Search Results (208)

A fuzzy extractor is a foundational cryptographic component that enables the extraction of reproducible and uniformly random strings from sources with inherent noise, such as biometric traits. Reusable fuzzy extractor guarantees the security of multiple extractions from the same noisy source. In addition, although isogeny-based cryptography has become an important branch in post-quantum cryptography, the study of fuzzy extractors based on isogeny assumptions is still in its early stages and holds much room for improvement. In this paper, we give two reusable fuzzy extractor schemes derived from isogeny-based assumptions: one is based on the linear hidden shift assumption over group actions, while the other is built upon the group-action decisional Diffie–Hellman assumption within the isogeny framework. Both proposed constructions achieve post-quantum security and are capable of correcting a linear proportion of errors. They rely solely on fundamental cryptographic primitives, which ensure simplicity and efficiency. Additionally, the second construction is based on restricted effective group action, which is weaker than the effective group action used in the first construction, thereby offering greater practical applicability. Full article

Cooperative multi-UAV clusters have been widely applied in complex mission scenarios due to their flexible task allocation and efficient real-time coordination capabilities. The Air Command Aircraft (ACA), as the core node within the UAV cluster, is responsible for coordinating and managing various tasks within the cluster. When the ACA undergoes fault recovery, a handover operation is required, during which the ACA must re-authenticate its identity with the UAV cluster and re-establish secure communication. However, traditional, centralized identity authentication and ACA handover mechanisms face security risks such as single points of failure and man-in-the-middle attacks. In highly dynamic network environments, single-chain blockchain architectures also suffer from throughput bottlenecks, leading to reduced handover efficiency and increased authentication latency. To address these challenges, this paper proposes a mathematically structured dual-chain framework that utilizes a distributed ledger to decouple the management of identity and authentication information. We formalize the ACA handover process using cryptographic primitives and accumulator functions and validate its security through BAN logic. Furthermore, we conduct quantitative analyses of key performance metrics, including time complexity and communication overhead. The experimental results demonstrate that the proposed approach ensures secure handover while significantly reducing computational burden. The framework also exhibits strong scalability, making it well-suited for large-scale UAV cluster networks. Full article

The development of information security mechanisms follows a cyclic refinement model: new cryptographic solutions are proposed, their limitations are studied, and improvements are introduced to overcome those limitations. This paper contributes to this process by proposing a blind signature scheme with tunable anonymity, adapted to application-specific requirements. The core of the model is a parameter T that allows the user to balance confidentiality with transparency from the settings and adapt the signature behavior to the particular requirements of a beneficiary. Compared to the models currently used in blind signature protocols, this approach offers improved resistance to brute force attacks and improves security against adaptive and man-in-the-middle threats. Due to the reduced computational power requirements needed to calculate cryptographic primitives, it is usable for devices with power constraints. Being able to be integrated into a blockchain infrastructure, the process supports both persistent and verifiable data records, which gives it flexibility to adapt to different types of decentralized platforms. Full article

This research introduces Fortified-Edge 2.0, a novel authentication framework that addresses critical security and privacy challenges in Physically Unclonable Function (PUF)-based systems for collaborative edge computing (CEC). Unlike conventional methods that transmit full binary Challenge–Response Pairs (CRPs) and risk exposing sensitive data, Fortified-Edge 2.0 employs a machine-learning-driven feature-abstraction technique to extract and utilize only essential characteristics of CRPs, obfuscating the raw binary sequences. These feature vectors are then processed using lightweight cryptographic primitives, including ECDSA, to enable secure authentication without exposing the original CRP. This eliminates the need to transmit sensitive binary data, reducing the attack surface and bandwidth usage. The proposed method demonstrates strong resilience against modeling attacks, replay attacks, and side-channel threats while maintaining the inherent efficiency and low power requirements of PUFs. By integrating PUF unpredictability with ML adaptability, this research delivers a scalable, secure, and resource-efficient solution for next-generation authentication in edge environments. Full article

We propose a new framework for compile-time ciphertext synthesis in fully homomorphic encryption (FHE) systems. Instead of invoking encryption algorithms at runtime, our method synthesizes ciphertexts from precomputed encrypted basis vectors using only homomorphic additions, scalar multiplications, and randomized encryptions of zero. This decouples ciphertext generation from encryption and enables efficient batch encoding through algebraic reuse. We formalize this technique as a randomized module morphism and prove that it satisfies IND-CPA security. Our proof uses a hybrid game framework that interpolates between encrypted vector instances and reduces the adversarial advantage to the indistinguishability advantage of the underlying FHE scheme. This reduction structure captures the security implications of ciphertext basis reuse and structured noise injection. The proposed synthesis primitive supports fast, encryption-free ingestion in outsourced database systems and other high-throughput FHE pipelines. It is compatible with standard FHE APIs and preserves layout semantics for downstream homomorphic operations. Full article

To address the growing threat of quantum computing to classical cryptographic primitives, this study introduces NTRU-MCF, a novel lattice-based signature scheme that integrates multidimensional lattice structures with fractional-order chaotic systems. By extending the NTRU framework to multidimensional polynomial rings, NTRU-MCF exponentially expands the private key search space, achieving a key space size $\ge 2^{256}$ for dimensions $m\ge 2$ and rendering brute-force attacks infeasible. By incorporating fractional-order chaotic masks generated via a hyperchaotic Lü system, the scheme introduces nonlinear randomness and robust resistance to physical attacks. Fractional-order chaotic masks, generated via a hyperchaotic Lü system validated through NIST SP 800-22 randomness tests, replace conventional pseudorandom number generators (PRNGs). The sensitivity to initial conditions ensures cryptographic unpredictability, while the use of a fractional-order L hyperchaotic system—instead of conventional pseudorandom number generators (PRNGs)—leverages multiple Lyapunov exponents and initial value sensitivity to embed physically unclonable properties into key generation, effectively mitigating side-channel analysis. Theoretical analysis shows that NTRU-MCF’s security reduces to the Ring Learning with Errors (RLWE) problem, offering superior quantum resistance compared to existing NTRU variants. While its computational and storage complexity suits high-security applications like military and financial systems, it is less suitable for resource-constrained devices. NTRU-MCF provides robust quantum resistance and side-channel defense, advancing PQC for classical computing environments. Full article

In recent years, many chaos-based encryption algorithms have been proposed. Many of these are based on established designs and populate their S-boxes with values derived from chaotic maps, following conventional implementation strategies to enable comparison with their original non-chaotic counterparts. In contrast, this work proposes a novel approach: a Chaos-Based Substitution Box (CB-SBox) implementation, in which conventional ROM-based S-boxes are replaced by a digital circuit that directly executes a selected chaotic map. This method enables the construction of S-boxes with long word lengths through an FPGA-based programmable circuit that allows for variable S-box lengths, facilitating the analysis of S-boxes of varying sizes, and ultimately enhancing security, particularly for larger S-boxes, as demonstrated by increased resistance to linear and differential cryptanalysis. Furthermore, the proposed CB-SBox achieves reductions in both area and power consumption compared to size-comparable ROM-based S-boxes. A 19-bit chaos-based S-box consumes just 0.0238% of the area and 0.0241% of the power required by an equivalent ROM-implemented S-box while providing the same level of security. The inherent unpredictability of non-linear chaotic behavior causes the proposed chaos-based S-boxes to exhibit non-bijective characteristics, making them well suited for application in non-invertible cryptographic primitives, such as hash functions and Feistel networks. The proposed CB-SBox is implemented in a Feistel network as described in the literature, and the results are provided. Full article

The automotive industry is fully shifting towards autonomous connected vehicles. By advancing vehicles’ intelligence and connectivity, the industry has enabled innovative functions such as advanced driver assistance systems (ADAS) in the direction of driverless cars. Such functions are often referred to as cyber-physical features, since almost all of them require collecting data from the physical environment to make automotive operation decisions and properly actuate in the physical world. However, increased functionalities result in increased complexity, which causes serious security vulnerabilities that are typically a result of mushrooming functionality and hence complexity. In a world where we keep seeing traditional mechanical systems shifting to x-by-wire solutions, the number of connected sensors, processing systems, and communication buses inside the car exponentially increases, raising several safety and security concerns. Because there is no safety without security, car manufacturers start struggling in making lightweight sensor and processing systems while keeping the security aspects a major priority. This article surveys the current technological challenges in securing autonomous vehicles and contributes a cross-layer analysis bridging hardware security primitives, real-world side-channel threats, and redundancy-based fault tolerance in automotive electronic control units (ECUs). It combines architectural insights with an evaluation of commercial support for TrustZone, trusted platform modules (TPMs), and lockstep platforms, offering both academic and industry audiences a grounded perspective on gaps in current hardware capabilities. Finally, it outlines future directions and presents a forward-looking vision for securing sensors and processing systems in the path toward fully safe and connected autonomous vehicles. Full article

Threshold Multi-Party Private Set Intersection (TMP-PSI) is a cryptographic protocol that enables an element from the receiver’s set to be included in the intersection result if it appears in the sets of at least $t-1$ other participants, where t represents the threshold. This protocol is crucial for a variety of applications, such as anonymous electronic voting, online ride-sharing, and close-contact tracing programs. However, most existing TMP-PSI schemes are designed based on threshold homomorphic encryption, which faces significant challenges, including low computational efficiency and a high number of communication rounds. To overcome these limitations, this study introduces the Threshold Oblivious Pseudo-Random Function (tOPRF) to fulfill the requirements of threshold encryption and decryption. Additionally, we extend the concept of the Oblivious Programmable Pseudo-Random Function (OPPRF) to develop a novel cryptographic primitive termed the Partially OPPRF (P-OPPRF). This new primitive retains the critical properties of obliviousness and randomness, along with the security assurances inherited from the OPPRF, while also offering strong resistance against malicious adversaries. Leveraging this primitive, we propose the first malicious-secure TMP-PSI protocol, named QMP-PSI, specifically designed for applications like anonymous electronic voting systems. The protocol effectively counters collusion attacks among multiple parties, ensuring robust security in multi-party environments. To further enhance voting efficiency, this work presents a cloud-assisted QMP-PSI to outsource the computationally intensive phases. This ensures that the computational overhead for participants is solely dependent on the set size and statistical security parameters, thereby maintaining security while significantly reducing the computational burden on voting participants. Finally, this work validates the protocol’s performance through extensive experiments under various set sizes, participant numbers, and threshold values. The results demonstrate that the protocol surpasses existing schemes, achieving state-of-the-art (SOTA) performance in communication overhead. Notably, in small-scale voting scenarios, it exhibits exceptional performance, particularly when the threshold is small or close to the number of participants. Full article

Information security serves as the cornerstone for ensuring the stable development of today’s highly digitized era. As cryptographic primitives with high security and robust encryption capabilities, physical unclonable functions (PUFs) are recognized as one of the critical solutions to address information leakage issues. However, the encoding of PUFs often relies on the inherent properties of materials, which limits the potential for further enhancement of their encoding capacity (EC). In this study, we introduce a four-level encoding scheme by leveraging the stochastic characteristics of free radical chemical reactions and energy deposition in the fabrication process of silicon carbide (SiC) color centers. A multilevel multimodal PUF (MMPUF) encoding strategy (ES) for flexible substrates with high EC, low cost, and simple and fast readout was constructed. The spatially random distribution of SiC and silicon vacancy (V_si) color-center concentrations as well as the offsets of the laser pyrolysis position along the X- and Y-axes are four independent physical properties that ensure the encoding performance of the PUF, achieving a high encoding capacity of 2^4×10×10 and secure, stable, and unclonable encoding. Furthermore, the integration of the PUF tags with the products through a doping manufacturing process, rather than simple attachment, enhances the security and practicality of the anti-counterfeiting system. The proposed encoding hierarchy based on the offsets provides a novel encoding solution for improving PUF EC. Full article

Computing systems grouped in subnets use distributed security models, in general, by creating session keys based on the Diffie–Hellman model, and calculating the necessary parameters for this, on each of the systems. In the particular case of a network of devices heterogeneous in terms of computing power, such as IoT, the modeling of a security system of the entire structure will have to take into account the fact that some devices have a very low computing power. In this sense, starting from the study of some general models, used in structures of this type, an integrated structure was developed to secure communications and test certain vulnerable components, to calculate a degree of risk that they are maliciously intended. The system was developed with a customized mathematical model, a scheme for propagation and management of cryptographic parameters and a test in a real environment by creating the algorithmic model and implementing it within a structure of a beneficiary. Full article

Physical unclonable functions (PUFs) are emerging as highly promising lightweight hardware security primitives that offer novel information security solutions. PUFs capitalize on the intrinsic physical variations within circuits to generate unpredictable responses. Nevertheless, diverse PUF types often encounter difficulties in concurrently fulfilling multiple performance requisites. As is well known, strong PUFs possess significantly larger challenge–response pair (CRP) set sizes. However, they are vulnerable to machine learning (ML) attacks. Conversely, weak PUFs generate responses with superior randomness, yet their CRP sets are inadequate to satisfy the demands of practical applications. This paper presents a newly devised double-latch PUF (DL-PUF) to address this issue. This design significantly enhances both the CRP set size and security performance. The available CRPs of the DL-PUF design can reach up to $2^{64}$, and its robust security features are also demonstrated in this paper. We have implemented this design on twelve 45 nm Xilinx Spartan 6 XC6SLX25 FPGAs. The experimental results indicate that our proposed DL-PUF performs well in terms of reliability, uniqueness, uniformity, and randomness. Additionally, three machine learning algorithms were employed to conduct comprehensive tests on the DL-PUF. The results reveal its excellent resilience against machine learning attacks. Full article

In this paper, we study the performance of second-order compensated measurement to generate a multi-bit response in physically unclonable functions (PUFs). The proposed technique is based on a novel second-order compensated measurement generating multiple bits instead of a single bit provided by the conventional compensated measurement. A PUF based on this technique has been proposed and implemented in 40 Artix-7 FPGAs, and its uniqueness and reproducibility have been compared to those of another PUF using the compensated measurement technique. In addition, we demonstrate that the best trade-off between identifiability and computation time performance is obtained when using only two bits. At the same time, the good performance of the technique has been demonstrated, improving the identifiability of a ring oscillator PUF (RO-PUF) between 70 and 90% compared to a RO-PUF that uses conventional compensated measurement. In particular, equal error rates (EER) of the order of EER∼${10}^{-16}$ can be achieved by combining the sign bit with another bit extracted using the proposed technique; and up to EER∼${10}^{-19}$ by using one more extra bit. In addition, the high reliability of the responses generated by this technique against possible temperature and voltage variations has been proved. These results show how this new technique improves the performance of the PUF in terms of identifiability, so it can be effectively used for device identification purposes. Full article

A group signature scheme allows a user to sign a message anonymously on behalf of a group and provides accountability by using an opening authority who can “open” a signature and reveal the signer’s identity. Group signature schemes have been widely used in privacy-preserving applications, including anonymous attestation and anonymous authentication. Fully dynamic group signature schemes allow new members to join the group and existing members to be revoked if needed. Symmetric-key based group signature schemes are post-quantum group signatures whose security rely on the security of symmetric-key primitives, and cryptographic hash functions. In this paper, we design a symmetric-key based fully dynamic group signature scheme, called DGMT, that redesigns DGM (Buser et al. ESORICS 2019) and removes its two important shortcomings that limit its application in practice: (i) interaction with the group manager for signature verification, and (ii) the need for storing and managing an unacceptably large amount of data by the group manager. We prove security of DGMT (unforgeability, anonymity, and traceability) and give a full implementation of the system. Compared to all known post-quantum group signature schemes with the same security level, DGMT has the shortest signature size. We also analyze DGM signature revocation approach and show that despite its conceptual novelty, it has significant hidden costs that makes it much more costly than using the traditional revocation list approach. Full article

Outsourcing storage to the cloud can save storage costs and is commonly used in businesses. It should fulfill two major goals: storage efficiency and data confidentiality. Encrypted deduplication can achieve both goals via performing deduplication to eliminate the duplicate data within encrypted data. Traditional encrypted deduplication generates the encryption key on the client side, which poses a risk of offline brute-force cracking of the outsourced data. Server-aided encryption schemes have been proposed to strengthen the confidentiality of encrypted deduplication by distributing the encryption process to dedicated servers. Existing schemes rely on expensive cryptographic primitives to provide a decentralized setting on the dedicated servers for scalability. However, this incurs substantial performance slowdown and can not be applied in practical encrypted deduplication storage systems. In this paper, we propose a new decentralized server-aided encrypted deduplication approach for outsourced storage, called ECDedup, which leverages secret sharing to achieve secure and efficient key management. We are the first to use the coding matrix as the encryption key to couple the encryption and encoding processes in encrypted deduplication. We also propose a acceleration scheme to speed up the encryption process of our ECDedup. We prototype ECDedup in cloud environments, and our experimental results based on the real-world backup datasets show that ECDedup can improve the client throughput by up to 51.9% compared to the state-of-the-art encrypted deduplication schemes. Full article