Abstract: Non-volatile memory (NVM), with the advantages of persistence after power failure, high density, and large capacity, has attracted extensive attention from both academia and industry. However, its persistence also makes NVM more vulnerable to security threats such as unauthorized access and data tampering. To ensure data confidentiality and integrity during storage and access, secure NVM systems generally employ encryption and integrity verification mechanisms. Nevertheless, directly applying these mechanisms to NVM may cause severe write amplification, resulting in increased write latency and energy consumption. To address this problem, this paper proposes epoch-based re-encryption delay (ERED), including word-epoch-based re-encryption delay (W-ERED) and line-epoch-based re-encryption delay (L-ERED). Since the re-encryption frequency of a data line is usually dominated by its most frequently updated word, W-ERED introduces flag bits for local counters to identify frequently overflowing words. When a local counter overflows, only the overflowing word is re-encrypted with a new line counter, while non-overflowing words continue to use the old line counter, thereby avoiding unnecessary re-encryption operations. Based on this observation, L-ERED further exploits the fact that the re-encryption rate of a data page is mainly determined by the data line with the highest overflow frequency in that page. By introducing overflow flags for line counters, L-ERED ensures that only overflowing data lines are re-encrypted with the major counter upon overflow, thus significantly reducing the re-encryption granularity and overhead caused by line-counter overflow. Furthermore, to reduce write overhead and improve crash recovery capability, this paper proposes an enhanced scheme, STAR+. STAR+ introduces a counter write-filtering mechanism that writes counters back to NVM only when the number of cache updates reaches a preset threshold, thereby reducing counter write operations. During crash recovery, STAR+ adopts the Osiris technique and uses shadow counters to record incremental updates. It reconstructs counter states by reading persisted counter values, replaying the logged increments, and verifying their correctness. In addition, STAR+ restores the integrity tree by updating the authentication values of leaf and parent nodes and recursively recalculating upper-level hash values, thereby ensuring consistency between data and metadata. Experimental results show that, compared with SECRET, W-ERED reduces the average write bit-flip rate by 5%, write latency by 11%, and write energy by 6%, with only 8/512 additional storage overhead. In L-ERED, the number of re-encrypted lines is only 26.7% of that in BASE and 47.7% of that in RSR, with only 1/512 additional storage overhead. Moreover, compared with STAR, STAR+ reduces NVM writes by 9.8% and performance overhead by 3.1%, while achieving comparable recovery time.