{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,11]],"date-time":"2026-06-11T16:03:32Z","timestamp":1781193812633,"version":"3.54.1"},"reference-count":45,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2022,5,30]],"date-time":"2022-05-30T00:00:00Z","timestamp":1653868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Research Grants Council of Hong Kong under project","award":["CityU 11218419"],"award-info":[{"award-number":["CityU 11218419"]}]},{"name":"Knowledge Foundation in the project Next generation Industrial IoT (NIIT) at Mid Sweden University","award":["CityU 11218419"],"award-info":[{"award-number":["CityU 11218419"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Group communication enables Internet of Things (IoT) devices to communicate in an efficient and fast manner. In most instances, a group message needs to be encrypted using a cryptographic key that only devices in the group know. In this paper, we address the problem of establishing such a key using a lattice-based one-way function, which can easily be inverted using a suitably designed lattice trapdoor. Using the notion of a bad\/good basis, we present a new method of coupling multiple private keys into a single public key, which is then used for encrypting a group message. The protocol has the apparent advantage of having a conjectured resistance against potential quantum-computer-based attacks. All functions\u2014key establishment, session key update, node addition, encryption, and decryption\u2014are effected in constant time, using simple linear-algebra operations, making the protocol suitable for resource-constrained IoT networks. We show how a cryptographic session group key can be constructed on the fly by a user with legitimate credentials, making node-capture-type attacks impractical. The protocol also incorporates a mechanism for node addition and session-key generation in a forward- and backward-secrecy-preserving manner.<\/jats:p>","DOI":"10.3390\/s22114148","type":"journal-article","created":{"date-parts":[[2022,5,31]],"date-time":"2022-05-31T02:30:06Z","timestamp":1653964206000},"page":"4148","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Quantum-Safe Group Key Establishment Protocol from Lattice Trapdoors"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7873-3499","authenticated-orcid":false,"given":"Teklay","family":"Gebremichael","sequence":"first","affiliation":[{"name":"Department of Information Systems and Technology, Mid Sweden University, 852 30 Sundsvall, Sweden"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0873-7827","authenticated-orcid":false,"given":"Mikael","family":"Gidlund","sequence":"additional","affiliation":[{"name":"Department of Information Systems and Technology, Mid Sweden University, 852 30 Sundsvall, Sweden"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2388-3542","authenticated-orcid":false,"given":"Gerhard P.","family":"Hancke","sequence":"additional","affiliation":[{"name":"Department of Computer Science, City University of Hong Kong, Hong Kong 999077, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ulf","family":"Jennehag","sequence":"additional","affiliation":[{"name":"Division of Industrial Systems, RISE\u2014Research Institutes of Sweden, 852 33 Sundsvall, Sweden"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2022,5,30]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1109\/JIOT.2014.2312291","article-title":"Research directions for the internet of things","volume":"1","author":"Stankovic","year":"2014","journal-title":"IEEE Internet Things J."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Zhang, Z.K., Cho, M.C.Y., Wang, C.W., Hsu, C.W., Chen, C.K., and Shieh, S. (2014, January 17\u201319). IoT security: Ongoing challenges and research opportunities. Proceedings of the 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, Matsue, Japan.","DOI":"10.1109\/SOCA.2014.58"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1503","DOI":"10.1109\/ACCESS.2015.2474705","article-title":"Group key establishment for enabling secure multicast communication in wireless sensor networks deployed for IoT applications","volume":"3","author":"Porambage","year":"2015","journal-title":"IEEE Access"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3047413","article-title":"Axiom: DTLS-based secure IoT group communication","volume":"16","author":"Tiloca","year":"2017","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Gebremichael, T., Jennehag, U., and Gidlund, M. (2018, January 19\u201321). Lightweight iot group key establishment scheme using one-way accumulator. Proceedings of the 2018 International Symposium on Networks, Computers and Communications (ISNCC), Rome, Italy.","DOI":"10.1109\/ISNCC.2018.8531034"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Ferrari, N., Gebremichael, T., Jennehag, U., and Gidlund, M. (2018, January 15\u201318). Lightweight group-key establishment protocol for IoT devices: Implementation and performance Analyses. Proceedings of the 2018 Fifth International Conference on Internet of Things: Systems, Management and Security, Valencia, Spain.","DOI":"10.1109\/IoTSMS.2018.8554829"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1103\/RevModPhys.74.145","article-title":"Quantum cryptography","volume":"74","author":"Gisin","year":"2002","journal-title":"Rev. Mod. Phys."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J. (2009). Introduction to post-quantum cryptography. Post-Quantum Cryptography, Springer.","DOI":"10.1007\/978-3-540-88702-7"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Micciancio, D., and Regev, O. (2009). Lattice-based cryptography. Post-Quantum Cryptography, Springer.","DOI":"10.1007\/978-3-540-88702-7_5"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Gentry, C. (2010, January 15\u201319). Toward basing fully homomorphic encryption on worst-case hardness. Proceedings of the Annual Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-642-14623-7_7"},{"key":"ref_11","unstructured":"Shor, P.W. (1994, January 20\u201322). Algorithms for quantum computation: Discrete logarithms and factoring. Proceedings of the 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1568318.1568324","article-title":"On lattices, learning with errors, random linear codes, and cryptography","volume":"56","author":"Regev","year":"2009","journal-title":"J. ACM"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1561\/0400000074","article-title":"A decade of lattice cryptography","volume":"10","author":"Peikert","year":"2016","journal-title":"Found. Trends Theor. Comput. Sci."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1270","DOI":"10.1109\/TASE.2015.2511301","article-title":"S3K: Scalable security with symmetric keys\u2014DTLS key establishment for the Internet of Things","volume":"13","author":"Raza","year":"2016","journal-title":"IEEE Trans. Autom. Sci. Eng."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Halford, T.R., Courtade, T.A., and Chugg, K.M. (2013, January 14\u201316). Energy-efficient, secure group key agreement for ad hoc networks. Proceedings of the 2013 IEEE Conference on Communications and Network Security (CNS), Washington, DC, USA.","DOI":"10.1109\/CNS.2013.6682706"},{"key":"ref_16","first-page":"718","article-title":"NTRU-KE: A Lattice-based Public Key Exchange Protocol","volume":"2013","author":"Lei","year":"2013","journal-title":"Cryptol. ePrint Arch."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New directions in cryptography","volume":"22","author":"Diffie","year":"1976","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Banerjee, U., and Chandrakasan, A.P. (2020, January 7\u201311). Efficient Post-Quantum TLS Handshakes using Identity-Based Key Exchange from Lattices. Proceedings of the ICC 2020-2020 IEEE International Conference on Communications (ICC), Dublin, Ireland.","DOI":"10.1109\/ICC40277.2020.9148829"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"681","DOI":"10.1109\/TII.2019.2949354","article-title":"A quantum-safe key hierarchy and dynamic security association for LTE\/SAE in 5G scenario","volume":"16","author":"Arul","year":"2019","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_20","unstructured":"Murugan, G. (2020). An Efficient Algorithm on Quantum Computing With Quantum Key Distribution for Secure Communication. Int. J. Commun., 5."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"2813","DOI":"10.1007\/s12083-021-01117-2","article-title":"Privacy-preserving hierarchical deterministic key generation based on a lattice of rings in public blockchain","volume":"14","author":"Banupriya","year":"2021","journal-title":"Peer-to-Peer Netw. Appl."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"950","DOI":"10.1109\/TNSE.2021.3095192","article-title":"Secure Social Internet of Things Based on Post-Quantum Blockchain","volume":"9","author":"Yi","year":"2021","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"ref_23","first-page":"30","article-title":"The learning with errors problem","volume":"7","author":"Regev","year":"2010","journal-title":"Invit. Surv."},{"key":"ref_24","unstructured":"Micciancio, D., and Goldwasser, S. (2012). Complexity of Lattice Problems: A Cryptographic Perspective, Springer."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"535","DOI":"10.1007\/s00224-010-9278-3","article-title":"Generating shorter bases for hard random lattices","volume":"48","author":"Alwen","year":"2009","journal-title":"Theory Comput. Syst."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Hoffstein, J., Pipher, J., and Silverman, J.H. (1998). NTRU: A ring-based public key cryptosystem. International Algorithmic Number Theory Symposium, Springer.","DOI":"10.1007\/BFb0054868"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Peikert, C. (2010, January 15\u201319). An efficient and parallel Gaussian sampler for lattices. Proceedings of the Annual Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-642-14623-7_5"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Naoui, S., Elhdhili, M.E., and Saidane, L.A. (December, January 29). Security analysis of existing IoT key management protocols. Proceedings of the 2016 IEEE\/ACS 13th International Conference of Computer Systems and Applications (AICCSA), Agadir, Morocco.","DOI":"10.1109\/AICCSA.2016.7945806"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Lee, E.J., Lee, S.E., and Yoo, K.Y. (2008, January 13\u201315). A certificateless authenticated group key agreement protocol providing forward secrecy. Proceedings of the 2008 International Symposium on Ubiquitous Multimedia Computing, Hobart, Australia.","DOI":"10.1109\/UMC.2008.32"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Micciancio, D., and Peikert, C. (2012, January 15\u201319). Trapdoors for lattices: Simpler, tighter, faster, smaller. Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK.","DOI":"10.1007\/978-3-642-29011-4_41"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Ajtai, M. (1999). Generating hard instances of the short basis problem. International Colloquium on Automata, Languages, and Programming, Springer.","DOI":"10.1007\/3-540-48523-6_1"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Ajtai, M. (2005, January 22\u201324). Representing hard lattices with O (n log n) bits. Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA.","DOI":"10.1145\/1060590.1060604"},{"key":"ref_33","unstructured":"Peikert, C., Vaikuntanathan, V., and Waters, B. (2008, January 17\u201321). A framework for efficient and composable oblivious transfer. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Tian, Z., and Qiao, S. (2012, January 27\u201329). A complexity analysis of a Jacobi method for lattice basis reduction. Proceedings of the Fifth International C* Conference on Computer Science and Software Engineering, Montreal, QC, Canada.","DOI":"10.1145\/2347583.2347590"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"1645","DOI":"10.1049\/el:19961141","article-title":"Near Shannon limit performance of low density parity check codes","volume":"32","author":"MacKay","year":"1996","journal-title":"Electron. Lett."},{"key":"ref_36","first-page":"1","article-title":"Key management for large dynamic groups: One-way function trees and amortized initialization","volume":"15","author":"Balenson","year":"1999","journal-title":"Mar"},{"key":"ref_37","unstructured":"Ghanem, S.M., and Abdel-Wahab, H. (July, January 30). A secure group key management framework: Design and rekey issues. Proceedings of the Eighth IEEE Symposium on Computers and Communications, ISCC 2003, Antalya, Turkey."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"455","DOI":"10.1016\/S1570-8705(03)00046-5","article-title":"Providing secrecy in key management protocols for large wireless sensors networks","volume":"1","author":"Mancini","year":"2003","journal-title":"Ad Hoc Netw."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Gentry, C., Peikert, C., and Vaikuntanathan, V. (2008, January 17\u201320). Trapdoors for hard lattices and new cryptographic constructions. Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, Victoria, BC, Canada.","DOI":"10.1145\/1374376.1374407"},{"key":"ref_40","unstructured":"Peikert, C. (June, January 31). Public-key cryptosystems from the worst-case shortest vector problem. Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, Bethesda, MD, USA."},{"key":"ref_41","unstructured":"Dunkels, A., Gronvall, B., and Voigt, T. (2004, January 16\u201318). Contiki-a lightweight and flexible operating system for tiny networked sensors. Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks, Tampa, FL, USA."},{"key":"ref_42","first-page":"157","article-title":"Review on raspberry pi 3b+ and its scope","volume":"4","author":"Nath","year":"2020","journal-title":"Int. J. Eng. Appl. Sci. Technol."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Peikert, C. (2014). Lattice cryptography for the internet. International Workshop on Post-Quantum Cryptography, Springer.","DOI":"10.1007\/978-3-319-11659-4_12"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Lyubashevsky, V., Peikert, C., and Regev, O. (2013, January 26\u201330). A toolkit for ring-LWE cryptography. Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece.","DOI":"10.1007\/978-3-642-38348-9_3"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"365","DOI":"10.1007\/s00037-007-0234-9","article-title":"Generalized compact knapsacks, cyclic lattices, and efficient one-way functions","volume":"16","author":"Micciancio","year":"2007","journal-title":"Comput. Complex."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/11\/4148\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T23:21:57Z","timestamp":1760138517000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/11\/4148"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,30]]},"references-count":45,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2022,6]]}},"alternative-id":["s22114148"],"URL":"https:\/\/doi.org\/10.3390\/s22114148","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,5,30]]}}}