Abstract: Google introduced the Falcon channel protocol for efficient data exchange over unreliable networks in its data centers. The protocol augments Google’s basic PSP channel protocol for secure transportation through mechanisms like replay protection and congestion control and provides request-response-based interfaces for upper-layer protocols. Falcon has recently been opened to the public as part of the Open Compute Project, describing the design and choices as Falcon Transport Protocol Specification. We analyze Falcon here in the recently introduced security model of Fischlin et al. (Journal of Cryptology, 2024) for channel protocols, which is particularly applicable to unreliable networks and security properties like replay protection. In passing, we also investigate the security of PSP on which Falcon is based. Our results indicate that PSP and Falcon provide adequate security, albeit our studies also reveal several security-related ambiguities in the specification.

Abstract: Remote Keyless Entry System (RKEs) is an important area in security research because of their prevalence in industrial settings such as home/gate and car entry systems. The traditional challenge-response protocol for RKEs uses a Digital Signature Transponder (DST40) engine that suffers from a short key and challenge space, making it subject to cryptographic attacks. Previously proposed improvements suffer from either security flaws, backward compatibility issues, or lack of computational efficiency. In this work, we propose an efficient security enhancement scheme ${\text{DSTX}}_{Keys{}}^{{\text{CBC - MAC }}}$. It employs cryptographic constructions that rely only on the existing DST40 engine, enabling compatibility with existing devices. We increase effective key security from 40 bits to 79 bits and enhance overall security. We implement our protocol on bare-metal embedded devices for practical experiment result.

Abstract: In the context of modern digital communication, securing information exchange is increasingly critical, particularly against evolving threats in cryptanalysis. This research investigates the security aspects of the three-pass protocol based on permutations, focusing on identifying and mitigating potential vulnerabilities. The study proposes a set of guidelines for ensuring secure communication through this protocol. The protocol’s robustness against brute-force attacks is analyzed and compared with other well-known cryptographic protocols, such as the Shamir three-pass protocol and the MasseyOmura cryptosystem. The results highlight the importance of key length and permutation structure in maintaining security, particularly when dealing with large key spaces. Additionally, the practical implications of implementing this protocol in real-time communication systems, considering the computational demands and potential optimizations are explored.

Abstract: Here we introduce an improved approach to Variational Quantum Attack Algorithms (VQAA) on crytographic protocols. Our methods provide robust quantum attacks to well-known cryptographic algorithms, more efficiently and with remarkably fewer qubits than previous approaches. We implement simulations of our attacks for symmetric-key protocols such as S-DES, S-AES and Blowfish. For instance, we show how our attack allows a classical simulation of a small 8-qubit quantum computer to find the secret key of one 32-bit Blowfish instance with 24 times fewer number of iterations than a brute-force attack. Our work also shows improvements in attack success rates for lightweight ciphers such as S-DES and S-AES. Further applications beyond symmetric-key cryptography are also discussed, including asymmetric-key protocols and hash functions. In addition, we also comment on potential future improvements of our methods. Our results bring one step closer assessing the vulnerability of large-size classical cryptographic protocols with Noisy Intermediate-Scale Quantum (NISQ) devices, and set the stage for future research in quantum cybersecurity.

Abstract: This paper presents a cryptographic ZeroKnowledge Proof (ZKP) protocol that allows the prover (P) to convince the verifier (V) that they know a secret number X, which is consistent with k residues in a Redundant Residue Number System (RRNS), without revealing the number X itself. The use of RRNS in this protocol provides enhanced efficiency and computational parallelism by splitting operations across independent moduli. This approach combines zero-knowledge properties with high performance, addressing the simultaneous need for security, privacy, and scalability - particularly in authentication and secure transactions.

Abstract: The expansion of renewable energy systems for power generation, and the market involvement with monetary benefits, strengthens transactive energy. However the growth in dynamic energy exchange, encounters several challenges, one of the most significant hazards being data security. Blockchain technology is incorporated to mitigate the security concerns and enhance the trust of the consumers and providers. Additionally, empowering the system with the artificial intelligence to predict the energy usage, uplifts the monetary benefits of the prosumers, alongside enhancing the grid stability. This study presents the integration of blockchain and artificial intelligence technology to mitigate data breach and strenghten the credibility of resilient systems and further increase the participation of consumer and providers, as prosumers buy or sell energy, thus developing a robust and cognitive energy trading ecosystem.

Abstract: Security protocols such as TLS or Signal ensure security and privacy for browsing the web, sending private messages, and using cloud services. It is, thus, crucial that these ubiquitous and critical protocols are designed *and* implemented correctly. Protocol model verifiers such as Tamarin and ProVerif make it viable to formally verify protocol *models*. However, proving protocol *models* secure is insufficient to guarantee secure *implementations*. Coding errors such as missing bounds checks (e.g., causing the Heartbleed bug), omitted protocol steps (as in the Matrix SDK), or ignored errors (e.g., returned by a TLS library) may invalidate all security properties proven for the corresponding models. This dissertation is centered around proving security properties in the symbolic model of cryptography for protocol *implementations*. This faces three key challenges. First, security properties like secrecy and authentication are *global properties*, which depend on the collective behavior of all protocol participants and the attacker. Accounting for this entire behavior in a proof presents a significant obstacle as implementation-level proof techniques rely heavily on local reasoning, which proves each method in isolation. Second, practically deployed protocol implementations are written in languages such as C, Go, Java or Rust and utilize *complex programming language features* like side effects, mutable state, and concurrency to achieve high performance. Despite complicating the reasoning about implementations and, thus, their security, it is crucial to support these features and programming languages to verify real-world protocol implementations. Third, protocol implementations are often embedded in *large software systems* to provide secure communication as a building block to application logic. Requiring a laborious proof for the entire software system is prohibitively expensive and, thus, impractical. This dissertation addresses all three key challenges. To address the first and second key challenge, this dissertation develops two novel verification methodologies. If an abstract model of a security protocol preexists, the first methodology exploits this abstract model to provide the required global view for proving security properties. In a second step, this methodology extracts proof obligations from the abstract model for implementations. Successfully discharging these proof obligations guarantees that an implementation refines an abstract model and, thus, inherits the security properties proven for the abstract model. The second methodology does not require a preexisting, accurate abstract model; instead, it uses invariants to establish a global view on the behavior of protocol participants and the attacker. By verifying each implementation against these invariants, we soundly consider the collective behavior in an implementation's proof. Our evaluations on different security protocol implementations in C, Go, and Java demonstrate that both methodologies are applicable to a wide range of security protocols and programming languages. To address the third key challenge, this dissertation introduces *Diodon*, a novel and provably sound methodology to symbiotically combine proof systems of different expressive power, significantly reducing the proof effort and, thus, scaling security property verification to large, production codebases. We partition a codebase into its, typically small, security-critical part and the rest of the codebase for tailoring the employed proof system to each partition. Mandated by the security properties we want to prove, we apply a highly expressive but laborious program verifier to the security-critical part as we have to reason, e.g., about the content of messages and their cryptographic protection. We accomplish this task by using the aforementioned verification methodologies addressing the first and second key challenges and, thus, we directly benefit from their advances. Although the remaining partition is less security-critical, we cannot simply ignore it. A priori, there are ample opportunities for vulnerabilities in this partition because it is generally impossible to isolate the partitions for two main reasons. First, widely adopted programming languages like C, Go, and Java do not provide sufficiently strong isolation guarantees because such guarantees conflict with their features enabling high performance implementations like mutable state, aliasing, and concurrency. Second, refactoring a codebase to ensure - without relying on the programming language - that only the security-critical partition has access to sensitive data such as cryptographic keys can be prohibitively expensive and unacceptable from a performance perspective, as is the case for the production codebase on which we evaluate Diodon. Therefore, we apply lightweight, fully-automatic static analyses to ensure that the partitions soundly compose, i.e., without violating proven security properties. Our evaluation demonstrates that Diodon supports different coding styles and allows us to prove security properties for a production codebase of more than 100k LOC. In summary, this dissertation achieves sound and modular verification of security protocols implemented in real-world codebases, regardless of programming language, coding style or program verifier.

Abstract: Wireless Sensor Networks (WSNs) play a crucial role in modern IoT applications, where energy efficiency and secure data transmission are paramount. This paper compares the performance of ECC-DEEC (Elliptic Curve Cryptography enhanced Distributed Energy-Efficient Clustering) protocol, which is a secure variant of DEEC protocol with the standard DEEC approach. From the comparative simulations, we show that ECC-DEEC greatly enhances the network performance, by combining the lightweight cryptographic security and energy-efficient clustering. Our results indicate that ECC-DEEC prolongs the network lifetime by 30-50%, decreases the energy consumption by 15-25%, increases the throughput by 25-40%, and decreases the packet drop rates by 35-45%, compared to the conventional DEEC. These improvements stem from optimized cluster head selection, secure routing, and efficient data aggregation, ensuring robust and energy-efficient communication in WSNs. The findings highlight ECC-DEEC as a superior protocol for applications requiring both security and energy efficiency, such as industrial monitoring, smart agriculture, and remote sensing. This study provides a foundation for future enhancements in secure and sustainable WSN architectures.

Abstract: The lack of a standard protocol for bootstrapping constrained devices is still a challenge in the management of Internet of Things (IoT) and Healthcare Internet of Things (HIoT). The Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol is a standard proposed by the Internet Engineering Task Force (IETF) for non-constrained devices, with cBRSKI as a constrained variant. In this work we review the current state of authentication protocols for constrained environments, emphasizing use-cases in the healthcare scenario. Then, we compare the memory usage and execution time of the cryptography library used in the reference implementation of both BRSKI and cBRSKI with lightweight alternatives. A test implementation was written using WolfSSL to perform the Cryptographic Message Syntax (CMS) signing function of the protocol, which is performed by OpenSSL in the reference implementation. Our experiments show that the lightweight library results in reduced bootstrap time and memory usage, without harming functionality. These findings highlight alternative BRSKI implementations suitable for constrained devices, and demonstrate that using lightweight cryptography libraries is recommended for IoT and HIoT.

Abstract: We report the first demonstration of a quantum cryptographic protocol incorporating a quantum memory layer. The protocol imposes strigent requirements on the memory storage-and-retrieval efficiency and on the error rate of the communication.

Abstract: Tracking devices, while designed to help users find their belongings in case of loss/theft, bring in new questions about privacy and surveillance of not just their own users, but in the case of crowd-sourced location tracking, even that of others even orthogonally associated with these platforms. Apple's Find My is perhaps the most ubiquitous such system which can even locate devices which do not possess any cellular support or GPS, running on millions of devices worldwide. Apple claims that this system is private and secure, but the code is proprietary, and such claims have to be taken on faith. It is well known that even with perfect cryptographic guarantees, logical flaws might creep into protocols, and allow undesirable attacks. In this paper, we present a symbolic model of the Find My protocol, as well as a precise formal specification of desirable properties, and provide automated, machine-checkable proofs of these properties in the Tamarin prover.

Abstract: This research investigates the impact of quantum computing on cybersecurity, particularly focusing on secure key distribution in global payment gateways. With the advancement of quantum algorithms such as Shor’s and Grover’s, traditional cryptographic protocols like RSA and ECC are at risk of being broken, posing a serious threat to financial security. This study presents next-generation post-quantum cryptographic protocols, ensuring resilient cybersecurity measures for financial infrastructures against emerging quantum-enabled cyber threats. The research introduces hybrid cryptographic frameworks, integrating Kyber-based key exchange, Dilithium authentication, and quantum-resistant encryption models to enhance security in digital payment transactions. A prototype implementation was developed and tested within a controlled environment, simulating real-world financial transactions using quantum-safe cryptographic methods. Performance benchmarking reveals that while post-quantum encryption introduces a 10-15% computational overhead, it remains operationally viable for real-time financial systems when optimized with cryptographic acceleration. Security validation confirms resilience against MITM, replay, and quantum decryption attacks, proving the effectiveness of quantum-resistant key exchange mechanisms. Furthermore, this research examines compliance gaps in financial security standards, including PCI DSS, ISO 27001, and NIST PQC, emphasizing the need for regulatory updates to accommodate post-quantum security frameworks. The findings propose a structured roadmap for banks, payment processors, and regulatory bodies to adopt quantum-safe cryptographic mechanisms, ensuring long-term security and interoperability in financial transactions. By addressing key challenges such as computational efficiency, regulatory compliance, and real-world deployment, this study provides a critical foundation for securing financial systems in the quantum era. The proposed cryptographic models enable a smooth transition to quantum-resistant security, ensuring secure key distribution, authentication, and data integrity for the future of global financial cybersecurity.

Abstract: The complex idea of the traditional internet is the Internet of Things (IoT). IoT allows everything in our lives to be connected to the internet or to one another so that data can be shared and certain tasks may be carried out via the network. In this study, MQTT with TLS is compared to non-TLS MQTT communication in meteorological IoT networks to examine its security and performance. In two scenarios—MQTT without TLS (using basic authentication) and MQTT with TLS (securing data transmission)—key parameters such connection establishment time, data overhead, energy efficiency, and attack resilience are assessed. The findings indicate that although TLS improves security by thwarting assaults, it also results in longer connection times, more data overhead, and higher energy usage. The trade-offs between security and performances are highlighted in this analysis, which offers guidance for improving MQTT-based communication in resource-constrained, real-time meteorological Internet of Things systems.

Abstract: Abstract — The Fractal Eavesdrop Detection (FED) protocol defines a cryptographic mutual-authentication... The Fractal Eavesdrop Detection (FED) protocol defines a cryptographic mutual-authentication and integrity validation mechanism between two fractal nodes sharing a recursive lineage. Unlike conventional systems that rely on fixed keys or static hashes, FED uses algorithmic mutability, session-based seed derivation, multi-point challenge validation, and time-bound CRC binding to detect both impersonation and passive eavesdropping. The protocol is designed for lightweight, low-power devices such as ESP32-class microcontrollers and operates without blockchain consensus or zero-knowledge proofs, while still enabling secure proof-of-origin and tamper-awareness. FED serves as the security and validation layer within the EQUORA Institute’s Fractal Economy architecture and complements the BlockFractal cryptographic tokenization layer and the EquoraVault hardware-based proof-of-impact system. This document is released as part of the EQUORA Institute White Paper Series and is a preprint version (v0.8), subject to revision. All versions remain archived for DOI-based citation integrity.

Abstract: ‎This paper proposes a novel isogeny-based cryptographic protocol that leverages the dual hardness of the isogeny problem and linear code decoding for secure post-quantum key exchange‎. ‎The proposed protocol‎, ‎Isogeny-Based Key Exchange with Error-Correcting Codes (IKEC)‎, ‎offers enhanced security‎, ‎computational efficiency‎, ‎and practical applicability‎, ‎making it a viable alternative to existing schemes like SIDH‎. ‎We provide a rigorous mathematical description of the protocol‎, ‎including key generation‎, ‎key exchange‎, ‎security analysis‎, ‎and performance evaluation‎. ‎Additionally‎, ‎we present a formal analysis‎, ‎comprehensive comparisons with existing protocols‎, ‎and insights into potential attack vectors and countermeasures‎. ‎The discussion concludes with potential real-world applications‎, ‎advanced cryptographic techniques‎, ‎and future research directions‎.

Abstract: The Tamarin prover is an open-source analysis tool for cryptographic protocols. Given a specification of a protocol, possible adversaries, and the desired security properties, Tamarin either verifies the protocol or provides counter examples witnessing attacks. Tamarin is a robust and powerful analysis tool: it has been under development for over a decade and has reached a state of maturity where it can be applied to model and analyze a wide range of real-world cryptographic protocols. It is now one of the leading tools in this domain, with a wide and active user community spanning both academia and industry.The objective of this book is to help both researchers and practitioners to gain a general understanding of how Formal Methods tools like Tamarin can be used to analyze and improve the quality of real-world protocols. Moreover, we specifically showcase the Tamarin prover and provide guidance on its usage. In this sense, this book provides a user’s manual for Tamarin. But it goes far beyond that, highlighting Tamarin’s underlying theory and its use in modeling and applications.

Abstract: This dissertation presents a physical layer-inspired approach to the design, implementation, and formal verification of security protocols tailored for ‘Internet-of-Things(IoT)’ devices, introducing the ComPass protocol as a key contribution. ComPass leverages the inherent randomness of wireless channels to generate shared passphrases between devices, reducing the need for user-generated passwords and mitigating vulnerabilities associated with weak passwords, while also offering a new direction for network-level onboarding for resource-constrained devices. Additionally, ASOP, an application-level device onboarding protocol is proposed that operates independently of manufacturers or third-party certificate authorities. ASOP enhances security and future-proofs IoT systems through the integration of post-quantum cryptography primitives. Beyond protocol design, this dissertation also evaluates the effectiveness of passphrases. This analysis begins by defining key concepts in information measurement, such as entropy, the standard metric for quantifying information content. We review several entropy estimation algorithms, including those from the widely recognized NIST entropy estimation tool. To address gaps in current metrics, we introduce a metric, termed Expectation entropy, as well as the concept of Remaining entropy. This discussion on Remaining entropy aims to establish a relationship between Shannon entropy, min-entropy, and Jensen’s inequality, providing a more understanding of information security in passphrase generation. The dissertation further explores the application of new protocols in smart city contexts, particularly within the healthcare sector. Here, Ultra-Wideband (UWB) technology, combined with the Permission Voucher protocol, is proposed as a solution for creating privacy-preserving and resilient communication systems. To verify the security of the above mentioned protocols, formal analysis is conducted within symbolic model using the Tamarin Prover, demonstrating their resistance to common attack vectors and identifying potential areas for improvement, such as mitigating insider threats and enhancing key management.

Abstract: We develop a generalized framework for invariant-based cryptography by extending the use of structural identities as core cryptographic mechanisms. Starting from a previously introduced scheme where a secret is encoded via a four-point algebraic invariant over masked functional values, we broaden the approach to include multiple classes of invariant constructions. In particular, we present new symmetric schemes based on shifted polynomial roots and functional equations constrained by symmetric algebraic conditions, such as discriminants and multilinear identities. These examples illustrate how algebraic invariants—rather than one-way functions—can enforce structural consistency and unforgeability. We analyze the cryptographic utility of such invariants in terms of recoverability, integrity binding, and resistance to forgery, and show that these constructions achieve security levels comparable to the original oscillatory model. This work establishes a foundation for invariant-based design as a versatile and compact alternative in symmetric cryptographic protocols.

Abstract: Visual cryptography scheme (VCS) enables secure image sharing by splitting a visual secret into multiple shares, each of which reveals no information in isolation. This paper presents a comparative analysis of six distinct visual cryptographic techniques Pixel Expansion, CMYK Decomposition, XOR Encryption, Modular Arithmetic, Bit-Level Decomposition, and AES-based encryption applied to binary, grayscale, and colored images. Each method is implemented and evaluated based on key metrics, including Peak Signal-to-Noise Ratio (PSNR), Mean Normalized Cross-Correlation (MNCC), computational efficiency, and robustness against cryptographic attacks. Experimental results show that Pixel Expansion yields high security for binary images but incurs notable pixel distortion and image enlargement. Bit-Level Decomposition preserves structural detail in grayscale images, while XOR and Modular Arithmetic methods offer lightweight and fast encryption, albeit with strict shared dependency. CMYK Decomposition and AES-based approaches provide effective protection for colored images, with AES achieving the highest security at the cost of computational complexity. The analysis demonstrates trade-offs between visual fidelity, security, and performance, offering guidance on selecting suitable techniques for secure image transmission across diverse application domains.

Abstract: The full text of this preprint has been withdrawn by the authors while they make corrections to the work. Therefore, the authors do not wish this work to be cited as a reference. Questions should be directed to the corresponding author.

Abstract: ABSTRACT The rapid evolution of quantum computing poses a significant threat to classical cryptographic systems like Rivest‐Shamir‐Adleman (RSA) and Elliptic Curve Cryptography (ECC), which rely on the computational hardness of problems such as integer factorization and discrete logarithms. Quantum algorithms such as Shor's algorithm can solve these problems quickly, which undermines the foundations on which classical cryptography relies. Quantum Key Distribution (QKD) is an alternative to the classical methods, which promises information‐theoretic security based on quantum mechanics. Currently, there are existing QKD protocols, including BB84, B92, E91, and GHZ, all of which exhibit various real‐world limitations. For example, these QKD protocols can be vulnerable to a variety of side‐channel attacks (e.g., detector blinding, photon‐number‐splitting) and neglect to consider fluctuating network conditions. Current QKD protocols also fail to accommodate scalability for many‐to‐many or noise‐limited scenarios. Many implementations of the existing QKD protocols and other common forms of networks remain static, relying on arbitrary decisions of fixed values that yield simple linear conclusions that can be predicted and targeted in the real‐world environment. To address these omissions, we propose a new framework for dynamic or adaptive hybrid QKD in which we incorporate BB84, B92, E91, and GHZ into one common approach with all protocols selected based on a probability‐weighted distribution of (0.3, 0.2, 0.3, 0.2). In the hybrid QKD implementation, the probability weights of protocol selection are assigned with partiality toward BB84, E91, B92, and GHZ, respectively. This may also introduce a higher variety of protocols and diversity in approaches that will further limit cross‐protocol possibilities of attack vectors, while increasing the possible flexibility of adaptability in attacked situations. In addition, we incorporate an artificial intelligence (AI)‐based optimization module using a neural network to evaluate local environmental noise and quantum bit error rate (QBER) in real time. It adjusts protocol selection probabilities dynamically based on both historical and live operational data to optimize throughput while maintaining low error rates. The system architecture supports modular and parallel operation and has been mapped out and designed to be scalable and compatible with future quantum networks. We test our system using IBM's Qiskit AerSimulator utilizing a 14‐qubit register with 100 rounds of a 1% depolarization noise model, which significantly outperformed static hybrids such as Chen et al. in terms of both key rate and QBER. Our system consistently produced an average QBER of 0.02 and a key generation rate of 12 bits per round. E91 consistently produced CHSH violating confirming the fidelity of the entanglement, while BB84 displayed no QBER on all rounds. This work demonstrates the first fully integrated, AI‐assisted, dynamic hybrid QKD system. It includes all advantageous features of a QKD protocol: the dynamic adaptability of the protocol allows for a performance driven environment, the use of entangled states provides increased security, and a bottom‐up approach to real‐time optimization creating a robust, scalable, and agnostic system to any hardware used by post‐quantum cryptographic infrastructures.