Pseudorandom functions (PRFs) are a very important tool in cryptography, and the learning with rounding (LWR) problem is one of the main issues in their construction. LWR problem, is to find from ⌊As⌋p, where and is the rounding function. The LWR problem is considered a variant of the learning with error (LWE) problem, that is, to find s from b = As + e, where , and LWE has been reduced to GapSVP and SIVP. The hardness of the lattice problems is the security foundation of the issued schemes. The best-known reduction for LWR was completed using information-theoretic entropy arguments, and the reduction requires q ≥ 2nmp. It does not directly reduce to the closest vector problem (CVP) problem, but rather to the LWE problem. However, the reduction in the aforementioned work significantly reduces the difficulty of LWR. To more accurately characterize the hardness of LWR, this paper uses statistical approximation and a Quantum Fourier Transform to reduce LWR to the CVP, thereby ensuring the hardness of LWR. Furthermore, unlike the previous conclusions, our reduction involves minimal loss and has broad security conditions, requiring only that , where q and p are prime numbers and 0 < α < 1.
伪随机函数(prf)是密码学中非常重要的工具,而带舍入学习(LWR)问题是构造伪随机函数的主要问题之一。LWR问题,是从⌊As⌋中求出,其中和为舍入函数。LWR问题被认为是带误差学习(LWE)问题的一个变体,即从b = As + e中找到s,其中,LWE被简化为GapSVP和SIVP。晶格问题的硬度是所发布方案的安全性基础。最著名的LWR的减少是使用信息论熵参数完成的,减少需要q≥2nmp。它不直接简化为最接近向量问题(CVP)问题,而是简化为LWE问题。然而,上述工作的减少大大降低了LWR的难度。为了更准确地表征LWR的硬度,本文采用统计近似和量子傅立叶变换将LWR降至CVP,从而保证了LWR的硬度。此外,与之前的结论不同,我们的约简涉及最小的损失和广泛的安全条件,只需要,其中q和p是素数,0 < α < 1。
{"title":"Revisiting LWR: A Novel Reduction Through Quantum Approximations","authors":"Zhuang Shan, Leyou Zhang, Qiqi Lai","doi":"10.1049/ise2/6825855","DOIUrl":"10.1049/ise2/6825855","url":null,"abstract":"<p>Pseudorandom functions (PRFs) are a very important tool in cryptography, and the learning with rounding (LWR) problem is one of the main issues in their construction. LWR problem, is to find <span></span><math></math> from ⌊<b>A</b><b>s</b>⌋<sub><i>p</i></sub>, where <span></span><math></math> and <span></span><math></math> is the rounding function. The LWR problem is considered a variant of the learning with error (LWE) problem, that is, to find <b>s</b> from <b>b</b> = <b>A</b><b>s</b> + <b>e</b>, where <span></span><math></math>, and LWE has been reduced to GapSVP and SIVP. The hardness of the lattice problems is the security foundation of the issued schemes. The best-known reduction for LWR was completed using information-theoretic entropy arguments, and the reduction requires <i>q</i> ≥ 2<i>n</i><i>m</i><i>p</i>. It does not directly reduce to the closest vector problem (CVP) problem, but rather to the LWE problem. However, the reduction in the aforementioned work significantly reduces the difficulty of LWR. To more accurately characterize the hardness of LWR, this paper uses statistical approximation and a Quantum Fourier Transform to reduce LWR to the CVP, thereby ensuring the hardness of LWR. Furthermore, unlike the previous conclusions, our reduction involves minimal loss and has broad security conditions, requiring only that <span></span><math></math>, where <i>q</i> and <i>p</i> are prime numbers and 0 < <i>α</i> < 1.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6825855","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144897395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Background: The Internet of Things (IoT) represents one of the fastest-expanding developments in the computer industry. However, the inherently hostile environment of the internet makes IoT systems vulnerable. A popular and promising method for detecting cyberattacks is machine learning (ML), which produces excellent outcomes for identified attacks. However, their ability to identify unidentified malicious traffic is nearly nonexistent.
Need for the Study: The need for study arises from the advanced security solutions of IoT, which are vulnerable to various known and unknown cyberattacks. Traditional ML methods are used to effectively detect new threats. It is followed by a hybrid methodological framework to combine supervised and semisupervised learning. It is an advanced approach to enhance detection accuracy and adaptability in dynamic IoT environments.
Methods: The study suggests an innovative strategy that combines supervised and unsupervised techniques. Initially employing several flow-based parameters, the improved density-based spatial clustering of applications with noise (IDBSCAN) clustering technique distinguishes between anomalous and regular traffic. Next, utilizing specific statistical metrics, a hybrid multiple kernel extreme learning machine with modified teaching–learning-based optimization (HMKELM-MTLBO) classification process is applied to label the clusters.
Findings of the Study: The findings of accuracy result as 98.95%, precision as 97.65%, recall as 98.56%, and F1 score value as 98.23%.
Results: The approach’s effectiveness was evaluated using the ToN_IoT dataset, and a 99%+ accuracy rate was attained in identifying cyberattacks across IoT technology.
Conclusion: The study validates the suggested strategy by testing a distinct set of attacks and training on the ToN_IoT dataset utilizing an extensive data processing system.
{"title":"A Methodological Framework to Hybrid Machine Learning for Detecting Unusual Cyberattacks in Internet of Things","authors":"R. S. Ramya, S. Jayanthy","doi":"10.1049/ise2/8381148","DOIUrl":"10.1049/ise2/8381148","url":null,"abstract":"<p><b>Background:</b> The Internet of Things (IoT) represents one of the fastest-expanding developments in the computer industry. However, the inherently hostile environment of the internet makes IoT systems vulnerable. A popular and promising method for detecting cyberattacks is machine learning (ML), which produces excellent outcomes for identified attacks. However, their ability to identify unidentified malicious traffic is nearly nonexistent.</p><p><b>Need for the Study:</b> The need for study arises from the advanced security solutions of IoT, which are vulnerable to various known and unknown cyberattacks. Traditional ML methods are used to effectively detect new threats. It is followed by a hybrid methodological framework to combine supervised and semisupervised learning. It is an advanced approach to enhance detection accuracy and adaptability in dynamic IoT environments.</p><p><b>Methods:</b> The study suggests an innovative strategy that combines supervised and unsupervised techniques. Initially employing several flow-based parameters, the improved density-based spatial clustering of applications with noise (IDBSCAN) clustering technique distinguishes between anomalous and regular traffic. Next, utilizing specific statistical metrics, a hybrid multiple kernel extreme learning machine with modified teaching–learning-based optimization (HMKELM-MTLBO) classification process is applied to label the clusters.</p><p><b>Findings of the Study:</b> The findings of accuracy result as 98.95%, precision as 97.65%, recall as 98.56%, and F1 score value as 98.23%.</p><p><b>Results:</b> The approach’s effectiveness was evaluated using the ToN_IoT dataset, and a 99%+ accuracy rate was attained in identifying cyberattacks across IoT technology.</p><p><b>Conclusion:</b> The study validates the suggested strategy by testing a distinct set of attacks and training on the ToN_IoT dataset utilizing an extensive data processing system.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/8381148","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144869754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Lei Tang, Zhengxin Cao, Xin Zhou, Junzhe Zhang, Junchi Ma
There are user privacy risks in cloud-based vehicle dispatch platforms due to the unauthorized collection, use, and dissemination of data. However, existing data protection methods cannot balance privacy, usability, and efficiency well. To address this, we propose a local privacy-preserving vehicle assignment strategy via spatial–temporal fusion (STF-LPPVA). Specifically, the strategy allows the cloud platform to train and distribute a spatial–temporal representation model to the user side. Encoded by this model, drivers and passengers can privately fuze the spatial–temporal information of their trips and then transmit these fuzed vectors to the cloud platform. Based on the similarity of the vectors, the cloud platform can allocate vehicles using the Kuhn–Monkreth (KM) algorithm. In addition, we analyze the theoretical feasibility of the STF-LPPVA strategy using entropy change and get good performance with a dataset from DiDi in Chengdu, China. The results show that the successful matching rate of the STF-LPPVA strategy is very close to the original data matching with lower time overhead. Our approach can reduce the traveling distance by 66.5% and improve the matching success rate by 36.2% on average.
{"title":"STF-LPPVA: Local Privacy-Preserving Method for Vehicle Assignment Based on Spatial–Temporal Fusion","authors":"Lei Tang, Zhengxin Cao, Xin Zhou, Junzhe Zhang, Junchi Ma","doi":"10.1049/ise2/1915019","DOIUrl":"10.1049/ise2/1915019","url":null,"abstract":"<p>There are user privacy risks in cloud-based vehicle dispatch platforms due to the unauthorized collection, use, and dissemination of data. However, existing data protection methods cannot balance privacy, usability, and efficiency well. To address this, we propose a local privacy-preserving vehicle assignment strategy via spatial–temporal fusion (STF-LPPVA). Specifically, the strategy allows the cloud platform to train and distribute a spatial–temporal representation model to the user side. Encoded by this model, drivers and passengers can privately fuze the spatial–temporal information of their trips and then transmit these fuzed vectors to the cloud platform. Based on the similarity of the vectors, the cloud platform can allocate vehicles using the Kuhn–Monkreth (KM) algorithm. In addition, we analyze the theoretical feasibility of the STF-LPPVA strategy using entropy change and get good performance with a dataset from DiDi in Chengdu, China. The results show that the successful matching rate of the STF-LPPVA strategy is very close to the original data matching with lower time overhead. Our approach can reduce the traveling distance by 66.5% and improve the matching success rate by 36.2% on average.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/1915019","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144853799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hailong Xi, Le Ru, Jiwei Tian, Bo Lu, Shiguang Hu, Wenfei Wang, Hongqiao Wang, Xiaohui Luan
Recent advancements in unmanned aerial vehicle (UAV) technology have facilitated its widespread adoption across a spectrum of sectors, such as commercial logistics, agricultural surveillance, industrial diagnostics, and military maneuvers. However, the widespread adoption has also engendered a burgeoning array of security concerns. Unmanned aerial systems (UAS) networks are characterized by high node mobility, unstable links, open communication environments, and limited platform resources, which in turn exhibit typical vulnerabilities in terms of cybersecurity. Most current studies on UAV cybersecurity issues tend to focus on individual UAVs, often neglecting the holistic cybersecurity of UAS. This paper outlines the composition of UAS network architecture. It summarizes the main cybersecurity challenges UAS faces within six categories—spoofing, tampering, information disclosure, denial of service (DoS), service refusal, and privilege escalation—based on the STRIDE threat model. Corresponding methods for risk mitigation and security protection strategies are proposed. Ultimately, the paper provides a perspective on the future development directions of UAS cybersecurity, aiming to offer a reference for addressing related issues in subsequent research and practice.
{"title":"Enhanced Cybersecurity Framework for Unmanned Aerial Systems: A Comprehensive STRIDE-Model Analysis and Emerging Defense Strategies","authors":"Hailong Xi, Le Ru, Jiwei Tian, Bo Lu, Shiguang Hu, Wenfei Wang, Hongqiao Wang, Xiaohui Luan","doi":"10.1049/ise2/9637334","DOIUrl":"10.1049/ise2/9637334","url":null,"abstract":"<p>Recent advancements in unmanned aerial vehicle (UAV) technology have facilitated its widespread adoption across a spectrum of sectors, such as commercial logistics, agricultural surveillance, industrial diagnostics, and military maneuvers. However, the widespread adoption has also engendered a burgeoning array of security concerns. Unmanned aerial systems (UAS) networks are characterized by high node mobility, unstable links, open communication environments, and limited platform resources, which in turn exhibit typical vulnerabilities in terms of cybersecurity. Most current studies on UAV cybersecurity issues tend to focus on individual UAVs, often neglecting the holistic cybersecurity of UAS. This paper outlines the composition of UAS network architecture. It summarizes the main cybersecurity challenges UAS faces within six categories—spoofing, tampering, information disclosure, denial of service (DoS), service refusal, and privilege escalation—based on the STRIDE threat model. Corresponding methods for risk mitigation and security protection strategies are proposed. Ultimately, the paper provides a perspective on the future development directions of UAS cybersecurity, aiming to offer a reference for addressing related issues in subsequent research and practice.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/9637334","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144815012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The COVID-19 pandemic has impacted the world, prompting a shift toward remote work and stay-at-home economies, altering routines for individuals and businesses. Organizations have had to swiftly implement digital solutions to enable productive and efficient remote work, a trend that is becoming increasingly common. In this context, enterprise programmers often rely on open-source software from social platforms to accelerate application development. However, the source code on these platforms may not always be regularly updated or well-maintained, posing security risks. These risks are exacerbated when programmers need more security software-focused development practices, testing for vulnerabilities, or applying necessary patches regularly. This study introduces two secure software development (SSD) performance baselines based on international standards and utilizing statistical process control (SPC): proactive information security awareness and reactive risk management. These baselines enable enterprise IT departments to monitor security awareness and improve the secure development capabilities of programmers and R&D teams, thereby mitigating the security risks of released software. A practical case study is presented to demonstrate the effectiveness of this approach.
{"title":"Establishing Performance Baselines for Secure Software Development","authors":"Ying-Ti Tsai, Chung-Ho Wang, Yung-Chia Chang, Lee-Ing Tong","doi":"10.1049/ise2/6139424","DOIUrl":"10.1049/ise2/6139424","url":null,"abstract":"<p>The COVID-19 pandemic has impacted the world, prompting a shift toward remote work and stay-at-home economies, altering routines for individuals and businesses. Organizations have had to swiftly implement digital solutions to enable productive and efficient remote work, a trend that is becoming increasingly common. In this context, enterprise programmers often rely on open-source software from social platforms to accelerate application development. However, the source code on these platforms may not always be regularly updated or well-maintained, posing security risks. These risks are exacerbated when programmers need more security software-focused development practices, testing for vulnerabilities, or applying necessary patches regularly. This study introduces two secure software development (SSD) performance baselines based on international standards and utilizing statistical process control (SPC): proactive information security awareness and reactive risk management. These baselines enable enterprise IT departments to monitor security awareness and improve the secure development capabilities of programmers and R&D teams, thereby mitigating the security risks of released software. A practical case study is presented to demonstrate the effectiveness of this approach.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6139424","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145128940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Blockchain technology has become a popular choice for electronic voting systems due to its transparency, security, and decentralization. However, it is not a perfect solution, as its inherent immutability poses challenges in blockchain-based e-voting systems. Specifically, without the physical security provided by traditional polling stations, preventing bribery and coercion becomes more difficult. Additionally, because of blockchain’s immutability, voters who are coerced or mistakenly vote cannot correct their choice. To address these issues, this paper proposes a secure blockchain-based voting system with editable ballots. The system uses chameleon hashes with ephemeral trapdoors and a timestamp mechanism, allowing voters to modify their ballots within a legitimate timeframe. Additionally, a modified Paillier cryptosystem and blind signature technology are used to ensure that any modifications leave no trace. We simulate and evaluate the system using Fabric 2.2, focusing on computational complexity and system stability. Analysis of experimental results shows that the blockchain-based voting system with an editable ballot mechanism proposed in this article has good computational cost and stability performance under normal use pressure.
{"title":"Secure and Editable: A Blockchain Voting System Based on Chameleon Hash With Ephemeral Trapdoors","authors":"Qiankun Zheng, Junyao Ye, Peng Li, Junzuo Lai","doi":"10.1049/ise2/3915638","DOIUrl":"10.1049/ise2/3915638","url":null,"abstract":"<p>Blockchain technology has become a popular choice for electronic voting systems due to its transparency, security, and decentralization. However, it is not a perfect solution, as its inherent immutability poses challenges in blockchain-based e-voting systems. Specifically, without the physical security provided by traditional polling stations, preventing bribery and coercion becomes more difficult. Additionally, because of blockchain’s immutability, voters who are coerced or mistakenly vote cannot correct their choice. To address these issues, this paper proposes a secure blockchain-based voting system with editable ballots. The system uses chameleon hashes with ephemeral trapdoors and a timestamp mechanism, allowing voters to modify their ballots within a legitimate timeframe. Additionally, a modified Paillier cryptosystem and blind signature technology are used to ensure that any modifications leave no trace. We simulate and evaluate the system using Fabric 2.2, focusing on computational complexity and system stability. Analysis of experimental results shows that the blockchain-based voting system with an editable ballot mechanism proposed in this article has good computational cost and stability performance under normal use pressure.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/3915638","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144773741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiang-Yi Lin, Ching-Chun Chang, Chin-Chen Chang, Chin-Feng Lee
Reversible data hiding in encrypted images (RDHEI) is a technique that not only allows the cover images can be fully restored without any loss of information after the embedded data has been extracted but also ensures the confidentiality within the cover images. This article proposes an RDHEI scheme combining adaptive (n, n) secret image sharing (SIS) manner. The content owner reserves part of the least significant bit plane (LSBP) in cover images by two most significant bit planes (MSBPs) compression using the median edge detector (MED) prediction method. To level up the privacy protection of n cover images, a two-layer encryption method is utilized to generate n shares, that is, the self-encryption and cross-encryption. Moreover, our method can be applied on no matter how many of cover images. The secret data with identification can be concealed by the data hiders into the vacated LSB of their own shares. Through the cooperation of the overall shares, the receiver can retrieve the embedded secret data and recover the cover images. Experiment results reveal the security reliability of our approach and the outstanding performance when compared to some related methods. Also, the approach can be employed in color image domain.
加密图像中的可逆数据隐藏技术(Reversible data hiding in encrypted images, RDHEI)是一种既可以在提取嵌入数据后完全恢复封面图像而不丢失任何信息的技术,又可以保证封面图像内部的保密性。本文提出了一种结合自适应(n, n)秘密图像共享(SIS)方式的RDHEI方案。内容所有者利用中值边缘检测器(MED)预测方法,通过两个最高有效位平面(msbp)压缩,保留部分封面图像的最低有效位平面(LSBP)。为了提高n张封面图片的隐私保护水平,我们采用两层加密方式生成n个共享,即自加密和交叉加密。此外,无论有多少张封面图像,我们的方法都可以应用。具有标识的秘密数据可以被数据隐藏者隐藏到他们自己共享的空的LSB中。通过整体股份的配合,接收方可以检索嵌入的秘密数据,恢复封面图像。实验结果表明,该方法具有较高的安全性和可靠性。同时,该方法也适用于彩色图像领域。
{"title":"Highly Secure and Adaptive Multisecret Sharing for Reversible Data Hiding in Encrypted Images","authors":"Jiang-Yi Lin, Ching-Chun Chang, Chin-Chen Chang, Chin-Feng Lee","doi":"10.1049/ise2/6695380","DOIUrl":"10.1049/ise2/6695380","url":null,"abstract":"<p>Reversible data hiding in encrypted images (RDHEI) is a technique that not only allows the cover images can be fully restored without any loss of information after the embedded data has been extracted but also ensures the confidentiality within the cover images. This article proposes an RDHEI scheme combining adaptive (<i>n</i>, <i>n</i>) secret image sharing (SIS) manner. The content owner reserves part of the least significant bit plane (LSBP) in cover images by two most significant bit planes (MSBPs) compression using the median edge detector (MED) prediction method. To level up the privacy protection of <i>n</i> cover images, a two-layer encryption method is utilized to generate <i>n</i> shares, that is, the self-encryption and cross-encryption. Moreover, our method can be applied on no matter how many of cover images. The secret data with identification can be concealed by the data hiders into the vacated LSB of their own shares. Through the cooperation of the overall shares, the receiver can retrieve the embedded secret data and recover the cover images. Experiment results reveal the security reliability of our approach and the outstanding performance when compared to some related methods. Also, the approach can be employed in color image domain.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/6695380","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144767711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The current multikey fully homomorphic encryption (MKFHE) needs to add exponential noise in the distributed decryption phase to ensure the simulatability of partial decryption. Such a large noise causes the ciphertext modulus of the scheme to increase exponentially compared to the single-key fully homomorphic encryption (FHE), further reducing the efficiency of the scheme and making the hardness problem on the lattice on which the scheme relies have a subexponential approximation factor (which means that the security of the scheme is reduced). To address this problem, this paper analyzes in detail the noise in partial decryption of the MKFHE based on the learning with error (LWE) problem. It points out that this part of the noise is composed of private key and the noise in initial ciphertext. Therefore, as long as the encryption scheme is leak-resistant and the noise in partial decryption is independent of the noise in the initial ciphertext, the semantic security of the ciphertext can be guaranteed. In order to make the noise in the initial ciphertext independent of the noise in the partial decryption, this paper proves the smudging lemma on discrete Gaussian distribution and achieves this goal by multiplying the initial ciphertext by a “dummy” ciphertext with a plaintext of 1. Based on the above method, this paper removes the exponential noise in the distributed decryption phase for the first time and reduces the ciphertext modulus of MKFHE from 2ω(λL logλ) to 2O(λ + L) as the same level as the FHE.
{"title":"Multikey Fully Homomorphic Encryption: Removing Noise Flooding in Distributed Decryption via the Smudging Lemma on Discrete Gaussian Distribution","authors":"Xiaokang Dai, Wenyuan Wu, Yong Feng","doi":"10.1049/ise2/7550044","DOIUrl":"10.1049/ise2/7550044","url":null,"abstract":"<p>The current multikey fully homomorphic encryption (MKFHE) needs to add exponential noise in the distributed decryption phase to ensure the simulatability of partial decryption. Such a large noise causes the ciphertext modulus of the scheme to increase exponentially compared to the single-key fully homomorphic encryption (FHE), further reducing the efficiency of the scheme and making the hardness problem on the lattice on which the scheme relies have a subexponential approximation factor <span></span><math></math> (which means that the security of the scheme is reduced). To address this problem, this paper analyzes in detail the noise in partial decryption of the MKFHE based on the learning with error (LWE) problem. It points out that this part of the noise is composed of private key and the noise in initial ciphertext. Therefore, as long as the encryption scheme is leak-resistant and the noise in partial decryption is independent of the noise in the initial ciphertext, the semantic security of the ciphertext can be guaranteed. In order to make the noise in the initial ciphertext independent of the noise in the partial decryption, this paper proves the smudging lemma on discrete Gaussian distribution and achieves this goal by multiplying the initial ciphertext by a “dummy” ciphertext with a plaintext of 1. Based on the above method, this paper removes the exponential noise in the distributed decryption phase for the first time and reduces the ciphertext modulus of MKFHE from 2<sup><i>ω</i>(<i>λ</i><i>L</i> log<i>λ</i>)</sup> to 2<sup><i>O</i>(<i>λ</i> + <i>L</i>)</sup> as the same level as the FHE.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/7550044","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144725510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Purpose: This study explores cryptocurrency security concerns in the context of Saudi Arabia, focusing on a cross-sectional survey to assess evolving technical threats and public risk perceptions. While regulatory concerns are acknowledged, the primary emphasis is on security risks, making this one of the few studies to specifically investigate digital asset vulnerabilities from a Saudi perspective. The novelty lies in bridging the views of both the general public and industry professionals to offer multidimensional insights into the country’s cryptocurrency environment.
Methods: A large-scale online survey was conducted with 392 participants, including individuals from the general public, IT sector, banking institutions, and regulatory bodies. The instrument captured perceptions of various technical security threats—such as 51% attacks, phishing, timejacking, and double-spending—alongside key public concerns about cryptocurrency safety. The mixed-participant approach enabled a balanced analysis of cross-sector risk awareness.
Results: The findings indicate a significant disparity between public understanding and expert awareness regarding cryptocurrency security. Notably, 87.3% of respondents support the idea of central banks issuing their own digital currencies (CBDCs), reflecting widespread demand for safer and more regulated alternatives. Core risks identified include token theft, manipulative trading behavior, and technical vulnerabilities in decentralized platforms.
Conclusion: This research contributes original insights into cryptocurrency security from a regional lens, integrating technical and perceptual dimensions often overlooked in existing literature. The study’s multistakeholder findings offer valuable input for policymakers, regulators, and technology developers seeking to build secure and trusted crypto ecosystems in emerging markets like Saudi Arabia.
{"title":"Analyzing Cryptocurrency Security Risks: A Comprehensive Survey of Saudi Arabian Perspectives","authors":"Abeer Abdullah Alsadhan","doi":"10.1049/ise2/5100339","DOIUrl":"10.1049/ise2/5100339","url":null,"abstract":"<p><b>Purpose:</b> This study explores cryptocurrency security concerns in the context of Saudi Arabia, focusing on a cross-sectional survey to assess evolving technical threats and public risk perceptions. While regulatory concerns are acknowledged, the primary emphasis is on security risks, making this one of the few studies to specifically investigate digital asset vulnerabilities from a Saudi perspective. The novelty lies in bridging the views of both the general public and industry professionals to offer multidimensional insights into the country’s cryptocurrency environment.</p><p><b>Methods:</b> A large-scale online survey was conducted with 392 participants, including individuals from the general public, IT sector, banking institutions, and regulatory bodies. The instrument captured perceptions of various technical security threats—such as 51% attacks, phishing, timejacking, and double-spending—alongside key public concerns about cryptocurrency safety. The mixed-participant approach enabled a balanced analysis of cross-sector risk awareness.</p><p><b>Results:</b> The findings indicate a significant disparity between public understanding and expert awareness regarding cryptocurrency security. Notably, 87.3% of respondents support the idea of central banks issuing their own digital currencies (CBDCs), reflecting widespread demand for safer and more regulated alternatives. Core risks identified include token theft, manipulative trading behavior, and technical vulnerabilities in decentralized platforms.</p><p><b>Conclusion:</b> This research contributes original insights into cryptocurrency security from a regional lens, integrating technical and perceptual dimensions often overlooked in existing literature. The study’s multistakeholder findings offer valuable input for policymakers, regulators, and technology developers seeking to build secure and trusted crypto ecosystems in emerging markets like Saudi Arabia.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/5100339","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144714913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pseudo-random number generator (PRNG) is a type of algorithm that generates a sequence of random numbers using a mathematical formula, which is widely used in computer science, such as simulation, modeling applications, data encryption, et cetera. The efficiency and security of PRNG are closely related to its output bits at each iteration. Especially, we have recently found that linear congruential generator (LCG) is commonly used as the underlying PRNG in short message service (SMS) app, fast knapsack generator (FKG), and programming languages such as Python, while the quadratic generator plays an important role in Monte Carlo method. Therefore, in this paper, we revisit the security of these two number-theoretic pseudo-random generators and obtain the best results for attacking these two kinds of PRNGs up to now. More precisely, we prove that when the mapping function of LCG and the quadratic generator is unknown, if during each iteration, generators only output the most significant bits of vi, one can also recover the seed of PRNG when enough consecutive or nonconsecutive outputs are obtained. The primary tool of our attack is the Coppersmith method which can find small roots on polynomial equations. Our advantage lies in applying the local linearization technique to the polynomial equations to make them simple and easy to solve and applying the analytic combinatorics method to simplify the calculation of solution conditions in the Coppersmith method. Experimental data validate the effectiveness of our work.
伪随机数生成器(Pseudo-random number generator, PRNG)是一种使用数学公式生成随机数序列的算法,广泛应用于计算机科学,如仿真、建模应用、数据加密等。PRNG算法的效率和安全性与每次迭代的输出比特数密切相关。特别是,我们最近发现线性同余生成器(LCG)在短消息服务(SMS)应用程序、快速背包生成器(FKG)和Python等编程语言中通常用作底层PRNG,而二次生成器在蒙特卡罗方法中起着重要作用。因此,本文重新研究了这两种数论伪随机生成器的安全性,并获得了迄今为止攻击这两种伪随机生成器的最佳结果。更确切地说,我们证明了当LCG与二次元生成器的映射函数未知时,如果每次迭代时,生成器只输出vi的最高有效位,当获得足够的连续或非连续输出时,也可以恢复PRNG的种子。我们攻击的主要工具是Coppersmith方法,它可以找到多项式方程的小根。我们的优势在于对多项式方程采用局部线性化技术,使其易于求解,并采用解析组合方法简化了Coppersmith方法中求解条件的计算。实验数据验证了我们工作的有效性。
{"title":"Cryptanalysis on Two Kinds of Number Theoretic Pseudo-Random Generators Using Coppersmith Method","authors":"Ran Zhang, Jingguo Bi, Lixiang Li, Haipeng Peng","doi":"10.1049/ise2/5569393","DOIUrl":"10.1049/ise2/5569393","url":null,"abstract":"<p>Pseudo-random number generator (PRNG) is a type of algorithm that generates a sequence of random numbers using a mathematical formula, which is widely used in computer science, such as simulation, modeling applications, data encryption, et cetera. The efficiency and security of PRNG are closely related to its output bits at each iteration. Especially, we have recently found that linear congruential generator (LCG) is commonly used as the underlying PRNG in short message service (SMS) app, fast knapsack generator (FKG), and programming languages such as Python, while the quadratic generator plays an important role in Monte Carlo method. Therefore, in this paper, we revisit the security of these two number-theoretic pseudo-random generators and obtain the best results for attacking these two kinds of PRNGs up to now. More precisely, we prove that when the mapping function of LCG and the quadratic generator is unknown, if during each iteration, generators only output the most significant bits of <i>v</i><sub><i>i</i></sub>, one can also recover the seed of PRNG when enough consecutive or nonconsecutive outputs are obtained. The primary tool of our attack is the Coppersmith method which can find small roots on polynomial equations. Our advantage lies in applying the local linearization technique to the polynomial equations to make them simple and easy to solve and applying the analytic combinatorics method to simplify the calculation of solution conditions in the Coppersmith method. Experimental data validate the effectiveness of our work.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/5569393","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144647404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号