encryption

Applying cryptographic primitives and protocols to protect confidentiality, integrity and authenticity—choosing and implementing symmetric (AES-GCM), asymmetric (RSA, ECC), key management, TLS/HTTPS, authenticated encryption, HMACs, and secure storage/sealing practices, plus threat models and standard libraries (OpenSSL, libsodium) and proper randomness and key rotation.

encryption

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

A Survey of Post-Quantum Cryptography Support in Cryptographic Libraries

Aug 22, 2025
NA
Nadeem Ahmed
🏛️ Univ. of Maryland Baltimore County

Quantum computing poses an existential threat to public-key cryptography, necessitating timely adoption of NIST-standardized post-quantum cryptographic (PQC) algorithms—Kyber, Dilithium, FALCON, and SPHINCS+. Method: This paper systematically evaluates PQC support across nine major open-source cryptographic libraries—including OpenSSL and Bouncy Castle—through rigorous analysis of official documentation, release notes, and real-world deployment practices. Contribution/Results: We identify substantial disparities in implementation completeness, API maturity, and production readiness: only a minority offer stable, production-grade integrations, while most remain experimental or unimplemented. To address this gap, we propose the first multi-dimensional PQC support assessment framework, quantitatively pinpointing key standardization bottlenecks. Based on empirical findings, we recommend three actionable strategies: phased migration, cross-library interoperability coordination, and development of standardized PQC testing benchmarks. Our results provide evidence-based guidance for library developers, standards bodies, and system deployers navigating the transition to quantum-resilient cryptography.

Assessing implementation status of NIST-selected post-quantum cryptography standardsEvaluating PQC algorithm support in major cryptographic librariesIdentifying performance and security challenges in quantum-resistant transition

Must-Read Papers

Most classic and influential ideas
View more

This work proposes a lightweight authenticated encryption scheme tailored to meet the stringent security requirements of NASA-STD-1006A for emergency space telemetry command stacks. Designed for resource-constrained aerospace environments, the scheme achieves a balance between high security and protocol compatibility by employing fixed-length ciphertext construction and a robust authentication mechanism. It ensures confidentiality, integrity, and authenticity of telemetry data while maintaining system performance and seamless interoperability with existing transmission protocols. To the best of our knowledge, this is the first approach that fulfills NASA’s rigorous security specifications while delivering a predictable, low-overhead, and strongly authenticated telemetry protection mechanism.

authenticated encryptioncommand stack protectionNASA-STD-1006A

This study addresses the usability challenges of post-quantum cryptography (PQC) APIs, which—due to their high complexity and developer-unfriendly documentation—often lead non-expert developers to misuse them and inadvertently introduce security vulnerabilities, thereby hindering real-world deployment. As the first systematic investigation into PQC API usability, this work empirically evaluates how developers interact with NIST-standardized PQC algorithms under minimal training, employing user studies, task observations, and cognitive analyses. The findings uncover critical issues including inconsistent terminology, a lack of canonical workflow examples, and insufficient interactive guidance. These insights provide empirical grounding and concrete design recommendations for building more usable PQC development support systems that better serve practitioners transitioning to quantum-resistant cryptography.

API UsabilityCryptographyDeveloper Experience

Rethinking HSM and TPM Security in the Cloud: Real-World Attacks and Next-Gen Defenses

Jul 23, 2025
SS
Shams Shaikh
🏛️ Goa University | Don Bosco College of Engineering

In cloud-native environments, the security of hardware roots of trust (e.g., HSMs, TPMs) is being systematically eroded by ecosystem-level weaknesses—including misconfigurations, insecure API usage, and privilege escalation—leading to increased key leakage risks. This paper identifies, via threat modeling and real-world adversarial case studies, that vulnerabilities primarily reside in cloud infrastructure components and management interfaces—not in the hardware itself. To address this, we propose a novel layered defense paradigm tailored for cloud-native systems, integrating confidential computing, post-quantum cryptography, and decentralized key management to fundamentally重构 the trust model. Our approach abandons the traditional assumption of monolithic hardware-based trust, instead enabling dynamic, cryptographically verifiable, and quantum-resistant key protection within distributed architectures. The resulting framework delivers actionable, deployable cryptographic trust-enhancement strategies for cloud architects.

Analyzing security weaknesses in cloud-based HSMs and TPMsExploring next-gen defenses like confidential computing and post-quantum cryptographyIdentifying common attack vectors in distributed cloud environments

Security and Privacy Management of IoT Using Quantum Computing

Nov 05, 2025
JS
Jaydip Sen
🏛️ Praxis Business School

Quantum computing poses an existential threat to classical public-key cryptosystems—including RSA and ECC—thereby severely compromising the security of Internet of Things (IoT) communications. To address this challenge in resource-constrained IoT environments, this paper proposes a synergistic security framework integrating post-quantum cryptography (PQC) with physical-layer quantum-safe mechanisms. Specifically, it employs lattice-based, code-based, and hash-based PQC primitives for efficient key exchange and authentication, augmented by quantum key distribution (QKD) and quantum random number generation (QRNG) to enhance key secrecy and unpredictability. The design achieves a balance between lightweight implementation and quantum resistance, supporting end-to-end confidentiality, privacy preservation, and standards-compliant deployment. Experimental evaluation demonstrates feasibility under stringent IoT constraints. This work provides a systematic methodology and practical pathway toward building resilient, deployable post-quantum IoT security architectures.

Addressing quantum computing threats to classical IoT security algorithmsDeveloping quantum-resistant cryptographic solutions for resource-constrained IoT devicesEnhancing IoT privacy through quantum-based security methods and standardization

To address critical security challenges in IoT—including severe resource constraints, expansive attack surfaces, and imminent quantum threats—this paper proposes an end-to-end, full-stack security framework spanning the chip, firmware, communication, and application layers to ensure confidentiality, integrity, and availability across the device lifecycle. Methodologically, it innovatively integrates a hardware-based root of trust, CBOR-encoded lightweight digital certificates, an optimized TLS 1.3 protocol stack, and a seamless post-quantum cryptographic migration mechanism, enabling cross-layer coordinated defense and resource-adaptive security provisioning. Experimental evaluation demonstrates over 30% reduction in communication overhead, millisecond-scale secure boot latency, and certificate sizes compressed to sub-kilobyte levels. This work establishes the first verifiable, scalable, and quantum-resistant lightweight security paradigm for resource-constrained IoT devices.

CybersecurityInternet of ThingsSystem-wide Protection

Latest Papers

What's happening recently
View more

This study addresses the critical security risks in cryptographic code generated by large language models, which often evade detection by existing general-purpose verification tools. The authors present the first set of cryptography-specific vulnerability detection rules tailored for AES-256-GCM and ChaCha20-Poly1305, integrating CodeQL with a custom-built analyzer. Their approach identifies vulnerabilities in 57% of compilable samples with zero false positives, though only 23.3% of generated code successfully compiles. Through empirical evaluation across multiple models and prompting strategies, they find that chain-of-thought prompting significantly underperforms zero-shot prompting (p = 0.002) and uncover prevalent flaws such as nonce reuse and API hallucination. These findings underscore the necessity of domain-specific validation mechanisms in cryptographic contexts.

Code GenerationCryptographic CodeLarge Language Models

This work addresses the limited visibility into TLS configurations within heterogeneous environments—a critical barrier to the secure and efficient deployment of post-quantum cryptography (PQC) in financial institutions. The authors propose an enterprise-grade framework for automated parsing and standardization of TLS configurations, which constructs a unified, auditable inventory of cryptographic assets. By doing so, it shifts the primary bottleneck of PQC migration from the algorithmic layer to the operational layer. The framework supports MLKEM and hybrid key exchange schemes, demonstrating effectiveness across 8,443 real-world Nginx configurations. Already deployed in production at financial institutions, it achieves zero application-layer modifications and incurs only manageable performance overhead, thereby substantially enhancing the operational feasibility and regulatory compliance of PQC transitions.

Hybrid PQC DeploymentOperational CryptographyPost Quantum Cryptography

This study addresses the synergistic threat posed by quantum computing and artificial intelligence to current cryptographic systems: Shor’s algorithm can break public-key schemes such as RSA and ECC, while AI-driven side-channel attacks can circumvent physical countermeasures. The paper presents the first systematic evaluation of cryptographic vulnerability under combined quantum–AI attacks and proposes a defense-in-depth framework integrating post-quantum cryptography (ML-KEM/ML-DSA and SLH-DSA), implementation hardening, and cryptographic agility. Findings indicate that lattice-based and hash-based signatures resist known quantum attacks but remain susceptible to side-channel leakage at the implementation layer; symmetric encryption retains security in the quantum setting only if key lengths are doubled to compensate for halved effective strength. This work underscores that cryptographic security must be treated as a continuously evolving process and offers a practical roadmap for mitigating coordinated quantum–AI threats.

artificial intelligencecryptographypost-quantum security

This work addresses the high barrier to entry in formal verification of cryptographic protocols and the difficulty of tracing verification results back to concrete implementations. The authors propose a domain-specific language (DSL)-centric development methodology that pioneers a “language-first” modeling paradigm. Their approach automatically translates protocol implementations into Tamarin-verifiable models and integrates symbolic execution to ensure memory safety. This framework guarantees that general trace properties established through formal verification are correctly mapped back to the original source code. Empirical evaluation demonstrates the successful generation of precise models for Signed Diffie-Hellman and WireGuard protocols; notably, the resulting WireGuard implementation achieves interoperability, practical usability, and compositional security guarantees.

cryptographic protocolsformal verificationprotocol implementation

This work addresses the challenges of migrating legacy software to post-quantum cryptography (PQC), including probabilistic behavior, side-channel vulnerabilities, and performance–security trade-offs, which existing tools struggle to manage. To this end, the paper introduces a novel paradigm—Quantum-Safe Software Engineering (QSSE)—that frames PQC migration as a systematic software engineering problem. It presents the Automated Quantum-safe Adaptation (AQuA) framework, built upon three technical pillars: PQC-aware static vulnerability detection, semantic-level program refactoring, and hybrid formal verification. Integrated with joint modeling of performance and security, AQuA offers a scalable toolchain architecture that lays the foundation for next-generation software engineering practices oriented toward quantum resilience.

Post-Quantum CryptographyProbabilistic BehaviorQuantum-Safe

Hot Scholars

QL

Qian Lou

Assistant Professor of Computer Science, University of Central Florida,
Secure & Private ComputingAI InfrastructureMachine Learning Systems
GC

Giuseppe Caire

Professor, Technical University of Berlin, Germany, and Professor of Electrical Engineering (on
Information TheoryCommunicationsSignal ProcessingStatistics
AC

Abel C. H. Chen

Information & Communications Security Laboratory, Chunghwa Telecom Laboratories
Cellular NetworksIntelligent Transportation SystemPost-Quantum CryptographyHealthcare System
RB

Rawad Bitar

Research Group Leader (and Habiliation Candidate), Technical University of Munich
Coding theoryDistributed learningDNA-based data storageData privacy and security