Abstract: Traceable ring signatures (TRSs) allow a signer to create a signature that maintains anonymity while enabling traceability if needed. It merges the characteristics of traditional ring signatures with the ability to trace signers, making it ideal for applications that demand both confidentiality and accountability. In a TRS scheme, a ring of potential signers generates a signature on a message without disclosing the actual signer’s identity. However, the identity can be traced if the signer uses the same tag for multiple signatures. This paper introduces a novel formal construction of TRS under universally composable (UC) security. We integrate verifiable random functions (VRFs) and zero-knowledge proofs for membership, employing Pedersen commitments. Our signature schemes maintain a logarithmic size while preserving the UC security guarantees. Additionally, we explore the potential to extend the property of one-time anonymity in TRS to K-time anonymity.

Abstract: Proactive secret sharing (PSS), an extension of secret-sharing schemes, safeguards sensitive data in dynamic distributed networks by periodically refreshing shares to counter adversarial attacks. In our previous work, we constructed a non-interactive proactive secret scheme by integrating threshold homomorphic encryption (ThHE) while reducing the communication complexity to O(n). Not only is refreshing shares important but revoking the shares of users who have left the system is also essential in practical dynamic membership scenarios. However, the previous work was insufficient for supporting explicit user revocation. This study strengthens the description of roles for authorized users and proposes a scheme to achieve non-interactive share refresh and dynamic user management. In each epoch, authorized users are classified into three roles: retain, newly join, and rejoin, and they receive a broadcast of the compact ciphertext encoding both the refresh information and the revocation instructions from the trusted center (dealer). Authorized users independently derive new shares through homomorphic computations, whereas revoked users are unable to generate new shares. Hash functions are used to bind revocation parameters to the cryptographic hashes of valid users in order to guarantee integrity during revocation, allowing for effective verification without compromising non-interactivity. Our new scheme not only extends the revocation structure but also preserves the O(n) communication complexity.

Abstract: In the digital era, protecting the integrity and ownership of digital content is increasingly crucial, particularly against unauthorized copying and tampering. Traditional watermarking techniques often struggle to remain robust under various image manipulations, leading to a need for more resilient methods. To address this challenge, we propose a novel watermarking technique that integrates the Discrete Wavelet Transform (DWT), Singular Value Decomposition (SVD), and Schur matrix factorization to embed a QR code as a watermark into digital images. Our method was rigorously tested across a range of common image attacks, including histogram equalization, salt-and-pepper noise, ripple distortions, smoothing, and extensive cropping. The results demonstrate that our approach significantly outperforms existing methods, achieving high normalized correlation (NC) values such as 0.9949 for histogram equalization, 0.9846 for salt-and-pepper noise (2%), 0.96063 for ripple distortion, 0.9670 for smoothing, and up to 0.9995 under 50% cropping. The watermark consistently maintained its integrity and scannability under all tested conditions, making our method a reliable solution for enhancing digital copyright protection.

Abstract: The integration of operational technology (OT) and information technology (IT) within the Industrial Internet of Things (IIoT) has posed prominent security challenges for resource-constrained devices. Existing authentication architectures often suffer from critical vulnerabilities: one is their reliance on centralized trusted third parties, which creates single points of failure; the other is their use of static credentials like biometrics, which pose severe privacy risks if compromised. To address these limitations, this paper proposes DLR-Auth, which combines chaotic synchronization of semiconductor superlattice physically unclonable functions (SSL-PUFs) with Shamir’s secret sharing (SSS) to enable decentralized registration and revocable templates. Notably, DLR-Auth is a two-party authentication framework that removes the need for a separate online registration authority that operates directly between a user device (UDi) and a server (S). In our setting, the server S still acts as the central relying party and hardware authority embedding the matched SSL-PUF module. The protocol also includes an efficient multi-access mechanism optimized for high-frequency interactions. Formal security analysis with the Real-or-Random (ROR) model proves the semantic security of the session key, while performance evaluations demonstrate that DLR-Auth has significant advantages in computational and communication efficiency. DLR-Auth thus offers a robust, scalable, lightweight solution for next-generation secure IIoT systems.

Abstract: Recent work at SCN 2020 by Boyen, Izabachène, and Li introduced a lattice-based key-encapsulation mechanism (KEM) that achieves CCA2-security in the standard model without relying on generic transformations. Their proof, however, leaves a few gaps that prevent a fully rigorous security justification. Building on the same design rationale, we revisit that construction and refine it to obtain a more compact and provably secure KEM under the Learning With Errors assumption. Furthermore, we extend this framework to derive an identity-based variant (IBKEM) whose security is established in the same model. The resulting schemes combine conceptual simplicity with improved efficiency and complete proofs of adaptive-ciphertext security.

Abstract: Substitution boxes (S-Boxes) are the core components of modern block ciphers, responsible for introducing the essential nonlinearity that protects against attacks like linear and differential cryptanalysis. For an 8-bit S-Box, the highest possible nonlinearity for a balanced Boolean function is 116. The best results previously reported in the literature achieved an average nonlinearity of 114.5 across the coordinate Boolean functions of 8 × 8 S-boxes. Our proposed method surpasses this record, producing S-boxes whose coordinate functions exhibit an average nonlinearity of 116. This is a significant achievement as it reaches the best result to date for the nonlinearity of the coordinate Boolean functions of an S-Box. Our S-Box generation method is based on multiplication over the field GF(24) and 4×4 component S-Boxes. The approach is also highly effective, capable of producing a large number of S-Boxes with good cryptographic properties. Other cryptographic criteria, such as BIC, SAC, DAP, and LAP, though not fully optimal, remain within acceptable ranges when compared with other reported designs. In addition, a side-channel attack evaluation is presented, covering both parameter analysis and experimental results on a real system when applying the proposed S-Box in the AES algorithm. These results make it a leading solution for block cipher design.

Abstract: This study presents a novel framework for digital copyright management that integrates AI-enhanced perceptual hashing, blockchain technology, and digital watermarking to address critical challenges in content protection and verification. Traditional watermarking approaches typically employ content-independent metadata and rely on centralized authorities, introducing risks of tampering and operational inefficiencies. The proposed system utilizes a pre-trained convolutional neural network (CNN) to generate a robust, content-based perceptual hash value, which serves as an unforgeable watermark intrinsically linked to the image content. This hash is embedded as a QR code in the frequency domain and registered on a blockchain, ensuring tamper-proof timestamping and comprehensive traceability. The blockchain infrastructure further enables verification of multiple watermark sequences, thereby clarifying authorship attribution and modification history. Experimental results demonstrate high robustness against common image modifications, strong discriminative capabilities, and effective watermark recovery, supported by decentralized storage via the InterPlanetary File System (IPFS). The framework provides a transparent, secure, and efficient solution for digital rights management, with potential future enhancements including post-quantum cryptography integration.

Abstract: Side-channel attacks leveraging microarchitectural components such as caches and translation lookaside buffers (TLBs) pose increasing risks to cryptographic and machine-learning workloads. This paper presents a comparative study of performance and side-channel leakage under two page-size configurations—standard 4 KB pages and 2 MB huge pages—using paired attacker–victim experiments instrumented with both Performance Monitoring Unit (PMU) counters and precise per-access timing using rdtscp(). The victim executes repeated, key-dependent memory accesses across eight cryptographic modes (AES, ChaCha20, RSA, and ECC variants) while the attacker records eight PMU features per access (cpu-cycles, instructions, cache-references, cache-misses, etc.) and precise rdtscp() timing. The resulting traces are analyzed using a multilayer perceptron classifier to quantify key-dependent leakage. Results show that the 2 MB huge-page configuration achieves a comparable key-classification accuracy (mean 0.79 vs. 0.77 for 4 KB) while reducing average CPU cycles by approximately 11%. Page-index identification remains near random chance (3.6–3.7% for PMU side-channels and 1.5% for timing side-channel), indicating no increase in measurable leakage at the page level. These findings suggest that huge-page mappings can improve runtime efficiency without amplifying observable side-channel vulnerabilities, offering a practical configuration for balancing performance and security in user-space cryptographic workloads.

Abstract: Abstract Key topics within symmetric cryptography are outlined. These topics include primitives (or cryptographic building blocks) of stream ciphers, block ciphers, modes of operation for block ciphers, hash functions, and message authentication codes (MACs). Important standardized examples of these primitives including DES, AES, and SHA-3 are mentioned. A discussion is given about how the security of symmetric primitives can be established. The potential impact of quantum computers on such primitives is discussed.

Abstract: Design-for-test/debug (DfT/D) introduces scan chain testing to increase testability and fault coverage by inserting scan flip-flops. However, these scan chains are also known to be a liability for security primitives. In previous research, the dynamically obfuscated scan chain (DOSC) was introduced to protect logic-locking keys from scan-based attacks by obscuring test patterns and responses. In this paper, we present DOSCrack, an oracle-guided attack to de-obfuscate DOSC using symbolic execution and binary clustering, which significantly reduces the candidate seed space to a manageable quantity. Our symbolic execution engine employs scan mode simulation and satisfiability modulo theories (SMT) solvers to reduce the possible seed space, while obfuscation key clustering allows us to effectively rule out a group of seeds that share similarities. An integral component of our approach is the use of sequential equivalence checking (SEC), which aids in identifying distinct simulation patterns to differentiate between potential obfuscation keys. We experimentally applied our DOSCrack framework on four different sizes of DOSC benchmarks and compared their runtime and complexity. Finally, we propose a low-cost countermeasure to DOSCrack which incorporates a nonlinear feedback shift register (NLFSR) to increase the effort of symbolic execution modeling and serves as an effective defense against our DOSCrack framework. Our research effectively addresses a critical vulnerability in scan-chain obfuscation methodologies, offering insights into DfT/D and logic locking for both academic research and industrial applications. Our framework highlights the need to craft robust and adaptable defense mechanisms to counter evolving scan-based attacks.

Abstract: Deep learning-based side-channel analysis is one of the most effective techniques for extracting and classifying sensitive information from a target device. This paper demonstrates the best-performing deep learning model for the target implementation by evaluating various deep learning architectures, including MLP, CNN, and RNN, while systematically optimizing their hyperparameters to achieve the best performance. The paper uses a case study of the Number Theoretic Transform accelerator for the CRYSTALS-Kyber key encapsulation mechanism to show that enhanced deep learning analysis can be used to break security. The best-performing deep learning-based model achieved a 96.64% accuracy in classifying pairwise coefficients of the s vector, which is used to generate the secret key with the NTT accelerator for Kyber768 and Kyber1024. For Kyber512, the model achieved an accuracy of 95.71%. The proposed approach significantly improves average training efficiency, with POIs achieving up to 1.45 times faster performance for MLP models, 10.53 times faster for CNNs, and 10.28 times faster for RNNs compared to deep learning methods without POIs, while maintaining high accuracy in side-channel analysis.

Abstract: As deepfake technology matures, its risks in spreading false information and threatening personal and societal security are escalating. Despite significant accuracy improvements in existing detection models, their inherent opacity limits their practical application in high-risk areas such as forensic investigations and news verification. To address this gap in trust, explainability has become a key research focus. This paper provides a systematic review of explainable deepfake detection methods, categorizing them into three main approaches: forensic analysis, which identifies physical or algorithmic manipulation traces; model-centric methods, which enhance transparency through post hoc explanations or pre-designed processes; and multimodal and natural language explanations, which translate results into human-understandable reports. The paper also examines evaluation frameworks, datasets, and current challenges, underscoring the necessity for trustworthy, reliable, and interpretable detection technologies in combating digital misinformation.

Abstract: Abstract The discussion of historical cryptography is continued from Chapter 3, but from the viewpoint of whether a cipher is unbreakable. In this context, Mary Queen of Scots’ Nomenclator Cipher and the Enigma cipher machine are discussed. A detailed discussion and analysis of the Vigenère Cipher is given, which motivates the introduction of the concept of perfect secrecy. An example of a cipher offering perfect secrecy is shown: the one-time pad. The advantages and disadvantages of the one-time pad, as well as its historical use, are discussed.

Abstract: Digital contact-tracing (CT) systems differ in how they process risk and expose data, and the centralized–decentralized dichotomy obscures these choices. We propose a modular six-model classification and evaluate 18 platforms across 12 countries (July 2020–April 2021) using a 24-indicator rubric spanning privacy, security, functionality, and governance. Methods include double-coding with Cohen’s for inter-rater agreement and a 1000-draw weight-sensitivity check; assumptions and adversaries are stated in a concise threat model. Results: No single model dominates; Bulletin Board and Custodian consistently form the top tier on privacy goals, while Fully Centralized eases verification/notification workflows. Timelines show rapid GAEN uptake and near-contemporaneous open-source releases, with one late outlier. Contributions: (i) A practical, generalizable classification that makes compute-locus and data addressability explicit; (ii) a transparent indicator rubric with an evidence index enabling traceable scoring; and (iii) empirically grounded guidance aligning deployments with goals G1–G3 (PII secrecy, notification authenticity, unlinkability). Limitations include reliance on public documentation and architecture-level (not mechanized) verification; future work targets formal proofs and expanded double-coding. The framework and findings generalize beyond COVID-19 to privacy-preserving digital-health workflows.

Abstract: Modular multiplication is a pivotal operation in public-key cryptosystems such as RSA, ElGamal, and ECC. Modular multiplication design is crucial for improving overall system performance due to the large-bit-width operation with high computational complexity. This paper provides a classification of integer multiplication algorithms based on their implementation principles. Furthermore, the core concepts, implementation challenges, and research advancements of multiplication algorithms are systematically summarized. This paper also gives a brief overview of modular reduction algorithms for various types of moduli and discusses the implementation principles, application scenarios, and current research results. Finally, the detailed research development of modular multiplication algorithms in four major classes over prime fields is deeply analyzed and summarized, making it essential as a guide for future research.

Abstract: Abstract The need for developing post-quantum cryptography, that is to say cryptographic schemes that are believed to remain secure if large-scale quantum computers are developed, is demonstrated by a discussion of the classical and the quantum algorithms for solving the factorization problem. The ongoing process by the US standards body NIST to standardize post-quantum public-key encryption and digital signatures is described. Lattice-based cryptography is introduced as a prominent area of post-quantum cryptography. Lattice problems, including the Learning with Errors (LWE) problem, are introduced. The AGCD cryptosystem, based on the approximate greatest common divisor (AGCD) problem, is described.