This study focuses on the vulnerabilities of classical matrix-based encryption and asymmetric padding schemes within hybrid cryptosystems for securing high-throughput enterprise data streams. The Hill cipher algorithm is highly vulnerable to known-plaintext attacks and frequency distribution analysis, whereas the standard Rivest-Shamir-Adleman (RSA) padding scheme of public-key cryptography standards (PKCS#1 v1.5) is vulnerable to padding oracle attacks. To overcome these issues, this study proposes a hybrid cryptographic model which integrates with the key matrix probabilistic scheme (KMPS) using multi-prime RSA architecture and learning with errors (LWE), alongside a modified padding scheme (PKCS #1 v1.5e) utilizing random noises. The feature of this method is the construction of a non-deterministic key matrix combining a random base matrix with a diagonal matrix derived from multi-prime RSA parameters and interjecting Gaussian probabilistic noise. This is followed by security validation using the National Institute of Standards and Technology (NIST) Statistical Test Suite. Experimental results demonstrate that for a 10 x 10 matrix, the ciphertext achieves a P-value of 0.788 in the frequency monobit test, significantly exceeding the NIST threshold of 0.01. This means that the output is statistically indistinguishable from random noise. An avalanche effect of 50.13% is observed, demonstrating strong compliance with the avalanche criterion and indicating substantial resistance to differential cryptanalytic attacks. The internal key entropy is enhanced to 6.28 bits. This model provides a robust solution for securing sensitive database records and transaction logs in enterprise environments, as well as ensuring confidentiality without compromising computational efficiency

Abstract Verifiably encrypted signature (VES) schemes are extensively utilized in fair exchange which combine the features of encryption and signature, aiming to provide a solution that can not only verify the validity of signatures but also safeguard the privacy of signatures. With the development of quantum algorithms and quantum computing, it is necessary to construct a VES protocol that can resist attack of quantum computing. At the same time, some new security properties can also be added to the VES protocol to enhance its security. To reach this goal, we propose a state-of-the-art lattice-based verifiably encrypted group signature (VEGS) scheme. In the random oracle model, the VEGS scheme is provably secure under the assumptions of learning with error (LWE) and inhomogeneous small integer solution (ISIS). Our scheme provides five security properties, namely unforgeability, opacity, extractability, anonymity and traceability. The three properties unforgeability, opacity and extractability are the properties that the VES protocol needs to meet, and the anonymity and traceability properties are additional security properties brought by combining with the group signature.

The technique of reversible data hiding in encrypted images (RDH-EI) has experienced significant interest as it allows for precise extraction of embedded data without compromising the confidentiality of the original image. This research introduces a novel RDH-EI technique designed to accommodate multiple data hiders. To tackle this challenge, we propose a sophisticated RDH-EI method that integrates secret sharing Founded on the Learning With Errors (LWE) problem alongside adaptive coding strategies. On the content owner’s side, the original image is first distributed to multiple data hiders using a method Founded on the Learning With Errors (LWE) problem. Then, block permutation along with stream cipher encryption are performed to completely preserve the spatial correlation between image blocks. The proposed method benefits from the robust security provided by LWE. Initially, we examine the spread of the most significant bit planes to detect segments that are suitable for data embedding. Next, the data hider produces extra data and embeds errors within the encrypted image to guarantee precise image reconstruction. To increase data storage capacity, the most significant bits (MSB) The blocks suitable for embedding are adaptively compressed based on their frequency of occurrence. The extra data may be inserted into the (MSB) of the encrypted image, where it is combined with inverse Huffman codewords and supplementary auxiliary information. At the receiving side, the initial image can still be completely restored Losslessly, even if some shares happen to be damaged or missing, provided that a sufficient number of valid shares are available. Experimental findings demonstrate that the RDH-EI approach exceeds the performance of various cutting-edge methods, including those employing secret sharing (SS), in terms of embedding capacity.

As quantum computing progresses, conventional public-key cryptographic schemes such as RSA and ECC face increasing vulnerability to quantum attacks. Post-quantum cryptography (PQC), especially schemes based on the learning with errors (LWE) problem, depends on Gaussian-distributed noise for security. However, traditional Gaussian noise generation methods—such as Box–Muller, rejection sampling, and Ziggurat—incur high computational and memory costs, making them unsuitable for lightweight or embedded systems. This paper proposes a hardware-based Gaussian noise generator that uses the inherent randomness of static random access memory (SRAM) power-on states. The method aggregates SRAM start-up bits and computes their Hamming weight to efficiently generate Gaussian-distributed integers without analog components, large lookup tables, or external random number generators. Experimental results show that the output closely matches a Gaussian distribution under various group sizes and environmental conditions. Statistical tests, including Shapiro–Wilk and Kolmogorov–Smirnov, achieve over 95% pass rates, while Kullback–Leibler divergence remains below 0.01. The generator also maintains Gaussian properties across a wide thermal range (− 20 to 100 °C). These results demonstrate that the proposed SRAM-based generator offers a practical, lightweight, and thermally robust solution for PQC, particularly in lattice- and code-based cryptographic schemes.Supplementary InformationThe online version contains supplementary material available at 10.1038/s41598-025-27929-3.

The Learning with Errors (LWE) problem, particularly its efficient ternary variant where secrets and errors are small, is a fundamental building block for numerous post-quantum cryptographic schemes. Combinatorial attacks provide a potent approach to cryptanalyzing ternary LWE. While classical attacks have achieved complexities close to their asymptotic S0.25 bound for a search space of size S, their quantum counterparts have faced a significant gap: the attack by van Hoof et al. (vHKM) only reached a concrete complexity of S0.251, far from its asymptotic promise of S0.193. This work introduces an efficient quantum combinatorial attack that substantially narrows this gap. We present a quantum walk adaptation of the locality-sensitive hashing algorithm by Kirshanova and May, which fundamentally removes the need for guessing error coordinates—the primary source of inefficiency in the vHKM approach. This crucial improvement allows our attack to achieve a concrete complexity of approximately S0.225, markedly improving over prior quantum combinatorial methods. For concrete parameters of major schemes including NTRU, BLISS, and GLP, our method demonstrates substantial runtime improvements over the vHKM attack, achieving speedup factors ranging from 216 to 260 across different parameter sets and establishing the new state-of-the-art for quantum combinatorial attacks. As a second contribution, we address the challenge of polynomial quantum memory constraints. We develop a hybrid approach combining the Kirshanova–May framework with a quantum claw-finding technique, requiring only O(n) qubits while utilizing exponential classical memory. This work provides the first comprehensive concrete security analysis of real-world LWE-based schemes under such practical quantum resource constraints, offering crucial insights for post-quantum security assessments. Our results reveal a nuanced landscape where our combinatorial attacks are superior for small-weight parameters, while lattice-based attacks maintain an advantage for others.

Abstract With the rise of cloud storage and the looming threat of quantum computing, traditional encryption methods are encountering significant challenges that hinder data manipulation without decryption. To counter quantum attacks while maintaining data manipulation capabilities, new architectures such as quantum-resistant public key encryption with equality test (PKEET) must be developed. Our study presents the initial PKEET that leverages the Learning with Rounding (LWR) problem, which provides security within standard model. We also introduce its variants, public key encryption with delegated equality test (PKE-DET) and PKEET supporting flexible authorization (PKEET-FA). Our proposals could achieve fine-grained delegation at the ciphertext-specified level compared to previous PKE-DET schemes. For example, our PKE-DET supports a delegated tester function while ensuring security against quantum computing threats. Our PKEET-FA could accord users even more controls over what ciphertexts they want to compare. Our schemes’ security is founded on the LWR problem which avoids the need for discrete Gaussian sampling, unlike the Learning with Errors (LWE) problem. This distinction renders our methods both simpler and more efficient compared to those based on LWE. Moreover, our schemes enjoy smaller-sized ciphertexts.

Revocable Identity-Based Encryption (RIBE) can dynamically revoke users whose secret keys have been compromised, ensuring a system's backward security. An RIBE scheme with decryption key exposure resistance (DKER) guarantees the confidentiality of ciphertext during any time period where the decryption key remains undisclosed. Existing RIBE schemes with DKER generate O(rlog(N/r)) ciphertexts for each plaintext message. Redundant ciphertexts impose significant computational burdens on users and substantial communication overhead on the system. To reduce high computation and communication overhead in existing schemes, this paper proposes a dual-key combination trapdoor generation method. Based on the proposed method, an indirect RIBE scheme with DKER is constructed, reducing ciphertext redundancy and obtaining computation and communication efficiency. Firstly, this paper proposes a dual-key combination trapdoor generation mechanism. By constructing an Inhomogeneous Small Integer Solution (ISIS) instance, the Key Generation Center (KGC) generates and distributes short bases to users as their identity keys. Subsequently, based on the constructed ISIS instance, a new inverse ISIS instance is derived. Furthermore, during each time period, KGC generates short bases for all non-revoked users as their time keys. By linearly combining their identity key with the corresponding time key, every non-revoked user can derive a re-randomized decryption key, achieving controlled key derivation. Secondly, based on the proposed method, a Post-Quantum Secure, Lightweight RIBE scheme with DKER (PQS-LRIBE-DKER) is constructed. For every non-revoked user, their identity key and time key serve as their own user secret key and key update, respectively. Controllable key derivation enables indirect revocation of the scheme. By adopting an indirect revocation, the PQS-LRIBE-DKER scheme achieves a single ciphertext per plaintext message, significantly reducing the sender's computational load and the system's communication overhead. Finally, under the hardness assumptions of the Learning with Errors (LWE) and ISIS problems, we prove that the proposed scheme achieves selective identity security in the standard model.

Abstract We prove the first hardness results against efficient proof search by quantum algorithms. We show that under Learning with Errors (LWE), the standard lattice-based cryptographic assumption, no quantum algorithm can weakly automate $${\rm TC}^0$$ TC 0 -Frege. This extends the line of results of Krajííček and Pudlík( Information and Computation , 1998), Bonet, Pitassi, and Raz ( SIAM Journal on Computing , 2000),and Bonet, Domingo, Gavaldá, Maciel, and Pitassi ( Computational Complexity, 2004 ), who showed that ExtendedFrege, $${\rm TC}^0$$ TC 0 -Frege and $${\rm AC}^0$$ AC 0 -Frege, respectively, cannot be weakly automated by classical algorithms if either the RSA cryptosystem or the Diffie-Hellman key exchange protocol are secure. To the best of our knowledge, this is the first interaction between quantum computation and propositional proof search.

ABSTRACTIdentity‐based fully homomorphic signature (IBFHS) allows untrusted servers to conduct homomorphic evaluations on outsourced data to obtain a new valid signature, ensuring the evaluated output's correctness while significantly simplifying key management. However, the public composability of IBFHS limits its applicability in scenarios requiring restricted verification rights. For example, in cloud storage data audit systems, introducing a designated verifier mechanism ensures that only authorized third‐party auditors (TPAs) can verify data integrity, preventing malicious auditors from tampering with or forging results. To address this limitation, we propose an identity‐based strong designated verifier fully homomorphic signature (IBSDVFHS) scheme, where only an authorized entity can verify the validity of homomorphically evaluated signatures. We establish formal security definitions for IBSDVFHS, including unforgeability, nontransferability, privacy of the signer's identity, and robustness. Furthermore, we propose a specific design of IBSDVFHS with provable security under the small integer solution (SIS) assumption and the learning with errors (LWE) assumption in the random oracle model.

The Learning with Errors (LWE) problem asks to distinguish noisy samples s^T A + e^T mod q from uniformly random values given the random matrix A. In this work, we show that a variant called Leaky LWE, where the distinguisher receives additionally noisy leakages (s^T, e^T) L + f^T of the LWE secret s and error e for low-norm matrix L chosen adaptively by the distinguisher after seeing A, is not easier than the standard LWE of the same dimensions up to polynomial losses in the noise level and the modulus. More generally, we show that the Leaky LWE problem is hard even if the public matrix A is structured and/or hinted and if the non-leaky parts of the secret and error do not follow Gaussian distributions, as long as the corresponding LWE problem without leakage is hard. Our reduction from LWE to Leaky LWE unifies and extends prior results on the Error-Leakage LWE problem [Döttling-Kolonelos-Lai-Lin-Malavolta-Rahimi, EUROCRYPT'23], where L only acts on the error e and the Hint-MLWE problem [Kim-Lee-Seo-Song, CRYPTO'23], where L is restricted to concatenations of random Gaussian scalar matrices not controlled by the distinguisher. Previously, the Hint-MLWE and Error-Leakage LWE assumptions were used as computational replacements of the statistical noise flooding technique in security proofs which led to improved parameters in lattice-based cryptographic constructions such as zero-knowledge proofs, threshold signatures and registration-based encryption. We provide lemmas which abstract out such computational arguments based on Leaky LWE.

Servan-Schreiber et al. [IEEE S& P, 2023] presented a new notion called private access control lists (PACL) for function secret sharing (FSS), where the FSS evaluators can ensure that the FSS dealer is authorized to share the given function. Their construction relies on costly non-interactive secret-shared proofs and is not secure in the post-quantum setting. We give a construction of PACL from publicly verifiable secret sharing (PVSS) under the short integer solution (SIS) problem. Our construction adapts the Gentry et al.'s scheme [EUROCRYPT, 2022] for the post-quantum setting based on the learning with error (LWE) assumption aimed at ensuring that database access control policies are enforced by FSS evaluators, who verify that the FSS dealer is authorized to share the specified database query function. The benchmarks of our PACL show a trade-off between proving and verification efficiency, making the optimal choice dependent on application requirements. This construction has many applications for access control by applying FSS. We also present a secure data retrieval scheme using DPF-PACL for access control, which complements the PACL framework while providing independent utility.

The informativeness of the gradient revisited.

Abstract - The explosion of Internet of Things (IoT) devices calls for the design of computationally light blockchain consensus mechanisms immune to quantum threats. The conventional consensus protocols such as Proof-of-Work (PoW) and Proof-of-Stake (PoS) may have quantum cryptanalysis and incur high computational overhead on resource-limited IoT devices. In this paper, we introduce QR-LightChain, a new quantum-robust light weight consensus algorithm with the combination of lattice-based cryptography and a brand-new Proof-of-Lightweight-Work (PoLW). Our proposal is based on formalism Learning With Errors (LWE) as a quantum resistant based scheme, also, but with the use of the adaptive difficulty tuning and energy efficient mechanism to validate the hashing. Experimental results show that QR-LightChain reduces the computational overhead by 52.3% with respect to traditional quantum-resistant approaches, while preserving security against both classical and quantum adversaries. The protocol shows good performance in IoT: The average block validation time of 1.2 sec is achieved and there is 40% less energy consumed than for current quantum-resistant consensus in the literature. Our work fills the important research challenge of providing 1 Post-Quantum Cryptography and Blockchain Modern internet of things (IoT) blockchain net- works are being developed in resource-constrained environments such as smart cities, while QCs Key Words: Quantum resistance, IoT blockchain, lightweight consensus, lattice-based cryptography, post-quantum cryptography, Proof-of-Lightweight-Work, resource-constrained devices

Vehicular Ad Hoc Networks (VANETs) face unprecedented security challenges due to their dynamic topology, heterogeneous node capabilities, and vulnerability to quantum computing threats. Traditional trust-based routing protocols rely on classical cryptographic primitives that become obsolete in the post- quantum era, while context- awareness remains superficial in existing approaches. This paper presents a novel Quantum-Resilient Secure Context-Aware Trust-Based Routing with Preemptive Verifiable Key Handover (QR-SCTR-PVKH) protocol for VANETs that integrates lattice-based cryptography with multi- dimensional trust evaluation and proactive key management. Our approach incorporates direct trust computation based on packet delivery ratio, indirect trust propagation through witness testimonies, contextual trust adaptation considering traffic density and node mobility patterns, and historical trust evolution using temporal decay functions. The preemptive verifiable key handover mechanism employs Learning With Errors (LWE) problem-based key generation with forward secrecy guarantees and quantum-resistant signature schemes. Extensive simulations using SUMO-integrated NS-3 demonstrate 23.7% improvement in packet delivery ratio, 31.2% reduction in end-to-end delay, and 89.4% attack detection accuracy compared to state-of-the-art protocols. The protocol maintains IEEE 1609.2 compliance while ensuring GDPR compliance through privacy-preserving trust aggregation. Security analysis confirms resistance against quantum attacks, Sybil attacks, blackhole attacks, and replay attacks with computational overhead remaining within 15% of classical approaches.

To ensure confidentiality and integrity in the era of quantum computing, most post-quantum cryptographic schemes are designed to achieve either encryption or digital signature functionalities separately. Although a few signcryption schemes exist that combine these operations into a single, more efficient process, they typically rely on complex vector, matrix, or polynomial-based structures. In this work, a novel post-quantum public-key encryption and signature (PQES) scheme based entirely on scalar integer operations is presented. The proposed scheme employs a simplified structure where the ciphertext, keys, and core cryptographic operations are defined over scalar integers modulo n, significantly reducing computational and memory overhead. By avoiding high-dimensional lattices or ring-based constructions, the PQES approach enhances implementability on constrained devices while maintaining strong security properties. The design is inspired by modified learning-with-errors (LWE) assumptions, adapted to scalar settings, making it suitable for post-quantum applications. Security and performance evaluations, achieving a signcryption time of 0.0007 s and an unsigncryption time of 0.0011 s, demonstrate that the scheme achieves a practical balance between efficiency and resistance to quantum attacks.

The rapid proliferation of cloud computing enables users to access computing resources and storage space over the internet, but it also presents challenges in terms of security and privacy. Ensuring the security and availability of data has become a focal point of current research when utilizing cloud computing for resource sharing, data storage, and querying. Public key encryption with equality test (PKEET) can perform an equality test on ciphertexts without decrypting them, even when those ciphertexts are encrypted under different public keys. That offers a practical approach to dividing up or searching for encrypted information directly. In order to deal with the threat raised by the rapid development of quantum computing, researchers have proposed post-quantum cryptography to guarantee the security of cloud services. However, it is challenging to implement these techniques efficiently. In this paper, a compact PKEET scheme is pro-posed. The new scheme does not encrypt the plaintext's hash value immediately but embeds it into the test trapdoor. We also demon-strated that our new construction is one-way secure under the quantum security model. With those efforts, our scheme can withstand the chosen ciphertext attacks as long as the learning with errors (LWE) assumption holds. Furthermore, we evaluated the new scheme's performance and found that it only costs approximately half the storage space compared with previous schemes. There is an almost half reduction in the computing cost throughout the encryption and decryption stages. In a nutshell, the new PKEET scheme is less costly, more compact, and applicable to cloud computing scenarios in a post-quantum environment.

In the rapidly evolving domain of smart healthcare, the integration of Docker containers and Kubernetes with Internet of Things (IoT) edge cloud orchestration has significantly enhanced the performance, scalability, and modularity of healthcare applications. However, despite the efficiency benefits provided by microservices architecture, substantial security vulnerabilities persist, particularly in the face of the threat of quantum computing. Quantum algorithms, such as Shor’s and Grover’s, pose a significant risk to conventional encryption schemes, potentially compromising the integrity and confidentiality of healthcare data distributed across edge cloud environments. To address these critical concerns, we propose AQ-ResCon: an Adaptive Quantum-Resistant Lattice-Based Key Agreement Protocol designed for secure and resilient distributed container orchestration. AQ-ResCon leverages the hardness of the Learning With Errors (LWE) problem in lattice-based cryptography to provide a robust defence against quantum attacks. We further introduce the AQ-ResCon Scheduler Algorithm, which efficiently manages and executes healthcare workloads across decentralised IoT-edge-cloud nodes, ensuring secure data flow and orchestration. Extensive testbed experiments were conducted to evaluate the performance and security effectiveness of AQ-ResCon under realistic containerised healthcare scenarios. Results demonstrate that AQ-ResCon achieves up to 36% improvement in scheduling efficiency, 41% reduction in key compromise rates, and 28% lower latency compared to existing quantum-vulnerable orchestration protocols. Additionally, the AQ-ResCon protocol maintained consistent performance under simulated quantum attack conditions, validating its adaptability and resilience. These outcomes confirm that AQ-ResCon is a viable, secure, and future-proof solution for safeguarding microservices-based healthcare applications against evolving quantum threats in edge cloud environments.

Provable data possession (PDP) is a technique that enables the verification of data integrity in cloud storage without the need to download the data. PDP schemes are generally categorized into public and private verification. Public verification allows third parties to assess the integrity of outsourced data, offering good openness and flexibility, but it may lead to privacy leakage and security risks. In contrast, private verification restricts the auditing capability to the data owner, providing better privacy protection but often resulting in higher verification costs and operational complexity due to limited local resources. Moreover, most existing PDP schemes are based on classical number-theoretic assumptions, making them vulnerable to quantum attacks. To address these challenges, this paper proposes an identity-based PDP with a designated verifier over lattices, utilizing a specially leveled identity-based fully homomorphic signature (IB-FHS) scheme. We provide a formal security proof of the proposed scheme under the small-integer solution (SIS) and learning with errors (LWE) within the random oracle model. Theoretical analysis confirms that the scheme achieves security guarantees while maintaining practical feasibility. Furthermore, simulation-based experiments show that for a 1 MB file and lattice dimension of n = 128, the computation times for core algorithms such as TagGen, GenProof, and CheckProof are approximately 20.76 s, 13.75 s, and 3.33 s, respectively. Compared to existing lattice-based PDP schemes, the proposed scheme introduces additional overhead due to the designated verifier mechanism; however, it achieves a well-balanced optimization among functionality, security, and efficiency.

Homomorphic encryption (HE) schemes have gained significant popularity in modern privacy-preserving applications across various domains. While research on HE constructions based on learning with errors (LWE) and ring-LWE has received major attention from both cryptographers and software-hardware designers alike, their module-LWE-based counterpart has remained comparatively under-explored in the literature. A recent work provides a module-LWE-based instantiation (MLWE-HE) of the Cheon-Kim-Kim-Song (CKKS) scheme and showcases several of its advantages such as parameter flexibility and improved parallelism. However, a primary limitation of this construction is the quadratic growth in the size of the relinearization keys. Our contribution is two-pronged: first, we present a new relinearization key-generation technique that addresses the issue of quadratic key size expansion by reducing it to linear growth. Second, we extend the application of MLWE-HE in a multi-group homomorphic encryption (MGHE) framework, thereby generalizing the favorable properties of the single-keyed HE to a multi-keyed setting as well as investigating additional flexibility attributes of the MGHE framework.

Traditional cryptographic systems face critical vulnerabilities posed by the rapid advancement of quantum computing, particularly concerning key exchange mechanisms and the quality of entropy sources for random number generation. To address these challenges, this paper proposes a multi-layered, quantum-resistant hybrid cryptographic architecture. First, to ensure robust data confidentiality and secure key establishment, the architecture employs AES-256 (Advanced Encryption Standard-256) for data encryption and utilizes the Kyber Key Encapsulation Mechanism (KEM), which is based on the Learning With Errors (LWE) problem, for secure key exchange. Second, to further bolster overall security by establishing a high-quality cryptographic foundation, we design a TRNG (true random number generator) system based on a multi-level Ring Oscillator (RO) architecture (employing 5, 7, 9, and 11 inverter stages), which provides a reliable and high-quality entropy source. Third, to enable intelligent and adaptive security management, we introduce FA-Kyber (Flow-Adaptive Kyber), a dual-trigger key exchange framework facilitating dynamic key management strategies. Experimental evaluations demonstrate that our implementation exhibits robust performance, achieving an encrypted data transmission throughput of over 550 Mbps with an average end-to-end latency of only 3.14 ms and a key exchange success rate of 99.99% under various network conditions. The system exhibits excellent stability under network congestion, maintaining 86% of baseline throughput under moderate stress, while adaptively increasing the key rotation frequency to enhance security. This comprehensive approach strikes an optimal balance between performance and post-quantum resilience for sensitive communications.