Search Results (38)

Crystals-Kyber and Classic-McEliece are two prominent post-quantum key encapsulation mechanisms (KEMs) designed to address the challenges posed by quantum computing to classical cryptographic schemes. While the former has been standardized by the National Institute of Standards and Technology (NIST), the latter is well-known for its exceptional robustness and as one of the finalists of the fourth round of post-quantum cryptography standardization. Private set intersection (PSI) is a privacy-preserving technique that enables two parties, each possessing a dataset, to compute the intersection of their sets without revealing anything else. This can be achieved thanks to homomorphic encryption (HE), which allows computations on encrypted data. In this paper, firstly, we study Kyber and McEliece, apart from being KEMs, as post-quantum public key encryption (PKE), and examine their homomorphic properties. Secondly, we design two different two-party PSI protocols that utilize the homomorphic capabilities of Kyber and McEliece. Thirdly, a practical performance evaluation under NIST’s security levels 1, 3, and 5 is conducted, focusing on three key metrics: storage overhead, communication overhead, and computation cost. Insights indicate that the Kyber-based PSI Protocol, which utilizes the multiplicative homomorphic property, is secure but less efficient. In contrast, the McEliece-based PSI protocol, while efficient in practice, raises concerns regarding its security as a homomorphic encryption scheme. Full article

This paper explores the feasibility and implications of developing a privacy-preserving, data-driven cloud service for predicting the energy consumption of industrial robots. Using machine learning, we evaluated three neural network architectures—dense, LSTM, and convolutional–LSTM hybrids—to model energy usage based on robot trajectory data. Our results show that models incorporating manually engineered features (angles, velocities, and accelerations) significantly improve prediction accuracy. To ensure secure collaboration in industrial environments where data confidentiality is critical, we integrate privacy-preserving machine learning (ppML) techniques based on secure multi-party computation (SMPC). This allows energy inference to be performed without exposing proprietary model weights or confidential input trajectories. We analyze the performance impact of SMPC on different network types and evaluate two optimization strategies, using public model weights through permutation and evaluating activation functions in plaintext, to reduce inference overhead. The results highlight that network architecture plays a larger role in encrypted inference efficiency than feature dimensionality, with dense networks being the most SMPC-efficient. In addition to model development, we identify and discuss specific stages in the MLOps workflow—particularly model serving and monitoring—that require adaptation to support ppML. These insights are useful for integrating ppML into modern machine learning pipelines. Full article

In the context of rapid advancements in big data and artificial intelligence, similarity measurement methods between samples have been widely applied in data mining, pattern recognition, medical diagnosis, financial risk control, and other fields. The Mahalanobis distance, due to its effectiveness in capturing correlations within high-dimensional data, has become a crucial tool in many practical scenarios. However, sample data often contains sensitive privacy information, making it essential to achieve secure and privacy-preserving computation of Mahalanobis distance. This paper proposes a secure Mahalanobis distance calculation scheme tailored for sample vectors that effectively resists malicious cheating behaviors. The designed multi-party computation algorithms ensure privacy protection while maintaining computational efficiency and minimizing communication overhead. The experimental results compare three algorithms in terms of execution time and communication delay across varying sample sizes and vector dimensions. The results demonstrate that our proposed scheme achieves a favorable balance between security and performance. This research provides a practical and robust solution for similarity measurement under privacy constraints and lays a theoretical and practical foundation for secure data collaboration in multi-party computing environments, offering significant application potential. Full article

Integrated circuits are the core of a cyber-physical system, where tens of billions of components are integrated into a tiny silicon chip to conduct complex functions. To maximize utilities, the design and manufacturing life cycle of integrated circuits rely on numerous untrustworthy third parties, forming a global supply chain model. At the same time, this model produces unpredictable and catastrophic issues, threatening the security of individuals and countries. As for guaranteeing the security of ultra-highly integrated chips, detecting slight abnormalities caused by malicious behavior in the current and voltage is challenging, as is achieving computability within a reasonable time and obtaining a golden reference chip; however, artificial intelligence can make everything possible. For the first time, this paper presents a systematic review of artificial-intelligence-based integrated circuit security approaches, focusing on the latest attack and defense strategies. First, the security threats of integrated circuits are analyzed. For one of several key threats to integrated circuits, hardware Trojans, existing attack models are divided into several categories and discussed in detail. Then, for summarizing and comparing the numerous existing artificial-intelligence-based defense strategies, traditional and advanced artificial-intelligence-based approaches are listed. Finally, open issues on artificial-intelligence-based integrated circuit security are discussed from three perspectives: in-depth exploration of hardware Trojans, combination of artificial intelligence, and security strategies involving the entire life cycle. Based on the rapid development of artificial intelligence and the initial successful combination with integrated circuit security, this paper offers a glimpse into their intriguing intersection, aiming to draw greater attention to these issues. Full article

Cloud computing is widely used by organizations and individuals to outsource computation and data storage. With the growing adoption of machine learning as a service (MLaaS), machine learning models are being increasingly deployed on cloud platforms. However, operating MLaaS on the cloud raises significant privacy concerns, particularly regarding the leakage of sensitive personal data and proprietary machine learning models. This paper proposes a privacy-preserving decision tree (PPDT) framework that enables secure predictions on sensitive inputs through homomorphic matrix multiplication within a three-party setting involving a data holder, a model holder, and an outsourced server. Additionally, we introduce a leaf node pruning (LNP) algorithm designed to identify and retain the most informative leaf nodes during prediction with a decision tree. Experimental results show that our approach reduces prediction computation time by approximately 85% compared to conventional protocols, without compromising prediction accuracy. Furthermore, the LNP algorithm alone achieves up to a 50% reduction in computation time compared to approaches that do not employ pruning. Full article

Many leading technology companies currently offer Machine Learning as a Service Platform, enabling developers and organizations to access the inference capabilities of pre-trained models via API calls. However, due to concerns over user data privacy, inter-enterprise competition, and legal and regulatory constraints, directly utilizing pre-trained models in the cloud for inference faces security challenges. In this paper, we propose communication-efficient secure three-party protocols for recurrent neural network (RNN) inference. First, we design novel three-party secret-sharing protocols for digit decomposition, B2A conversion, enabling efficient transformation of secret shares between Boolean and arithmetic rings. Then, we propose the lookup table-based secure three-party protocol. Unlike the intuitive way of directly looking up tables to obtain results, we compute the results by utilizing the inherent mathematical properties of binary lookup tables, and the communication complexity of the lookup table protocol is only related to the output bit width. We also design secure three-party protocols for key functions in the RNN, including matrix multiplication, sigmoid function, and Tanh function. Our protocol divides the computation into online and offline phase, and places most of the computations locally. The theoretical analysis shows that the communication round of our work was reduced from four rounds to one round. The experiment results show that compared with the current SOTA-SIRNN, the online communication overhead of sigmoid and tanh functions decreased by 80.39% and 79.94%, respectively. Full article

Vehicle Ad hoc Networks (VANETs) play an essential role in intelligent transportation systems (ITSs) by improving road safety and traffic management through robust decentralized communication between vehicles and infrastructure. Yet, decentralization introduces security vulnerabilities, including spoofing, tampering, and denial-of-service attacks, which can compromise the reliability and safety of vehicular communications. Traditional centralized security mechanisms are often inadequate in providing the real-time response and scalability required by such dispersed networks. This research promotes a shift toward distributed and real-time technologies, including blockchain and secure multi-party computation, to enhance communication integrity and privacy, ultimately strengthening system resilience by eliminating single points of failure. A core aspect of this study is the novel D-CASBR framework, which integrates three essential components. First, it employs hybrid machine learning methods, such as ElasticNet and Gradient Boosting, to facilitate real-time anomaly detection, identifying unusual activities as they occur. Second, it utilizes a consortium blockchain to provide secure and transparent information exchange among authorized participants. Third, it implements a fog-enabled reputation system that uses distributed fog computing to effectively manage trust within the network. This comprehensive approach addresses latency issues found in conventional systems while significantly improving the reliability and efficacy of threat detection, achieving 95 percent anomaly detection accuracy with minimal false positives. The result is a substantial advancement in securing vehicular networks. Full article

Authenticated key exchange is desired in scenarios where two participants must exchange sensitive information over an untrusted channel but do not trust each other at the outset of the exchange. As a unique hardware-based random oracle, physical unclonable functions (PUFs) can embed cryptographic hardness and binding properties needed for a secure, interactive authentication system. In this paper, we propose a lightweight protocol, termed PUF-MAKE, to achieve bilateral mutual authentication between two untrusted parties with the help of a trusted server and secure physical devices. At the end of the protocol, both parties are authenticated and possess a shared session key that they can use to encrypt sensitive information over an untrusted channel. The PUF’s underlying entropy hardness characteristics and the key-encryption-key (KEK) primitive act as the root of trust in the protocol’s construction. Other salient properties include a lightweight construction with minimal information stored on each device, a key refresh mechanism to ensure a fresh key is used for every authentication, and robustness against a wide range of attacks. We evaluate the protocol on a set of three FPGAs and a desktop server, with the computational complexity calculated as a function of primitive operations. A composable security model is proposed and analyzed considering a powerful adversary in control of all communications channels. In particular, session key confidentiality is proven through formal verification of the protocol under strong attacker (Dolev-Yao) assumptions, rendering it viable for high-security applications such as digital currency. Full article

With the rapid development of quantum computers, post-quantum cryptography (PQC) has become critical technology in the security field. PQC includes cryptographic techniques that are secure against quantum-computer-based attacks, utilizing methods such as code-based, isogeny-based, and lattice-based approaches. Among these, lattice-based cryptography is the most extensively studied due to its ease of implementation and efficiency. As quantum computing advances, the need for secure communication protocols that can withstand quantum computer-based threats becomes increasingly important. Traditional two-party AKE protocols have a significant limitation: the security of the entire system can be compromised if either of the communicating parties behaves maliciously. To overcome this limitation, researchers have proposed three-party AKE protocols, where a third party acts as an arbiter or verifier. However, we found that a recently proposed three-party AKE protocol is vulnerable to quantum-computer-based attacks. To address this issue, we propose a provably quantum secure three-party AKE protocol based on MLWE. The proposed scheme leverages the user’s biometric information and the server’s master key to prevent the exposure of critical parameters. We analyzed the security of the protocol using simulation tools such as the Burrows–Abadi–Needham (BAN) logic, Real-or-Random (RoR) model, and Automated Validation of Internet Security Protocols and Applications (AVISPA). Furthermore, comparative analysis with similar protocols demonstrates that our protocol is efficient and suitable. Full article

Private Set Intersection (PSI) is a cryptographic method in secure multi-party computation that allows entities to identify common elements in their datasets without revealing their private data. Traditional approaches assume similar-sized datasets and equal computational power, overlooking practical imbalances. In real-world applications, dataset sizes and computational capacities often vary, particularly in the Internet of Things and mobile scenarios where device limitations restrict computational types. Traditional PSI protocols are inefficient here, as computational and communication complexities correlate with the size of larger datasets. Thus, adapting PSI protocols to these imbalances is crucial. This paper explores unbalanced PSI scenarios where one party (the receiver) has a relatively small dataset and limited computational power, while the other party (the sender) has a large amount of data and strong computational capabilities. It introduces three innovative solutions for unbalanced PSI: an unbalanced PSI protocol based on the Cuckoo filter, an unbalanced PSI protocol based on single-cloud assistance, and an unbalanced PSI protocol based on dual-cloud assistance, with each subsequent solution addressing the shortcomings of the previous one. Depending on performance and security needs, different protocols can be employed for applications such as private contact discovery. Full article

Private Set Intersection Cardinality (PSI-CA) is a cryptographic method in secure multi-party computation that allows entities to identify the cardinality of the intersection without revealing their private data. Traditional approaches assume similar-sized datasets and equal computational power, overlooking practical imbalances. In real-world applications, dataset sizes and computational capacities often vary, particularly in Internet of Things and mobile scenarios where device limitations restrict computational types. Traditional PSI-CA protocols are inefficient here, as computational and communication complexities correlate with the size of larger datasets. Thus, adapting PSI-CA protocols to these imbalances is crucial. This paper explores unbalanced scenarios where one party (the receiver) has a relatively small dataset and limited computational power, while the other party (the sender) has a large amount of data and strong computational capabilities.This paper, based on the concept of commutative encryption, introduces Cuckoo filter, cloud computing technology, and homomorphic encryption, among other technologies, to construct three novel solutions for unbalanced Private Set Intersection Cardinality (PSI-CA): an unbalanced PSI-CA protocol based on Cuckoo filter, an unbalanced PSI-CA protocol based on single-cloud assistance, and an unbalanced PSI-CA protocol based on dual-cloud assistance. Depending on performance and security requirements, different protocols can be employed for various applications. Full article

In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL. Full article

With the widespread adoption of cloud computing, the face verification process often requires the client to upload the face to an untrusted cloud server to obtain the verification results. Privacy leakage issues may arise if the client’s private information is not protected. This paper proposes a secure and anonymous face verification scheme using fully homomorphic encryption technology and SealPIR. Our scheme is a three-party solution that requires a third-party server trusted by the client. This scheme not only prevents the client’s facial data from being obtained by untrusted data servers but also prevents the data server from learning the index corresponding to the face that the client wants to verify. In a single-face verification process, the client only needs to perform one upload operation and one download operation, with a communication volume of 264 KB. We can complete a privacy-protected anonymous face verification process in 84.91 ms. Full article

In the process of vehicles transitioning from conventional means of transportation to mobile computing platforms, ensuring secure communication and data exchange is of paramount importance. Consequently, identity authentication has emerged as a crucial security measure. Specifically, effective authentication is required prior to the communication between the On-Board Unit (OBU) and Roadside Unit (RSU). To address vehicle identity authentication challenges in the Internet of Vehicles (VANETs), this paper proposes a three-party identity authentication and key agreement protocol based on elliptic curve public key cryptography. Considering issues such as vehicle impersonation attacks, RSU impersonation attacks, and vehicle privacy breaches in existing schemes within wireless mobile environments, this protocol introduces a trusted registry center that successfully enables mutual authentication between OBU and RSU. The proposed protocol not only enhances the VANETs system’s ability to withstand security threats but also improves the credibility and efficiency of the authentication process. Full article

As the popularity of 3D printing or additive manufacturing (AM) continues to increase for use in commercial and defense supply chains, the requirement for reliable, robust protection from adversaries has become more important than ever. Three-dimensional printing security focuses on protecting both the individual Industrial Internet of Things (I-IoT) AM devices and the networks that connect hundreds of these machines together. Additionally, rapid improvements in quantum computing demonstrate a vital need for robust security in a post-quantum future for critical AM manufacturing, especially for applications in, for example, the medical and defense industries. In this paper, we discuss the attack surface of adversarial data manipulation on the physical inter-device communication bus, Controller Area Network (CAN). We propose a novel, hierarchical tree solution for a secure, post-quantum-supported security framework for CAN-based AM devices. Through using subnet hopping between isolated CAN buses, our framework maintains the ability to use legacy or third-party devices in a plug-and-play fashion while securing and minimizing the attack surface of hardware Trojans or other adversaries. The results of the physical implementation of our framework demonstrate 25% and 90% improvement in message costs for authentication compared to existing lightweight and post-quantum CAN security solutions, respectively. Additionally, we performed timing benchmarks on the normal communication (hopping) and authentication schemes of our framework. Full article