# An Efficient and Secure Certificateless Aggregate Signature Scheme for Vehicular Ad hoc Networks

^{1}

^{2}

^{3}

^{4}

^{5}

^{*}

## Abstract

**:**

## 1. Introduction

- In this article, we propose an efficient certificateless aggregate signature scheme for the security and privacy protection of VANETs using hyperelliptic curve cryptography;
- The proposed scheme enables participating vehicles to share their identities with trusted authorities via an open channel without revealing their identities to unauthorized participants; as a result, sender and recipient anonymity will be ensured;
- In addition, this scheme will disclose the partial private key to participating devices via an open channel while keeping it concealed from other third parties;
- Finally, the noteworthy feature of the proposed scheme is its utilization of a hyperelliptic curve to generate and verify signatures with less computational and communication costs.

## 2. Literature Review

## 3. Preliminaries

#### 3.1. Hyperelliptic Curve Discrete Logarithm Problem (HECDLP) Assumptions

#### 3.2. Hyperelliptic Curve Computational Defi-Helman Problem (HECCDHP) Assumptions

#### 3.3. Network Model

- OBU: It is a 5G-enabled communication device fixed on a vehicle that can communicate with RSU and other OBUs. It is responsible for registering itself with the DoT by sending its identity in an encrypted form. The DoT first decrypts the received encrypted identity, generates a partial private key for this identity, and returns it to the OBU in an encrypted format using an insecure channel. Then, the OBU generates a private key and a public key, generates a signature on data, and sends it to the RSU via an open network.
- RSU: It is a 5G-enabled base station responsible for managing and conducting V-I communication. It is responsible for registering itself with the DoT by sending its identity in an encrypted form. The DoT generates a partial private key for this identity and returns it to the RSU in an encrypted format using an insecure channel. Then, the RSU can produce a complete private key and public key. When the RSU receives signed data from the OBU, it verifies the signature and either accepts the message or generates an error message depending on the results. RSU also works as a signature aggregator.
- DoT: The DoT is a reliable third party (TA) with significant processing power and storage capability. When the DoT is provided with the identities of OBU and RSU, it produces a partial private key pair and sends it back to the OBU and RSU in two packages in an encrypted form using an insecure channel. Then, both OBU and RSU create their remaining private and public keys for themselves.

#### 3.4. Syntax of the Proposed CLAS Scheme

## 4. Proposed Scheme’s Construction

- It selects ${T}_{OBU}$ from ${F}^{ield}{}_{p}$ and computes ${W}_{OBU}={T}_{OBU}.D$;

- It computes ${H}_{3usr}={H}_{03}\left(EI{D}_{usr},{F}_{usr},{L}_{usr},{W}_{OBU}\right)$;

- It computes ${S}_{OBU}=\left({T}_{OBU}+{H}_{3usr}\left({G}_{usr}+{P}_{usr}\right)\right)$ and sends (${S}_{OBU},{W}_{OBU}$) to the RSU.

- Computes ${H}_{3usr}={H}_{03}\left(EI{D}_{usr},{F}_{usr},{L}_{usr},{W}_{OBU}\right)$ and ${H}_{2usr}={H}_{02}\left(EI{D}_{usr},{F}_{usr},Do{t}_{pb}\right)$;

- Verifies if ${S}_{OBU}.D-{W}_{OBU}={H}_{3usr}\left({F}_{usr}+{L}_{usr}+{H}_{2usr}Do{t}_{pb}\right)$, if it is satisfied.

**Correctness**

## 5. Security Analysis

**Theorem 1.**

**Proof.**

**Setup:**

**Query Phase:**

**H**

_{01}Query:**H**

_{02}Query:**H**

_{03}Query:**Secret Value Generation (SVG) Query:**

**PRPKG Query:**

**Public Key Generation (PBKG) Query:**

**Public Key Replaced (PKR) Query:**

**SIGG Query:**

**Forgery:**

**Theorem 2.**

**Proof.**

**Setup:**

**Query Phase:**

**H**

_{01}Query:**H**

_{02}Query:**H**

_{03}Query:**Secret Value Generation (SVG) Query:**

**Public key Generation (PBKG)Query:**

**SIGG Query:**$FCR$ sets an empty list (${L}_{SIGG}$). When $FG{R}_{2}$ generates this query, $FCR$ checks the value $\left(I{D}_{usri},m,{G}_{usr},{P}_{usr}\right)$ in ${L}_{SIGG}$. If the value ${P}_{usr}$ exists, then it selects ${T}_{OBU}$ from ${F}^{ield}{}_{p}$ and computes ${W}_{OBU}={T}_{OBU}.D,$ computes ${H}_{3usr}={H}_{03}\left(EI{D}_{usr},{F}_{usr},{L}_{usr},{W}_{OBU}\right),$ computes ${S}_{OBU}=\left({T}_{OBU}+{H}_{3usr}\left({G}_{usr}+{P}_{usr}\right)\right)$ and sends (${S}_{OBU},{W}_{OBU}$) to $FG{R}_{1}$. Otherwise, it selects ${S}_{OBU}$ from ${F}^{ield}{}_{p}$ and sends it to $FG{R}_{2}$.

**Forgery:**When the above queries are completed successfully, $FG{R}_{1}$ can return a forged certificateless signature tuple (${S}_{OBU}{}^{*},{W}_{OBU}{}^{*}$). By using the concept of the forking lemma, $FG{R}_{1}$ can return another forged certificateless signature tuple (${S}_{OBU}{}^{*1},{W}_{OBU}{}^{*1}$). So these two tuples will be only true if $FCR$ gets the valid value of $x$.

## 6. Performance Comparison

#### 6.1. Security Requirements Comparisons

#### 6.2. Computational Cost

- For bilinear pairing-based scheme, we used the following formulas for computational cost:

- For elliptic curve-based scheme, we used the following formulas for computational cost:

- For hyperelliptic curve-based scheme, we used the following formulas for computational cost:

#### 6.3. Communication Cost

- Communicational cost formula for bilinear pairing-based schemes:|Message| + |Total number of Transmitted parameters | ∗ 1024.
- Communicational cost formula for elliptic curve schemes:|Message| + |Total number of Transmitted parameters| ∗ 160.
- Communicational cost formula for hyperelliptic curve-based schemes:|Message| + |Total number of Transmitted parameters | ∗ 80.

## 7. Conclusions

## Author Contributions

## Funding

## Data Availability Statement

## Conflicts of Interest

## References

- Weber, J.S.; Neves, M.; Ferreto, T. VANET simulators: An updated review. J. Braz. Comput. Soc.
**2021**, 27, 8. [Google Scholar] [CrossRef] - Raut, C.M.; Devane, S.R. Intelligent transportation system for smartcity using VANET. In Proceedings of the 2017 International Conference on Communication and Signal Processing (ICCSP), Chennai, India, 6–8 April 2017; IEEE: Piscateville, NJ, USA; pp. 1602–1605. [Google Scholar]
- Ullah, I.; Khan, M.A.; Alsharif, M.H.; Nordin, R. An anonymous certificateless signcryption scheme for secure and efficient deployment of Internet of vehicles. Sustainability
**2021**, 13, 10891. [Google Scholar] [CrossRef] - Umar, M.; Islam, S.H.; Mahmood, K.; Ahmed, S.; Ghaffar, Z.; Saleem, M.A. Provable secure identity-based anonymous and privacy-preserving inter-vehicular authentication protocol for VANETS using PUF. IEEE Trans. Veh. Technol.
**2021**, 70, 12158–12167. [Google Scholar] [CrossRef] - Ullah, I.; Khan, M.A.; Khan, F.; Jan, M.A.; Srinivasan, R.; Mastorakis, S.; Hussain, S.; Khattak, H. An Efficient and Secure Multi-message and Multi-receiver Signcryption Scheme for Edge Enabled Internet of Vehicles. IEEE Internet Things J. 2021.
- Qu, F.; Wu, Z.; Wang, F.Y.; Cho, W. A security and privacy review of VANETs. IEEE Trans. Intell. Transp. Syst.
**2015**, 16, 2985–2996. [Google Scholar] [CrossRef] - Khan, M.A.; Shah, H.; Rehman, S.U.; Kumar, N.; Ghazali, R.; Shehzad, D.; Ullah, I. Securing internet of drones with identity-based proxy signcryption. IEEE Access
**2021**, 9, 89133–89142. [Google Scholar] [CrossRef] - Shamir, A. Identity-based cryptosystems and signature schemes. In Advances in Cryptology: Proceedings of CRYPTO 84 4; Springer: Berlin/Heidelberg, Germany, 1985; pp. 47–53. [Google Scholar]
- Al-Riyami, S.S.; Paterson, K.G. Certificateless public key cryptography. In Asiacrypt; Springer: Berlin/Heidelberg, Germany, 2003; Volume 2894, pp. 452–473. [Google Scholar]
- Boneh, D.; Gentry, C.; Lynn, B.; Shacham, H. Aggregate and verifiably encrypted signatures from bilinear maps. In Advances in Cryptology—EUROCRYPT 2003, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, 4–8 May 2003; Springer: Berlin/Heidelberg, Germany, 2003; pp. 416–432. [Google Scholar]
- Ullah, I.; Amin, N.U.; Khan, J.; Rehan, M.; Naeem, M.; Khattak, H.; Khattak, S.J.; Ali, H. A Novel Provable Secured Signcryption Scheme $\mathcal{P}$$\mathcal{S}$$\mathcal{S}$$\mathcal{S}$: A Hyper-Elliptic Curve-Based Approach. Mathematics
**2019**, 7, 686. [Google Scholar] [CrossRef] [Green Version] - Yum, D.H.; Lee, P.J. Generic construction of certificateless signature. In Proceedings of the Information Security and Privacy: 9th Australasian Conference, ACISP 2004, Sydney, Australia, 13–15 July 2004; Springer: Berlin/Heidelberg, Germany; pp. 200–211. [Google Scholar]
- Hu, B.C.; Wong, D.S.; Zhang, Z.; Deng, X. Key replacement attack against a generic construction of certificateless signature. In ACISP; Springer: Berlin/Heidelberg, Germany, 2006; Volume 6, pp. 235–246. [Google Scholar]
- Deng, J.; Xu, C.; Wu, H.; Dong, L. A new certificateless signature with enhanced security and aggregation version. Concurr. Comput. Pract. Exp.
**2016**, 28, 1124–1133. [Google Scholar] [CrossRef] - Kumar, P.; Sharma, V. A comment on efficient certificateless aggregate signature scheme. In Proceedings of the 2017 International Conference on Computing, Communication and Automation (ICCCA), Greater Noida, India, 5–6 May 2017; IEEE: Piscateville, NJ, USA; pp. 515–519. [Google Scholar]
- Horng, S.J.; Tzeng, S.F.; Huang, P.H.; Wang, X.; Li, T.; Khan, M.K. An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks. Inf. Sci.
**2015**, 317, 48–66. [Google Scholar] [CrossRef] - Ming, Y.; Shen, X. PCPA: A practical certificateless conditional privacy preserving authentication scheme for vehicular ad hoc networks. Sensors
**2018**, 18, 1573. [Google Scholar] [CrossRef] [PubMed] [Green Version] - Li, J.; Yuan, H.; Zhang, Y. Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks. Cryptol. Eprint Arch.
**2016**. Available online: https://eprint.iacr.org/2016/692.pdf (accessed on 1 July 2023). - Hashimoto, K.; Ogata, W. Unrestricted and compact certificateless aggregate signature scheme. Inf. Sci.
**2019**, 487, 97–114. [Google Scholar] [CrossRef] - Malhi, A.K.; Batra, S.; Pannu, H.S. An efficient privacy preserving authentication scheme for vehicular communications. Wirel. Pers. Commun.
**2019**, 106, 487–503. [Google Scholar] [CrossRef] - Cui, J.; Zhang, J.; Zhong, H.; Shi, R.; Xu, Y. An efficient certificateless aggregate signature without pairings for vehicular ad hoc networks. Inf. Sci.
**2018**, 451, 1–15. [Google Scholar] [CrossRef] - Kamil, I.A.; Ogundoyin, S.O. An improved certificateless aggregate signature scheme without bilinear pairings for vehicular ad hoc networks. J. Inf. Secur. Appl.
**2019**, 44, 184–200. [Google Scholar] [CrossRef] - Du, H.; Wen, Q.; Zhang, S. An efficient certificateless aggregate signature scheme without pairings for healthcare wireless sensor network. IEEE Access
**2019**, 7, 42683–42693. [Google Scholar] [CrossRef] - Thumbur, G.; Rao, G.S.; Reddy, P.V.; Gayathri, N.B.; Reddy, D.K.; Padmavathamma, M. Efficient and secure certificateless aggregate signature-based authentication scheme for vehicular ad hoc networks. IEEE Internet Things J.
**2020**, 8, 1908–1920. [Google Scholar] [CrossRef] - Yang, X.; Chen, A.; Wang, Z.; Du, X.; Wang, C. Cryptanalysis of an Efficient and Secure Certificateless Aggregate Signature-Based Authentication Scheme for Vehicular Ad Hoc Networks. Secur. Commun. Netw.
**2022**, 2022, 4472945. [Google Scholar] [CrossRef] - Ye, X.; Xu, G.; Cheng, X.; Li, Y.; Qin, Z. Certificateless-based anonymous authentication and aggregate signature scheme for vehicular ad hoc networks. Wirel. Commun. Mob. Comput.
**2021**, 2021, 6677137. [Google Scholar] [CrossRef] - Vallent, T.F.; Hanyurwimfura, D.; Mikeka, C. Efficient certificate-less aggregate signature scheme with conditional privacy-preservation for vehicular ad hoc networks enhanced smart grid system. Sensors
**2021**, 21, 2900. [Google Scholar] [CrossRef] - Chen, Y.; Chen, J. Cpp-clas: Efficient and conditional privacy-preserving certificateless aggregate signature scheme for vanets. IEEE Internet Things J.
**2021**, 9, 10354–10365. [Google Scholar] [CrossRef] - Han, Y.; Song, W.; Zhou, Z.; Wang, H.; Yuan, B. eCLAS: An efficient pairing-free certificateless aggregate signature for secure VANET communication. IEEE Syst. J.
**2021**, 16, 1637–1648. [Google Scholar] [CrossRef] - Cahyadi, E.F.; Su, T.W.; Yang, C.C.; Hwang, M.S. A certificateless aggregate signature scheme for security and privacy protection in VANET. Int. J. Distrib. Sens. Netw.
**2022**, 18, 15501329221080658. [Google Scholar] [CrossRef] - Wollinger, T.; Pelzl, J.; Paar, C. Cantor versus Harley: Optimization and analysis of explicit formulae for hyperelliptic curve cryptosystems. IEEE Trans. Comput.
**2005**, 54, 861–872. [Google Scholar] [CrossRef] - Ullah, I.; Zeadally, S.; Amin, N.U.; Asghar Khan, M.; Khattak, H. Lightweight and provable secure cross-domain access control scheme for internet of things (IoT) based wireless body area networks (WBAN). Microprocess. Microsyst.
**2021**, 81, 103477. [Google Scholar] [CrossRef] - Iqbal, A.; Ullah, I.; AlSanad, A.A.; Haq MI, U.; Khan, M.A.; Khan, W.U.; Rabie, K. A cost-effective identity-based signature scheme for vehicular ad hoc network using hyperelliptic curve cryptography. Wirel. Commun. Mob. Comput.
**2022**, 2022, 5012770. [Google Scholar] [CrossRef]

No | Notation | Descriptions |
---|---|---|

1 | $({\mathrm{H}}_{\mathrm{yper}}$) | The hyperelliptic curve of genus 2 |

2 | ${\mathrm{F}}^{\mathrm{ield}}{}_{\mathrm{p}}$ | A finite field of the hyperelliptic curve with order $\mathrm{p}$ |

3 | ${\mathrm{Dot}}_{\mathrm{p}}$ | The private key of DoT |

4 | ${\mathrm{Dot}}_{\mathrm{pb}}$ | The public key of DoT |

5 | $\mathrm{D}$ | Divisor on hyperelliptic curve |

6 | ${\mathrm{H}}_{01}$, ${\mathrm{H}}_{02},{\mathrm{H}}_{03}$ | Hash Function with irreversibility |

7 | ${\mathrm{PB}}_{\mathrm{frm}}$ | Public parameter (param) |

8 | ${\mathrm{U}}_{\mathrm{sr}}$ | Represents the participating user |

9 | ${\mathrm{G}}_{\mathrm{usr}}$ | DoT, the random value selected by user |

10 | ${\mathrm{K}}_{\mathrm{usr}}$ | A secret shared key between user and DoT |

11 | ${\mathrm{EID}}_{\mathrm{usr}}$ | Encrypted identity of user |

12 | (${\mathrm{F}}_{\mathrm{usr}},{\mathrm{L}}_{\mathrm{usr}}$) | Public key pair of users |

13 | (${\mathrm{G}}_{\mathrm{usr}},{\mathrm{P}}_{\mathrm{usr}}$) | Private key pair of users |

14 | ${\mathrm{S}}_{\mathrm{OBU}}$ | Represent signature generated by OBU |

15 | ${\mathrm{P}}_{\mathrm{usr}}$ | Partial Private key of users |

16 | ${\mathrm{E}}_{{\mathrm{K}}_{\mathrm{usr}}}$ | Represents an encryption procedure |

17 | ${\mathrm{D}}_{{\mathrm{K}}_{\mathrm{usr}}}$ | Represents the decryption procedure |

18 | ${\mathrm{ID}}_{\mathrm{usr}}$ | Identity of user |

Scheme | UF1 | UF2 | SA | RA | PPK |
---|---|---|---|---|---|

Eko Cahyadi et al. [30] | YES | YES | NO | NO | NO |

Yulei and Chen [28] | YES | YES | NO | NO | NO |

Yibo et al. [29] | YES | YES | NO | NO | NO |

Keitaro and Ogata [19] | YES | YES | NO | NO | NO |

Proposed | YES | YES | YES | YES | YES |

Scheme | Signing Cost | Verification Cost | Total |
---|---|---|---|

Eko Cahyadi et al. [30] | 5 $\mathcal{B}$Ꝕ$\mathcal{M}$ | 3 $\mathcal{B}$Ꝕ | 8 $\mathcal{B}$Ꝕ |

Yulei and Chen [28] | 2 $\mathcal{E}$𝓒 | 3 $\mathcal{E}$𝓒 | 5 $\mathcal{E}$𝓒 |

Yibo et al. [29] | 2 $\mathcal{E}$𝓒 | 2 $\mathcal{E}$𝓒 | 4 $\mathcal{E}$𝓒 |

Keitaro and Ogata [19] | 3 $\mathcal{B}$Ꝕ$\mathcal{M}$ | 4 $\mathcal{B}$Ꝕ | 7 $\mathcal{B}$Ꝕ |

Proposed | 2 𝓗$\mathcal{E}$𝓒 | 2 𝓗$\mathcal{E}$𝓒 | 4 𝓗$\mathcal{E}$𝓒 |

Operation | Bilinear Point Multiplication | Bilinear Pair | Elliptic Curve | Hyper Elliptic Curve |
---|---|---|---|---|

Time in ms | 4.31ms | 14.90ms | 0.97ms | 0.48ms |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Iqbal, A.; Zubair, M.; Khan, M.A.; Ullah, I.; Ur-Rehman, G.; Shvetsov, A.V.; Noor, F.
An Efficient and Secure Certificateless Aggregate Signature Scheme for Vehicular Ad hoc Networks. *Future Internet* **2023**, *15*, 266.
https://doi.org/10.3390/fi15080266

**AMA Style**

Iqbal A, Zubair M, Khan MA, Ullah I, Ur-Rehman G, Shvetsov AV, Noor F.
An Efficient and Secure Certificateless Aggregate Signature Scheme for Vehicular Ad hoc Networks. *Future Internet*. 2023; 15(8):266.
https://doi.org/10.3390/fi15080266

**Chicago/Turabian Style**

Iqbal, Asad, Muhammad Zubair, Muhammad Asghar Khan, Insaf Ullah, Ghani Ur-Rehman, Alexey V. Shvetsov, and Fazal Noor.
2023. "An Efficient and Secure Certificateless Aggregate Signature Scheme for Vehicular Ad hoc Networks" *Future Internet* 15, no. 8: 266.
https://doi.org/10.3390/fi15080266