A Computationally Efficient Online/Offline Signature Scheme for Underwater Wireless Sensor Networks

Underwater wireless sensor networks (UWSNs) have emerged as the most widely used wireless network infrastructure in many applications. Sensing nodes are frequently deployed in hostile aquatic environments in order to collect data on resources that are severely limited in terms of transmission time and bandwidth. Since underwater information is very sensitive and unique, the authentication of users is very important to access the data and information. UWSNs have unique communication and computation needs that are not met by the existing digital signature techniques. As a result, a lightweight signature scheme is required to meet the communication and computation requirements. In this research, we present a Certificateless Online/Offline Signature (COOS) mechanism for UWSNs. The proposed scheme is based on the concept of a hyperelliptic curves cryptosystem, which offers the same degree of security as RSA, bilinear pairing, and elliptic curve cryptosystems (ECC) but with a smaller key size. In addition, the proposed scheme was proven secure in the random oracle model under the hyperelliptic curve discrete logarithm problem. A security analysis was also carried out, as well as comparisons with appropriate current online/offline signature schemes. The comparison demonstrated that the proposed scheme is superior to the existing schemes in terms of both security and efficiency. Additionally, we also employed the fuzzy-based Evaluation-based Distance from Average Solutions (EDAS) technique to demonstrate the effectiveness of the proposed scheme.


Introduction
Currently, there has been a growing interest in monitoring marine ecosystems for scientific research, military applications, and commercial exploitation [1]. The UWSN is the most effective method of monitoring the marine environment. In principle, the UWSN is a wireless communication network comprised of tens or hundreds of battery-powered sensor nodes [2]. Unlike wireless connections between ground sensors, the underwater channel has a high latency and low bandwidth, which uses a lot of power. In addition, changing or recharging a battery in UWSNs is far more complex than in ground WSNs.
That is why the current security algorithms struggle with power usage [3]. Due to the constrained resources, the sensor nodes suffer from an energy consumption problem [4]. Therefore, almost all of the existing research and technology on UWSNs is focused on power savings at the expense of security and capability. Security is one of the key elements in the design of the UWSNs' protocol and mechanism. As a result of their low cost and proximity to the events they monitor, sensor nodes are prime targets for malicious attacks of many kinds. In addition, the public communication channel makes it possible for any device to participate in the flow of information. Therefore, an attacker might easily control the sensors and unsecured UWSN communication lines. The research available on UWSNs focuses on self-organization, communication, flexibility, low power consumption, and adaptability. Unfortunately, the current studies have a lot of limitations when it comes to how well UWSNs can resist security threats, because resources are very limited, and the security situation is usually server-based because of certain data and communication sites [5].
In the context of security, authentication is necessary. Global WSN authentication solutions, such as public-based RSA [6] and Blom's symmetric matrix multiplication algorithm [7], have been presented, but they do not work for UWSNs because of their increased computational and communicational complexity. As a result, UWSNs require the development of an authentication system based on signatures [8].
A digital signature is a common solution for ensuring data authenticity in UWSNs. However, traditional digital signature schemes are based on expensive scaler point multiplication of the ECC, hyperelliptic curve devisor multiplication, and bilinear pairing operations, limiting their transmission to resource-limited devices such as sensors and IoT devices. An alternate solution to the problem is to utilize an offline/online signature, where the signature process is divided into online and offline phases. The offline phase performs computationally intensive tasks, while the online phase produces the signature on the message in real time. When installed on UWSNs, the gateway can simplify the online signature to generate authentic messages. Reducing the communication bandwidth and computation time is the key to the actual use of an online/offline signature technique. However, ensuring both the security and effectiveness of an online/offline approach in the real world remains a challenge. This is the main focus of the current paper.

Motivation and Contributions
The computation time and communication overhead are inversely related to the hardness of the underlying security concerns that must be spent on signature formation. Traditional signature techniques such as RSA and bilinear pairing, both of which are based on sub-exponential issues, need a significant amount of computation time and communication overhead and are not suitable for devices that have limited resources. Elliptic curve cryptography (ECC) is utilized instead. Their fundamental issue is a fully exponential one, and it is possible to generate their signatures in a significantly shorter amount of time.
However, it is still challenging to find a cryptographic solution that is appropriate for UWSNs. There are hardly any articles that concentrate on the cryptographic security and privacy for UWSNs [9][10][11][12][13][14]. However, bilinear pairing with elliptic curves is used to apply authenticity in various environments [15]. Since HEC has a higher efficiency and a shorter key length than ECC, bilinear pairing, and RSA, it is often regarded as the most compact and effective form of cryptographic mechanisms. In the proposed work, we focused on proposing a new security solution for UWSNs devices by dividing our algorithm into online and offline phases to further reduce the computational time and communication bandwidth during the device operation. The contributions to this paper are as follows:

•
Firstly, we propose a new certificateless online/offline signature scheme based on a hyperelliptic curve cryptosystem for underwater wireless sensor networks. • Secondly, we present the generic syntax of the proposed certificateless online/offline signature scheme for underwater wireless sensor networks. • Thirdly, we provide the mathematical construction for the proposed certificateless online/offline signature scheme for underwater wireless sensor networks. The construction is actually an extension of the syntax. The designed approach offers the security necessity of unforgeability against both type one and type two adversaries, an antireplay attack. • Finally, we compared the computational and communicational overhead of our proposed method with earlier certificateless online and offline signature solutions. According to the findings, the proposed strategy uses significantly fewer computing and communication resources than earlier solutions.

Paper Organization
In the upcoming section (i.e., Section 2), we will review the existing literature. Section 3 presents our proposed network and the construction of an online/offline signature for UWSNs. Section 4, presents the deployment of the proposed scheme on UWSNs. Section 5 presents the formal security analysis and Section 6 added the performance analysis. Section 7 is a review of our contributions while Section 8 concludes the research.

Related Works
Related studies have been presented to secure the UWSNs in recent years [9][10][11][12][13][14]. Unfortunately, the present key management and cryptographic solutions have some common problems, including computational and communicational complexity and the expansion of ciphertext [4]. Therefore, in the proposed approach, we considered an online/offline signature with a lightweight hyperelliptic curve cryptosystem to reduce the computational and communicational complexities for UWSN communications. Table 1 summarizes the  related works. Evan, Goldreich, and Micali [16] proposed the online/offline signature concept in 1990. The authors divided the signing algorithm into two phases: online and offline. In the absence of a message, heavier computations are transferred to the offline phase, while lighter computations are performed online. During the production process or whenever the device's power is connected, offline action can be conducted on the background computation device. Shamir and Thuman [17] refined the Trapdoor hash function-based online/offline signature technique in 2001. This improves the online efficiency. However, the technique increases the signature costs and has a trapdoor leak issue. In 2007, Chen [18] created an online/offline signature system employing the dual trapdoor hash function. However, in normal situations, neither method works.
Recently, Liu et al. [19] proposed an identity-based online/offline signature using the elliptic curve discrete logarithm problem (ECDLP). Addobea et al. [20] proposed COOS for mobile health devices in 2020. This study aims to reduce the computational and communication resources required by mobile health devices. According to Xu and Zeng [21], the propose scheme of Addobea et al. [20] is unable to accomplish correctness, a key security property that should be provided by a signature scheme. In the same year, Khan et al. [22] provided a new COOS solution for IoHT employing hyperelliptic curve discrete logarithm problem hardness (HCDLP). According to Hussain et al. [23], the given approach of Khan et al. [22] is insecure when subject to adaptive chosen message attacks. It has been proven that an adversary can fake a valid signature on a message by substituting their own public key in place of the one that is supposed to be used. An attribute-based online/offline signature system for mobile crowdsourcing was presented in 2021 by Hong et al. [24]. Sadly, the authors did not present a mathematical or network model. The solution is theoretical.

Authors Name & Reference No. Advantages Limitations
Liu et al. [19] • Propose an identity-based online/offline signature.

•
The authors utilized ECC to minimize the cost consumptions.
• Suffers from key escrow problem • The cost consumptions can be reduced further Addobea et al. [20] • Propose COOS for mobile health devices in 2020.

•
Aims to reduce the computational and communication resources required by mobile health devices.
• Suffers from high computational and communicational resource due to heavy bilinear pairing operations.

•
Reduced the computational and communicational resources utilizing HCDLP.
• Insecure when subject to adaptive chosen message attacks [23] Hong et al. [24] • Present an online/offline signature system for mobile crowdsourcing.

•
The authors did not present a mathematical or network model.
The above schemes are based on sophisticated cryptographic methods, i.e., bilinear pairing and ECC, and thus combined with the high cost of computation and communication. These approaches are therefore not compatible with UWSNs equipped with minimal computation and communication resources. To construct an effective cryptographic solution for UWSNs that requires minimal computational resources, there is a critical need for a more concrete and efficient online/offline signature scheme. Our design scheme is based on the HCC, which is a generalized form of an elliptic curve.
The certificateless signature scheme has a unique security concept in comparison to those used by traditional signature schemes. According to the definitions found in [25], a certificateless signature scheme ought to take into account two distinct kinds of adversaries: a Type-I (T 1 ) adversary and a Type-II (T 2 ) adversary. The adversary T 1 is meant to stand in for a typical threat posed by a third party against the certificateless signature scheme. This means that T 1 does not have access to the master key, but it is able to request public keys and replace existing public keys with values of its choosing. The adversarial T 2 is a representation of a malicious Key Generation Center (KGC) that is responsible for generating users' partial private keys. It is permissible for the adversary T 2 to have access to the master key, but they are not authorized to replace the target user's public key.

Hyperelliptic Curve Cryptosystem (HEC)
Koblitz [26] is the one who first introduced the hyperelliptic curve cryptosystem (HEC), which belongs to a class of algebraic curves. It is also possible to think of it as a more generalized version of the elliptic curves cryptosystem (ECC) [27]. The HEC points, as opposed to ECC points, cannot be obtained from a group in any way [28]. The additive Abelian group that can be generated from a devisor is the subject of computation by the HEC. In comparison to RSA, bilinear pairing, and ECC, the HEC's parameter size is significantly smaller while maintaining the same level of security. This makes the HEC appealing to resource-constrained devices. The curve whose genus value is 1 is typically referred to as the ECC curve. Figure 1 [29] illustrates a HEC that has a genus that is higher than 1. In a similar manner, the group order of the finite field (F q .) for the (genus = 1) needed operands that were 160 bits long, which necessitated the need for at least g .log 2 (q) ≈ 2 160 , where g is the genus of the curve over, F q ., which is the set of a finite field of order q. In a similar manner, the curve with a genus equal to two needed operands that were 80 bits long. In addition, the curves with a genus equal to three required operands were 54 bits in length [30]. The curve whose genus value is 1 is typically referred to as the ECC curve. Figure 1 [29] illustrates a HEC that has a genus that is higher than 1. In a similar manner, the group order of the finite field ( .) for the (genus = 1) needed operands that were 160 bits long, which necessitated the need for at least .
( ) , where g is the genus of the curve over, ., which is the set of a finite field of order q. In a similar manner, the curve with a genus equal to two needed operands that were 80 bits long. In addition, the curves with a genus equal to three required operands were 54 bits in length [30]. Let us assume that is a finite field and that is the algebraic closure of . An HEC of a genus ( ˃ 1) over is a set of solutions to the following equation of the curve in the form ( , ) ℇ x . HEC: If there are no pairs of ( , ) ℇ x that satisfy the condition, then the curve in question is regarded to be nonsingular. In addition, the curve in question must be able to satisfy both the previously mentioned curve equation, as well as the subsequent given partial differential equation. The polynomial h(x) ℇ [u] is a degree of , and h(x) ℇ [u] is the monic polynomial of degree 2 + 1.

Complexity Assumptions
During the course of the investigation, we found it necessary to presume the following assumptions: Let us assume that F is a finite field and that F is the algebraic closure of F. An HEC of a genus (g > 1) over F is a set of solutions to the following equation of the curve in the form ( x, y) ϵ F x F.
HEC : If there are no pairs of (x, y) ϵ F x F that satisfy the condition, then the curve in question is regarded to be nonsingular. In addition, the curve in question must be able to satisfy both the previously mentioned curve equation, as well as the subsequent given partial differential equation. 2y is the monic polynomial of degree 2g + 1.

Complexity Assumptions
During the course of the investigation, we found it necessary to presume the following assumptions: F q is a finite field with order q, where q ≈ 2 80 ; D is a divisor of a HEC, which is a finite sum of points; For HCCDHP, we make the following suppositions. Let η, Y ∈ {1, 2, 3, . . . , (n − 1)} and W = η.D, T = Y.η.D; then, finding η from W and Y from T is called HCCDH.

Network Model
In Figure 2, we present the proposed network model for the online/offline sig-nature scheme for the underwater wireless sensors network. The proposed network model consists of a Network Manager (NM), an Intermediate Getaway, Underwater Sensors, and Surface Users.
is a finite field with order , where ; D is a divisor of a HEC, which is a finite sum of points; D = ∑ ℇ HEC , where ℇ .

Network Model
In Figure 2, we present the proposed network model for the online/offline sig-nature scheme for the underwater wireless sensors network. The proposed network model consists of a Network Manager (NM), an Intermediate Getaway, Underwater Sensors, and Surface Users.

•
Network Manager (NM): It is the responsibility of the NM to establish a secure connection between all of the entities within the networks, and it is a third party that can be trusted.

•
Underwater Sensors: These are the sensors that sense the underwater environment and transmit data to the surface of the water.

•
A surface user is a device or a client that is interested in underwater sensors, such as an Internet of Things device or a client. • Network Manager (NM): It is the responsibility of the NM to establish a secure connection between all of the entities within the networks, and it is a third party that can be trusted.

•
Underwater Sensors: These are the sensors that sense the underwater environment and transmit data to the surface of the water.

•
A surface user is a device or a client that is interested in underwater sensors, such as an Internet of Things device or a client. resources collect data and pass it to the intermediary gateway, which then processes it.
In the presence of a message, the intermediate gateway then goes through the process of signature generation on the message.

Proposed Online/Offline Signature Algorithm for UWSNs
The symbols that were used in the construction of the proposed online/offline signature algorithm are listed in Table 2 of the following section. Additionally, Figure 3 presents the flowchart of the proposed algorithm.

•
Intermediary Getaway: The intermediate getaway is a collection of nodes that act as a conduit for data and requests between different entities.
The NM is in charge of the registration process that takes place prior to the creation of communication links. The NM first registers the communication parties in order to facilitate secure communication. A great amount of processing power, memory, and computational capability are available on the intermediate gateway device. Sensors with limited resources collect data and pass it to the intermediary gateway, which then processes it. In the presence of a message, the intermediate gateway then goes through the process of signature generation on the message.

Proposed Online/Offline Signature Algorithm for UWSNs
The symbols that were used in the construction of the proposed online/offline signature algorithm are listed in Table 2 of the following section. Additionally, Figure 3 presents the flowchart of the proposed algorithm.     The phase is carried out on NM, it take the security parameter (ζ) as an input. In addition, the NM will carry out the following procedures in order to produce a public parameter set designated as "(W)". Partial Private Key Extraction: By taking the identity (ID) of users, the NM perform the following computations: The NM then send U ID and A to the participants. Upon receiving them, the participants can check the validity of the equation as The partial private key is legitimate if the aforementioned equation is true; else, it is invalid.
Secret Value and Private Key Settings: Upon receiving U ID and A, the participants pick V ID ∈ {1, 2, 3, . . . , (n − 1)} and set it as a secret value.
Furthermore, the participants also set their full private key as (V ID , U ID ). Signature Generation: This section is divided into two phases, i.e., the online phase and the offline phase. The offline phase will perform heavy mathematical operations to reduce the computation for the online phase.
The triple (J , K, L ) is then assigned to the online phase. Online Phase: Given the offline triple (J , K, L), fresh nonce (τ ) and message ( ), the signature generator creates an online signature by performing the following computations.
Finally, the sender computes the triple of (L, b , ϑ) as a full signature. Signature Verification: For an identity (ID) and message ( ) with the computed signature triple (L, b , ϑ) on , the receiver verifies the signature by performing the following operations: The receiver then compares both b ′ = b ; if it holds, then the signature is valid; otherwise, it is forged.
The consistency can be proved from the following equation.

Deployment of the Proposed Scheme
For deployment, we consider underwater sensors, and surface users want communication to share data. In this communication, there will be other entities like NM and the intermediate getaway. To make a connection and authentic sources of data, each entity will follow the following steps of the suggested online/offline signature. Figure 4 shows the deployment of the proposed scheme.

Deployment of the Proposed Scheme
For deployment, we consider underwater sensors, and surface users want communication to share data. In this communication, there will be other entities like NM and the intermediate getaway. To make a connection and authentic sources of data, each entity will follow the following steps of the suggested online/offline signature. Figure 4 shows the deployment of the proposed scheme.

Setup, Connectivity, and Keys Extraction
To connect devices, the NM as an input takes the security parameter ( ), and the KGC generates a public parameter set ( ). For this, the NM select a genus ( = 2) of HCC with a key size of 80 bits, select

Setup, Connectivity, and Keys Extraction
To connect devices, the NM as an input takes the security parameter (ζ), and the KGC generates a public parameter set (W). For this, the NM select a genus (g = 2) of HCC with a key size of 80 bits, select N ϵ {1, 2, 3, 4 To contact the network, the underwater sensors and surface user send their identities (IDs, IDu) to NM. By taking the IDs, IDu, the NM first pick ϵ {1, 2, 3, 4, 5, . . . , (n − 1)}, compute A = .D, a = H a (ID, A), and compute U i = + N a mod n. The NM then send U i and A to the underwater sensors and surface user as a partial private key. Upon receiving it, the users can check the validity U i of the equation as U i .D = A + G a . If this equation holds, then the partial private key is valid; otherwise, it is invalid. Upon receiving U i and A, the participant picks V i ϵ {1, 2, 3, 4, 5, . . . , (n − 1)} and set it as a secret value. Furthermore, the underwater sensors and surface user also set their full private key as (V i , U i ).

Signature Generation
In this step, the underwater sensors generate the signature on data. As we know, the underwater sensors have limited energy. This section is divided into two phases, i.e., the online phase and the offline phase of the signature. The offline phase will perform heavy mathematical operations to reduce the computations for the online device. The underwater sensors take the triplet (J , K, L ) and data ( ) and generate an online signature. For this, it calculates b = H b (ID, J , L, τ, ) and ϑ = + b K mod n. Finally, the underwater sensors compute the triple of (L, b , ϑ) as a full signature and send it to the surface user.

Signature Verification
The surface user can verify the signature triple (L, b , ϑ) on by computing a = H a (ID,A),computingJ ′ = ϑ D− b (L + a G ),and computing b ′ = H b (ID, J , L, τ, ). The surface user then compares both b ′ = b ; If it holds, the signature is considered legitimate; if not, it is considered to be forged.

Definition 3. "Under the security assumptions of the random oracle model (ROM), an adversary (T 1 ) is unforgeable against the adaptive chosen message and identity attacks without knowledge of the partial private key and secret value."
Proof. Assume (D, ℴD) as a random HCDLP stance that outputs ℴ ℴ ℴ. An algorithm (Aℓ) will perform the subsequent simulations for interacting with T 1 . □ Setup: In this phase, Aℓ performs the following steps.

1.
The Aℓ sets the public key as G = ℴ.D and advertises W = {HCC, H a , H b , G, n, D } in the entire network.

2.
For 1 ≤ ≤ Q Ha , the Aℓ chooses ID p at random as a challenging ID for this particular game, while Q Ha represents the utmost number of the H a querying oracle.

4.
Finally, the Aℓ gives T 1 the global parameters set as W = {HCC, H a , H b , G, n, D }.

5.
After that, the Aℓ starts answering the queries from T 1 as and response i to the T 1 . Partial Private Key Extraction Queries: Upon requesting the private key associated with ID i , the Aℓ first verifies if ID i = ID p stays or not. The Aℓ also maintains the Ext list .

1.
If ID i = ID p , the Aℓ terminates the simulation and outputs an error.

2.
If ID i ̸ = ID p , the Aℓ choose V ID i ∈ {1, 2, 3, . . . , (n − 1)} at random as of the secret value allied with ID i . The Aℓ picks U ID i ∈ {1, 2, 3, . . . , (n − 1)} and computes The probability of EVE 1 is the utmost , where Q E represent the querying of the key extraction oracle.
If ID i = ID p , the Aℓ terminates the simulation and outputs an error.

2.
If ID i ̸ = ID p , the Aℓ searches (ID i , U ID i , V ID i ) from the Ext list and responds to the allied secret value (V ID ).

Signature Generation Queries:
Suppose a query for a signature with an identity (ID) and message ( ).

2.
Finally, the Aℓ outputs the triple (L p , p , ϑ p ) as the signature. The probability of , where Q Sig represents the querying of the signature generation oracle.

3.
If ID i ̸ = ID p , the signature is normal, as the Aℓ has the partial private key and secret value. Thus, the Aℓ can ordinarily perform the online signature generation.
Forgery: Let the T 1 generate a forgeable digital signature (L * , * , ϑ * ) on the message ( * ) for a given identity (ID * ), though ID * is not submitted to the secret value extraction oracle and partial private key extraction oracle, and ( * ,ID * ) is not a query to the signature generation oracle.

1.
If ID * ̸ = ID p * and L * ̸ = L p * , then the Aℓ terminates the simulation and outputs an error. The process is termed the Event EVE 3 . The probability of EVE 2 is utmost 1 Q Ha , where Q Ha represent the utmost number of H a querying the oracle.

Definition 4. There is an adversary (T 2 ) who is existentially unforgeable against the adaptive chosen message and identity attacks and has the knowledge of the partial private key/master secret key but does not have the participant's secret value in the ROM under the security HCDLP assumptions.
Proof. Assume (D, ℴD) as a random HCDLP stance that outputs ℴ ℴ ℴ. An algorithm (Aℓ) will perform the subsequent simulations for interacting with T 2 . □ Setup: In this phase, Aℓ performs the following steps.
Partial Private Key Extraction Queries: Upon requesting the private key associated with ID i , the Aℓ first verifies if ID i = ID p stays or not. The Aℓ also maintains the Ext list .

1.
If The Aℓ then picks i at random and computes U ID i = i + N i and adds (ID i , U ID i , ⊥) to the list (ID i , U ID i , i ), where ⊥ represents the unknown secret value for the identity ID i . To end with, the Aℓ returns U ID i .

2.
If The Aℓ then chooses i1 , i2 ∈ {1, 2, 3, . . . , (n − 1)} at random and computes U ID i = i2 + N i and adds (ID i , U ID i , i1 ) to the list. To end with, the Aℓ returns U ID i Signature Generation Queries: Suppose a T 2 query for a signature with an identity (ID) and message ( ).

1.
If ID i = ID p , the Aℓ picks ϑ i , i ∈ {1, 2, 3, . . . , (n − 1)} at random and sets A i = ℴ.D and finds (ID i , A i , i ) from H a list , and additionally, the Aℓ also sets L i = A i = ℴ.D and computes already exists, Aℓ terminates the simulation and outputs an error. The process is termed the Event EVE 2 .
If H a (ID p , J p , L p , τ, i ) already exists, Aℓ terminates the simulation and outputs an error. The process is termed the Event EVE 2 . Finally, the Aℓ outputs the triple , where Q Sig represents the querying of the signature generation oracle.

2.
If ID i ̸ = ID p , the signature is normal, as the Aℓ has the partial private key and secret value. Thus, the Aℓ can ordinarily perform the online signature generation.
Forgery: Let the T 2 generate a forgeable digital signature (L * , * , ϑ * ) on the message ( * ) for a given identity (ID * ), though ID * is not submitted to the secret value extraction oracle, and ( * ,ID * ) is not query to the signature generation oracle.

1.
If ID * ̸ = ID p * and L * ̸ = L p * , then the Aℓ terminates the simulation and outputs an error. The process is termed as the Event EVE 3 . The probability of EVE 2 is not less than 1 Q Ha , where Q Ha represent the utmost number of H a querying oracles.

Theorem 3
Definition 5. If the NM impersonates an authentic participant in order to forge the signature and has knowledge of the participant's partial private key and secret value (an alternate secret value that is not real), we can demonstrate to the mediator that the NM is dishonest.
Proof. According to the above two theorems, the proposed scheme is unforgeable against both malicious type-1 and type-2 adversaries. The process is split into two steps, i.e., forging the private key and signing the message. □ strategies in light of the costly mathematical operations. For testing the simulation results, a device with the features used is stated in Table 3 [27]. The key operation of our comparative analysis is explained in Tables 4-6, respectively. For our comparative analysis, we consider the costly mathematical operations pairing operations (PO), bilinear pairing scalar multiplication (PBSM), ECC-based scalar multiplication (EBSM), and hyperelliptic curve devisor multiplication (HCDM). Previous observations show that the running processing time of a single point multiplication varies significantly: EBSM takes 0.83 ms, PO consumes 20.01 ms, and PBSM consumes 6.38 ms [32]. Owing to the 80-bit key size, HCDM is estimated to be half of ECC, so it will consume 0.415 ms [22].  The sender of the message executes the certificateless online/offline signature generation algorithm of the proposed scheme, which involves two HCDM to produce the certificateless online/offline signature. Additionally, the certificateless online/offline signature verifier requires two HCDM to authenticate the online/offline signature. Table 4 shows the computation time required by the suggested online/offline cryptographic schemes in terms of costly operations. Moreover, Table 5 demonstrates the efficiency evaluation comparison between the proposed scheme and the previous design schemes in milliseconds. According to Table 6, the essential time-designed scheme is almost 98.41% of Addobea et al. [20], 50% of Liu et al. [19], 42.85% of Khan et al. [22], and 71.42% of Hong et al. [24]. Additionally, Figure 5 demonstrates the computational time evaluation analysis of certificateless online/offline signature generation and verification. The vertical axis indicates the computation time in milliseconds for a clear representation of the computation timeframe. It is obvious that the new strategy is more effective than the previous.     [19,20,22,24].

Percentage Improvement in terms of the Computation Time.
The computation time improvement is shown in Table 7 below.

Communication Overhead
Specifically, we compare the proposed scheme with a few recent online/offline signature schemes,including those presented byAddobea et al. [20], Liu et al. [19],Khan et al. [22], and Hong et al. [24], in order to illustrate how the designed approach is more efficient in terms of the communication overhead. In order to do so, we assume that the length of elements in |G1| = |G2| = |G| = 1024 bits for bilinear pairing, |q| = 160 bits for the elliptic curve cryptosystem, |n| = 80 bits for the hyperelliptic curve cryptosystem, |m| = 100 bits, and |H| = 256 for the hash function [33]. Furthermore, Tables 8 and 9 depict the percentage improvement in the communication overhead that may be achieved by using the designed technique. Additionally, Figure 6 shows the results of an examination of the communication overhead of the certificateless online/offline signature systems. The vertical axis depicts the communication overhead in bits, which allows for a clear visual representation of the communication overhead. It demonstrates unequivocally that the designed strategy is more efficient than the previously designed approaches.  Table 7 below.

Communication Overhead
Specifically, we compare the proposed scheme with a few recent online/offline signature schemes, including those presented by Addobea et al. [20], Liu et al. [19], Khan et al. [22], and Hong et al. [24], in order to illustrate how the designed approach is more efficient in terms of the communication overhead. In order to do so, we assume that the length of elements in |G1| = |G2| = |G| = 1024 bits for bilinear pairing, |q| = 160 bits for the elliptic curve cryptosystem, |n| = 80 bits for the hyperelliptic curve cryptosystem, |m| = 100 bits, and |H| = 256 for the hash function [33]. Furthermore, Tables 8 and 9 depict the percentage improvement in the communication overhead that may be achieved by using the designed technique. Additionally, Figure 6 shows the results of an examination of the communication overhead of the certificateless online/offline signature systems. The vertical axis depicts the communication overhead in bits, which allows for a clear visual representation of the communication overhead. It demonstrates unequivocally that the designed strategy is more efficient than the previously designed approaches.  [19,20,22,24]. Figure 6. Communication overhead evaluation [19,20,22,24].  Table 9. Communication overhead improvement.

Ref. No. CO of Previous Scheme in MS CO of Proposed Percentage Improvement
Addobea et al. [20] 3684 596 83.82 Liu et al. [19] 836 596 28.70 Khan et al. [22] 692 596 13.87 Hong et al. [24] 836 596 28.70 Percentage Improvement in terms of the communication overhead The communication overhead improvement is shown in Table 9 below.

Performance Evaluation Using EDAS
EDAS is a standard approach that is utilized for testing and evaluating a variety of alternative options. Gorhabaee et al. [34] were the first people to apply the approach. The Positive Distance from Average and Negative Distance from Average solutions are the two functions that are used in EDAS to measure how far a solution is from the average [35]. EDAS is a multi-criteria decision-making (MCDM) approach that calculates the distance of all other solutions from the average solution and uses that specific information to select the best among the alternatives [36].
The EDAS is generally selected for a comparative analysis in a situation to solve the conflicting criteria [30]. Table 10 shows a comparative analysis of the selected performance metrics. In addition, the EDAS technique is used to select the most effective values for the four different methods, depending on the selected parameters. Furthermore, the assessment scores (µ) were used to calculate the ranking based on the chosen parameters among the existing schemes. Table 10 evaluates the performance matrices of the previously proposed schemes, including ours.
Step One (Average Solution): In this step, the average of the selected matrices is calculated.
In the stage before this one, one of the criteria for determining which solution to recommend is the performance of the matrices that were chosen. Precisely, in this step, the average of the selected matrices is calculated. As can be seen in Table 11, each calculated value on a chosen matrix can be derived as a solution to Equations (1) and (2), respectively. Step Two: Positive Distance from Average (PD ℊ ℊ ℊ ) In this step, the P dav is calculated using the following equations: If the state b th is favorable, then For the less favorable, it becomes where PD ℊ represents the Positive Distance from Average from the given average value on the a th rating performance matrices.
Step Three: Negative Distance from Average (N D ℊ ℊ ℊ ) The N D ℊ is calculated in this step using the following equations: If the b th criterion is more favorable than and less desirable, then the given above equations become where ( N D ℊ ) ab represents the Negative Distance from Average solution.

Step Four: Weighted Sum of the Positive Distance (WSPD ℊ ℊ ℊ )
The WSPD ℊ for the given schemes are considered at this stage, as shown in Table 12. Step Five: The Weighted Sum of the Negative Distance (WSN D ℊ ℊ ℊ ) For the WSN D ℊ for the selected scheme obtained in this phase employing the following formula, the results are shown in Table 13. Step Six (Ranking) The scores that were generated based on the WSPD ℊ and WSN D ℊ , are presented accordingly in the following Equations (11) and (12).
The score values based on N (WSN D ℊ ) and N (WSN D ℊ ) are based on the evaluation scores (µ) for the rated schemes, as stated in Equation (13).
We obtained the final result by utilizing both the WSPD ℊ and WSN D ℊ average. Following the steps outlined above establishes the extent of µ and provides the final ranking based on the parameters selected for the adopted schemes. According to the evaluation results, the best online/offline signature scheme obtains the highest scores. As may can be seen in Table 14, the proposed scheme has received very good evaluation scores (µ). According to the conclusive findings of the EDAS technique, the overall performance of our scheme is superior than that of the earlier online/offline signature schemes. On the basis of a comparison study using fuzzy logic-based EDAS, the new scheme is superior to that of Khan et al. [22] and Liu et al. [19], which come in second and third, respectively. The Hong et al. [24] approach, on the other hand, comes in fourth place in the chosen matrix.

Summary of the Findings
To the best of our knowledge,we designed the first ever online/offline signature scheme for UWSNs. The proposed scheme makes the least possible use of computational and communicational resources by employing lightweight HEC. In addition to that, the proposed scheme uses the idea of online/offline signatures in order to lessen the load on the sensors nodes. A fuzzy-based EDAS technique was applied in the proposed system in order to illustrate both the practicability and effectiveness of the given approach. According to the results of the findings, the proposed scheme is superior in terms of the chosen parameters. Finally, an application shown where the proposed scheme is deployed.

Conclusions
The paper presents a lightweight certificateless online/offline signature scheme for underwater wireless sensor networks (UWSNs). The signature is completed in two stages, according to the proposed scheme, the first of which takes place online and the second of which takes place offline. In the absence of a message, the offline phase is responsible for carrying out computationally complex operations, whereas the online phase is responsible for carrying out computations that are more straightforward and less intensive. In addition to this, the proposed scheme utilized a lightweight hyperelliptic curve cryptosystem that has an 80-bit key size in order to bring down the overall cost of the UWSNs even further. Additionally, the newly proposed scheme is compared with the previously suggested online and offline signature schemes with regards to the amount of computation time and communication overhead. In comparison to the previous schemes, the proposed schemes minimize the amount of time needed for computation from 50% to 98.41% and reduces the amount of communication overhead from 13.87% to 83.82%. In addition, the proposed scheme is proven secure in the random oracle model under the hyperelliptic curve discrete logarithm problem. The feasibility of a proposed scheme is demonstrated by a security analysis and comparisons with the relevant current schemes. A decisionmaking strategy known EDAS was also used to demonstrate the design effectiveness in multiple criteria. Finally, we presented a scenario in which the proposed approach can be practically applied on underwater wireless sensor networks.