Kaiping Xue

Yuxin Chen, Zite Xia, Jian Li et al.

Quantum key distribution (QKD) networks provide information-theoretically secure keys for distant parties, emerging as a vital alternative to classical cryptography infrastructures threatened by quantum computing. In QKD networks, the immediacy of key supply service is crucial to the security and performance of applications, as their data must be encrypted before transmission. While key buffering can enable instant key supply services, existing schemes rely on heuristic solutions that incur prohibitive key resource consumption, thus significantly hindering practical deployment. To address this issue, we propose QuIKS, an instant key supply scheme based on adaptive buffering, offering the dominant advantage of near-zero key supply latency while consuming ultra-low key resources (i.e., ultra-low buffer size). Specifically, it is built upon a novel analytical model that determines the minimum buffer size required to guarantee near-zero-latency key supply performance. Guided by this model, QuIKS introduces a lightweight two-phase control algorithm that dynamically determines key relaying requests and adjusts the buffer size by probing real-time application patterns and network conditions. Experiments on a real QKD network testbed demonstrate that QuIKS achieves near-zero key supply latency while providing a more than 10-fold reduction in key buffer size compared to state-of-the-art schemes.

Penghui Liu, Yi Niu, Xiaoxiong Zhong et al.

With the rapid evolution of the Industrial Internet of Things (IIoT), the boundaries and scale of the Internet are continuously expanding. Consequently, the limitations of traditional certificate-based Public Key Infrastructure (PKI) have become increasingly evident, particularly in scenarios requiring large-scale certificate storage, verification, and frequent transmission. These challenges are expected to be further amplified by the widespread adoption of post-quantum cryptography. In this paper, we propose a novel identity-based public key management framework for PKI based on post-quantum cryptography, termed \textit{IPK-pq}. This approach implements an identity key generation protocol leveraging NIST ML-DSA and random matrix theory. Building on the concept of the Composite Public Key (CPK), \textit{IPK-pq} addresses the linear collusion problem inherent in CPK through an enhanced identity mapping mechanism. Furthermore, it simplifies the verification of the declared public key's authenticity, effectively reducing the complexity associated with certificate-based key management. We also provide a formal security proof for \textit{IPK-pq}, covering both individual private key components and the composite private key. To validate our approach, formally, we directly implement and evaluate \textit{IPK-pq} within a typical PKI application scenario: Resource PKI (RPKI). Comparative experimental results demonstrate that an RPKI system based on \textit{IPK-pq} yields significant improvements in efficiency and scalability. These results validate the feasibility and rationality of \textit{IPK-pq}, positioning it as a strong candidate for next-generation RPKI systems capable of securely managing large-scale routing information.

Rui Chen, Liang Li, Kaiping Xue et al.

Federated learning (FL) is a popular collaborative distributed machine learning paradigm across mobile devices. However, practical FL over resource constrained mobile devices confronts multiple challenges, e.g., the local on-device training and model updates in FL are power hungry and radio resource intensive for mobile devices. To address these challenges, in this paper, we attempt to take FL into the design of future wireless networks and develop a novel joint design of wireless transmission and weight quantization for energy efficient FL over mobile devices. Specifically, we develop flexible weight quantization schemes to facilitate on-device local training over heterogeneous mobile devices. Based on the observation that the energy consumption of local computing is comparable to that of model updates, we formulate the energy efficient FL problem into a mixed-integer programming problem where the quantization and spectrum resource allocation strategies are jointly determined for heterogeneous mobile devices to minimize the overall FL energy consumption (computation + transmissions) while guaranteeing model performance and training latency. Since the optimization variables of the problem are strongly coupled, an efficient iterative algorithm is proposed, where the bandwidth allocation and weight quantization levels are derived. Extensive simulations are conducted to verify the effectiveness of the proposed scheme.

Hangyu Tian, Kaiping Xue, Shaohua Li et al.

Inspired by Bitcoin, many different kinds of cryptocurrencies based on blockchain technology have turned up on the market. Due to the special structure of the blockchain, it has been deemed impossible to directly trade between traditional currencies and cryptocurrencies or between different types of cryptocurrencies. Generally, trading between different currencies is conducted through a centralized third-party platform. However, it has the problem of a single point of failure, which is vulnerable to attacks and thus affects the security of the transactions. In this paper, we propose a distributed cryptocurrency trading scheme to solve the problem of centralized exchanges, which can achieve trading between different types of cryptocurrencies. Our scheme is implemented with smart contracts on the Ethereum blockchain and deployed on the Ethereum test network. We not only implement transactions between individual users, but also allow transactions between multiple users. The experimental result proves that the cost of our scheme is acceptable.

Jun Zhao, Jing Tang, Li Zengxiang et al.

Formal analyses of blockchain protocols have received much attention recently. Consistency results of Nakamoto's blockchain protocol are often expressed in a quantity $c$, which denotes the expected number of network delays before some block is mined. With $μ$ (resp., $ν$) denoting the fraction of computational power controlled by benign miners (resp., the adversary), where $μ+ ν= 1$, we prove for the first time that to ensure the consistency property of Nakamoto's blockchain protocol in an asynchronous network, it suffices to have $c$ to be just slightly greater than $\frac{2μ}{\ln (μ/ν)}$. Such a result is both neater and stronger than existing ones. In the proof, we formulate novel Markov chains which characterize the numbers of mined blocks in different rounds.

Shaohua Li, Kaiping Xue, Chenkai Ding et al.

Machine learning as a service has been widely deployed to utilize deep neural network models to provide prediction services. However, this raises privacy concerns since clients need to send sensitive information to servers. In this paper, we focus on the scenario where clients want to classify private images with a convolutional neural network model hosted in the server, while both parties keep their data private. We present FALCON, a fast and secure approach for CNN predictions based on Fourier Transform. Our solution enables linear layers of a CNN model to be evaluated simply and efficiently with fully homomorphic encryption. We also introduce the first efficient and privacy-preserving protocol for softmax function, which is an indispensable component in CNNs and has not yet been evaluated in previous works due to its high complexity. We implemented the FALCON and evaluated the performance on real-world CNN models. The experimental results show that FALCON outperforms the best known works in both computation and communication cost.

Shaohua Li, Kaiping Xue

Smart grid adopts two-way communication and rich functionalities to gain a positive impact on the sustainability and efficiency of power usage, but on the other hand, also poses serious challenges to customers' privacy. Existing solutions in smart grid usually use cryptographic tools, such as homomorphic encryption, to protect individual privacy, which, however, can only support limited and simple functionalities. Moreover, the resource-constrained smart meters need to perform heavy asymmetric cryptography in these solutions, which is not applied to smart grid. In this paper, we present a practical and secure SGX-enabled smart grid system, named SecGrid. Our system leverage trusted hardware SGX to ensure that grid utilities can efficiently execute rich functionalities on customers' private data, while guaranteeing their privacy. With the designed security protocols, the SecGrid only require the smart meters to perform AES encryption. Security analysis shows that SecGrid can thwart various attacks from malicious adversaries. Experimental results show that SecGrid is much faster than the existing privacy-preserving schemes in smart grid.

Kaiping Xue, Peilin Hong, Changsha Ma

Traditional password based authentication schemes are mostly considered in single server environments. They are unfitted for the multi-server environments from two aspects. On the one hand, users need to register in each server and to store large sets of data, including identities and passwords. On the other hand, servers are required to store a verification table containing user identities and passwords. Recently, On the base on Sood et al.'s protocol(2011), Li et al. proposed an improved dynamic identity based authentication and key agreement protocol for multi-server architecture(2012). Li et al. claims that the proposed scheme can make up the security weaknesses of Sood et al.'s protocol. Unfortunately, our further research shows that Li et al.'s protocol contains several drawbacks and can not resist some types of known attacks, such as replay attack, Deny-of-Service attack, internal attack, eavesdropping attack, masquerade attack, and so on. In this paper, we further propose a light dynamic pseudonym identity based authentication and key agreement protocol for multi-server architecture. In our scheme, service providing servers don't need to maintain verification tables for users. The proposed protocol provides not only the declared security features in Li et al.'s paper, but also some other security features, such as traceability and identity protection.