Score
Applying cryptographic primitives and protocols to protect confidentiality, integrity and authenticity—choosing and implementing symmetric (AES-GCM), asymmetric (RSA, ECC), key management, TLS/HTTPS, authenticated encryption, HMACs, and secure storage/sealing practices, plus threat models and standard libraries (OpenSSL, libsodium) and proper randomness and key rotation.
This study addresses the challenge of deploying conventional cryptographic algorithms—such as AES, RSA, and DES—in resource-constrained environments, where high computational, storage, and energy demands render them impractical. For the first time, a systematic literature review methodology is employed to conduct a multidimensional evaluation of lightweight cryptographic algorithms tailored for Internet of Things (IoT) devices, RFID systems, and wireless sensor networks. The assessment encompasses critical dimensions including performance, security, energy consumption, and implementation cost. Findings are synthesized through comparative tables and visualizations that elucidate design trade-offs and evolutionary trajectories across algorithmic approaches. The work not only identifies optimal algorithm selections for specific application scenarios but also establishes a theoretical foundation and practical guidance for the future development of lightweight cryptographic solutions.
Quantum computing poses an existential threat to public-key cryptography, necessitating timely adoption of NIST-standardized post-quantum cryptographic (PQC) algorithms—Kyber, Dilithium, FALCON, and SPHINCS+. Method: This paper systematically evaluates PQC support across nine major open-source cryptographic libraries—including OpenSSL and Bouncy Castle—through rigorous analysis of official documentation, release notes, and real-world deployment practices. Contribution/Results: We identify substantial disparities in implementation completeness, API maturity, and production readiness: only a minority offer stable, production-grade integrations, while most remain experimental or unimplemented. To address this gap, we propose the first multi-dimensional PQC support assessment framework, quantitatively pinpointing key standardization bottlenecks. Based on empirical findings, we recommend three actionable strategies: phased migration, cross-library interoperability coordination, and development of standardized PQC testing benchmarks. Our results provide evidence-based guidance for library developers, standards bodies, and system deployers navigating the transition to quantum-resilient cryptography.
This work proposes a lightweight authenticated encryption scheme tailored to meet the stringent security requirements of NASA-STD-1006A for emergency space telemetry command stacks. Designed for resource-constrained aerospace environments, the scheme achieves a balance between high security and protocol compatibility by employing fixed-length ciphertext construction and a robust authentication mechanism. It ensures confidentiality, integrity, and authenticity of telemetry data while maintaining system performance and seamless interoperability with existing transmission protocols. To the best of our knowledge, this is the first approach that fulfills NASA’s rigorous security specifications while delivering a predictable, low-overhead, and strongly authenticated telemetry protection mechanism.
This study addresses the usability challenges of post-quantum cryptography (PQC) APIs, which—due to their high complexity and developer-unfriendly documentation—often lead non-expert developers to misuse them and inadvertently introduce security vulnerabilities, thereby hindering real-world deployment. As the first systematic investigation into PQC API usability, this work empirically evaluates how developers interact with NIST-standardized PQC algorithms under minimal training, employing user studies, task observations, and cognitive analyses. The findings uncover critical issues including inconsistent terminology, a lack of canonical workflow examples, and insufficient interactive guidance. These insights provide empirical grounding and concrete design recommendations for building more usable PQC development support systems that better serve practitioners transitioning to quantum-resistant cryptography.
In cloud-native environments, the security of hardware roots of trust (e.g., HSMs, TPMs) is being systematically eroded by ecosystem-level weaknesses—including misconfigurations, insecure API usage, and privilege escalation—leading to increased key leakage risks. This paper identifies, via threat modeling and real-world adversarial case studies, that vulnerabilities primarily reside in cloud infrastructure components and management interfaces—not in the hardware itself. To address this, we propose a novel layered defense paradigm tailored for cloud-native systems, integrating confidential computing, post-quantum cryptography, and decentralized key management to fundamentally重构 the trust model. Our approach abandons the traditional assumption of monolithic hardware-based trust, instead enabling dynamic, cryptographically verifiable, and quantum-resistant key protection within distributed architectures. The resulting framework delivers actionable, deployable cryptographic trust-enhancement strategies for cloud architects.
Quantum computing poses an existential threat to classical public-key cryptosystems—including RSA and ECC—thereby severely compromising the security of Internet of Things (IoT) communications. To address this challenge in resource-constrained IoT environments, this paper proposes a synergistic security framework integrating post-quantum cryptography (PQC) with physical-layer quantum-safe mechanisms. Specifically, it employs lattice-based, code-based, and hash-based PQC primitives for efficient key exchange and authentication, augmented by quantum key distribution (QKD) and quantum random number generation (QRNG) to enhance key secrecy and unpredictability. The design achieves a balance between lightweight implementation and quantum resistance, supporting end-to-end confidentiality, privacy preservation, and standards-compliant deployment. Experimental evaluation demonstrates feasibility under stringent IoT constraints. This work provides a systematic methodology and practical pathway toward building resilient, deployable post-quantum IoT security architectures.
To address critical security challenges in IoT—including severe resource constraints, expansive attack surfaces, and imminent quantum threats—this paper proposes an end-to-end, full-stack security framework spanning the chip, firmware, communication, and application layers to ensure confidentiality, integrity, and availability across the device lifecycle. Methodologically, it innovatively integrates a hardware-based root of trust, CBOR-encoded lightweight digital certificates, an optimized TLS 1.3 protocol stack, and a seamless post-quantum cryptographic migration mechanism, enabling cross-layer coordinated defense and resource-adaptive security provisioning. Experimental evaluation demonstrates over 30% reduction in communication overhead, millisecond-scale secure boot latency, and certificate sizes compressed to sub-kilobyte levels. This work establishes the first verifiable, scalable, and quantum-resistant lightweight security paradigm for resource-constrained IoT devices.
This study addresses the critical security risks in cryptographic code generated by large language models, which often evade detection by existing general-purpose verification tools. The authors present the first set of cryptography-specific vulnerability detection rules tailored for AES-256-GCM and ChaCha20-Poly1305, integrating CodeQL with a custom-built analyzer. Their approach identifies vulnerabilities in 57% of compilable samples with zero false positives, though only 23.3% of generated code successfully compiles. Through empirical evaluation across multiple models and prompting strategies, they find that chain-of-thought prompting significantly underperforms zero-shot prompting (p = 0.002) and uncover prevalent flaws such as nonce reuse and API hallucination. These findings underscore the necessity of domain-specific validation mechanisms in cryptographic contexts.
This work addresses the limited visibility into TLS configurations within heterogeneous environments—a critical barrier to the secure and efficient deployment of post-quantum cryptography (PQC) in financial institutions. The authors propose an enterprise-grade framework for automated parsing and standardization of TLS configurations, which constructs a unified, auditable inventory of cryptographic assets. By doing so, it shifts the primary bottleneck of PQC migration from the algorithmic layer to the operational layer. The framework supports MLKEM and hybrid key exchange schemes, demonstrating effectiveness across 8,443 real-world Nginx configurations. Already deployed in production at financial institutions, it achieves zero application-layer modifications and incurs only manageable performance overhead, thereby substantially enhancing the operational feasibility and regulatory compliance of PQC transitions.
This study addresses the synergistic threat posed by quantum computing and artificial intelligence to current cryptographic systems: Shor’s algorithm can break public-key schemes such as RSA and ECC, while AI-driven side-channel attacks can circumvent physical countermeasures. The paper presents the first systematic evaluation of cryptographic vulnerability under combined quantum–AI attacks and proposes a defense-in-depth framework integrating post-quantum cryptography (ML-KEM/ML-DSA and SLH-DSA), implementation hardening, and cryptographic agility. Findings indicate that lattice-based and hash-based signatures resist known quantum attacks but remain susceptible to side-channel leakage at the implementation layer; symmetric encryption retains security in the quantum setting only if key lengths are doubled to compensate for halved effective strength. This work underscores that cryptographic security must be treated as a continuously evolving process and offers a practical roadmap for mitigating coordinated quantum–AI threats.
This work addresses the high barrier to entry in formal verification of cryptographic protocols and the difficulty of tracing verification results back to concrete implementations. The authors propose a domain-specific language (DSL)-centric development methodology that pioneers a “language-first” modeling paradigm. Their approach automatically translates protocol implementations into Tamarin-verifiable models and integrates symbolic execution to ensure memory safety. This framework guarantees that general trace properties established through formal verification are correctly mapped back to the original source code. Empirical evaluation demonstrates the successful generation of precise models for Signed Diffie-Hellman and WireGuard protocols; notably, the resulting WireGuard implementation achieves interoperability, practical usability, and compositional security guarantees.
This work addresses the challenges of migrating legacy software to post-quantum cryptography (PQC), including probabilistic behavior, side-channel vulnerabilities, and performance–security trade-offs, which existing tools struggle to manage. To this end, the paper introduces a novel paradigm—Quantum-Safe Software Engineering (QSSE)—that frames PQC migration as a systematic software engineering problem. It presents the Automated Quantum-safe Adaptation (AQuA) framework, built upon three technical pillars: PQC-aware static vulnerability detection, semantic-level program refactoring, and hybrid formal verification. Integrated with joint modeling of performance and security, AQuA offers a scalable toolchain architecture that lays the foundation for next-generation software engineering practices oriented toward quantum resilience.