Search Results (53)

In recent years, Electronic Medical Record (EMR) sharing has played an indispensable role in optimizing clinical treatment plans, advancing medical research in biomedical science. However, existing EMR management schemes often face security risks and suffer from inefficient search performance. To address these issues, this paper proposes a secure EMR sharing scheme based on blockchain and searchable encryption. This scheme implements a decentralized management system with enhanced security and operational efficiency. Considering the scenario of EMRs requiring confirmation of multiple doctors to improve safety, the proposed solution leverages Shamir’s Secret Sharing to enable multi-party authorization, thereby enhancing privacy protection. Meanwhile, the scheme utilizes Bloom filter and vector operation to achieve efficient data search. The proposed method maintains rigorous EMR protection while improving the search efficiency of EMRs. Experimental results demonstrate that, compared to existing methodologies, the proposed scheme enhances security during EMR sharing processes. It achieves higher efficiency in index generation and trapdoor generation while reducing keyword search time. This scheme provides reliable technical support for the development of intelligent healthcare systems. Full article

Conventional public-key cryptographic systems are increasingly threatened by advances in quantum computing, accelerating the need for robust post-quantum cryptographic solutions. Among these, Falcon, a compact lattice-based digital signature scheme, has emerged as a leading candidate in the NIST post-quantum standardization process due to its efficiency and theoretical security grounded in hard lattice problems. This work introduces Falcon-M, a modified version of the Falcon algorithm that significantly reduces implementation complexity. It does so by replacing Falcon’s intricate trapdoor-based key-generation mechanism with a simplified approach that utilizes randomized polynomial Gaussian sampling and fast Fourier transform (FFT) operations. Falcon-M incorporates SHA-512 hashing and discrete Gaussian sampling to preserve cryptographic soundness and statistical randomness while maintaining the core structure of Falcon’s signing and verification processes. We formally specify the Falcon-M algorithm, provide an updated pseudocode, and offer a comparative analysis with the original Falcon in terms of algorithmic complexity, security assumptions, and implementation overhead. Additionally, we present formal lemmas and theorems to ensure correctness and define theoretical bounds on forgery resistance. Although Falcon-M does not rely on a formal cryptographic trapdoor, we demonstrate that it achieves strong practical security based on assumptions related to the Short Integer Solution (SIS) problem. Falcon-M is thus well-suited for lightweight post-quantum applications, particularly in resource-constrained environments, such as embedded systems and Internet-of-Things (IoT) platforms. Full article

As the Internet of Things (IoT) continues to evolve, the demand for cross-domain collaboration between devices and data sharing has grown significantly. Operations confined to a single trust domain can no longer satisfy this requirement, so cross-domain access to resources is becoming an inevitable trend in the evolution of the IIoT. Due to identity trust issues between different domains, authorized access is required before resources can be shared. However, most existing cross-domain authentication schemes face significant challenges in terms of dynamic membership management, privacy protection, and traceability. These schemes involve complex and inefficient interactions and fail to meet the dynamic and lightweight requirements of the IIoT. To address these issues, we propose a privacy-preserving and traceable cross-domain authentication scheme based on dynamic group signatures that enables efficient authentication. The scheme supports anonymous authentication via succinct proofs and incorporates a trapdoor mechanism to enable group managers to trace and revoke malicious identities. Additionally, our solution supports efficient joining and revoking of members and implements blacklist-based proof of non-membership. We formally prove the security of the proposed scheme. The experimental results demonstrate that the proposed scheme outperforms others in terms of computational cost and revocation overhead. Full article

The blockchain-enabled industrial Internet of Things (IIoT) faces security threats such as quantum computing attacks and privacy disclosure. Targeting these issues, in this study, we design a new lattice-based linkable ring signature (LRS) scheme, which is used to achieve privacy protection for the blockchain-enabled IIoT. Firstly, by using the trapdoor generation algorithm on the lattice and the rejection sampling lemma, we propose a new lattice-based LRS scheme with anti-quantum security and anonymity. Then, we introduce it into blockchain. Through the stealth address and key image technologies, we construct a privacy protection scheme for blockchain in the IIoT, and this LRS scheme protects identity privacy for users through anonymous blockchain. In addition, it also can resist the double spending attack with the linking user’s signature. Lastly, we provide a security analysis, and it is proven that our ring signature scheme satisfies correctness, anonymity, unforgeability and linkability. Compared with other similar schemes, the performance simulation indicates that our scheme’s public key and signature are shorter in size, and its computation overhead and time cost are lower. Consequently, our novel LRS scheme is more secure and practical, which provides privacy protection and anti-quantum security for the blockchain-enabled IIoT. Full article

Blockchain is a decentralized digital ledger that records transactions across a distributed network of computers, enabling secure and transparent operations without requiring trust in a central authority. While initially developed for Bitcoin, blockchain technology now underpins many cryptocurrencies and other applications. It serves as an open trust layer without central reliance and is widely used in cryptocurrencies such as Bitcoin and Ethereum. However, this public and permanent open storage has raised concerns about its potential misuse for illegal trades or the distribution of unwanted content. In EuroS&P 2017, Ateniese et al. introduced the concept of the redactable blockchain, which utilizes the trapdoor collision function provided by chameleon hash to rewrite block contents without causing hashing inconsistencies. Recent research has continued to propose solutions for redactable blockchains, leveraging cryptographic algorithms such as chameleon hash and attribute-based encryption (ABE). Current solutions often employ sophisticated cryptographic schemes, such as ABE, but lack sufficient focus on developing secure and scalable solution for practical use. In this work, we propose the time-verifiable policy-based chameleon hash (TPCH) as a candidate solution for practical redaction to rewrite blockchain contents. Our solution for redactable blockchains enables the verification of whether a redaction was executed at a specific time, thereby offering time-based traceability for dominant algorithms in TPCH. Additionally, it restricts misbehavior or abuse of redaction powers by introducing a new trapdoor finding algorithm, Update, in addition to the adapt algorithm Adapt. We formally introduce TPCH with both black-box and white-box constructions. Our experimental and theoretical analysis demonstrates the feasibility and practicality of the proposed solution. Full article

With the advancement of quantum computing, the utilization of quantum algorithms such as Shor’s algorithm enables the efficient resolution of problems that are intractable in classical computing paradigms, posing a significant threat to traditional signature schemes. Lattice-based cryptography is considered one of the most promising post-quantum cryptographic algorithms due to its computational advantages and potential resistance to quantum attacks. Proxy signature is an authorization mechanism that allows the original signer to delegate the signing power to a proxy. The security of existing proxy signature schemes is mostly based on classical hard problems, which cannot guarantee security under quantum attacks. Therefore, this paper combines lattice-based cryptography with proxy signatures to propose a new lattice-based proxy signature scheme (NLBPS). NLBPS constructs signatures using lattice-based trapdoor sampling algorithms and preimage sampling algorithms. Comparative analysis shows that the proposed scheme has relatively smaller key and signature sizes compared to some existing lattice-based proxy signature schemes, and it also offers a certain improvement in computational efficiency. Full article

With the rapid development of cloud technology, a growing volume of encrypted data is being stored on cloud servers. Public key searchable encryption (PEKS) has emerged as a solution to the challenge of retrieving encrypted data. However, most PEKS schemes are vulnerable to frequency analysis attacks (FAA), which can potentially expose sensitive information. To address this issue, we propose a pairing-free public key searchable encryption scheme that is specifically designed to resist such attacks. Our scheme is built upon the decisional Diffie–Hellman (DDH) assumption, and effectively mitigates the risk of malicious adversaries extracting keyword information through trapdoor search frequencies. The pairing-free nature of our approach not only enhances the security against FAA but also improves the retrieval efficiency compared to traditional PEKS schemes. We formally prove that our scheme satisfies both chosen keyword attack (CKA) security and keyword guessing attack (KGA) security. Additionally, we perform comprehensive theoretical and experimental evaluations to assess the scheme’s efficiency, showcasing its practical applicability in real-world scenarios. Full article

Blockchain technology, characterized by its immutability and decentralization, enables the creation of permanent and tamper-resistant records once data are uploaded, making it widely applicable in scenarios requiring data authenticity and reliability. However, the immutability of on-chain data poses significant security risks, as erroneous or illegal data become difficult to correct or remove once recorded. Editable blockchain technology offers a potential solution for on-chain data modification. Nevertheless, existing approaches face several challenges, including the impact of malicious nodes on the security and efficiency of data modification, excessive centralization in the management of modification rights and trapdoor keys, and cumulative issues in reputation-based traditional node grouping methods. To address these challenges, this study proposes an RE-TNG (Reputation Evaluation-Twice Node Grouping) node selection method and an editable blockchain scheme based on it. The RE-TNG method employs a two-stage grouping process following reputation-based node ranking. The first grouping stage uses a Fibonacci sequence-based rule to mitigate the issue of cumulative reputation values over time. The second grouping stage selects high-reputation nodes within groups to ensure the trustworthiness of selected nodes. Trapdoor keys are collaboratively generated by the high-reputation node group, achieving decentralized trapdoor management. Modification nodes are randomly chosen from the high-reputation group, ensuring both integrity and decentralization in modification authority. Comparative analyses and experimental evaluations against traditional random node selection and grouping methods demonstrate the feasibility of the proposed scheme, showcasing a superior performance in terms of security and modification efficiency. Full article

With the increasing emphasis on safeguarding maritime sovereignty and developing marine resources, the security of underwater acoustic communication has risen to a new level of importance. Given the complex environmental challenges faced by underwater acoustic channels, this paper proposes an NTRU-based key encapsulation scheme designed to ensure secure and reliable underwater data transmission, while maintaining privacy and integrity. In the public–private key pair generation phase, a ring sampling technique is employed to generate a compact NTRU trapdoor, which not only guarantees security but also effectively reduces the communication overhead. During the encapsulation phase, underwater acoustic channel characteristics during communication are introduced as temporary identity information to ensure the confidentiality and reliability of the key encapsulation mechanism. Furthermore, the traditional key encapsulation mechanism is extended by integrating a digital signature process, where the encapsulated ciphertext is signed. The use of digital signature technology verifies the authenticity and integrity of the transmitted data, ensuring that communication data remain secure and unaltered in complex underwater acoustic environments. Finally, we conduct a rigorous correctness analysis and security proofs, demonstrating that the proposed scheme achieves chosen ciphertext security, while meeting the demands of low bandwidth and limited computational capacity in underwater acoustic communication. Full article

The lattice-based multi-identity fully homomorphic encryption scheme combines the quantum security of lattice cryptography with the advantage of identity-based encryption. However, existing schemes face challenges such as large key sizes, inefficient ciphertext expansion processes, and reliance on outdated trapdoor designs, limiting their compactness and practicality. In this study, we propose a novel Compact Multi-Identity Fully Homomorphic Encryption Scheme (WZ-MIBFHE) that eliminates the need for fresh ciphertexts during expansion. First, we construct a compact identity-based encryption scheme by combining the YJW23 trapdoor and ABB10 under the standard model, proving its IND-sID-CPA security. The scheme is then adapted to ensure correctness and security when integrated with the decomposition method for ciphertext expansion. This adaptation also utilizes approximation errors to reduce overall noise. Finally, we expand the modified IBE scheme’s ciphertext using the decomposition method to construct the WZ-MIBFHE scheme. Compared to existing methods, WZ-MIBFHE reduces the lattice dimension to $nlogq+{log}_{b}q$, improves public and private key sizes, and significantly lowers ciphertext expansion rates by removing the need for fresh ciphertexts. These improvements enhance both the compactness and efficiency of the scheme, making it a promising solution for multi-identity homomorphic encryption. Full article

Searchable encryption (SE) allows users to efficiently retrieve data from encrypted cloud data, but most of the existing SE solutions only support precise keyword search. Fuzzy searchable encryption agrees with practical situations well in the cloud environment, as search keywords that are misspelled to some extent can still generate search trapdoors that are as effective as correct keywords. In scenarios where multiple users can search for ciphertext, most fuzzy searchable encryption schemes ignore the security issues associated with malicious cloud services and are inflexible in multi-user scenarios. For example, in medical application scenarios where malicious cloud servers may exist, diverse types of files need to correspond to doctors in the corresponding departments, and there is a lack of fine-grained access control for sharing decryption keys for different types of files. In the application of medical cloud storage, malicious cloud servers may return incorrect ciphertext files. Since diverse types of files need to be guaranteed to be accessible by doctors in the corresponding departments, sharing decryption keys with the corresponding doctors for different types of files is an issue. To solve these problems, a verifiable fuzzy searchable encryption with blockchain-assisted multi-user scenarios is proposed. Locality-sensitive hashing and bloom filters are used to realize multi-keyword fuzzy search, and the bigram segmentation algorithm is optimized for keyword conversion to improve search accuracy. To realize fine-grained access control in multi-user scenarios, ciphertext-policy attribute-based encryption (CP-ABE) is used to distribute the shared keys. In response to the possibility of malicious servers tampering with or falsifying users’ search results, the scheme leverages the blockchain’s technical features of decentralization, non-tamperability, and traceability, and uses smart contracts as a trusted third party to carry out the search work, which not only prevents keyword-guessing attacks within the cloud server, but also solves the verification work of search results. The security analysis leads to the conclusion that the scheme is secure under the adaptively chosen-keyword attack. Full article

The RSA cryptosystem has been a cornerstone of modern public key infrastructure; however, recent advancements in quantum computing and theoretical mathematics pose significant risks to its security. The advent of fully operational quantum computers could enable the execution of Shor’s algorithm, which efficiently factors large integers and undermines the security of RSA and other cryptographic systems reliant on discrete logarithms. While Grover’s algorithm presents a comparatively lesser threat to symmetric encryption, it still accelerates key search processes, creating potential vulnerabilities. In light of these challenges, there has been an intensified focus on developing quantum-resistant cryptography. Current research is exploring cryptographic techniques based on error-correcting codes, lattice structures, and multivariate public key systems, all of which leverage the complexity of NP-hard problems, such as solving multivariate quadratic equations, to ensure security in a post-quantum landscape. This paper reviews the latest advancements in quantum-resistant encryption methods, with particular attention to the development of robust trapdoor functions. It also provides a detailed analysis of prominent multivariate cryptosystems, including the Matsumoto–Imai, Oil and Vinegar, and Polly Cracker schemes, alongside recent progress in lattice-based systems such as Kyber and Crystals-DILITHIUM, which are currently under evaluation by NIST for potential standardization. As the capabilities of quantum computing continue to expand, the need for innovative cryptographic solutions to secure digital communications becomes increasingly critical. Full article

With quantum computers, the quantum resistance of cryptographic systems has gradually attracted attention. To overcome the shortcoming of existing identity-based encryption (IBE) schemes in resisting quantum attacks, we introduce an IBE scheme based on learning with errors (LWE). In addition, devices with limited computing power are becoming increasingly common in practice, making it increasingly important to improve the efficiency of online computation of encryption algorithms. The classic solution is to directly improve the efficiency of the Gaussian sampling algorithm, thereby increasing the overall efficiency of the scheme. However, our scheme combines the efficient Gaussian sampling algorithm, $\mathbf{G}$-trapdoor, with online/offline method to further improve the online encryption efficiency of the encryption algorithm. Our scheme completes partial computation before knowing the message and receiver’s identity, and once the message and receiver’s identity are obtained, the online part encryption can be efficiently completed. We construct an identity-based online/offline encryption (IBOOE) scheme from LWE with $\mathbf{G}$-trapdoor, improve the efficiency of online encryption while achieving quantum resistant security. We prove the scheme’s security under the standard model for chosen-plaintext attack (CPA). By comparing with relevant schemes in terms of experiments and analysis, our scheme has improved efficiency by 65% to 80% compared to the classical LWE IBE scheme (increasing with LWE security parameters), and by 60% to 70% compared to the recent IBE scheme from LWE. This greatly improves the efficiency of online computing for low-power encryption devices while ensuring security. Full article

Blockchain is recognized for its robust security features, and its integration with Internet of Things (IoT) systems presents scalability and operational challenges. Deploying Artificial Intelligence (AI) within blockchain environments raises concerns about balancing rigorous security requirements with computational efficiency. The prime motivation resides in integrating AI with blockchain to strengthen IoT security and withstand multiple variants of lethal threats. With the increasing number of IoT devices, there has also been a spontaneous increase in security vulnerabilities. While conventional security methods are inadequate for the diversification of IoT devices, adopting AI can assist in identifying and mitigating such threats in real time, whereas integrating AI with blockchain can offer more intelligent decentralized security measures. The paper contributes to a three-layered architecture encompassing the device/sensory, edge, and cloud layers. This structure supports a novel method for assessing legitimacy scores and serves as an initial security measure. The proposed scheme also enhances the architecture by introducing an Ethereum-based data repositioning framework as a potential trapdoor function, ensuring maximal secrecy. To complement this, a simplified consensus module generates a conclusive evidence matrix, bolstering accountability. The model also incorporates an innovative AI-based security optimization utilizing an unconventional neural network model that operates faster and is enhanced with metaheuristic algorithms. Comparative benchmarks demonstrate that our approach results in a 48.5% improvement in threat detection accuracy and a 23.5% reduction in processing time relative to existing systems, marking significant advancements in IoT security for smart cities. Full article

In edge–cloud collaboration scenarios, data sharing is a critical technological tool, yet smart devices encounter significant challenges in ensuring data-sharing security. Attribute-based keyword search (ABKS) is employed in these contexts to facilitate fine-grained access control over shared data, allowing only users with the necessary privileges to retrieve keywords. The implementation of secure data sharing is threatened since most of the current ABKS protocols cannot resist keyword guessing attacks (KGAs), which can be launched by an untrusted cloud server and result in the exposure of sensitive personal information. Using attribute-based encryption (ABE) as the foundation, we build a secure data exchange paradigm that resists KGAs in this work. In our paper, we provide a secure data-sharing framework that resists KGAs and uses ABE as the foundation to achieve fine-grained access control to resources in the ciphertext. To avoid malicious guessing of keywords by the cloud server, the edge layer computes two encryption session keys based on group key agreement (GKA) technology, which are used to re-encrypt the data user’s secret key of the keyword index and keyword trapdoor. The model is implemented using the JPBC library. According to the security analysis, the model can resist KGAs in the random oracle model. The model’s performance examination demonstrates its feasibility and lightweight nature, its large computing advantages, and lower storage consumption. Full article