Post-quantum Security Research Articles

Quantum-enhanced algorithms for real-time processing in cryptographic systems: A path towards post-quantum security

New technologies such as quantum computing present a major challenge to the current cryptographic systems; thus, quantum-resistant techniques are required. This work describes a new approach for adapting QE schemes to real-life IT security applications, giving a glimpse of the way to post-quantum security. Hence, the architecture proposed here incorporates classical and quantum methods to present a vast enhancement in speed and the stability of security. The system seeks to solve this problem using a hybrid quantum-classical computing strategy. It achieves a 470 percent performance improvement in latency while withstanding both classical and post-quantum attacks concurrently. Field experiments and numerous tests for the accuracy and practicability of the framework established its elasticity and robustness. This research suggests many directions for further research – improving the efficiency of merging quantum-classical users, studying the adaptive quantum algorithms issue, and employing machine learning technology for the identification of threats. The applicability of quantum-enhanced cryptographic processing in producing practical and commercially viable technology highlights the significant advances that have been made in guaranteeing the security of sensitive applications in the coming years, including commerce and appeals. The findings of this type of work can be helpful to the continuous process of establishing post-quantum cryptographic standards and increasing the use of quantum-safe technologies.

Lightweight, Post-Quantum Secure Cryptography Based on Ascon: Hardware Implementation in Automotive Applications

With the rapid growth of connected vehicles and the vulnerability of embedded systems against cyber attacks in an era where quantum computers are becoming a reality, post-quantum cryptography (PQC) is a crucial solution. Yet, by nature, automotive sensors are limited in power, processing capability, memory in implementing secure measures. This study presents a pioneering approach to securing automotive systems against post-quantum threats by integrating the Ascon cipher suite—a lightweight cryptographic protocol—into embedded automotive environments. By combining Ascon with the Controller Area Network (CAN) protocol on an Artix-7 Field Programmable Gate Array (FPGA), we achieve low power consumption while ensuring high performance in post-quantum-resistant cryptographic tasks. The Ascon module is designed to optimize computational efficiency through bitwise Boolean operations and logic gates, avoiding resource-intensive look-up tables and achieving superior processing speed. Our hardware design delivers significant speed improvements of 100 times over software implementations and operates effectively within a 100 MHz clock while demonstrating low resource usage. Furthermore, a custom digital signal processing block supports CAN protocol integration, handling message alignment and synchronization to maintain signal integrity under automotive environmental noise. Our work provides a power-efficient, robust cryptographic solution that prepares automotive systems for quantum-era security challenges, emphasizing lightweight cryptography’s readiness for real-world deployment in automotive industries.

Advanced Techniques in Post-Quantum Cryptography for Ensuring Data Security in the Quantum Era

The arrival of quantum computers is a major threat to current security methods, which depend on problems like discrete logarithms and integer factorization being hard. Post-quantum cryptography (PQC) is getting to be an critical field for making secure strategies that can't be broken by quantum assaults. This exposition talks almost progressed PQC strategies, centered on the most up to date thoughts and what they cruel for securing information within the quantum age. To begin with, we see at lattice-based cryptography, which appears like a great choice since it has solid security roots and can be utilized in numerous circumstances. This incorporates strategies such as Learning With Mistakes (LWE) and Ring-LWE, which are exceptionally great at ensuring against quantum dangers and are simple to utilize. Another critical zone is code-based cryptography, which employments the trouble of breaking irregular straight codes as an case. The McEliece cryptosystem is one such framework. It is checked to see how valuable and successful these strategies are in real-life circumstances. We see into multivariate polynomial encryption, which builds security on the truth that it's difficult to illuminate sets of multivariate quadratic equations. People are particularly curious about this strategy since it may be utilized to form proficient marking plans. Another imperative strategy is hash-based cryptography, which employments hash capacities to create secure advanced marks. The consider moreover talks around blended cryptography frameworks that utilize both conventional and post-quantum strategies. These frameworks make beyond any doubt that the switch to quantum computing goes easily and give way better security. We see at the issues that come up with implementation, like additional work that has to be done on the computer and joining it with current frameworks, and come up with ways to urge around these issues. At long last, moving to post-quantum security is necessary, but it comes with a part of problems that ought to be illuminated in numerous ways.

Construction of post quantum secure authenticated key agreement protocol for dew-assisted IoT systems

Construction of post quantum secure authenticated key agreement protocol for dew-assisted IoT systems

Optimized Falcon Verify on Cortex-M4 for Post-Quantum secure UAV communications

Falcon, a NIST-standardized DSA, is ideal for broadcast-based communication like UAV due to its short key and signature. Since each UAV broadcasts the signed message to surrounding parties, UAVs must verify numerous signatures in flight. After migrating from ECDSA to Falcon for quantum security, it is crucial to maintain the same throughput of signature verification. However, existing Falcon implementations do not guarantee that throughput. We optimize Falcon Verify for Cortex-M4, enhancing NTT-based polynomial multiplication with signed representation and Plantard-based modular multiplication. We outperform the latest Falcon implementation in pqm4 by 64%/75% (resp. Falcon-512/Falcon-1024) in verification time, ensuring ECDSA-like throughput.

A Comprehensive Review of MI-HFE and IPHFE Cryptosystems: Advances in Internal Perturbations for Post-Quantum Security

The RSA cryptosystem has been a cornerstone of modern public key infrastructure; however, recent advancements in quantum computing and theoretical mathematics pose significant risks to its security. The advent of fully operational quantum computers could enable the execution of Shor’s algorithm, which efficiently factors large integers and undermines the security of RSA and other cryptographic systems reliant on discrete logarithms. While Grover’s algorithm presents a comparatively lesser threat to symmetric encryption, it still accelerates key search processes, creating potential vulnerabilities. In light of these challenges, there has been an intensified focus on developing quantum-resistant cryptography. Current research is exploring cryptographic techniques based on error-correcting codes, lattice structures, and multivariate public key systems, all of which leverage the complexity of NP-hard problems, such as solving multivariate quadratic equations, to ensure security in a post-quantum landscape. This paper reviews the latest advancements in quantum-resistant encryption methods, with particular attention to the development of robust trapdoor functions. It also provides a detailed analysis of prominent multivariate cryptosystems, including the Matsumoto–Imai, Oil and Vinegar, and Polly Cracker schemes, alongside recent progress in lattice-based systems such as Kyber and Crystals-DILITHIUM, which are currently under evaluation by NIST for potential standardization. As the capabilities of quantum computing continue to expand, the need for innovative cryptographic solutions to secure digital communications becomes increasingly critical.

MODRED: A code-based non-interactive key exchange protocol

How to construct a non-interactive key exchange (NIKE) protocol based on coding theory is an opening problem. In this paper, we propose the first code-based NIKE protocol MODRED, whose security relies on the hardness of the Restricted Syndrome Decoding (R-SD) problem and its variant. A non-interactive error reconciliation mechanism is presented and applied to MODRED, which enables the two sides of communication to “approximately agree” on the shared key. This is of great significance because it may lead to a more generic framework construction. Furthermore, our proposal is competitive and practical. We provide an initial choice of parameters for MODRED, tailored to 120-bit post-quantum security level, yielding the public keys of less than 1.2 MBs.

Post-Quantum Secure ID-Based (Threshold) Linkable Dual-Ring Signature and Its Application in Blockchain Transactions

Ring signatures are widely used in e-voting, anonymous whistle-blowing systems, and blockchain transactions. However, due to the anonymity of ring signatures, a signer can sign the same message multiple times, potentially leading to repeated voting or double spending in blockchain transactions. To address these issues in blockchain transactions, this work constructs an identity-based linkable ring signature scheme based on the hardness of the lattice-based Module Small Integer Solution (M-SIS) assumption, which is hard even for quantum attackers. The proposed scheme is proven to be anonymous, unforgeable, linkable, and nonslanderable in the random oracle model. Compared to existing identity-based linkable ring signature (IBLRS) schemes of linear size, our signature size is relatively smaller, and this advantage is more pronounced when the number of ring members is small. We provide approximate signature size data for ring members ranging from 2 to 2048. When the number of ring members is 16 (or 512. resp.), the signature size of our scheme is 11.40 KB (or 24.68 KB, respectively). Finally, a threshold extension is given as an additional scheme with specifications and security analysis.

Securing the Internet of Things with Ascon-Sign

With a Cryptographically-Relevant Quantum Computer (CRQC) estimated to be viable within the next 15 years, the development of post-quantum security is imperative. Previously secure networks may soon fall victim to these CRQCs as they will likely attack the weakest link in a network. In modern networks, these weak-links are often present in the form of Internet of Things (IoT) devices, as the resource constrains imposed by these wireless nodes leads to lowered security. We offer the first Ascon-Sign implementation for resource constrained FPGAs, which allows a wireless sensor network to verify nodes. Our design runs twice as fast as similarly-area constrained devices, and shows a 33% reduction in power per operation. We demonstrate the capability of our design by integrating it with a wireless sensor network for weather detecting. We also propose an amendment to the Ascon-Sign specification that allows for shortened processing time and lower memory requirements.

Design and analysis of a post-quantum secure three party authenticated key agreement protocol based on ring learning with error for mobile device

Design and analysis of a post-quantum secure three party authenticated key agreement protocol based on ring learning with error for mobile device

Performance analysis and evaluation of postquantum secure blockchained federated learning

As the field of quantum computing progresses, traditional cryptographic algorithms such as RSA and ECDSA are becoming increasingly vulnerable to quantum-based attacks, underscoring the need for robust post-quantum security in critical systems like Federated Learning (FL) and Blockchain. In light of this, we propose a novel hybrid approach for blockchain-based FL (BFL) that integrates a stateless signature scheme, such as Dilithium or Falcon, with a stateful hash-based scheme like XMSS. This combination leverages the complementary strengths of both schemes to provide enhanced security. To further optimize performance, we introduce a linear formula-based device role selection method that takes into account key factors such as computational power and stake accumulation. This selection process is reinforced by a verifiable random function (VRF), which strengthens the blockchain consensus mechanism. Our extensive experimental results demonstrate that this hybrid approach significantly enhances both the security and efficiency of BFL systems, establishing a robust framework for the integration of post-quantum cryptography as we transition into the quantum computing era.

PQSF: post-quantum secure privacy-preserving federated learning

In federated learning, secret sharing is a key technology to maintain the privacy of participants’ local models. Moreover, with the rapid development of quantum computers, existing federated learning privacy protection schemes based on secret sharing will no longer be able to guarantee the data security of participants in the post-quantum era. In addition, existing privacy protection methods have the problem of high communication and computational overhead. Although the multi-stage secret sharing scheme proposed by Pilaram et al. is one of the effective solutions to the above problems, existing studies have proven the privacy leakage risk of this scheme. This paper firstly designs a new lattice-based multi-stage secret sharing scheme Improved-Pilaram to solve the security problem, which allows participants to use public vectors to reconstruct different secret values without changing the secret sharing. Based on Improved-Pilaram, this article proposes a post-quantum secure federated learning scheme PQSF. PQSF uses double masking technology to encrypt model parameters and achieves mask reconstruction through secret sharing. Since Improved-Pilaram is multi-stage, participants do not need to update their local secret shares frequently during training. Analysis and experimental results show that the PQSF proposed in this paper reduces the communication complexity between participants and reduces the computational overhead by about 20% compared with existing solutions.

A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data

Physical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be detected. Weak PUFs, which support a relatively small number of challenge-response pairs (CRPs), are simple and easy to construct. Device authentication with weak PUFs typically uses helper data to obfuscate and recover a cryptographic key that is then required by a cryptographic authentication scheme. However, these schemes are vulnerable to helper-data attacks and many of them do not protect conveniently the PUF responses, which are sensitive data, as well as are not resistant to attacks performed by quantum computers. This paper proposes an authentication scheme that avoids the aforementioned weaknesses by not using helper data, protecting the PUF response with a quantum-safe homomorphic encryption, and by using a two-server setup. Specifically, the CRYSTALS-Kyber public key cryptographic algorithm is used for its quantum resistance and suitability for resource-constrained Internet-of-Things (IoT) devices. The practicality of the proposal was tested on an ESP32 microcontroller using its internal SRAM as a SRAM PUF. For PUF responses of 512 bits, the encryption execution time ranges from 16.41 ms to 41.08 ms, depending on the desired level of security. In terms of memory, the device only needs to store between 800 and 1,568 bytes. This makes the solution post-quantum secure, lightweight and affordable for IoT devices with limited computing, memory, and power resources.

Locally verifiable approximate multi-member quantum threshold aggregation digital signature scheme

Locally verifiable aggregate signature primitives can reduce the complexity of aggregate signature verification by computing locally open algorithms to generate auxiliary parameters. However, the breakthrough results of quantum computers at this stage indicate that it will be possible for quantum computers to break through the security of traditional hardness-based aggregated signature schemes. In order to solve the above problems, this paper proposes for the first time a new locally verifiable class of multi-member quantum threshold aggregated digital signature scheme based on the property that the verification of quantum coset states is a projection on the trans-subspace. Combined with the idea of auxiliary parameter generation in traditional locally verifiable aggregated signatures, it makes the current stage of threshold quantum digital signatures realize the aggregated features, and reduces the complexity of the verification of aggregated signatures while realizing post-quantum security. In addition, the verification of the signature key (quantum state) of the signature members does not require measurement operations, and the generated signatures are classical, so the communication between the trusted third center (TC), the set of signature members, the classical digital signature verifier (CV), and the third-party trusted aggregation generator (TA) are all classical, simplifying the communication model. In the performance analysis we make this quantum aggregation signature scheme more flexible as well as less quantum state preparation compared to other schemes.

Extended version—to be, or not to be stateful: post-quantum secure boot using hash-based signatures

AbstractWhile research in PQC has gained significant momentum, its adoption in real-world products is slow. This is largely due to concerns about practicability and maturity. The secure boot process of embedded devices is one scenario where such restraints can result in fundamental security problems. In this work, we present a flexible hardware/software co-design for HBS schemes which enables the transition to a post-quantum secure boot today. These signature schemes stand out due to their straightforward security proofs and are on the fast track to standardisation. Unlike previous work, we exploit the performance intensive similarities of the stateful LMS and XMSS schemes as well as the stateless $$\text {SPHINCS}^{+}$$ SPHINCS + scheme. Thus, we enable designers to use a stateful or stateless scheme depending on the constraints of each individual application. To demonstrate the feasibility of our approach, we compare our results with hardware accelerated implementations of classical asymmetric algorithms. Further, we outline the use of different HBS schemes during the boot process. We compare different schemes, show the importance of parameter choices, and demonstrate the performance gain with different levels of hardware acceleration.

Progressive and efficient verification for digital signatures: extensions and experimental results

Digital signatures are widely deployed to authenticate the source of incoming information, or to certify data integrity. Common signature verification procedures return a decision (accept/reject) only at the very end of the execution. If interrupted prematurely, however, the verification process cannot infer any meaningful information about the validity of the given signature. This limitation is due to the algorithm design solely, and it is not inherent to signature verification. In this work, we provide a formal framework to extract information from prematurely interrupted signature verification, independently of why the process halts: we propose a generic verification procedure that progressively builds confidence on the final decision. Our transformation builds on a simple but powerful intuition and applies to a wide range of existing schemes considered to be post-quantum secure, including some lattice-based and multivariate equations based constructions. We demonstrate the feasibility of our approach through an implementation on off-the-shelf resource-constrained devices. In particular, an intensive testing activity has been conducted measuring the increase of performance on three IoT boards—i.e., Arduino, Raspberry, and Espressif—and a consumer-grade laptop. While the primary motivation of progressive verification is to mitigate unexpected interruptions, we show that verifiers can leverage it in two innovative ways. First, progressive verification can be used to intentionally adjust the soundness of the verification process. Second, our transformation splits verification into a computationally intensive offline set-up (run once), and an efficient online verification that is faster than the original algorithm. We conclude showing how to tweak our compiler for progressive verification to work on a wide range of signatures with properties, on three real-life use cases, and in combination with efficient verification.

Efficient post-quantum secure deterministic wallet scheme

Since the advent of Bitcoin, cryptocurrencies have gained substantial popularity, and crypto wallets have evolved into the predominant tool for safeguarding and managing cryptographic keys to access cryptocurrency funds. Deterministic wallets are proposed as an advanced wallet mechanism to provide benefits such as low-maintenance, easy backup and recovery, and support for functionalities required by cryptocurrencies. Alkeilani Alkadri et al. (ACM CCS’20) presented the first post-quantum secure deterministic wallet scheme, but it exhibits a gap to bridge before achieving practical applicability, as reflected in both their concrete parameters size and computational efficiency. In this paper, we propose an efficient post-quantum secure deterministic wallet scheme. In particular, we present a new construction method for deterministic wallets, prove the security in the quantum random oracle model, and provide an efficient instantiation. The comparison result, with the work of Alkeilani Alkadri et al. (ACM CCS’20), shows our work has a comprehensive improvement on efficiency, e.g., the pk size is ≈40.7\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\approx 40.7$$\\end{document} times shorter, sk is ≈9.2\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\approx 9.2$$\\end{document} times shorter, and the signing time is ≈3.1\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\\approx 3.1$$\\end{document} times faster.

Algebraic Structures and Their Applications in Modern Cryptography

Modern cryptography relies heavily on the principles of algebraic structures to ensure the security and integrity of data. This paper explores the fundamental algebraic structures that underpin contemporary cryptographic systems, including groups, rings, fields, and lattices. We provide a detailed examination of how these structures are employed in various cryptographic algorithms and protocols, such as public-key cryptography, digital signatures, and hash functions. an overview of basic algebraic concepts and their properties, followed by an in-depth analysis of their applications in cryptographic schemes. For instance, the use of elliptic curve groups in Elliptic Curve Cryptography (ECC) offers enhanced security with smaller key sizes compared to traditional systems like RSA. Similarly, lattice-based cryptography presents promising solutions for post-quantum security, leveraging the hardness of lattice problems to resist attacks by quantum computers. the role of algebraic structures in the development of advanced cryptographic techniques, such as homomorphic encryption, which allows computations on encrypted data without decryption, and zero-knowledge proofs, which enable the verification of information without revealing the information itself. Through these examples, we illustrate the critical importance of algebraic structures in achieving robust and efficient cryptographic systems.

CSI-Otter: isogeny-based (partially) blind signatures from the class group action with a twist

In this paper, we construct the first provably-secure isogeny-based (partially) blind signature scheme. While at a high level the scheme resembles the Schnorr blind signature, our work does not directly follow from that construction, since isogenies do not offer as rich an algebraic structure. Specifically, our protocol does not fit into the linear identification protocol abstraction introduced by Hauck, Kiltz, and Loss (EUROCYRPT’19), which was used to generically construct Schnorr-like blind signatures based on modules such as classical groups and lattices. Consequently, our scheme is provably secure in the random oracle model (ROM) against poly-logarithmically-many concurrent sessions assuming the subexponential hardness of the group action inverse problem. In more detail, our blind signature exploits the quadratic twist of an elliptic curve in an essential way to endow isogenies with a strictly richer structure than abstract group actions (but still more restrictive than modules). The basic scheme has public key size 128 B and signature size 8 KB under the CSIDH-512 parameter sets—these are the smallest among all provably secure post-quantum secure blind signatures. Relying on a new ring variant of the group action inverse problem (rGAIP\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf{rGAIP}$$\\end{document}), we can halve the signature size to 4 KB while increasing the public key size to 512 B. We provide preliminary cryptanalysis of rGAIP\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$${\ extsf{rGAIP}} $$\\end{document} and show that for certain parameter settings, it is essentially as secure as the standard GAIP\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$\ extsf{GAIP}$$\\end{document}. Finally, we show a novel way to turn our blind signature into a partially blind signature, where we deviate from prior methods since they require hashing into the set of public keys while hiding the corresponding secret key—constructing such a hash function in the isogeny setting remains an open problem.

Uni/multi variate polynomial embeddings for zkSNARKs

AbstractA zero-knowledge proof is a cryptographic primitive that enables a prover to convince a verifier the validity of a mathematical statement (an NP statement) without revealing any secret inputs to the verifier. A special case, called zero-knowledge Succinct Non-interactive ARgument of Knowledge (zkSNARK) is particularly designed for arithmetic circuit proof systems which have important applications in blockchain privacy. The major computations in this type of zkSNARK proofs with post-quantum security are polynomial evaluations and Lagrange interpolations over finite fields. Given a sequence over a finite field, in the field of coding and sequences research, we understand that there are two representations of the sequence, one is a univariate polynomial and the other, a multivariate polynomial. This is exactly what is done in those zero-knowledge proof systems to transform the proof of a R1CS relation to evaluate uni/multi variate polynomials at some random points in the finite field. In this paper, we present a comparative analysis on how to convert a rank 1 constrained satisfiability (R1CS) system (more general than a circuit system) into a polynomial equality and provide analysis on the concrete complexities of provers, proof sizes and verifiers. We use two concrete zkSNARK schemes, i.e., Polaris, univariate polynomial encodings and Spartan, multivariate polynomial encodings, as examples to show our analysis. Secondly, we propose to select interpolating sets as subfields instead of affine spaces of a large field for Lagrange interpolation. This new method has improved the performance of R1CS encodings largely. We comment that post-quantum secure zkSNARKs yield post-quantum digital signatures with security only depending on symmetric-key schemes. Some open problems are proposed at the end of the paper.