Search Results (16)

Conventional public-key cryptographic systems are increasingly threatened by advances in quantum computing, accelerating the need for robust post-quantum cryptographic solutions. Among these, Falcon, a compact lattice-based digital signature scheme, has emerged as a leading candidate in the NIST post-quantum standardization process due to its efficiency and theoretical security grounded in hard lattice problems. This work introduces Falcon-M, a modified version of the Falcon algorithm that significantly reduces implementation complexity. It does so by replacing Falcon’s intricate trapdoor-based key-generation mechanism with a simplified approach that utilizes randomized polynomial Gaussian sampling and fast Fourier transform (FFT) operations. Falcon-M incorporates SHA-512 hashing and discrete Gaussian sampling to preserve cryptographic soundness and statistical randomness while maintaining the core structure of Falcon’s signing and verification processes. We formally specify the Falcon-M algorithm, provide an updated pseudocode, and offer a comparative analysis with the original Falcon in terms of algorithmic complexity, security assumptions, and implementation overhead. Additionally, we present formal lemmas and theorems to ensure correctness and define theoretical bounds on forgery resistance. Although Falcon-M does not rely on a formal cryptographic trapdoor, we demonstrate that it achieves strong practical security based on assumptions related to the Short Integer Solution (SIS) problem. Falcon-M is thus well-suited for lightweight post-quantum applications, particularly in resource-constrained environments, such as embedded systems and Internet-of-Things (IoT) platforms. Full article

The blockchain-enabled industrial Internet of Things (IIoT) faces security threats such as quantum computing attacks and privacy disclosure. Targeting these issues, in this study, we design a new lattice-based linkable ring signature (LRS) scheme, which is used to achieve privacy protection for the blockchain-enabled IIoT. Firstly, by using the trapdoor generation algorithm on the lattice and the rejection sampling lemma, we propose a new lattice-based LRS scheme with anti-quantum security and anonymity. Then, we introduce it into blockchain. Through the stealth address and key image technologies, we construct a privacy protection scheme for blockchain in the IIoT, and this LRS scheme protects identity privacy for users through anonymous blockchain. In addition, it also can resist the double spending attack with the linking user’s signature. Lastly, we provide a security analysis, and it is proven that our ring signature scheme satisfies correctness, anonymity, unforgeability and linkability. Compared with other similar schemes, the performance simulation indicates that our scheme’s public key and signature are shorter in size, and its computation overhead and time cost are lower. Consequently, our novel LRS scheme is more secure and practical, which provides privacy protection and anti-quantum security for the blockchain-enabled IIoT. Full article

With the advancement of quantum computing, the utilization of quantum algorithms such as Shor’s algorithm enables the efficient resolution of problems that are intractable in classical computing paradigms, posing a significant threat to traditional signature schemes. Lattice-based cryptography is considered one of the most promising post-quantum cryptographic algorithms due to its computational advantages and potential resistance to quantum attacks. Proxy signature is an authorization mechanism that allows the original signer to delegate the signing power to a proxy. The security of existing proxy signature schemes is mostly based on classical hard problems, which cannot guarantee security under quantum attacks. Therefore, this paper combines lattice-based cryptography with proxy signatures to propose a new lattice-based proxy signature scheme (NLBPS). NLBPS constructs signatures using lattice-based trapdoor sampling algorithms and preimage sampling algorithms. Comparative analysis shows that the proposed scheme has relatively smaller key and signature sizes compared to some existing lattice-based proxy signature schemes, and it also offers a certain improvement in computational efficiency. Full article

The lattice-based multi-identity fully homomorphic encryption scheme combines the quantum security of lattice cryptography with the advantage of identity-based encryption. However, existing schemes face challenges such as large key sizes, inefficient ciphertext expansion processes, and reliance on outdated trapdoor designs, limiting their compactness and practicality. In this study, we propose a novel Compact Multi-Identity Fully Homomorphic Encryption Scheme (WZ-MIBFHE) that eliminates the need for fresh ciphertexts during expansion. First, we construct a compact identity-based encryption scheme by combining the YJW23 trapdoor and ABB10 under the standard model, proving its IND-sID-CPA security. The scheme is then adapted to ensure correctness and security when integrated with the decomposition method for ciphertext expansion. This adaptation also utilizes approximation errors to reduce overall noise. Finally, we expand the modified IBE scheme’s ciphertext using the decomposition method to construct the WZ-MIBFHE scheme. Compared to existing methods, WZ-MIBFHE reduces the lattice dimension to $nlogq+{log}_{b}q$, improves public and private key sizes, and significantly lowers ciphertext expansion rates by removing the need for fresh ciphertexts. These improvements enhance both the compactness and efficiency of the scheme, making it a promising solution for multi-identity homomorphic encryption. Full article

The RSA cryptosystem has been a cornerstone of modern public key infrastructure; however, recent advancements in quantum computing and theoretical mathematics pose significant risks to its security. The advent of fully operational quantum computers could enable the execution of Shor’s algorithm, which efficiently factors large integers and undermines the security of RSA and other cryptographic systems reliant on discrete logarithms. While Grover’s algorithm presents a comparatively lesser threat to symmetric encryption, it still accelerates key search processes, creating potential vulnerabilities. In light of these challenges, there has been an intensified focus on developing quantum-resistant cryptography. Current research is exploring cryptographic techniques based on error-correcting codes, lattice structures, and multivariate public key systems, all of which leverage the complexity of NP-hard problems, such as solving multivariate quadratic equations, to ensure security in a post-quantum landscape. This paper reviews the latest advancements in quantum-resistant encryption methods, with particular attention to the development of robust trapdoor functions. It also provides a detailed analysis of prominent multivariate cryptosystems, including the Matsumoto–Imai, Oil and Vinegar, and Polly Cracker schemes, alongside recent progress in lattice-based systems such as Kyber and Crystals-DILITHIUM, which are currently under evaluation by NIST for potential standardization. As the capabilities of quantum computing continue to expand, the need for innovative cryptographic solutions to secure digital communications becomes increasingly critical. Full article

Applying chameleon hash functions to redactable blockchains is still challenging work. Most redactable blockchain solutions using this technique have potential problems, such as too weak decentralization performance and trapdoors with exposure risks. In addition, quantum computing also threatens the security of blockchain systems. The above two issues imply that the development of redactable blockchains is still constrained, and that quantum-resistance will be requirements for blockchain applications. Therefore, we constructed a chameleon hash function over lattices while utilizing a hierarchical identity mechanism to manage trapdoors and assign edit permissions. This variant of the chameleon hash function can support trapdoor updates and quantum-resistant performance, namely a hierarchical identity-based chameleon hash with revocable subkey (HIBCH-RS). We demonstrated the safety performance of HIBCH-RS by defining its safety concepts of collision resistance. Our HIBCH-RS scheme provides a solution for implementing a redactable blockchain with identity encryption and post-quantum cryptography. Finally, this quantum-resistant redactable blockchain was implemented on the Hyperledger Fabric blockchain platform. Full article

Based on the NTRU trapdoor used in NIST’s Falcon, a signcryption scheme following the sign-then-encrypt paradigm is constructed. The existing partitioning technique based on Waters hash over the lattice can not complete the security reduction in the standard model for the signature part due to the “partiality” of the pre-image generated with the NTRU trapdoor. To address this, a variant of Waters hash over small integers is proposed and, the probability of the successful reduction is analyzed. The resulting signcryption achieves existential unforgeability under the adaptive chosen-message attacks. By utilizing the uniqueness of the secret and the noise in an NTRU instance, the tag used in encryption is eliminated. Furthermore, a method to construct tamper-sensitive lattice public key encryption is proposed. This approach implants the ciphertext-sensitive information into the lattice public key encryption and binds it to the encrypted information. The malleability to the public key ciphertext triggers the change of the message–signature pair so that the IND-CCA2 security of the entire ciphertext can be guaranteed by the signature for the message. Thanks to the rational design and the efficiency of the NTRU trapdoor, the computational overhead of the proposed scheme is reduced significantly compared to the existing lattice-based signcryption scheme, reaching orders of magnitude improvement in efficiency. The experiment shows that the proposed scheme is efficient. Full article

In recent years, the research on ciphertext-policy attribute-based encryption (CP-ABE) scheme design based on learning with errors (LWE) has been a challenging problem, and many researchers have made a lot of attempts at it. At EUROCRYPT 2021, Datta, Komargodski, and Waters proposed the first provably secure direct CP-ABE construction that supports NC${}^1$ circuit access structures. Improving on their work, we propose a CP-ABE scheme. Technically, we use the new lattice two-stage sampling technique of Lai, Liu, and Wang (EUROCRYPT 2021) in the key generation phase instead of the extended trapdoor sampling technique. In this way, we obtain a CP-ABE scheme, which is at least as secure as the original scheme under the same conditions, and has a shorter ciphertext; we provide an innovative design idea for designing CP-ABE schemes only based on LWE, although this is only a partial theoretical work. Full article

Aiming at the problem that the fully homomorphic encryption scheme based on single identity cannot satisfy the homomorphic operation of ciphertext under different identities, as well as the inefficiency of trapdoor function and the complexity of sampling algorithm, an improved lattice MIBFHE scheme was proposed. Firstly, we combined MP12 trapdoor function with dual LWE algorithm to construct a new IBE scheme under the standard model, and prove that the scheme is IND-sID-CPA security under the selective identity. Secondly, we used the eigenvector method to eliminate the evaluation key, and transform the above efficient IBE scheme into a single identity IBFHE scheme to satisfy the homomorphic operation. Finally, we improved the ciphertext extension method of CM15 and constructed a new Link-mask system that supports the transformation of IBFHE scheme under the standard model, and then, converted the above IBFHE scheme into MIBFHE scheme based on this system. The comparative analysis results showed that the efficiency of this scheme is improved compared with similar schemes in the trapdoor generation and preimage sampling, and the dimension of lattice and ciphertext size are significantly shortened. Full article

Lattice-based cryptography is centered around the hardness of problems on lattices. A lattice is a grid of points that stretches to infinity. With the development of quantum computers, existing cryptographic schemes are at risk because the underlying mathematical problems can, in theory, be easily solved by quantum computers. Since lattice-based mathematical problems are hard to be solved even by quantum computers, lattice-based cryptography is a promising foundation for future cryptographic schemes. In this paper, we focus on lattice-based public-key encryption schemes. This survey presents the current status of the lattice-based public-key encryption schemes and discusses the existing implementations. Our main focus is the learning with errors problem (LWE problem) and its implementations. In this paper, the plain lattice implementations and variants with special algebraic structures such as ring-based variants are discussed. Additionally, we describe a class of lattice-based functions called lattice trapdoors and their applications. Full article

Group communication enables Internet of Things (IoT) devices to communicate in an efficient and fast manner. In most instances, a group message needs to be encrypted using a cryptographic key that only devices in the group know. In this paper, we address the problem of establishing such a key using a lattice-based one-way function, which can easily be inverted using a suitably designed lattice trapdoor. Using the notion of a bad/good basis, we present a new method of coupling multiple private keys into a single public key, which is then used for encrypting a group message. The protocol has the apparent advantage of having a conjectured resistance against potential quantum-computer-based attacks. All functions—key establishment, session key update, node addition, encryption, and decryption—are effected in constant time, using simple linear-algebra operations, making the protocol suitable for resource-constrained IoT networks. We show how a cryptographic session group key can be constructed on the fly by a user with legitimate credentials, making node-capture-type attacks impractical. The protocol also incorporates a mechanism for node addition and session-key generation in a forward- and backward-secrecy-preserving manner. Full article

The homomorphic proxy re-encryption scheme combines the characteristics of a homomorphic encryption scheme and proxy re-encryption scheme. The proxy can not only convert a ciphertext of the delegator into a ciphertext of the delegatee, but also can homomorphically calculate the original ciphertext and re-encryption ciphertext belonging to the same user, so it is especially suitable for cloud computing. Yin et al. put forward the concept of a strong collusion attack on a proxy re-encryption scheme, and carried out a strong collusion attack on the scheme through an example. The existing homomorphic proxy re-encryption schemes use key switching algorithms to generate re-encryption keys, so it can not resist strong collusion attack. In this paper, we construct the first lattice-based homomorphic proxy re-encryption scheme with strong anti-collusion (HPRE-SAC). Firstly, algorithm TrapGen is used to generate an encryption key and trapdoor, then trapdoor sampling is used to generate a decryption key and re-encryption key, respectively. Finally, in order to ensure the homomorphism of ciphertext, a key switching algorithm is only used to generate the evaluation key. Compared with the existing homomorphic proxy re-encryption schemes, our HPRE-SAC scheme not only can resist strong collusion attacks, but also has smaller parameters. Full article

In line with the proposed 5th Generation network, content centric network/named data networking (CCN/NDN) has been offered as one of the promising paradigms to cope with the communication needs of future realistic network communications. CCN/NDN allows network communication based on content names and also allows users to obtain information from any of the nearest intermediary caches on the network. Due to that, the ability of cached content to protect itself is essential since contents can be cached on any node everywhere, and publishers may not have total control over their own published data. The attribute based encryption (ABE) scheme is a preferable approach, identified to enable cached contents to be self-secured since it has a special property of encryption with policies. However, most of the proposed ABE schemes for CCN/NDN suffer from some loopholes. They are not flexible in the expression of access policy, they are inefficient, they are based on bilinear maps with pairings, and they are vulnerable to quantum cryptography algorithms. Hence, we propose the ciphertext policy attribute based encryption access control (CP-ABE AC) scheme from a lightweight ideal lattice based on ring learning with error (R-LWE) problem, and demonstrated its use in practical applications. The proposed scheme is proved to be secure and efficient under the decision ring LWE problem in the selective set model. To achieve an efficient scheme, we used an efficient trapdoor technique and the access tree representation of access structure describing the access policies was modified into a new structure, based on a reduced ordered binary decision diagram (reduce-OBDD). This access structure can support Boolean operations such as AND, NOT, OR, and threshold gates. The final result showed that the proposed scheme was secure and efficient for applications, thereby supporting CCN/NDN as a promising paradigm. Full article

The ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme supports access control and can transform a ciphertext under an access policy to a ciphertext under another access policy without decrypting the ciphertexts, which is flexible and efficient for cloud sharing. The existing CP-ABPRE schemes are constructed by bilinear pairing or multi-linear maps which are fragile when the post-quantum future comes. This paper presents an efficient unidirectional single-hop CP-ABPRE scheme with small public parameters from a lattice. For the transformation between two access structures, they are required to be disjoint. This paper uses the trapdoor sampling technique to generate the decryption key and the re-encryption key in constructing the scheme, and uses the decompose vectors technique to produce the re-encrypted ciphertexts in order to control their noise. Finally, we extended the scheme to a unidirectional single-hop CP-ABPRE scheme with keyword search for searching the encrypted data. Both schemes were proved secure under the learning with errors assumption, which is widely believed to be secure in quantum computer attacks. To the best of our knowledge, our scheme is the first CP-ABPRE scheme based on the learning with errors assumption. Full article

By introducing an easy knapsack-type problem, a probabilistic knapsack-type public key cryptosystem (PKCHD) is proposed. It uses a Chinese remainder theorem to disguise the easy knapsack sequence. Thence, to recover the trapdoor information, the implicit attacker has to solve at least two hard number-theoretic problems, namely integer factorization and simultaneous Diophantine approximation problems. In PKCHD, the encryption function is nonlinear about the message vector. Under the re-linearization attack model, PKCHD obtains a high density and is secure against the low-density subset sum attacks, and the success probability for an attacker to recover the message vector with a single call to a lattice oracle is negligible. The infeasibilities of other attacks on the proposed PKCHD are also investigated. Meanwhile, it can use the hardest knapsack vector as the public key if its density evaluates the hardness of a knapsack instance. Furthermore, PKCHD only performs quadratic bit operations which confirms the efficiency of encrypting a message and deciphering a given cipher-text. Full article