Search Results (168)

In the deep integration process between digital infrastructure and new economic forms, structural imbalance between the evolution rate of cloud storage technology and the growth rate of data-sharing demands has caused systemic security vulnerabilities such as blurred data sovereignty boundaries and nonlinear surges in privacy leakage risks. Existing academic research indicates current proxy re-encryption schemes remain insufficient for cloud access control scenarios characterized by diversified user requirements and personalized permission management, thus failing to fulfill the security needs of emerging computing paradigms. To resolve these issues, a revocable attribute-based proxy re-encryption scheme supporting policy-hiding is proposed. Data owners encrypt data and upload it to the blockchain while concealing attribute values within attribute-based encryption access policies, effectively preventing sensitive information leaks and achieving fine-grained secure data sharing. Simultaneously, proxy re-encryption technology enables verifiable outsourcing of complex computations. Furthermore, the SM3 (SM3 Cryptographic Hash Algorithm) hash function is embedded in user private key generation, and key updates are executed using fresh random factors to revoke malicious users. Ultimately, the scheme proves indistinguishability under chosen-plaintext attacks for specific access structures in the standard model. Experimental simulations confirm that compared with existing schemes, this solution delivers higher execution efficiency in both encryption/decryption and revocation phases. Full article

Provable data possession (PDP) is a technique that enables the verification of data integrity in cloud storage without the need to download the data. PDP schemes are generally categorized into public and private verification. Public verification allows third parties to assess the integrity of outsourced data, offering good openness and flexibility, but it may lead to privacy leakage and security risks. In contrast, private verification restricts the auditing capability to the data owner, providing better privacy protection but often resulting in higher verification costs and operational complexity due to limited local resources. Moreover, most existing PDP schemes are based on classical number-theoretic assumptions, making them vulnerable to quantum attacks. To address these challenges, this paper proposes an identity-based PDP with a designated verifier over lattices, utilizing a specially leveled identity-based fully homomorphic signature (IB-FHS) scheme. We provide a formal security proof of the proposed scheme under the small-integer solution (SIS) and learning with errors (LWE) within the random oracle model. Theoretical analysis confirms that the scheme achieves security guarantees while maintaining practical feasibility. Furthermore, simulation-based experiments show that for a 1 MB file and lattice dimension of n = 128, the computation times for core algorithms such as TagGen, GenProof, and CheckProof are approximately 20.76 s, 13.75 s, and 3.33 s, respectively. Compared to existing lattice-based PDP schemes, the proposed scheme introduces additional overhead due to the designated verifier mechanism; however, it achieves a well-balanced optimization among functionality, security, and efficiency. Full article

The rapid expansion of blockchain-based digital asset trading raises new challenges in security, privacy, and efficiency. Although traditional attribute-based encryption (ABE) provides fine-grained access control, it imposes considerable computational overhead and introduces additional vulnerabilities when decryption is outsourced. To address these limitations, we present EBODS, an efficient outsourced decryption framework that combines an optimized ABE scheme with a decentralized blockchain layer. By applying policy matrix optimization and leveraging edge decryption servers, EBODS reduces the public key size by 8% and markedly accelerates computation. Security analysis confirms the strong resistance of EBODS to collusion attacks, making it suitable for resource-constrained digital asset platforms. Full article

We propose a new framework for compile-time ciphertext synthesis in fully homomorphic encryption (FHE) systems. Instead of invoking encryption algorithms at runtime, our method synthesizes ciphertexts from precomputed encrypted basis vectors using only homomorphic additions, scalar multiplications, and randomized encryptions of zero. This decouples ciphertext generation from encryption and enables efficient batch encoding through algebraic reuse. We formalize this technique as a randomized module morphism and prove that it satisfies IND-CPA security. Our proof uses a hybrid game framework that interpolates between encrypted vector instances and reduces the adversarial advantage to the indistinguishability advantage of the underlying FHE scheme. This reduction structure captures the security implications of ciphertext basis reuse and structured noise injection. The proposed synthesis primitive supports fast, encryption-free ingestion in outsourced database systems and other high-throughput FHE pipelines. It is compatible with standard FHE APIs and preserves layout semantics for downstream homomorphic operations. Full article

Cloud computing has witnessed rapid growth and notable technological progress in recent years. Nevertheless, it is still regarded as being in its early developmental phase, with substantial potential remaining to be explored—particularly through integration with emerging technologies such as the Metaverse, Augmented Reality (AR), and Virtual Reality (VR). As the number of service users increases, so does the demand for computational resources, leading data owners to outsource processing tasks to remote cloud servers. The internet-based delivery of cloud computing services consequently expands the attack surface and impacts the trust relationship between the service user and the service provider. To address these challenges, this study proposes a restricted access control framework based on homomorphic encryption (HE) and identity-based encryption (IBE) mechanisms. A formal analysis of the proposed model is also conducted under an unauthenticated communication model. Simulation results indicate that the proposed approach achieves a 20–40% reduction in encryption and decryption times, respectively, compared with existing state-of-the-art homomorphic encryption schemes. The simulation was performed using a 2048-bit key and data size, consistent with current industry standards, to improve key management efficiency. Additionally, the role-based hierarchy was implemented in a Salesforce cloud environment to ensure secure and restricted access control. Full article

This paper presents Sillcom, a high-performance secure indoor localization scheme designed to minimize both communication and computational costs while preserving participants’ privacy. Unlike existing privacy-preserving indoor localization techniques, which suffer from high computational overhead and excessive communication, Sillcom integrates replicated secret sharing and function secret sharing in an outsourcing model to achieve significantly lower online communication overhead. A multi-branch tree structure and multi-thread parallelism further optimize both the offline and online phases. Experimental results demonstrate that Silcom outperforms the state-of-the-art online-efficient scheme FAPRIL, reducing online communication by a factor of 15 and end-to-end query time by 75%. Full article

Cloud computing is widely used by organizations and individuals to outsource computation and data storage. With the growing adoption of machine learning as a service (MLaaS), machine learning models are being increasingly deployed on cloud platforms. However, operating MLaaS on the cloud raises significant privacy concerns, particularly regarding the leakage of sensitive personal data and proprietary machine learning models. This paper proposes a privacy-preserving decision tree (PPDT) framework that enables secure predictions on sensitive inputs through homomorphic matrix multiplication within a three-party setting involving a data holder, a model holder, and an outsourced server. Additionally, we introduce a leaf node pruning (LNP) algorithm designed to identify and retain the most informative leaf nodes during prediction with a decision tree. Experimental results show that our approach reduces prediction computation time by approximately 85% compared to conventional protocols, without compromising prediction accuracy. Furthermore, the LNP algorithm alone achieves up to a 50% reduction in computation time compared to approaches that do not employ pruning. Full article

Unmanned aerial vehicle networks (UAVNs) are widely used to collect various location-related data, with applications ranging from military reconnaissance to the low-altitude economy. Data security and privacy are critical concerns when outsourcing location-related data to a public cloud. To alleviate these concerns, location-related data are encrypted before outsourcing to the public cloud. However, encryption decreases the operability of the outsourced encrypted data; thus, unmanned aerial vehicles cannot operate on the encrypted data directly. Among operations on encrypted location-related data, the forward-secure range query is one of the most fundamental operations. In this paper, we present a forward-secure range query based on spatial division to achieve a highly efficient range query on encrypted location-related data while preserving both data security and privacy. Specifically, various space-filling curves were experimentally investigated for both the range query and the k-nearest-neighbor query. Then, a forward-secure range query (namely, OSFC-FSQ) was constructed on an encrypted dual dictionary. The proposed scheme was evaluated on real-world datasets, and the results show that it outperforms state-of-the-art schemes in terms of accuracy and query time in the cloud. Full article

Homomorphic encryption is an important means for cloud computing to ensure information security when outsourcing data. Among them, threshold fully homomorphic encryption (ThFHE) is a key enabler for homomorphic encryption and, from a wider perspective, secure distributed computing. However, current ThFHE schemes are unsatisfactory in terms of security and efficiency. In this paper, a novel ThFHE is proposed for the first time based on an NTRU-based GSW-like scheme of symmetric encryption—Th-S-NGS scheme. Additionally, the threshold structure is realized by combining an extended version of the linear integer secret sharing scheme such that the scheme requires a predetermined number of parties to be online, rather than all the parties being online. The Th-S-NGS scheme is not only more attractive in terms of ciphertext size and computation time for homomorphic multiplication, but also does not need re-linearization after homomorphic multiplication, and thus does not require the computing key, which can effectively reduce the communication burden in the scheme and thus simplify the complexity of the scheme. Full article

Multi-key homomorphic encryption is widely applied into outsourced computing and privacy-preserving applications in multi-user scenarios. However, the existence of Common Random Strings (CRSs) weakens the ability of users to independently generate public keys, and it is difficult to implement in decentralized systems or scenarios with low trust requirements. In order to reduce excessive reliance on public parameters, a multi-key homomorphic encryption scheme without pre-setting CRSs is proposed based on a distributed key generation protocol. The proposed scheme does not require the pre-generation and distribution of CRSs, which enhances the security and decentralization of the scheme. Furthermore, in order to further protect the plaintext privacy from each user, by embedding the specified target user into the ciphertext, this paper proposes an enhanced multi-key homomorphic encryption scheme that allows the target user to decrypt. Finally, this paper applies the proposed lattice-based multi-key homomorphic encryption scheme into the data submission stage of the perceived users, and thereby proposes a crowd-sensing scheme with privacy preservation. Full article

By leveraging Internet of Things (IoT) technology, patients can utilize medical devices to upload their collected personal health records (PHRs) to the cloud for analytical processing or transmission to doctors, which embodies smart health systems and greatly enhances the efficiency and accessibility of healthcare management. However, the highly sensitive nature of PHRs necessitates efficient and secure transmission mechanisms. Revocable and verifiable attribute-based encryption (ABE) enables dynamic fine-grained access control and can verify the integrity of outsourced computation results via a verification tag. However, most existing schemes have two vital issues. First, in order to achieve the verifiable function, they need to execute the secret sharing operation twice during the encryption process, which significantly increases the computational overhead. Second, during the revocation operation, the verification tag is not updated simultaneously, so revoked users can infer plaintext through the unchanged tag. To address these challenges, we propose a revocable ABE scheme with efficient and secure verification, which not only reduces local computational load by optimizing the encryption algorithm and outsourcing complex operations to the cloud server, but also updates the tag when revocation operation occurs. We present a rigorous security analysis of our proposed scheme, and show that the verification tag retains its verifiability even after being dynamically updated. Experimental results demonstrate that local encryption and decryption costs are stable and low, which fully meets the real-time and security requirements of smart health systems. Full article

Effective anomaly detection is essential for realizing modern and secure industrial control systems. However, the direct integration of anomaly detection within such a system is complex due to the wide variety of hardware used, different communication protocols, and given industrial requirements. Many components of an industrial control system allow direct integration, while others are designed as closed systems or do not have the required performance. At the same time, the effective usage of available resources and the sustainable use of energy are more important than ever for modern industry. Therefore, in this paper, we present a modular and hybrid concept that enables the integration of efficient and effective anomaly detection while optimising the use of available resources under consideration of industrial requirements. Because of the modular and hybrid properties, many functionalities can be outsourced to the respective devices, and at the same time, additional hardware can be integrated where required. The resulting flexibility allows the seamless integration of complete anomaly detection into existing and legacy systems without the need for expensive centralised or cloud-based solutions. Through a detailed evaluation within an industrial unit, we demonstrate the performance and versatility of our concept. Full article

Threshold Multi-Party Private Set Intersection (TMP-PSI) is a cryptographic protocol that enables an element from the receiver’s set to be included in the intersection result if it appears in the sets of at least $t-1$ other participants, where t represents the threshold. This protocol is crucial for a variety of applications, such as anonymous electronic voting, online ride-sharing, and close-contact tracing programs. However, most existing TMP-PSI schemes are designed based on threshold homomorphic encryption, which faces significant challenges, including low computational efficiency and a high number of communication rounds. To overcome these limitations, this study introduces the Threshold Oblivious Pseudo-Random Function (tOPRF) to fulfill the requirements of threshold encryption and decryption. Additionally, we extend the concept of the Oblivious Programmable Pseudo-Random Function (OPPRF) to develop a novel cryptographic primitive termed the Partially OPPRF (P-OPPRF). This new primitive retains the critical properties of obliviousness and randomness, along with the security assurances inherited from the OPPRF, while also offering strong resistance against malicious adversaries. Leveraging this primitive, we propose the first malicious-secure TMP-PSI protocol, named QMP-PSI, specifically designed for applications like anonymous electronic voting systems. The protocol effectively counters collusion attacks among multiple parties, ensuring robust security in multi-party environments. To further enhance voting efficiency, this work presents a cloud-assisted QMP-PSI to outsource the computationally intensive phases. This ensures that the computational overhead for participants is solely dependent on the set size and statistical security parameters, thereby maintaining security while significantly reducing the computational burden on voting participants. Finally, this work validates the protocol’s performance through extensive experiments under various set sizes, participant numbers, and threshold values. The results demonstrate that the protocol surpasses existing schemes, achieving state-of-the-art (SOTA) performance in communication overhead. Notably, in small-scale voting scenarios, it exhibits exceptional performance, particularly when the threshold is small or close to the number of participants. Full article

The proliferation of numerous portable mobile devices has made mobile crowd-sensing (MCS) systems a promising new trend. Traditional MCS systems typically outsource sensing tasks to the data aggregator (e.g., cloud server). They collect and analyze the provided sensing data through an appropriate truth discovery (TD) method to identify valuable data sets. However, existing privacy-preserving MCS systems lack transparency, enabling data aggregators to deviate from the specified protocols and allowing malicious users to provide false or invalid sensing data, thereby contaminating the resulting data sets. The lack of transparency and public verifiability in MCS systems undermines widespread adoption by preventing data requesters from confidently verifying data integrity and accuracy. To address this issue, we propose a transparent and privacy-preserving mobile crowd-sensing system with truth discovery (TP-MCS) constructed using zero-knowledge proof (ZKP) and the Merkle commitment tree. This scheme enables data requesters to effectively verify the correctness of the truth discovery service while ensuring data privacy. Furthermore, theoretical analysis and extensive experiments demonstrate that this scheme is secure and efficient. Full article

This study presents a decentralised ciphertext-policy attribute-based encryption (CP-ABE) scheme designed for secure and efficient access control in resource-constrained Internet-of-Things (IoT) environments. By utilising multi-authority architecture and outsourced computation, the scheme enhances scalability, simplifies key management by eliminating reliance on a certificate authority (CA), and ensures data confidentiality through randomised proxy keys. It is particularly suited for multi-scenario IoT applications involving information sharing, such as smart cities or industrial automation in strategic alliances or conglomerates. Demonstrating security against chosen-plaintext attacks under the decisional bilinear Diffie–Hellman assumption, the scheme offers a practical and scalable solution for decentralised access control. Full article