A Multi-Factor Quantum-Resistant and Privacy-Preserving Authentication Protocol for Decentralized Systems
Article Sidebar
Main Article Content
Abstract
This paper presents a Quantum-Resistant and Privacy-Preserving Authentication Protocol (PPAP) designed for decentralized systems. PPAP integrates lattice-based cryptographic primitives, particularly Module-Lattice Key Encapsulation Mechanisms (ML-KEM), addressing both quantum computing threats and stringent privacy requirements. The protocol introduces advanced identity masking techniques and a multi-factor authentication layer employing Cheon-Kim-Kim-Song (CKKS) homomorphic encryption, enabling secure and privacy-aware authentication that supports approximate knowledge-based factors such as biometrics and handwritten signatures. Rigorous formal analysis, including cryptographic proofs and automated verification using the Tamarin Prover, validates PPAP's resilience against classical and quantum adversaries, as well as common security threats such as replay attacks, impersonation, and credential linkage. Performance evaluations demonstrate the practical feasibility of PPAP, highlighting its computational efficiency and minimized communication overhead, suitable for diverse scenarios ranging from Internet of Things (IoT) and mobile environments to high-security infrastructure. Furthermore, the Time-Aware Predictive Access Model (TAPM) significantly optimizes authentication lookup complexity, demonstrating substantial empirical improvement. Future work will focus on further performance enhancements, integration of additional biometric modalities, and deployment in practical decentralized applications.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] B. Jayaraman, H. Li, and D. Evans, “Decentralized certificate authorities,” arXiv preprint arXiv:1706.03370, 2017.
[2] C. J. Bennett, “The European General Data Protection Regulation: An instrument for the globalization of privacy standards?,” Information Polity, vol. 23, no. 2, pp. 239–246, 2018.
[3] T. Monz et al., “Realization of a scalable Shor algorithm,” Science, vol. 351, no. 6277, pp. 1068–1070, 2016.
[4] L. K. Grover, “A fast quantum mechanical algorithm for database search,” presented at the Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, 1996, pp. 212–219.
[5] J. Bos et al., “CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM,” presented at the 2018 IEEE European Symposium on Security and Privacy (EuroS&P), IEEE, 2018, pp. 353–367.
[6] National Institute of Standards and Technology (US), “Module-lattice-based key-encapsulation mechanism standard,” National Institute of Standards and Technology (U.S.), Washington, D.C., NIST FIPS 203, Aug. 2024. doi: 10.6028/NIST.FIPS.203.
[7] J. H. Cheon, A. Kim, M. Kim, and Y. Song, “Homomorphic encryption for arithmetic of approximate numbers,” presented at the Advances in cryptology–ASIACRYPT 2017: 23rd international conference on the theory and applications of cryptology and information security, Hong kong, China, December 3-7, 2017, proceedings, part i 23, Springer, 2017, pp. 409–437.
[8] S. Meier, B. Schmidt, C. Cremers, and D. Basin, “The TAMARIN prover for the symbolic analysis of security protocols,” presented at the Computer Aided Verification: 25th International Conference, CAV 2013, Saint Petersburg, Russia, July 13-19, 2013. Proceedings 25, Springer, 2013, pp. 696–701.
[9] E. Rescorla, “The transport layer security (TLS) protocol version 1.3,” 2070–1721, 2018.
[10] D. Hardt, “The OAuth 2.0 authorization framework,” 2070–1721, 2012.
[11] N. Sakimura, J. Bradley, M. Jones, B. De Medeiros, and C. Mortimore, “OpenID Connect Core 1.0 incorporating errata set 1,” The OpenID Foundation, specification, vol. 335, 2014.
[12] H. Nejatollahi, N. Dutt, S. Ray, F. Regazzoni, I. Banerjee, and R. Cammarota, “Post-quantum lattice-based cryptography implementations: A survey,” ACM Computing Surveys (CSUR), vol. 51, no. 6, pp. 1–41, 2019.
[13] P. Regulation, “Regulation (EU) 2016/679 of the European Parliament and of the Council,” Regulation (eu), vol. 679, p. 2016, 2016.
[14] H. A. Riva-Cambrin, R. Singh, S. Lama, and G. R. Sutherland, “Extensible Post Quantum Cryptography Based Authentication,” arXiv preprint arXiv:2505.16112, 2025.
[15] L. P. Fraile et al., “Enabling Quantum-Resistant EDHOC: Design and Performance Evaluation,” IEEE Access, 2025.
[16] J. Yao, K. Matusiewicz, and V. Zimmer, “Post quantum design in SPDM for device authentication and key establishment,” Cryptography, vol. 6, no. 4, p. 48, 2022.
[17] J. Samandari and C. Gritti, “Post-quantum authentication in the MQTT protocol,” Journal of cybersecurity and privacy, vol. 3, no. 3, pp. 416–434, 2023.
[18] R. Arjona, P. López-González, R. Román, and I. Baturone, “Post-quantum biometric authentication based on homomorphic encryption and classic McEliece,” Applied Sciences, vol. 13, no. 2, p. 757, 2023.
[19] S. Basu and S. H. Islam, “Quantum-attack-resilience OTP-based multi-factor mutual authentication and session key agreement scheme for mobile users,” Computers and Electrical Engineering, vol. 119, p. 109495, 2024.
[20] J. Jiang, D. Wang, G. Zhang, and Z. Chen, “Quantum-resistant password-based threshold single-sign-on authentication with updatable server private key,” presented at the European Symposium on Research in Computer Security, Springer, 2022, pp. 295–316.
[21] S. Lu and X. Li, “Quantum-resistant lightweight authentication and key agreement protocol for fog-based microgrids,” IEEE Access, vol. 9, pp. 27588–27600, 2021.
[22] M. T. Damir, T. Meskanen, S. Ramezanian, and V. Niemi, “A beyond-5G authentication and key agreement protocol,” presented at the International Conference on Network and System Security, Springer, 2022, pp. 249–264.
[23] F. Qian, A. Gerber, Z. M. Mao, S. Sen, O. Spatscheck, and W. Willinger, “TCP revisited: a fresh look at TCP in the wild,” presented at the Proceedings of the 9th ACM SIGCOMM conference on Internet measurement, 2009, pp. 76–89.
[24] A. Langley et al., “The quic transport protocol: Design and internet-scale deployment,” presented at the Proceedings of the conference of the ACM special interest group on data communication, 2017, pp. 183–196.
[25] D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on information theory, vol. 29, no. 2, pp. 198–208, 1983.
[26] National Institute of Standards and Technology (US), “SHA-3 standard : permutation-based hash and extendable-output functions,” National Institute of Standards and Technology, Washington, D.C., 2015. doi: 10.6028/nist.fips.202.
[27] E. Alkim, L. Ducas, T. Pöppelmann, and P. Schwabe, “Post-quantum key {Exchange—A} new hope,” presented at the 25th USENIX Security Symposium (USENIX Security 16), 2016, pp. 327–343.
[28] R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” presented at the International conference on the theory and applications of cryptographic techniques, Springer, 2001, pp. 453–474.
[29] A. Biryukov, D. Dinu, and D. Khovratovich, “Argon2: new generation of memory-hard functions for password hashing and other applications,” presented at the 2016 IEEE European Symposium on Security and Privacy (EuroS&P), IEEE, 2016, pp. 292–302.
[30] “Password Hashing Competition.” Accessed: July 09, 2025. [Online]. Available: https://www.password-hashing.net/
[31] B. Li and D. Micciancio, “On the security of homomorphic encryption on approximate numbers,” presented at the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2021, pp. 648–677.
[32] A. K. Jain, A. Ross, and U. Uludag, “Biometric template security: Challenges and solutions,” presented at the 2005 13th European signal processing conference, IEEE, 2005, pp. 1–4.
[33] L. Breslau, P. Cao, L. Fan, G. Phillips, and S. Shenker, “Web caching and Zipf-like distributions: Evidence and implications,” presented at the IEEE INFOCOM’99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No. 99CH36320), IEEE, 1999, pp. 126–134.
[34] S. Sen and J. Wang, “Analyzing peer-to-peer traffic across large networks,” presented at the Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, 2002, pp. 137–150.
[35] “Intel® CoreTM i7 processor 14700K (33M Cache, up to 5.60 GHz) - Product Specifications,” Intel. Accessed: Sept. 28, 2025. [Online]. Available: https://www.intel.com/content/www/us/en/products/sku/236783/intel-core-i7-processor-14700k-33m-cache-up-to-5-60-ghz/specifications.html
[36] “Snapdragon X Elite.” Accessed: Sept. 29, 2025. [Online]. Available: https://www.qualcomm.com/products/mobile/snapdragon/laptops-and-tablets/snapdragon-x-elite
[37] “Snapdragon 8 Elite Mobile Platform.” Accessed: Sept. 29, 2025. [Online]. Available: https://www.qualcomm.com/products/mobile/snapdragon/smartphones/snapdragon-8-series-mobile-platforms/snapdragon-8-elite-mobile-platform
[38] “Advantech Introduces SOM-6820 : A New Era of Power Efficiency and Edge Intelligence with the Qualcomm Snapdragon® X-Elite Series Processor.” Accessed: Oct. 02, 2025. [Online]. Available: https://www.advantech.com/emt/resources/news/advantech-introduces-som-6820--a-new-era-of-power-efficiency-and-edge-intelligence-with-the-qualcomm-snapdragon®-x-elite-series-processor
[39] G. Seth, “Announcing .NET 8,” .NET Blog. Accessed: July 09, 2025. [Online]. Available: https://devblogs.microsoft.com/dotnet/announcing-dotnet-8/
[40] “Introduction | libsodium.” Accessed: July 09, 2025. [Online]. Available: https://doc.libsodium.org
[41] “Bouncy Castle open-source cryptographic APIs,” Bouncycastle. Accessed: July 09, 2025. [Online]. Available: https://www.bouncycastle.org/
[42] A. Kent, “Anonymized User-Computer Authentication Associations in Time.” Los Alamos National Laboratory (LANL), Los Alamos, NM (United States), p. 1 file, 2014. doi: 10.11578/1160076.
[43] H. Chen, K. Laine, and R. Player, “Simple encrypted arithmetic library-SEAL v2. 1,” presented at the Financial Cryptography and Data Security: FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers 21, Springer, 2017, pp. 3–18.
[44] G. Williams and P. Kanapathipillai, “Qualcomm Oryon CPU in Snapdragon X Elite: Micro-Architecture and Design,” IEEE Micro, vol. 45, no. 3, pp. 8–14, June 2025, doi: 10.1109/MM.2025.3568807.
[45] F. Boemer, S. Kim, G. Seifu, F. DM de Souza, and V. Gopal, “Intel HEXL: accelerating homomorphic encryption with Intel AVX512-IFMA52,” presented at the Proceedings of the 9th on Workshop on Encrypted Computing & Applied Homomorphic Cryptography, 2021, pp. 57–62.
[46] J. Deng et al., “Heterogeneous Computing Platform for Power-Performance Efficient On-Device AI,” in 2024 IEEE International Electron Devices Meeting (IEDM), Dec. 2024, pp. 1–4. doi: 10.1109/IEDM50854.2024.10873428.
[47] D. Meltzer and D. Luengo, “ECG-Based Biometric Recognition: A Survey of Methods and Databases,” Sensors, vol. 25, no. 6, p. 1864, Mar. 2025, doi: 10.3390/s25061864.
[48] R. Donida Labati, V. Piuri, F. Rundo, and F. Scotti, “Photoplethysmographic biometrics: A comprehensive survey,” Pattern Recognition Letters, vol. 156, pp. 119–125, Apr. 2022, doi: 10.1016/j.patrec.2022.03.006.
[49] A. Zamil, “Esiur - Distributed Resource Framework,” Esiur. Accessed: July 10, 2025. [Online]. Available: https://www.esiur.com