Multi-party post-quantum key exchange schemes

Security analysis and designing unilateral and bilateral two party ideal-lattice based authenticated key establishment protocol for anonymous mobile communication

Abstract Plasma-based CO 2 conversion is an emerging power-to-X technology, with the potential to recycle carbon emissions on Earth and produce fuel and life support consumables in-situ for the human exploration of Mars. In this work, we present a 0D chemical kinetic modeling framework using ZDPlasKin to simulate nanosecond repetitively pulsed (NRP) discharges in pure CO 2 , enabling systematic exploration of reactor performance across pressure, temperature, and pulse repetition frequency conditions relevant for integrated systems. A reduced chemical mechanism tailored for NRP discharges enabled long-timescale simulations (1–10s) while still capturing key vibrational energy exchanges. The results of the simulations link the temporal dynamics between pulse and interpulse chemistry to the overall reactor performance. At atmospheric pressure, increasing the pulse repetition frequency reduces CO recombination between pulses and improves conversion without an energy efficiency penalty. Conversion reaches saturation when the overall rate of CO production during the pulse is equal to the rate of CO recombination between pulses. Higher temperatures, which may be required for membrane-based oxygen separation, increase recombination rates and result in lower saturation values of conversion compared to lower temperatures. Additionally, small changes in the maximum reduced electric field strength, influencing total energy coupling, have a strong influence on conversion and efficiency. At low pressures, recombination is negligible, and conversion scales linearly with frequency. These results inform strategies for co-optimizing plasma operating conditions, supporting the engineering and design of CO 2 plasma reactors for both terrestrial and space-based applications.

ABSTRACT The increasing reliance on data mining for extracting valuable insights has raised significant concerns about data security and privacy, especially with evolving cyber threats and the advent of quantum computing. Traditional security frameworks often depend on static encryption mechanisms that are vulnerable to quantum attacks and lack adaptability to emerging threats. To address these limitations, this research introduces the Quantum‐Resilient and Adaptive Privacy (QRAP) framework, which integrates Federated Learning (FL), Quantum‐Resistant Cryptography (QRC), and Anonymization Techniques to enhance security, privacy, and efficiency in data mining operations. Quantum‐Resilient refers to the framework's integration of cryptographic protocols that remain secure under known quantum algorithms (e.g., Grover's and Shor's), particularly using post‐quantum signature schemes and secure key exchange mechanisms. QRAP dynamically updates cryptographic protocols, ensuring resilience against evolving cyber threats, while FL enables secure, decentralized data collaboration without exposing raw data. Additionally, advanced Anonymization Techniques such as Differential Privacy, k‐Anonymity, l‐Diversity, and t‐Closeness further enhance privacy by preventing sensitive data from being re‐identified, ensuring compliance with stringent data protection regulations. Compared to traditional encryption‐based frameworks, QRAP offers a dynamic and quantum‐resilient approach, effectively mitigating vulnerabilities in centralized data mining operations. Experimental results demonstrate that QRAP achieves a 35% enhancement in privacy preservation and a 28% reduction in computational overhead, outperforming existing solutions in protecting sensitive information within dynamic data environments. These findings underscore QRAP's potential to revolutionize secure data mining by providing a scalable, privacy‐preserving, and future‐proof framework. Future research will focus on real‐time optimization of QRAP and its integration with blockchain for enhanced transparency, security, and trust in decentralized data operations.

Adaptive multi-party quantum key exchange in dynamic networks using GHZ states

Ensuring digital image security is critical in today’s edge computing and networked communication environments. Chaotic systems offer powerful tools for lightweight, real-time encryption, but often suffer from limited chaotic ranges and weak key sensitivity. This paper introduces a robust nonlinear RN chaotic system, combining two chaotic maps to enhance unpredictability and expand the chaotic interval. A fast image encryption scheme is then developed by integrating this system with elliptic-curve Diffie–Hellman (ECDH) key exchange, hierarchical key derivation (HKDF), and dynamic chaotic S-box generation. The scheme ensures plaintext-independent key generation, authentication via ECDSA, and integrity through HMAC-SHA256, thereby preventing man-in-the-middle attacks and key leakage. Using the same set of security keys, this algorithm can produce a completely different encrypted image each time it is applied to the same original image. The proposed technique consistently achieves near-ideal entropy levels (~ 7.999), high NPCR (> 99.61%), and UACI above 32%, image complexity (with a keyspace equal to 10256), and resistance to security attacks, demonstrating outstanding sensitivity and randomness. The low PSNR values and limited correlation of the encrypted images further show strong resilience to statistical and differential assaults. The proposed approach outperforms existing methods in terms of computational reliability, encryption strength, and unpredictability. This work provides a dependable, portable, and efficient solution for secure image transfer in surveillance and multimedia applications.

The rapid progress of quantum computing poses significant challenges to traditional cryptographic mechanisms, necessitating the adoption of post-quantum cryptography (PQC) solutions. This paper proposes a Quantum-Enhanced Security for Smart Meters (QESM) system to protect power plant data in smart cities, integrating Kyber for secure key exchange, FALCON (Fast-Fourier Transform over Lattice-based Cryptography) for quantum-resistant digital signatures, and ZKP (Zero-Knowledge Proof) for effective verification without revealing sensitive data to secure power plant data against quantum attacks. To evaluate the security of the proposed system, we analyze its resistance to various quantum threats, including Shor’s algorithm, Grover’s algorithm, quantum key analysis, quantum reversal encryption, quantum amplification, quantum switching, and quantum collision attacks. In the current study, accurate measures were used and the average was approximately 7.065 (bits/byte) for randomness, the average execution time was 6.202 milliseconds, the average memory consumption was approximately 4.343 KB, 6.4 Completeness was equal to 1 and unforgeability was 100%. As for the average throughput, it was approximately 485,605 operations per second. That shows the QESM system provides strong security and efficiency, making it a viable solution for protecting the electricity infrastructure in smart cities in the quantum era.

ABSTRACT Blockchain technology improves transparency and security in agricultural food supply chains (FSC) but faces challenges related to data privacy and emerging computational threats. These issues limit the efficiency and security of permissioned blockchain systems. To address these, a novel cryptographic framework, Permutations Supersonic Ligero Elliptic eXtended Merkle Curve Digital Signature Algorithm, is proposed. In permissioned blockchain-based FSC, metadata exposure and cross-entity data aggregation create privacy risks, allowing adversaries to infer sensitive operational insights by analyzing transaction patterns and correlating data fragments across entities. To mitigate this, the Permutations Supersonic Ligero Fractal (PSLF) is introduced, which ensures transparent, scalable, and compact proof generation, while preserving metadata privacy and preventing adversaries from reconstructing sensitive insights. Also enforces privacy-preserving protocols to limit data exposure across multiple participants and prevent leakage. Additionally, quantum threats, specifically through Shor’s algorithm, threaten the security of cryptographic systems used in FSC. To counter this, the Elliptic eXtended Merkle Curve Digital Signature Algorithm (EXMC-DSA) is presented, which combines quantum-resistant key exchange and signature schemes, ensuring robust security against quantum attacks. This hybrid cryptographic approach ensures both current efficiency and future-proof resilience. As a result, the proposed model outperforms the existing methods in terms of low execution time, low proof generation, and verification time.

Providing secure and high-speed data transmission for low-orbit aircraft (LOA) is a priority in today's world. The objective of this study is to modify existing encryption methods for LOA to overcome the disadvantages in speed and vulnerability to emerging cyber-attacks, including quantum ones. The main idea is to develop a hybrid approach combining an optimized lightweight stream cipher ChaCha20 with a quantum key distribution protocol BB84. This will provide high encryption speed and information-theoretic key exchange security, which is invulnerable to quantum attacks. The research methodology includes the analysis of existing cryptographic solutions, performance modeling of the proposed hybrid algorithm, and the integration of machine learning-based anomaly detection mechanisms (LSTM) to improve the robustness of the system. The main results show that the proposed method significantly improves throughput, reduces latency and power consumption compared to traditional approaches, while providing resilience to current and future threats. The value of the work lies in contributing to the development of post-quantum cryptography for the aerospace industry and creating a basis for the development of more secure and efficient NOLA communication systems, which has direct practical implications for environmental monitoring, precision agriculture and national security.

Password-authenticated key exchange (PAKE) protocols tackle the important problem of how to enable two parties, who share a low-entropy password, to establish a cryptographically strong session key for secure data communication. Although considerable research efforts have been devoted to designing hundreds of PAKE protocols, to the best of our knowledge, there have been few systematic reviews. In this work, we provide a comprehensive overview of PAKE research. We first propose a list of 13 desirable properties of PAKE protocols in terms of security and usability, enabling PAKE protocols to be systematically rated across a common spectrum. We then provide a taxonomy for PAKE protocols, and classify them into seven types according to their underlying design strategies. For each type, we investigate the inner working mechanisms of various representative protocols, and identify their pros, and cons. We further classify existing PAKE protocols from five other key perspectives (i.e., symmetry, number of participants, hardness assumptions, security goals, and round complexity) and review their development history under each classification, aiming to provide an in-depth and thorough understanding of the status quo of PAKE research. Based on 13 properties and six perspectives, we conduct a large-scale comparative evaluation of 71 representative PAKE protocols in a systematic manner. Finally, we highlight a few potential directions for the future design of PAKE protocols.

Multi-factor single-registration authentication and key exchange protocol for IIoT

ABSTRACT Lightweight and secure authentication is a fundamental requirement for mobile roaming in edge‐assisted networks, particularly in the presence of resource constraints and the emerging threat of quantum‐capable adversaries. This paper proposes a blockchain‐assisted authentication protocol that employs post‐quantum cryptographic primitives to generate and validate device‐bound tokens. During registration, a Home Agent (HA) issues blockchain‐anchored tokens containing signed security metadata and a freshness counter to prevent replay attacks. In roaming scenarios, the Mobile User (MU) selectively discloses token metadata to the Foreign Agent (FA), which verifies its authenticity with the HA to enable efficient and trustworthy authentication. A hybrid key establishment using post‐quantum key encapsulation ensures forward secrecy and quantum‐resistant confidentiality. Formal verification through BAN logic reasoning and automated analysis using the Scyther tool confirm that the protocol withstands impersonation, replay, and man‐in‐the‐middle attacks. Experimental evaluation on mobile devices demonstrates low computational and communication overhead, showing that the protocol is practical and well‐suited for real‐world deployment in edge‐assisted mobility environments.

IHKEM: A post-quantum ready hierarchical key establishment and management scheme for wireless sensor networks

In the face of increasing Polish and EU requirements for climate neutrality, the role of digital technologies in the design and operation of buildings is gaining strategic importance. This paper presents the integrated use of Building Information Modelling (BIM) and the Digital Twin concept in the context of selecting, modelling, and optimizing renewable energy sources (RES) in architectural structures. The analysis covers: (1) key tools and data exchange formats, (2) capabilities for dynamic simulations of energy consumption and production, and (3) the impact of digital twins on predictive management of PV installations, heat pumps, and micro wind turbines. A case study demonstrates the potential for a 32% reduction in CO2 emissions over five years through the integration of BIM and Digital Twin. The results indicate that the synergistic use of both technologies reduces the time required for RES scenario analysis by half and increases the accuracy of energy production forecasts by 15%. The paper concludes with recommendations for designers, investors, and researchers, emphasizing the need for tool interoperability and standardization of energy data.

The rapid evolution of fifth-generation (5G) and beyond (B5G) networks has introduced significant security challenges, necessitating advanced cryptographic mechanisms to protect sensitive data during transmission. Traditional encryption models often struggle to balance security, computational efficiency, and adaptability to dynamic network conditions. This study proposes a novel hybrid cryptographic framework integrating the Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Rivest–Shamir–Adleman (RSA) algorithms. AES and DES provide high-speed symmetric encryption for efficient data protection, while RSA enables secure key exchange and authentication. The integration of dynamic round keys enhances encryption complexity, improving resistance to cryptanalytic attacks. Performance evaluations, including encryption and decryption time analysis, data expansion metrics, and throughput assessments, demonstrate that the proposed framework achieves an optimal balance between security and computational overhead. Benchmark comparisons with traditional and post-quantum cryptographic models highlight the superior efficiency and reduced data expansion of the hybrid approach. Furthermore, practical implementation on ESP32 hardware confirms the model’s feasibility for real-time encryption in resource-constrained environments typical of 5G applications. This scalable and flexible encryption paradigm addresses current and emerging security requirements in high-speed wireless networks, with future work focusing on integration with quantum-resistant cryptographic mechanisms to enhance resilience against evolving cyber threats. Experimental results show that the hybrid model achieves up to 30% higher throughput, 10–15% lower data expansion, and reduced encryption/decryption time compared to baseline algorithms, with successful ESP32 implementation and 100% decryption accuracy for key sizes up to 128 bits.

Abstract We prove the first hardness results against efficient proof search by quantum algorithms. We show that under Learning with Errors (LWE), the standard lattice-based cryptographic assumption, no quantum algorithm can weakly automate $${\rm TC}^0$$ TC 0 -Frege. This extends the line of results of Krajííček and Pudlík( Information and Computation , 1998), Bonet, Pitassi, and Raz ( SIAM Journal on Computing , 2000),and Bonet, Domingo, Gavaldá, Maciel, and Pitassi ( Computational Complexity, 2004 ), who showed that ExtendedFrege, $${\rm TC}^0$$ TC 0 -Frege and $${\rm AC}^0$$ AC 0 -Frege, respectively, cannot be weakly automated by classical algorithms if either the RSA cryptosystem or the Diffie-Hellman key exchange protocol are secure. To the best of our knowledge, this is the first interaction between quantum computation and propositional proof search.

Secure authentication in vehicular ad hoc networks (VANETs) remains a fundamental challenge due to their dynamic topology, susceptibility to attacks, and scalability constraints in multi-hop communication. Existing approaches based on elliptic curve cryptography (ECC), blockchain, and fog computing have achieved partial success but suffer from latency, resource overhead, and limited adaptability, leaving a gap for lightweight and hardware-rooted trust models. To address this, we propose a multi-hop mutual authentication protocol leveraging Physical Unclonable Functions (PUFs), which provide tamper-evident, device-specific responses for cryptographic key generation. Our design introduces a structured sequence of phases, including pre-deployment, registration, login, authentication, key establishment, and session maintenance, with optional multi-hop extension through relay vehicles. Unlike prior schemes, our protocol integrates fuzzy extractors for error tolerance, employs both inductive and game-based proofs for security guarantees, and maps BAN-logic reasoning to specific attack resistances, ensuring robustness against replay, impersonation, and man-in-the-middle attacks. The protocol achieves mutual trust between vehicles and RSUs while preserving anonymity via temporary identifiers and achieving forward secrecy through non-reused CRPs. Conceptual comparison with state-of-the-art PUF-based and non-PUF schemes highlights the potential for reduced latency, lower communication overhead, and improved scalability via cloud-assisted CRP lifecycle management, while pointing to the need for future empirical validation through simulation and prototyping. This work not only provides a secure and efficient solution for VANET authentication but also advances the field by offering the first integrated taxonomy-driven evaluation of PUF-enabled V2X protocols in multi-hop Wi-Fi environments.

Ensuring secure data transmission over public channels remains a fundamental challenge in modern communication systems. Cryptography, through encryption and decryption processes, is vital for protecting sensitive information from unauthorized access. Various symmetric and asymmetric cryptographic algorithms are used for this purpose, including Caesar, Affine, Vigenère, Hill ciphers, DES, AES, elliptic curve cryptography, ElGamal, and RSA. Among them, the Affine cipher is a monoalphabetic substitution cipher designed to convert plaintext into unreadable ciphertext to prevent intrusion. Although modified versions of the Affine cipher-such as those incorporating digraph transformation and squared modulus-have attempted to enhance security, they continue to suffer from vulnerabilities such as insecure key exchange, predictable ciphertext patterns, and padding-related ambiguities, especially with odd-length plaintexts. To overcome these limitations, we propose an enhanced Affine cipher algorithm that integrates a digraph transformation and a modified three-pass protocol for secure key exchange. This approach eliminates the need for padding characters, supports encryption of odd-length messages, expands the key space, and significantly improves overall security. We evaluated our method against both the original and modified Affine ciphers using key metrics including the avalanche effect, confusion and diffusion properties, encryption/decryption time, and resistance to brute-force and frequency analysis attacks. Our proposed method achieved a 75% avalanche effect, demonstrated better confusion and diffusion, and showed superior resistance to common cryptanalysis techniques. It also ensured secure key exchange between sender and receiver using the modified three-pass protocol and avoided padding, thereby reducing memory usage and processing time while resolving ciphertext ambiguity. Overall, the enhanced Affine cipher significantly outperforms existing approaches in both security and efficiency, and future work may focus on extending its application to multimedia data and further optimizing its computational performance.

The advent of quantum computing presents a paradigm shift in modern cybersecurity, threatening the foundations of classical cryptographic systems such as RSA, ECC, and Diffie–Hellman key exchange. Quantum algorithms like Shor’s and Grover’s can efficiently break these schemes, rendering existing encryption mechanisms vulnerable and obsolete. This growing risk necessitates the development of quantum-resilient or post-quantum cryptographic (PQC) solutions that can safeguard data and computation in the era of quantum networks. Secure Multi-Party Computation (SMPC), a cornerstone of privacy-preserving computation, enables multiple entities to jointly compute a function over their private inputs without revealing them. However, its traditional security assumptions are also undermined by quantum threats. This research aims to explore and evaluate quantum-safe cryptographic protocols for integrating PQC into SMPC frameworks, thereby ensuring both confidentiality and correctness even in the presence of quantum-capable adversaries. The study focuses on lattice-based, hash-based, and code-based cryptographic primitives, analyzing their resilience, efficiency, and scalability when applied to distributed systems. A comparative framework is proposed to assess the performance and security trade-offs of different post-quantum SMPC implementations under realistic network conditions. The findings are expected to contribute to the design of a new class of cryptographic protocols capable of resisting quantum attacks, supporting the secure functioning of next-generation networks, and guiding policymakers and technologists toward practical post-quantum standardization. Ultimately, this research strengthens the bridge between theoretical cryptography and real-world cybersecurity readiness in the post-quantum era.

In this paper, we have proposed a two-party authenticated key establishment (AKE), and authenticated key transport protocols based on lattice-based cryptography, aiming to provide security against quantum attacks for secure communication. This protocol enables two parties, who may share long-term public keys, to securely establish a shared session key, and transportation of the session key from the server while achieving mutual authentication. Our construction leverages the hardness of lattice problems Ring Learning With Errors (Ring-LWE), ensuring robustness against quantum and classical adversaries. Unlike traditional schemes whose security depends upon number-theoretic assumptions being vulnerable to quantum attacks, our protocol ensures security in the post-quantum era. The proposed protocol ensures forward secrecy, and provides security even if the long-term key is compromised. This protocol also provides essential property key freshness and resistance against man-in-the-middle attacks, impersonation attacks, replay attacks, and key mismatch attacks. On the other hand, the proposed key transport protocol provides essential property key freshness, anonymity, and resistance against man-in-the-middle attacks, impersonation attacks, replay attacks, and key mismatch attacks. A two-party key transport protocol is a cryptographic protocol in which one party (typically a trusted key distribution center or sender) securely generates and sends a session key to another party. Unlike key exchange protocols (where both parties contribute to key generation), key transport protocols rely on one party to generate the key and deliver it securely. The protocol possesses a minimum number of exchanged messages and can reduce the number of communication rounds to help minimize the communication overhead.