Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities

The rise of quantum computers exposes vulnerabilities in current public key cryptographic protocols, necessitating the development of secure post-quantum (PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches, covering the constructional design, structural vulnerabilities, and offer security assessments, implementation evaluations, and a particular focus on side-channel attacks. We analyze global standardization processes, evaluate their metrics in relation to real-world applications, and primarily focus on standardized PQ schemes, selected additional signature competition candidates, and PQ-secure cutting-edge schemes beyond standardization. Finally, we present visions and potential future directions for a seamless transition to the PQ era

System and method of audit log protection

A computer data security system, useful in protecting audit logs, includes symmetric key based techniques, requires only a small-constant number of cryptographic hash operations at the signer side sending a prospective audit log or other computer record data to a primary repository to achieve forward-secure and append-only authentication. The verification is performed by independent parties sharing parts of the symmetric key, wherein the presence of single honest party among all verifier parties ensures a conditional non-repudiation. It also ensures that an active adversary cannot generate authentication tags on behalf of the signer, unless it compromises all verification parties

Sender optimal, breach-resilient, and post-quantum secure cryptographic methods and systems for digital auditing

Cryptographic techniques referred to as Sender Optimal, Breach-resilient Auditing with Post-Quantum security (SOBAP) are described. Optimal efficiency and post-quantum security of symmetric key based techniques are achieved, while providing compromise-resiliency, conditional non-repudiation, and fault-tolerance verification in a distributed setting. SOBAP relies on any choice of a symmetric key based primitive with extended features (e.g., forward-security, append-only authentication), which can be optimally efficient. The verification is done via the execution of symmetric primitive F with a secure multi-party computation (SMPC) technique, wherein an honest majority guarantees a conditional non-repudiation and fault-tolerance. SOBAP offers an architecture that uses authenticated access control data structures to ensure policy enforcement. SOBAP also offers a post-quantum security via symmetric primitives and SMPC. Extensions of SOBAP offer oblivious access and enhancements with secure hardware support

System and method of audit log protection

A computer data security system, useful in protecting audit logs, includes symmetric key based techniques, requires only a small-constant number of cryptographic hash operations at the signer side sending a prospective audit log or other computer record data to a primary repository to achieve forward-secure and append-only authentication. The verification is performed by independent parties sharing parts of the symmetric key, wherein the presence of single honest party among all verifier parties ensures a conditional non-repudiation. It also ensures that an active adversary cannot generate authentication tags on behalf of the signer, unless it compromises all verification parties

Sender optimal, breach-resilient, and post-quantum secure cryptographic methods and systems for digital auditing

Cryptographic techniques referred to as Sender Optimal, Breach-resilient Auditing with Post-Quantum security (SOBAP) are described. Optimal efficiency and post-quantum security of symmetric key based techniques are achieved, while providing compromise-resiliency, conditional non-repudiation, and fault-tolerance verification in a distributed setting. SOBAP relies on any choice of a symmetric key based primitive with extended features (e.g., forward-security, append-only authentication), which can be optimally efficient. The verification is done via the execution of symmetric primitive F with a secure multi-party computation (SMPC) technique, wherein an honest majority guarantees a conditional non-repudiation and fault-tolerance. SOBAP offers an architecture that uses authenticated access control data structures to ensure policy enforcement. SOBAP also offers a post-quantum security via symmetric primitives and SMPC. Extensions of SOBAP offer oblivious access and enhancements with secure hardware support

1 Hash-Based Sequential Aggregate and Forward Secure Signature for Unattended Wireless Sensor Networks

operating in hostile environments face great security and performance challenges due to the lack of continuous real-time communication between senders (sensors) and receivers (e.g., mobile data collectors, static sinks). The lack of real-time communication forces sensors to accumulate the sensed data possibly for long time periods, along with the corresponding signatures for authentication purposes. Moreover, non-real-time characteristic of UWSNs makes sensors vulnerable especially to active adversaries, which compromise sensors and extract all data stored in them. Hence, it is critical to have forward security property such that even if the adversary can compromise the current keying materials, she cannot modify or forge authenticated data generated before the node compromise. Forward secure and aggregate signatures are cryptographic primitives developed to address these issues. Unfortunately, existing forward secure and aggregate signature schemes either impose substantial computation and storage overhead, or do not allow public verifiability, thereby impractical for resource-constrained UWSNs. In order to address these problems, we propose a new class of signature schemes, which we refer to as Hash-Based Sequential Aggregate and Forward Secure Signature (HaSAFSS). Such a scheme allows a signer to sequentially generate a compact, fixedsize, and publicly verifiable signature at a nearly optimal computational cost. We propose two HaSAFSS schemes, Symmetric HaSAFSS (Sym-HaSAFSS) and Elliptic Curve Cryptography (ECC) based HaSAFSS (ECC-HaSAFSS). Both schemes integrate the efficiency of MAC-based aggregate signatures and the public verifiability of bilinear map based signatures by preserving forward security via Timed-Release Encryption (TRE). We demonstrate that our schemes are secure under appropriate computational assumptions. We also show that our schemes are significantly more efficient in terms of both computational and storage overheads than previous schemes, and therefore quite practical for even highly resource-constrained UWSN applications