Publicly verifiable secret sharing (PVSS) allows a dealer to share a secret among a set of shareholders so that the secret can be reconstructed later from any set of qualified participants. In addition, any public verifier should be able to check the correctness of the sharing and reconstruction process. PVSS has been demonstrated to yield various applications, such as e-voting, decentralized random number generation protocols, and secure computation on distributed networks. Although many concrete PVSS protocols have been proposed, their security is either proven in the random oracle model or relies on quantum-vulnerable assumptions such as factoring or discrete logarithm. In this work, we propose a generic construction of a PVSS from any public key encryption scheme and non-interactive zero-knowledge arguments for suitable gap languages. We then provide lattice-based instantiations of the underlying components, which can be proven in the standard model. As a result, we construct the first post-quantum PVSS in the standard model, with a reasonable level of asymptotic efficiency.
{"title":"Publicly verifiable secret sharing: Generic constructions and lattice-based instantiations in the standard model","authors":"Nhat-Minh Pham , Khoa Nguyen , Willy Susilo , Khuong Nguyen-An","doi":"10.1016/j.csi.2025.104090","DOIUrl":"10.1016/j.csi.2025.104090","url":null,"abstract":"<div><div>Publicly verifiable secret sharing (PVSS) allows a dealer to share a secret among a set of shareholders so that the secret can be reconstructed later from any set of qualified participants. In addition, any public verifier should be able to check the correctness of the sharing and reconstruction process. PVSS has been demonstrated to yield various applications, such as e-voting, decentralized random number generation protocols, and secure computation on distributed networks. Although many concrete PVSS protocols have been proposed, their security is either proven in the random oracle model or relies on quantum-vulnerable assumptions such as factoring or discrete logarithm. In this work, we propose a generic construction of a PVSS from any public key encryption scheme and non-interactive zero-knowledge arguments for suitable gap languages. We then provide lattice-based instantiations of the underlying components, which can be proven in the standard model. As a result, we construct the first post-quantum PVSS in the standard model, with a reasonable level of asymptotic efficiency.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104090"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145465193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-08-05DOI: 10.1016/j.csi.2025.104049
James Sharp , Mike Standish , Jaspal Sagoo , Edwin van de Sluis
Multi-Core Processors (MCPs) are ubiquitous in modern electronic devices. However, their exploitation within the high criticality domains, specifically that of aerospace, introduces challenges. The European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) recently released harmonised guidance in the form of Acceptable Means of Compliance (AMC) 20-193, which details what is required, from a certification perspective, to enable the use of MCPs for satisfying airworthiness requirements. Although regulatory authorities have withdrawn Job Aids for standards such as DO-178 and DO-254, they are an effective method of showing compliance to standards and widely used by assessors. Understanding MCPs is, however, non-trivial and requires significant expertise not only of the device itself, but also how software will be architected and executed, along with how system level safety considerations are to be employed, all to ensure safe application of this technology. Thus, within this paper the authors, through the provision of an assessment of the what detailed in AMC 20-193, give an in-depth analysis into the intent behind the 10 objectives set out in this new AMC. The aim of the paper is to provide a foundation upon which Subject Matter Experts (SMEs) might construct their own Job Aid. Through its discussions, it is the authors intention that this paper enables a common understanding against which an applicant, assessor, and authority can interpret the how when looking to achieve the what set out in AMC 20-193.
{"title":"Towards a multi-core certification Job-Aid for AMC 20-193","authors":"James Sharp , Mike Standish , Jaspal Sagoo , Edwin van de Sluis","doi":"10.1016/j.csi.2025.104049","DOIUrl":"10.1016/j.csi.2025.104049","url":null,"abstract":"<div><div>Multi-Core Processors (MCPs) are ubiquitous in modern electronic devices. However, their exploitation within the high criticality domains, specifically that of aerospace, introduces challenges. The European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) recently released harmonised guidance in the form of Acceptable Means of Compliance (AMC) 20-193, which details <em>what</em> is required, from a certification perspective, to enable the use of MCPs for satisfying airworthiness requirements. Although regulatory authorities have withdrawn Job Aids for standards such as DO-178 and DO-254, they are an effective method of showing compliance to standards and widely used by assessors. Understanding MCPs is, however, non-trivial and requires significant expertise not only of the device itself, but also how software will be architected and executed, along with how system level safety considerations are to be employed, all to ensure safe application of this technology. Thus, within this paper the authors, through the provision of an assessment of the <em>what</em> detailed in AMC 20-193, give an in-depth analysis into the intent behind the 10 objectives set out in this new AMC. The aim of the paper is to provide a foundation upon which Subject Matter Experts (SMEs) might construct their own Job Aid. Through its discussions, it is the authors intention that this paper enables a common understanding against which an applicant, assessor, and authority can interpret the <em>how</em> when looking to achieve the <em>what</em> set out in AMC 20-193.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104049"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145007730","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-09-17DOI: 10.1016/j.csi.2025.104070
Zohaib Ali , Junaid Hassan , Muhammad Umar Aftab , Negalign Wake Hundera , Huiying Xu , Xinzhong Zhu
The growth of Internet of Things (IoT) technologies, such as cloud computing, 5G communication, and wireless sensor networks, is driving a smarter and more connected future. Thousands of terabytes of data are uploaded to cloud servers each day for storage or computation. Due to data privacy, we cannot upload personal pictures, videos, locations, and medical records directly to the cloud because they will be at risk if compromised. Due to the untrusted nature of the cloud, data needs to be encrypted to ensure confidentiality before being outsourced to it. The data must first be decrypted before any operation can be performed, which can be resource-intensive and wasteful. Secure data transmission from sensors to an Internet host becomes a critical issue for the success of IoT. To address these issues, this paper introduces a lightweight certificateless signcryption scheme with an equality test (CLS-ET), which leverages the power of hyperelliptic curves. This scheme obtains the security goals of authentication, integrity, confidentiality, and non-repudiation in one logical step. Furthermore, this scheme enables us to verify whether two ciphertexts are encrypted with the same or different keys that contain the same information without decrypting them. Indistinguishability under adaptive chosen ciphertext attack (IND-CCA2), existential unforgeability under chosen message attack (EUF-CMA), and one-wayness under adaptive chosen ciphertext attack (OW-CCA2) level security have been achieved by the proposed scheme in the Random Oracle Model (ROM). Furthermore, we compared our proposed scheme with other existing state-of-the-art schemes. While maintaining security and functionality, our scheme reduces computation costs for encryption, decryption, and testing stages, thereby improving efficiency in resource-constrained IoT-enabled Wireless Body Area Networks.
{"title":"Securing Wireless Body Area Network with lightweight certificateless signcryption scheme using equality test","authors":"Zohaib Ali , Junaid Hassan , Muhammad Umar Aftab , Negalign Wake Hundera , Huiying Xu , Xinzhong Zhu","doi":"10.1016/j.csi.2025.104070","DOIUrl":"10.1016/j.csi.2025.104070","url":null,"abstract":"<div><div>The growth of Internet of Things (IoT) technologies, such as cloud computing, 5G communication, and wireless sensor networks, is driving a smarter and more connected future. Thousands of terabytes of data are uploaded to cloud servers each day for storage or computation. Due to data privacy, we cannot upload personal pictures, videos, locations, and medical records directly to the cloud because they will be at risk if compromised. Due to the untrusted nature of the cloud, data needs to be encrypted to ensure confidentiality before being outsourced to it. The data must first be decrypted before any operation can be performed, which can be resource-intensive and wasteful. Secure data transmission from sensors to an Internet host becomes a critical issue for the success of IoT. To address these issues, this paper introduces a lightweight certificateless signcryption scheme with an equality test (CLS-ET), which leverages the power of hyperelliptic curves. This scheme obtains the security goals of authentication, integrity, confidentiality, and non-repudiation in one logical step. Furthermore, this scheme enables us to verify whether two ciphertexts are encrypted with the same or different keys that contain the same information without decrypting them. Indistinguishability under adaptive chosen ciphertext attack (IND-CCA2), existential unforgeability under chosen message attack (EUF-CMA), and one-wayness under adaptive chosen ciphertext attack (OW-CCA2) level security have been achieved by the proposed scheme in the Random Oracle Model (ROM). Furthermore, we compared our proposed scheme with other existing state-of-the-art schemes. While maintaining security and functionality, our scheme reduces computation costs for encryption, decryption, and testing stages, thereby improving efficiency in resource-constrained IoT-enabled Wireless Body Area Networks.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104070"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145105342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-09-15DOI: 10.1016/j.csi.2025.104076
Mahaboob Basha Shaik, Narasimha Rao Yamarthi
The Internet of Medical Things (IoMT) comprises a network of interconnected medical devices such as wearables, diagnostic tools, and implants that facilitate real-time data acquisition and remote healthcare monitoring. To ensure secure and reliable data transmission and storage in such environments, this study proposes an Enhanced Blockchain-based Intelligent Healthcare System with Ensemble Deep Learning (EBIHS-EDL). The system incorporates blockchain (BC) technology to maintain decentralized, tamper-proof records and employs a Bit-Level Chaotic Image Encryption Algorithm (BCIEA) for secure image encryption. Key generation is achieved using the Grasshopper–Black Hole Optimization (G–BHO) algorithm. To address the challenge of class imbalance in medical datasets, an Improved Tabular Generative Adversarial Network (ITGAN) is employed to synthesize minority class samples. For feature extraction, a Cross Siamese Res2Net (CSRes2Net) architecture is utilized, followed by classification using an integrated model, Improved ShuffleNetV2 and Spatiotemporal Convolutional Network-enhanced Transformer (ISSCNetV2). Comprehensive evaluations on benchmark medical datasets demonstrate the effectiveness of the proposed system, achieving an accuracy of 99.20%, sensitivity of 99.03%, and specificity of 99.46%. These results surpass those of existing models including DBN (94.15%), YOLO-GC (94.24%), ResNet (96.19%), VGG-19 (91.19%), and CDNN (95.29%), highlighting the superior performance and robustness of EBIHS-EDL in intelligent healthcare applications.
{"title":"Integrating blockchain and deep learning: a novel ensemble model for secure IoMT-driven intelligent healthcare solutions using ISSCNetV2 approach","authors":"Mahaboob Basha Shaik, Narasimha Rao Yamarthi","doi":"10.1016/j.csi.2025.104076","DOIUrl":"10.1016/j.csi.2025.104076","url":null,"abstract":"<div><div>The Internet of Medical Things (IoMT) comprises a network of interconnected medical devices such as wearables, diagnostic tools, and implants that facilitate real-time data acquisition and remote healthcare monitoring. To ensure secure and reliable data transmission and storage in such environments, this study proposes an Enhanced Blockchain-based Intelligent Healthcare System with Ensemble Deep Learning (EBIHS-EDL). The system incorporates blockchain (BC) technology to maintain decentralized, tamper-proof records and employs a Bit-Level Chaotic Image Encryption Algorithm (BCIEA) for secure image encryption. Key generation is achieved using the Grasshopper–Black Hole Optimization (G–BHO) algorithm. To address the challenge of class imbalance in medical datasets, an Improved Tabular Generative Adversarial Network (ITGAN) is employed to synthesize minority class samples. For feature extraction, a Cross Siamese Res2Net (CSRes2Net) architecture is utilized, followed by classification using an integrated model, Improved ShuffleNetV2 and Spatiotemporal Convolutional Network-enhanced Transformer (ISSCNetV2). Comprehensive evaluations on benchmark medical datasets demonstrate the effectiveness of the proposed system, achieving an accuracy of 99.20%, sensitivity of 99.03%, and specificity of 99.46%. These results surpass those of existing models including DBN (94.15%), YOLO-GC (94.24%), ResNet (96.19%), VGG-19 (91.19%), and CDNN (95.29%), highlighting the superior performance and robustness of EBIHS-EDL in intelligent healthcare applications.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104076"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145109388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-10-17DOI: 10.1016/j.csi.2025.104088
Vita Santa Barletta, Danilo Caivano, Christian Catalano, Mirko De Vincentiis, Michele Scalera
The automotive industry is designing increasingly sophisticated electronic components in order to make modern vehicles safer and more connected. This means not only more functionality available but also an increased risk to vehicle security and driver safety. Over the years, academia and industry have identified security issues in Electronic Control Units (ECUs) software and the protocols they use to communicate. Many of the attacks proposed in the literature exploit weaknesses in the Controller Area Network (CAN), one of the most widely used protocols for internal network communication. Researchers have proposed techniques focused on using Machine Learning (ML) models to identify attacks that exploit vulnerabilities in the CAN protocol. However, these techniques are not enough, as it is necessary to introduce the knowledge of how these attacks occurred and propose remediations to counter them to design more secure components. So, it is necessary to use ML models that use a multi-class classification to obtain the attack typology to obtain information that aims to resolve or understand the threat. To this end, this paper proposes a Pachamama methodology that identifies CAN attacks by proposing a simulation environment in which an ML algorithm is deployed. Then, a Vehicle-Security Operation Center (Vehicle-SOC) allows the classification of the received message from the Intrusion Detection System (IDS) to propose remediations for security analysts or developers working in the automotive world.
{"title":"Automotive Intelligence for supporting Vehicle-SOC analysts","authors":"Vita Santa Barletta, Danilo Caivano, Christian Catalano, Mirko De Vincentiis, Michele Scalera","doi":"10.1016/j.csi.2025.104088","DOIUrl":"10.1016/j.csi.2025.104088","url":null,"abstract":"<div><div>The automotive industry is designing increasingly sophisticated electronic components in order to make modern vehicles safer and more connected. This means not only more functionality available but also an increased risk to vehicle security and driver safety. Over the years, academia and industry have identified security issues in Electronic Control Units (ECUs) software and the protocols they use to communicate. Many of the attacks proposed in the literature exploit weaknesses in the Controller Area Network (CAN), one of the most widely used protocols for internal network communication. Researchers have proposed techniques focused on using Machine Learning (ML) models to identify attacks that exploit vulnerabilities in the CAN protocol. However, these techniques are not enough, as it is necessary to introduce the knowledge of how these attacks occurred and propose remediations to counter them to design more secure components. So, it is necessary to use ML models that use a multi-class classification to obtain the attack typology to obtain information that aims to resolve or understand the threat. To this end, this paper proposes a Pachamama methodology that identifies CAN attacks by proposing a simulation environment in which an ML algorithm is deployed. Then, a Vehicle-Security Operation Center (Vehicle-SOC) allows the classification of the received message from the Intrusion Detection System (IDS) to propose remediations for security analysts or developers working in the automotive world.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104088"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145361676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-10-22DOI: 10.1016/j.csi.2025.104089
Wei Liang , Yang Yang , Sisi Zhou , Zhishun Zhang , Yuxiang Chen , Kai Jin , Xiong Li , Kuanching Li , Jiannong Cao
Electronic Medical Records are instrumental in advancing smart healthcare within the landscape of the Internet of Things, delivering highly personalized and prompt medical services to patients. However, existing healthcare data management systems are commonly characterized by provider centralization and over-regulation, posing significant threats to data security and integrity. Blockchain-based EMR secure sharing provides an effective scheme but still suffers from challenges such as insufficiently fine-grained data access control, susceptibility to user privacy leakage, high storage costs, and key management risks. Therefore, we propose FGPB-EMR, a user-centric blockchain for EMR sharing scheme with fine-grained access and privacy. We introduce the ciphertext policy of entirely hidden and updated attribute encryption, design an EMR sharing method with fine-grained access control, and guarantee its execution through a secure key distribution mechanism. In addition, based on the Paillier algorithm, we construct a co-sharing mechanism that supports privacy computation to achieve neutrality and interoperability of health insurance claims. To enhance the storage efficiency of blockchain data, we also design an on-chain and off-chain co-sharing protocol. Through comparative analysis and test validation, the FGPB-EMR scheme reduces the processing time by about half compared to other methods when sharing EMR; the interaction time is also reduced by about 20% when processing medical claims. In addition, the test results demonstrate the scheme’s scalability.
{"title":"FGPB-EMR: Fine-grained privacy blockchain for electronic medical record sharing","authors":"Wei Liang , Yang Yang , Sisi Zhou , Zhishun Zhang , Yuxiang Chen , Kai Jin , Xiong Li , Kuanching Li , Jiannong Cao","doi":"10.1016/j.csi.2025.104089","DOIUrl":"10.1016/j.csi.2025.104089","url":null,"abstract":"<div><div>Electronic Medical Records are instrumental in advancing smart healthcare within the landscape of the Internet of Things, delivering highly personalized and prompt medical services to patients. However, existing healthcare data management systems are commonly characterized by provider centralization and over-regulation, posing significant threats to data security and integrity. Blockchain-based EMR secure sharing provides an effective scheme but still suffers from challenges such as insufficiently fine-grained data access control, susceptibility to user privacy leakage, high storage costs, and key management risks. Therefore, we propose FGPB-EMR, a user-centric blockchain for EMR sharing scheme with fine-grained access and privacy. We introduce the ciphertext policy of entirely hidden and updated attribute encryption, design an EMR sharing method with fine-grained access control, and guarantee its execution through a secure key distribution mechanism. In addition, based on the Paillier algorithm, we construct a co-sharing mechanism that supports privacy computation to achieve neutrality and interoperability of health insurance claims. To enhance the storage efficiency of blockchain data, we also design an on-chain and off-chain co-sharing protocol. Through comparative analysis and test validation, the FGPB-EMR scheme reduces the processing time by about half compared to other methods when sharing EMR; the interaction time is also reduced by about 20% when processing medical claims. In addition, the test results demonstrate the scheme’s scalability.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104089"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145361677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-09-12DOI: 10.1016/j.csi.2025.104071
Duy Tung Khanh Nguyen , Dung Hoang Duong , Willy Susilo , Yang-Wai Chow , The Anh Ta
In the current era of big data, cloud-based Machine Learning as a Service (MLaaS) – where clients send encrypted queries to the cloud and receive prediction results – has gained significant attention. However, privacy concerns arise as cloud servers typically require access to clients’ raw data, potentially exposing sensitive information. Homomorphic encryption (HE), an advanced cryptographic technique that allows computation on encrypted data without decryption, offers a promising foundation for privacy-preserving MLaaS. A critical challenge in this context is the efficient and secure evaluation of the argmax function—a key operation in classification tasks used to select the class with the highest predicted probability. Existing HE-based methods, such as Phoenix (Jovanovic et al., 2022), rely on non-interactive protocols using high-degree polynomial approximations of the sign function, which lead to significant computational overhead. This paper introduces , an interactive protocol designed for efficient and secure evaluation under encryption. Unlike prior approaches, leverages the algebraic properties of the sign function in combination with a lightweight interactive mechanism under the standard semi-honest model, without requiring trusted setup or multi-party computation. We present two protocol variants: -HT, optimized for high-throughput scenarios using batch processing, and -LC, which minimizes communication by processing a single encrypted vector. Experiments show that reduces inference latency from 157 s to 8 s on the MNIST dataset, and performs well even on CIFAR-100 with 100 output classes, completing in under 4 min using 128-bit HE security parameters. Despite being interactive, our protocol achieves comparable communication costs to Phoenix. These results demonstrate that is both practical and scalable for real-world privacy-preserving MLaaS deployments.
在当前的大数据时代,基于云的机器学习即服务(MLaaS)——客户端向云发送加密查询并接收预测结果——已经获得了极大的关注。然而,由于云服务器通常需要访问客户的原始数据,因此可能会暴露敏感信息,因此会出现隐私问题。同态加密(HE)是一种先进的加密技术,允许在不解密的情况下对加密数据进行计算,为保护隐私的MLaaS提供了良好的基础。在这种情况下,一个关键的挑战是对argmax函数的高效和安全的求值,这是分类任务中的一个关键操作,用于选择具有最高预测概率的类。现有的基于he的方法,如Phoenix (Jovanovic et al., 2022),依赖于使用符号函数的高次多项式近似的非交互式协议,这导致了显著的计算开销。本文介绍了一种用于加密下高效、安全的argmax求值的交互协议——HEArgmax。与之前的方法不同,HEArgmax利用符号函数的代数特性,结合标准半诚实模型下的轻量级交互机制,不需要可信设置或多方计算。我们提出了两种协议变体:针对使用批处理的高吞吐量场景进行优化的HEArgmax-HT和通过处理单个加密向量来最大限度地减少通信的HEArgmax-LC。实验表明,在MNIST数据集上,HEArgmax将推理延迟从157秒减少到8秒,并且即使在具有100个输出类的CIFAR-100上也表现良好,使用128位HE安全参数在4分钟内完成。尽管是交互式的,但我们的协议实现了与Phoenix相当的通信成本。这些结果表明,对于现实世界中保护隐私的MLaaS部署,HEArgmax既实用又可扩展。
{"title":"HEArgmax: Secure homomorphic encryption-based protocols for Argmax function","authors":"Duy Tung Khanh Nguyen , Dung Hoang Duong , Willy Susilo , Yang-Wai Chow , The Anh Ta","doi":"10.1016/j.csi.2025.104071","DOIUrl":"10.1016/j.csi.2025.104071","url":null,"abstract":"<div><div>In the current era of big data, cloud-based Machine Learning as a Service (MLaaS) – where clients send encrypted queries to the cloud and receive prediction results – has gained significant attention. However, privacy concerns arise as cloud servers typically require access to clients’ raw data, potentially exposing sensitive information. Homomorphic encryption (HE), an advanced cryptographic technique that allows computation on encrypted data without decryption, offers a promising foundation for privacy-preserving MLaaS. A critical challenge in this context is the efficient and secure evaluation of the <em>argmax</em> function—a key operation in classification tasks used to select the class with the highest predicted probability. Existing HE-based methods, such as Phoenix (Jovanovic et al., 2022), rely on non-interactive protocols using high-degree polynomial approximations of the sign function, which lead to significant computational overhead. This paper introduces <span><math><mi>HEArgmax</mi></math></span>, an interactive protocol designed for efficient and secure <span><math><mrow><mi>a</mi><mi>r</mi><mi>g</mi><mi>m</mi><mi>a</mi><mi>x</mi></mrow></math></span> evaluation under encryption. Unlike prior approaches, <span><math><mi>HEArgmax</mi></math></span> leverages the algebraic properties of the sign function in combination with a lightweight interactive mechanism under the standard semi-honest model, without requiring trusted setup or multi-party computation. We present two protocol variants: <span><math><mi>HEArgmax</mi></math></span>-HT, optimized for high-throughput scenarios using batch processing, and <span><math><mi>HEArgmax</mi></math></span>-LC, which minimizes communication by processing a single encrypted vector. Experiments show that <span><math><mi>HEArgmax</mi></math></span> reduces inference latency from 157 s to 8 s on the MNIST dataset, and performs well even on CIFAR-100 with 100 output classes, completing in under 4 min using 128-bit HE security parameters. Despite being interactive, our protocol achieves comparable communication costs to Phoenix. These results demonstrate that <span><math><mi>HEArgmax</mi></math></span> is both practical and scalable for real-world privacy-preserving MLaaS deployments.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104071"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145105312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-09-19DOI: 10.1016/j.csi.2025.104072
Changsong Yang , Ping Li , Yong Ding , Hai Liang , Shuo Wang
Amidst the surge of cloud computing, cloud-based data sharing has been broadly used. However, in cloud-based sharing, it is necessary to ensure data reliability, guarantee data integrity and protect user’s identity. Although traditional ring signature algorithms can provide strong data reliability and privacy protection, it is difficult to arbitrate the true identity of the signer. In this paper, we propose a SM2 ring signature broadcasting encryption scheme which is suitable for secure cloud data sharing. By introducing a third party, we generate a signer’s identity label that serves as an important parameter for the SM2 ring signature when we generate the signature value and revocation label. Meanwhile, we design a revocation mechanism that allows the third party to execute a revocation anonymity algorithm by using the revocation label to expose the signer’s identity. Moreover, any member can also check whether the third party has acted maliciously through the revocable anonymity label. Furthermore, we use the proposed signature broadcasting encryption scheme to achieve data sharing with data integrity, unforgeability, anonymity, revocable anonymity and ciphertext indistinguishability. Finally, we provide the experimental results to show the efficiency and practicability of our proposed scheme.
{"title":"A cloud data sharing scheme by using SM2 ring signature-based broadcast encryption","authors":"Changsong Yang , Ping Li , Yong Ding , Hai Liang , Shuo Wang","doi":"10.1016/j.csi.2025.104072","DOIUrl":"10.1016/j.csi.2025.104072","url":null,"abstract":"<div><div>Amidst the surge of cloud computing, cloud-based data sharing has been broadly used. However, in cloud-based sharing, it is necessary to ensure data reliability, guarantee data integrity and protect user’s identity. Although traditional ring signature algorithms can provide strong data reliability and privacy protection, it is difficult to arbitrate the true identity of the signer. In this paper, we propose a SM2 ring signature broadcasting encryption scheme which is suitable for secure cloud data sharing. By introducing a third party, we generate a signer’s identity label that serves as an important parameter for the SM2 ring signature when we generate the signature value and revocation label. Meanwhile, we design a revocation mechanism that allows the third party to execute a revocation anonymity algorithm by using the revocation label to expose the signer’s identity. Moreover, any member can also check whether the third party has acted maliciously through the revocable anonymity label. Furthermore, we use the proposed signature broadcasting encryption scheme to achieve data sharing with data integrity, unforgeability, anonymity, revocable anonymity and ciphertext indistinguishability. Finally, we provide the experimental results to show the efficiency and practicability of our proposed scheme.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104072"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145118621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-09-03DOI: 10.1016/j.csi.2025.104069
Longjiao Li , Jianchang Lai , Liquan Chen , Zhen Zhao , Ge Wu , Xinyan Yang
IoHT is a specific application of IoT technology in the healthcare field, which enhances medical efficiency and quality. Ensuring secure data sharing among multiple parties is crucial in the IoHT, particularly for resource-constrained devices. As a Chinese national standard and an ISO/IEC standard, SM9 algorithm has been widely applied in IoT, finance, e-government and so on. Although existing SM9-based schemes can ensure data security during multi-party sharing, their high computational overhead makes them unsuitable for lightweight devices. To address this issue, this paper proposes an efficient distributed decryption scheme based on SM9. The proposed scheme achieves secure and efficient multi-party data sharing. And the proposed scheme is very friendly to lightweight devices, as it avoids computationally expensive operations such as bilinear pairing. Based on the -BDHI assumption, the proposed scheme is proven to be CCA-secure. Finally, we implement our scheme through experiments and the results show that when the number of users reaches 100, the decryption time on resource-constrained devices is about 6 ms, demonstrating that the proposed scheme is suitable for deployment in IoHT.
{"title":"SM9-based device-friendly distributed decryption scheme for IoHT","authors":"Longjiao Li , Jianchang Lai , Liquan Chen , Zhen Zhao , Ge Wu , Xinyan Yang","doi":"10.1016/j.csi.2025.104069","DOIUrl":"10.1016/j.csi.2025.104069","url":null,"abstract":"<div><div>IoHT is a specific application of IoT technology in the healthcare field, which enhances medical efficiency and quality. Ensuring secure data sharing among multiple parties is crucial in the IoHT, particularly for resource-constrained devices. As a Chinese national standard and an ISO/IEC standard, SM9 algorithm has been widely applied in IoT, finance, e-government and so on. Although existing SM9-based schemes can ensure data security during multi-party sharing, their high computational overhead makes them unsuitable for lightweight devices. To address this issue, this paper proposes an efficient distributed decryption scheme based on SM9. The proposed scheme achieves secure and efficient multi-party data sharing. And the proposed scheme is very friendly to lightweight devices, as it avoids computationally expensive operations such as bilinear pairing. Based on the <span><math><mi>q</mi></math></span>-BDHI assumption, the proposed scheme is proven to be CCA-secure. Finally, we implement our scheme through experiments and the results show that when the number of users reaches 100, the decryption time on resource-constrained devices is about 6 ms, demonstrating that the proposed scheme is suitable for deployment in IoHT.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104069"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145007771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-03-01Epub Date: 2025-10-14DOI: 10.1016/j.csi.2025.104081
Wen Gao , Shixuan Jin , Tianyou Fu , Simeng Ren , Xiaoli Dong , Baodong Qin , Baocang Wang
Ring signature is widely used to protect users’ privacy in electronic voting (e-voting) and cryptocurrencies due to its untraceable characteristic. Since the ring signature cannot be traced, there is no way to prevent signature misuse, which may lead to repeated voting in e-voting systems. As a variant of ring signature, the linkable ring signature maintains anonymity while allowing one to check whether two signatures are generated by the same signer. However, most existing lattice-based linkable ring signature schemes rely on traditional public key infrastructure (PKI), which suffers from complex certificate management and low efficiency. To address these limitations, this paper proposes an efficient certificate-less linkable ring signature (CL-LRS) scheme over lattices based on the module short integer solution (M-SIS) problem. This scheme eliminates certificate management and key escrow issues, and effectively prevents repeated voting in anonymous e-voting systems. Through security analysis, our scheme is proven to be anonymous, unforgeable and linkable in random oracle model (ROM). Compared to existing similar schemes, whose signature sizes grow linearly with ring size, our scheme reduces the signature size to a logarithmic level. For a ring with 256 members, the optimal signature size among comparable schemes is 513.03 KiB, whereas ours achieves 179.12 KiB. Specifically, with each doubling of the ring size, the signature size increases by only 0.29%, significantly outperforming existing schemes. Finally, we apply our scheme to the e-voting scenario by providing the e-voting system model and the application process.
{"title":"Logarithmic certificate-less linkable ring signature over lattices and application in electronic voting systems","authors":"Wen Gao , Shixuan Jin , Tianyou Fu , Simeng Ren , Xiaoli Dong , Baodong Qin , Baocang Wang","doi":"10.1016/j.csi.2025.104081","DOIUrl":"10.1016/j.csi.2025.104081","url":null,"abstract":"<div><div>Ring signature is widely used to protect users’ privacy in electronic voting (e-voting) and cryptocurrencies due to its untraceable characteristic. Since the ring signature cannot be traced, there is no way to prevent signature misuse, which may lead to repeated voting in e-voting systems. As a variant of ring signature, the linkable ring signature maintains anonymity while allowing one to check whether two signatures are generated by the same signer. However, most existing lattice-based linkable ring signature schemes rely on traditional public key infrastructure (PKI), which suffers from complex certificate management and low efficiency. To address these limitations, this paper proposes an efficient certificate-less linkable ring signature (CL-LRS) scheme over lattices based on the module short integer solution (M-SIS) problem. This scheme eliminates certificate management and key escrow issues, and effectively prevents repeated voting in anonymous e-voting systems. Through security analysis, our scheme is proven to be anonymous, unforgeable and linkable in random oracle model (ROM). Compared to existing similar schemes, whose signature sizes grow linearly with ring size, our scheme reduces the signature size to a logarithmic level. For a ring with 256 members, the optimal signature size among comparable schemes is 513.03 KiB, whereas ours achieves 179.12 KiB. Specifically, with each doubling of the ring size, the signature size increases by only 0.29%, significantly outperforming existing schemes. Finally, we apply our scheme to the e-voting scenario by providing the e-voting system model and the application process.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"96 ","pages":"Article 104081"},"PeriodicalIF":3.1,"publicationDate":"2026-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145361674","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号