can obtain the complete information independently. The protocol employs a four-state decoy photon technique ($\left\{\right|0⟩,|1⟩,|+⟩,|-⟩\}$) and position randomization, combined with photon number splitting (PNS) and wavelength filtering (WF) technologies, to resist intercept–resend, entanglement–measurement, and double controlled-NOT(CNOT) attacks. Theoretical analysis shows that the detection probability of intercept–resend attacks increases exponentially with the number of decoy photons (approaching 1). For entanglement–measurement attacks, any illegal operation by an attacker introduces detectable quantum state disturbances. Double CNOT attacks are rendered ineffective by the untraceability of particle positions and mixed-basis strategies. Leveraging the robust entanglement of W states, the protocol proves that the mutual information between secret bits and single-participant measurement results is strictly zero, ensuring lossless reconstruction only through authorized collaboration. Full article