# An Efficient Certificateless Forward-Secure Signature Scheme for Secure Deployments of the Internet of Things

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## 1. Introduction

- We propose a certificateless, forward-secure HECC-based digital signature scheme that provides privacy, gets rid of the key escrow problem, and ensures its forward security.
- A comprehensive security analysis is conducted to demonstrate that the proposed scheme is secure against various types of cyber-attacks.
- Finally, the efficiency of the proposed scheme is evaluated by comparing it to other existing schemes in terms of its computation and communication costs. The results reveal that the proposed scheme is more efficient.

## 2. Literature Review

## 3. Preliminaries

#### 3.1. Network Model

#### 3.2. Syntax of Certificateless Forward Signature

- Initialization: The trusted authority (TA) generates public parameter param, his private key ($\partial $), and public key ($\Gamma $) by taking as input the security parameter of hyperelliptic curve.
- Generate Private Number: Given the security parameter and param, the user (${U}_{i}$) selects ${\varphi}_{i}$ as his private number.
- Generate Partial Private Key: Given user identity ($I{D}_{i}$), public key of TA ($\Gamma $), and public parameter param, TA generates the tuple (${\mathcal{I}}_{i}$, ${\omega}_{i}$) as a partial private key for user with identity ($I{D}_{i}$).
- Generate Private Key: Given a private number (${\varphi}_{i}$) and the tuple (${\mathcal{I}}_{i}$, ${\omega}_{i}$), a ser (${U}_{i}$) sets (${\omega}_{i},{\varphi}_{i}$) as his private key.
- Key Update: In this phase, it renews the signature key pair by replacing (${\omega}_{i},{\varphi}_{i}$) on $({\omega}_{i}{}^{new}$,${\varphi}_{i}{}^{new})$ before signature generations and also renews the verification public key as $({\mathcal{Q}}_{i}{}^{new}$,${\mathcal{I}}_{i}{}^{new})$.
- Generate Public Key: Given a private number (${\varphi}_{i}$) and the tuple (${\mathcal{I}}_{i}$, ${\omega}_{i}$), the user (${U}_{i}$) sets (${\mathcal{I}}_{i},{\mathcal{Q}}_{i}$) as his public key, where ${\mathcal{Q}}_{i}={\varphi}_{i}.\mathcal{D}$.
- Generate Forward Signature: Given a message $m$, the updated signature key pair $({\omega}_{i}{}^{new}$,${\varphi}_{i}{}^{new})$, param, signer identity ($I{D}_{i}$), and ${\mathcal{I}}_{i}$, generate and send the signature tuple ($K,\beta $) to the verifier.
- Forward Signature Verification: Given a message $m$, the public key pair $\left({\mathcal{I}}_{i},{\mathcal{Q}}_{i}\right)$, param, signer identity ($I{D}_{i}$), and ($K,\beta $), the verifier verifies the received signature tuple.

#### 3.3. Hyperelliptic Curve Discrete Logarithm Problem (HECDLP)

## 4. Certificateless Forward-Secure Signature Scheme

- Initialization: Here, the trusted authority performs the following mathematical computations:
- Select hyper elliptic curve (${H}_{G=2}$) with genus 2.
- Suggest the finite field (${F}_{p}$) of order $p$, where its range is not more than 80 bits.
- Suggest the devisor $\left(\mathcal{D}\right)$ of ${H}_{G=2}$, where its range is not more than 80 bits.
- Suggest three irreversible, one-way, and collision-resistant hash functions (${H}_{j},{H}_{k},{H}_{l}$) from the SHA family.
- TA computes the public key $\Gamma =\partial .\mathcal{D}$, where $\partial $ is the randomly selected private key from${F}_{p}$.
- TA publishes the public parameter set {$\Gamma $,$\mathcal{D}$,${F}_{p},{H}_{G=2},{H}_{j},{H}_{k},{H}_{l}$}.

- Generate Private Number: User (${U}_{i}$) selects ${\varphi}_{i}$ from ${F}_{p}$ as a private number.
- Generate Partial Private Key: Upon the request of ${U}_{i}$ with identity $I{D}_{i}$, TA selects ${\gamma}_{i}$ from${F}_{p}$ and computes ${\mathcal{I}}_{i}={\gamma}_{i}.\mathcal{D}$, ${\Delta}_{i}={H}_{j}\left(I{D}_{i},\Gamma ,{\mathcal{I}}_{i}\right)$, and ${\omega}_{i}=\partial +{\gamma}_{i}.{\mathcal{I}}_{i}$.
- Generate Private Key: The User (${U}_{i}$) sets (${\omega}_{i},{\varphi}_{i}$) as his private key.
- Key Update: In this phase, it renews the signature key pair by replacing (${\omega}_{i},{\varphi}_{i}$) on $({\omega}_{i}{}^{new}$,${\varphi}_{i}{}^{new})$ before signature generations and also renews the verification public key as $({\mathcal{Q}}_{i}{}^{new}$,${\mathcal{I}}_{i}{}^{new})$.
- Generate Public Key: The user (${U}_{i}$) sets (${\mathcal{I}}_{i},{\mathcal{Q}}_{i}$) as his public key, where ${\mathcal{Q}}_{i}={\varphi}_{i}.\mathcal{D}$.
- Generate Forward Signature: Given a message $m$, the updated signature key pair $({\omega}_{i}{}^{new}$,${\varphi}_{i}{}^{new})$, {$\Gamma $,$\mathcal{D}$,${F}_{p},{H}_{G=2},{H}_{j},{H}_{k},{H}_{l}$}, signer identity ($I{D}_{i}$), and ${\mathcal{I}}_{i}$, the signer performs the following computations:
- Signer selects $\U0001d4c0$ from ${F}_{p}$ and computes $K=\U0001d4c0.\mathcal{D}$.
- Compute ${r}_{1}={H}_{k}\left(m,K\right)$ and ${r}_{2}={H}_{l}\left(m,K,\Gamma ,{\mathcal{Q}}_{i}\right)$.
- Compute $\beta ={\varphi}_{i}{}^{new}+{r}_{1}\U0001d4c0+{r}_{2}{\omega}_{i}{}^{new}$ and send ($K,\beta ,{r}_{1}$) to verifier.

- Forward Signature Verification: Given a message $m$, the public key pair $\left({\mathcal{I}}_{i},{\mathcal{Q}}_{i}\right)$, {$\Gamma $,$\mathcal{D}$,${F}_{p},{H}_{G=2},{H}_{j},{H}_{k},{H}_{l}$}, signer identity ($I{D}_{i}$), and ($K,\beta ,{r}_{1}$), the verifier performs the following computations:

## 5. Correctness

## 6. Security Analysis

**Theorem**

**1.**

**Proof.**

- ${H}_{j}$ Query: When ${A}_{n}$ submits the ${H}_{j}$ query with $\left(I{D}_{i},\Gamma ,{\mathcal{I}}_{i}\right)$, the challenger (${C}_{n}$) combs in ${L}_{j}$ and returns $\left(I{D}_{i},\Gamma ,{\mathcal{I}}_{i},{\Delta}_{i}\right)$, if it was available previously. Otherwise, it chooses ${\Delta}_{i}$ from ${F}_{p}$ and sends it to${A}_{n}$.
- ${H}_{k}$ Query: When ${A}_{n}$ submits the ${H}_{k}$ query with $\left(m,K\right)$, the challenger (${C}_{n}$) combs in ${L}_{k}$ and returns $\left(m,K,{r}_{1i}\right)$, if it was available previously. Otherwise, it chooses ${r}_{1i}$ from ${F}_{p}$ and sends it to${A}_{n}$.
- ${H}_{l}$ Query: When ${A}_{n}$ submits the ${H}_{l}$ query with $\left(m,K,\Gamma ,{\mathcal{Q}}_{i}\right)$, the challenger (${C}_{n}$) combs in ${L}_{l}$ and returns $\left(m,K,\Gamma ,{\mathcal{Q}}_{i},{r}_{2i}\right)$, if it was available previously. Otherwise, it chooses ${r}_{2i}$ from ${F}_{p}$ and sends it to${A}_{n}$.
- User Creation Query: When ${A}_{n}$ submits query with$I{D}_{i}$, the challenger (${C}_{n}$) combs in ${L}_{UCQ}$ and returns $({\mathcal{Q}}_{i}{}^{new}$,${\mathcal{I}}_{i}{}^{new})$ and (${\mathcal{I}}_{i},{\mathcal{Q}}_{i}$), if they exist. Otherwise, it goes for the following conditions:
- If $I{D}_{i}\ne I{D}^{\ast}$, three variables ${\omega}_{i},{\varphi}_{i},{\Delta}_{i}$ are chosen by ${C}_{n}$, which computes ${\mathcal{I}}_{i}=\raisebox{1ex}{${\omega}_{i}.\mathcal{D}-\Gamma $}\!\left/ \!\raisebox{-1ex}{${\Delta}_{i}$}\right.$, and ${\mathcal{Q}}_{i}={\varphi}_{i}.\mathcal{D}$.
- If $ID=I{D}^{\ast}$, three variables ${\omega}_{i},{\varphi}_{i},{\Delta}_{i}$ are chosen by ${C}_{n}$, which computes ${\mathcal{I}}_{i}={\gamma}_{i}.\mathcal{D}$, ${\mathcal{Q}}_{i}={\varphi}_{i}.\mathcal{D}$, and sets ${\omega}_{i}=null$. Then, it returns (${\mathcal{I}}_{i},{\mathcal{Q}}_{i}$) and renews $({\mathcal{Q}}_{i}{}^{new}$,${\mathcal{I}}_{i}{}^{new})$ to ${A}_{n}$ and updates ${L}_{UCQ}$.

- Replace Public Key Query: When ${A}_{n}$ submits a query with$I{D}_{i}$, the challenger (${C}_{n}$) replaces $({\mathcal{Q}}_{i}{}^{new/}$,${\mathcal{I}}_{i}{}^{new/})$ and $({\mathcal{Q}}_{i}{}^{/}$,${\mathcal{I}}_{i}{}^{/})$ and returns them to ${A}_{n}$.
- Private Number Query: When ${A}_{n}$ submits a query with$I{D}_{i}$, the challenger (${C}_{n}$) combs in ${L}_{PNQ}$ and returns ${\varphi}_{i}$, if it exists. Otherwise, it goes for the following conditions:
- If $I{D}_{i}\ne I{D}^{\ast}$, three variables ${\omega}_{i},{\varphi}_{i},{\Delta}_{i}$ are chosen by ${C}_{n}$, which computes ${\mathcal{I}}_{i}=\raisebox{1ex}{${\omega}_{i}.\mathcal{D}-\Gamma $}\!\left/ \!\raisebox{-1ex}{${\Delta}_{i}$}\right.$ and ${\mathcal{Q}}_{i}={\varphi}_{i}.\mathcal{D}$.
- If $ID=I{D}^{\ast}$, three variables ${\omega}_{i},{\varphi}_{i},{\Delta}_{i}$ are chosen by ${C}_{n}$, which computes ${\mathcal{I}}_{i}={\gamma}_{i}.\mathcal{D}$, ${\mathcal{Q}}_{i}={\varphi}_{i}.\mathcal{D}$, and sets ${\omega}_{i}=null$. Then, it renews $({\omega}_{i}{}^{new}$,${\varphi}_{i}{}^{new})$ and returns to ${A}_{n}$ and updates ${L}_{PNQ}$.

- Partial Private Key Query: When ${A}_{n}$ submits a query with$I{D}_{i}$, the challenger (${C}_{n}$) checks if $I{D}_{i}\ne I{D}^{\ast}$, and then it combs in ${L}_{PPKQ}$ and returns ${\omega}_{i}{}^{new}$, if it exists. Otherwise, it stops the further executions.
- Generate Forward Signature Query: When ${A}_{n}$ submits a query with$I{D}_{i}$, the challenger (${C}_{n}$) combs in ${L}_{j},{L}_{k},{L}_{l,},{L}_{CUQ},{L}_{PNQ}$, and ${L}_{PPKQ}$ for the record of $(I{D}_{i}$,${\omega}_{i}{}^{new}$,${\varphi}_{i}{}^{new},{\mathcal{Q}}_{i}{}^{new}$,${\mathcal{I}}_{i}{}^{new})$, $(I{D}_{i}$,$\Gamma ,{\mathcal{I}}_{i}{}^{new})$,$\left(m,K\right)$, and $\left(m,K,\Gamma ,{\mathcal{Q}}_{i}{}^{new}\right)$. If $ID=I{D}^{\ast}$ or ${\omega}_{i}=null$, ${C}_{n}$ randomly chooses $K$ and $\beta $ and sends them to ${A}_{n}$. Otherwise, three variables $\U0001d4c0,{r}_{1},{r}_{2}$ are chosen by ${C}_{n}$, which computes $K=\U0001d4c0.\mathcal{D},$ $\beta ={\varphi}_{i}{}^{new}+{r}_{1}\U0001d4c0+{r}_{2}{\omega}_{i}{}^{new}$ and returns $K,\beta $ to ${A}_{n}$.

- If there exists no collision during the user creation query, its probability is ${\left(1-\frac{Q{H}_{j}}{Q}\right)}^{{Q}_{U}}$.
- When ${A}_{n}$ is not called for the partial private key query on $I{D}^{\ast}$, its probability is ${\left(1-\frac{1}{{Q}_{U}}\right)}^{{Q}_{ppt}}$.
- ${A}_{n}$ can send forward a signature if $ID=I{D}^{\ast}$, and its probability is $\frac{1}{{Q}_{U}}$.
- ${A}_{n}$ can find the valid value from ${L}_{k}$, and its probability is $\left(1-\frac{Q{H}_{k}}{Q}\right)$.
- ${A}_{n}$ can find the valid value from ${L}_{l}$, and its probability is ($1-\frac{Q{H}_{l}}{Q}$).
- The combined probability will be what follows:${\mathcal{E}}^{/}={\left(1-\frac{Q{H}_{j}}{Q}\right)}^{{Q}_{U}}+{\left(1-\frac{1}{{Q}_{U}}\right)}^{{Q}_{ppt}}\left(\frac{1}{{Q}_{U}}\right)\left(1-\frac{Q{H}_{k}}{Q}\right)$($1-\frac{Q{H}_{l}}{Q}$)$\mathcal{E}$.

**Theorem**

**2.**

**Proof.**

- ${H}_{j}$ Query: This query is performed as in Theorem 1.
- ${H}_{k}$ Query: This query is performed as in Theorem 1.
- ${H}_{l}$ Query: This query is performed as in Theorem 1.
- User Creation Query: When ${A}_{n}$ submits a query with$I{D}_{i}$, the challenger (${C}_{n}$) combs in ${L}_{UCQ}$ and returns $({\mathcal{Q}}_{i}{}^{new}$,${\mathcal{I}}_{i}{}^{new})$ and (${\mathcal{I}}_{i},{\mathcal{Q}}_{i}$), if they exist. Otherwise, it goes for the followed conditions:
- If $I{D}_{i}\ne I{D}^{\ast}$, three variables ${\omega}_{i},{\varphi}_{i},{\Delta}_{i}$ are chosen by ${C}_{n}$, which computes ${\mathcal{I}}_{i}=\raisebox{1ex}{${\omega}_{i}.\mathcal{D}-\Gamma $}\!\left/ \!\raisebox{-1ex}{${\Delta}_{i}$}\right.$ and ${\mathcal{Q}}_{i}={\varphi}_{i}.\mathcal{D}$.
- If $ID=I{D}^{\ast}$, three variables ${\omega}_{i},{\varphi}_{i},{\Delta}_{i}$ are chosen by ${C}_{n}$, which computes ${\mathcal{I}}_{i}={\gamma}_{i}.\mathcal{D}$, ${\mathcal{Q}}_{i}={\varphi}_{i}.\mathcal{D}$, and sets ${\omega}_{i}=null$. Then, it returns (${\mathcal{I}}_{i},{\mathcal{Q}}_{i}$) and renews $({\mathcal{Q}}_{i}{}^{new}$,${\mathcal{I}}_{i}{}^{new})$ to ${A}_{m}$ and updates ${L}_{UCQ}$.

- Private Number Query: Here, ${A}_{m}$ is not allowed to access ${\varphi}_{i}$ on $I{D}^{\ast}$, and ${C}_{n}$ will not stop further executions if $I{D}_{i}\ne I{D}^{\ast}.$ Otherwise, the challenger (${C}_{n}$) combs in ${L}_{PNQ}$ and returns ${\varphi}_{i}$ if it exists.
- Partial Private Key Query: When ${A}_{m}$ submits a query with$I{D}_{i}$, the challenger (${C}_{n}$) combs in ${L}_{PPKQ}$ and returns ${\omega}_{i}{}^{new}$ if it exists.
- Generate Forward Signature Query: When ${A}_{m}$ submits a query with$I{D}_{i}$, the challenger (${C}_{n}$) combs in ${L}_{j},{L}_{k},{L}_{l,},{L}_{CUQ},{L}_{PNQ}$, and ${L}_{PPKQ}$ for the record of $(I{D}_{i}$,${\omega}_{i}{}^{new}$,${\varphi}_{i}{}^{new},{\mathcal{Q}}_{i}{}^{new}$,${\mathcal{I}}_{i}{}^{new})$, $(I{D}_{i}$,$\Gamma ,{\mathcal{I}}_{i}{}^{new})$,$\left(m,K\right)$, and $\left(m,K,\Gamma ,{\mathcal{Q}}_{i}{}^{new}\right)$. If $ID=I{D}^{\ast}$ or ${\omega}_{i}=null$, ${C}_{n}$ randomly chooses $K$ and $\beta $, and sends them to ${A}_{m}$. Otherwise, three variables $\U0001d4c0,{r}_{1},{r}_{2}$ are chosen by ${C}_{n}$, which computes $K=\U0001d4c0.\mathcal{D},$ $\beta ={\varphi}_{i}{}^{new}+{r}_{1}\U0001d4c0+{r}_{2}{\omega}_{i}{}^{new}$, and returns $K,\beta $ to ${A}_{m}$.

- If there exists no collision during the user creation query, its probability is ${\left(1-\frac{Q{H}_{j}}{Q}\right)}^{{Q}_{U}}$.
- When ${A}_{m}$ is not called for the partial private key query on $I{D}^{\ast}$, its probability is ${\left(1-\frac{1}{{Q}_{U}}\right)}^{{Q}_{ppt}}$.
- ${A}_{m}$ can send forward a signature if $ID=I{D}^{\ast}$, and its probability is $\frac{1}{{Q}_{U}}$.
- ${A}_{m}$ can find the valid value from ${L}_{k}$, and its probability is $\left(1-\frac{Q{H}_{k}}{Q}\right)$.
- ${A}_{m}$ can find the valid value from ${L}_{l}$, and its probability is ($1-\frac{Q{H}_{l}}{Q}$).
- The combined probability will be what follows:${\mathcal{E}}^{/}={\left(1-\frac{Q{H}_{j}}{Q}\right)}^{{Q}_{U}}+{\left(1-\frac{1}{{Q}_{U}}\right)}^{{Q}_{ppt}}\left(\frac{1}{{Q}_{U}}\right)\left(1-\frac{Q{H}_{k}}{Q}\right)$($1-\frac{Q{H}_{l}}{Q}$)$\mathcal{E}$.

**Theorem**

**3.**

**Proof.**

**Theorem**

**4.**

**Proof.**

## 7. Computational Cost

- Computational cost reduction process between the newly proposed scheme and Kim et al. [21], which is represented and processed as $\frac{\mathrm{Kim}\mathrm{et}\mathrm{al}.-NewlyProposedScheme}{\mathrm{Kim}\mathrm{et}\mathrm{al}.}\ast 100=\frac{136.88-3.36}{136.88}\ast 100=97.54\%$.
- Computational cost reduction process between the newly proposed scheme and Oh et al. [22], which is represented and processed as $\frac{\mathrm{Oh}\mathrm{et}\mathrm{al}.-NewlyProposedScheme}{\mathrm{Oh}\mathrm{et}\mathrm{al}.}\ast 100=\frac{7.5-3.36}{7.5}\ast 100=55.2\%$.
- Computational cost reduction process between the newly proposed scheme and Ko et al. [23], which is represented and processed as $\frac{\mathrm{Ko}\mathrm{et}\mathrm{al}.-NewlyProposedScheme}{\mathrm{Ko}\mathrm{et}\mathrm{al}.}\ast 100=\frac{7.5-3.36}{7.5}\ast 100=55.2\%$.
- Computational cost reduction process between the newly proposed scheme and Ping et al. [26], which is represented and processed as $\frac{\mathrm{Zhang}\mathrm{et}\mathrm{al}.-NewlyProposedScheme}{\mathrm{Zhang}\mathrm{et}\mathrm{al}.}\ast 100=\frac{4.16-3.36}{4.16}\ast 100=19.23\%$.

## 8. Communication Overhead

- Communication overheads reduction process between the newly proposed scheme and Kim et al. [21], which is represented and processed as $\frac{\mathrm{Kim}\mathrm{et}\mathrm{al}.-NewlyProposedScheme}{\mathrm{Kim}\mathrm{et}\mathrm{al}.}\ast 100=\frac{7168-1184}{7168}\ast 100=83.48\%$.
- Communication overheads reduction process between the newly proposed scheme and Oh et al. [22], which is represented and processed as $\frac{\mathrm{Oh}\mathrm{et}\mathrm{al}-NewlyProposedScheme}{\mathrm{Kim}\mathrm{et}\mathrm{al}.}\ast 100=\frac{3328-1184}{3328}\ast 100=64.42\%$.
- Communication overheads reduction process between the newly proposed scheme and Ko et al. [23], which is represented and processed as $\frac{\mathrm{Ko}\mathrm{et}\mathrm{al}.-NewlyProposedScheme}{\mathrm{Ko}\mathrm{et}\mathrm{al}.}\ast 100=\frac{4096-1184}{4096}\ast 100=71.09\%$.
- Communication overheads reduction process between the newly proposed scheme and Zhang et al. [26], which is represented and processed as $\frac{\mathrm{Zhang}\mathrm{et}\mathrm{al}.-NewlyProposedScheme}{\mathrm{Zhang}\mathrm{et}\mathrm{al}.}\ast 100=\frac{1344-1184}{1344}\ast 100=11.90\%$.

## 9. Conclusions

## Author Contributions

## Funding

## Data Availability Statement

## Acknowledgments

## Conflicts of Interest

## References

- Fazeldehkordi, E.; Grønli, T.-M. A Survey of Security Architectures for Edge Computing-Based IoT. IoT
**2022**, 3, 332–365. [Google Scholar] [CrossRef] - Dilberoglu, U.M.; Gharehpapagh, B.; Yaman, U.; Dolen, M. The Role of Additive Manufacturing in the Era of Industry 4.0. Procedia Manuf.
**2017**, 11, 545–554. [Google Scholar] [CrossRef] - Williams, P.; Dutta, I.K.; Daoud, H.; Bayoumi, M. A Survey on Security in Internet of Things with a Focus on the Impact of Emerging Technologies. Internet Things
**2022**, 19, 100564. [Google Scholar] [CrossRef] - Villa-Henriksen, A.; Edwards, G.T.C.; Pesonen, L.A.; Green, O.; Sørensen, C.A.G. Internet of Things in Arable Farming: Implementation, Applications, Challenges and Potential. Biosyst. Eng.
**2020**, 191, 60–84. [Google Scholar] [CrossRef] - Khan, M.A.; Kumar, N.; Mohsan, S.A.H.; Khan, W.U.; Nasralla, M.M.; Alsharif, M.H.; Zywiolek, J.; Ullah, I. Swarm of UAVs for Network Management in 6G: A Technical Review. IEEE Trans. Netw. Serv. Manag.
**2022**. [Google Scholar] [CrossRef] - Ullah, I.; Alkhalifah, A.; Althobaiti, M.M.; Al-Wesabi, F.N.; Hilal, A.M.; Khan, M.A.; Ming-Tai Wu, J. Certificate-Based Signature Scheme for Industrial Internet of Things Using Hyperelliptic Curve Cryptography. Wirel. Commun. Mob. Comput.
**2022**, 2022, 7336279. [Google Scholar] [CrossRef] - Majeed, R.; Abdullah, N.A.; Mushtaq, M.F.; Kazmi, R. Drone Security: Issues and Challenges. Int. J. Adv. Comput. Sci. Appl.
**2021**, 12. [Google Scholar] [CrossRef] - Xiang, D.; Li, X.; Gao, J.; Zhang, X. A Secure and Efficient Certificateless Signature Scheme for Internet of Things. Ad. Hoc. Netw.
**2022**, 124, 102702. [Google Scholar] [CrossRef] - Cao, Y.; Xu, S.; Chen, X.; He, Y.; Jiang, S. A Forward-Secure and Efficient Authentication Protocol through Lattice-Based Group Signature in VANETs Scenarios. Comput. Netw.
**2022**, 214, 109149. [Google Scholar] [CrossRef] - Yadav, V.K.; Andola, N.; Verma, S.; Venkatesan, S. PSCLS: Provably Secure Certificateless Signature Scheme for IoT Device on Cloud. J. Supercomput.
**2022**. [Google Scholar] [CrossRef] - Ullah, I.; Khan, M.A.; Abdullah, A.M.; Mohsan, S.A.H.; Noor, F.; Algarni, F.; Innab, N. A Conditional Privacy Preserving Generalized Ring Signcryption Scheme for Micro Aerial Vehicles. Micromachines
**2022**, 13, 1926. [Google Scholar] [CrossRef] [PubMed] - Ullah, I.; Khan, M.A.; Kumar, N.; Abdullah, A.M.; AlSanad, A.A.; Noor, F. A Conditional Privacy Preserving Heterogeneous Signcryption Scheme for Internet of Vehicles. IEEE Trans. Veh. Technol.
**2022**, 1–10. [Google Scholar] [CrossRef] - Malkin, T.; Micciancio, D.; Miner, S. Composition and Efficiency Tradeoffs for Forward-Secure Digital Signatures. Cryptol. Eprint Arch.
**2001**. Available online: https://eprint.iacr.org/2001/034 (accessed on 13 November 2022). - Itkis, G.; Reyzin, L. Forward-Secure Signatures with Optimal Signing and Verifying. Adv. Cryptol. CRYPTO
**2001**, 2001, 332–354. [Google Scholar] [CrossRef] [Green Version] - Kozlov, A.; Reyzin, L. Forward-Secure Signatures with Fast Key Update. Secur. Commun. Netw.
**2003**, 2576, 241–256. [Google Scholar] [CrossRef] [Green Version] - McCullagh, N.; Barreto, P.S.L.M. Efficient and Forward-Secure Identity-Based Signcryption. Cryptol. Eprint Arch.
**2004**. Available online: https://eprint.iacr.org/ (accessed on 13 November 2022). - Boyen, X.; Shacham, H.; Shen, E.; Waters, B. Forward-Secure Signatures with Untrusted Update. In Proceedings of the 13th ACM conference on Computer and Communications Security CCS ’06 2006, Alexandria, VI, USA, 30 October–3 November 2006. [Google Scholar] [CrossRef]
- Liu, J.K.; Wong, D.S. Solutions to Key Exposure Problem in Ring Signature. Cryptol. Eprint Arch.
**2005**. Available online: https://eprint.iacr.org/2005/427 (accessed on 13 November 2022). - Das, A.K.; Sharma, P.; Chatterjee, S.; Sing, J.K. A Dynamic Password-Based User Authentication Scheme for Hierarchical Wireless Sensor Networks. J. Netw. Comput. Appl.
**2012**, 35, 1646–1656. [Google Scholar] [CrossRef] - Qian, X.; Chengxiang, T.; Jun, F.; Zhijie, F.; Wenye, Z. Lattice-Based Forward Secure and Certificateless Signature Scheme. J. Comput. Res. Dev.
**2017**, 54, 1510. [Google Scholar] [CrossRef] - Kim, J.; Oh, H. Forward-Secure Digital Signature Schemes with Optimal Computation and Storage of Signers. ICT Syst. Secur. Priv. Prot.
**2017**, 502, 523–537. [Google Scholar] [CrossRef] [Green Version] - Oh, H.; Kim, J.; Shin, J.S. Forward-Secure ID Based Digital Signature Scheme with Forward-Secure Private Key Generator. Inf. Sci.
**2018**, 454–455, 96–109. [Google Scholar] [CrossRef] - Ko, H.; Jeong, G.; Kim, J.; Kim, J.; Oh, H. Forward Secure Identity-Based Signature Scheme with RSA. ICT Syst. Secur. Priv. Prot.
**2019**, 562, 314–327. [Google Scholar] [CrossRef] - Du, H.; Wen, Q.; Zhang, S.; Gao, M. A New Provably Secure Certificateless Signature Scheme for Internet of Things. Ad. Hoc. Netw.
**2020**, 100, 102074. [Google Scholar] [CrossRef] - Saqib, M.; Jasra, B.; Moon, A.H. A Lightweight Three Factor Authentication Framework for IoT Based Critical Applications. J. King Saud Univ. Comput. Inf. Sci.
**2022**, 34, 6925–6937. [Google Scholar] [CrossRef] - Zhang, P.; Li, Y.; Liu, M.; Shang, Y.; Fu, Z. An ECC-Based Digital Signature Scheme for Privacy Protection in Wireless Communication Network. Wirel. Commun. Mob. Comput.
**2022**, 2022, 1977798. [Google Scholar] [CrossRef] - Lu, Y.; Wang, D.; Obaidat, M.S.; Vijayakumar, P. Edge-Assisted Intelligent Device Authentication in Cyber-Physical Systems. IEEE Internet Things J.
**2022**, 1. [Google Scholar] [CrossRef] - Ullah, I.; Khan, M.A.; Khan, F.; Jan, M.A.; Srinivasan, R.; Mastorakis, S.; Hussain, S.; Khattak, H. An Efficient and Secure Multi-Message and Multi-Receiver Signcryption Scheme for Edge Enabled Internet of Vehicles. IEEE Internet Things J.
**2021**, 9, 2688–2697. [Google Scholar] [CrossRef] - Ullah, I.; Amin, N.U.; Khan, M.A.; Khattak, H.; Kumari, S. An Efficient and Provable Secure Certificate-Based Combined Signature, Encryption and Signcryption Scheme for Internet of Things (IoT) in Mobile Health (M-Health) System. J. Med. Syst.
**2020**, 45, 4. [Google Scholar] [CrossRef] [PubMed]

No | Symbol | Description |
---|---|---|

1 | ${H}_{G=2}$ | Represents a hyper elliptic curve with genus 2 |

2 | ${F}_{p}$ | Represents a finite field of order p, where its range is not more than 80 bits |

3 | $\mathcal{D}$ | Represents a devisor, where its range is not more then 80 bits |

4 | ${H}_{j},{H}_{k},{H}_{l}$ | Represent three irreversible, one-way, and collision-resistant hash functions from the SHA family |

5 | $\Gamma $ | The public key of TA, and it is made from the combination of secret key and devisor |

6 | $\partial $ | The secret key of TA, and it is randomly selected from F_{p} |

7 | ${U}_{i}$ | This symbol is used to indicate user |

8 | ${\omega}_{i},{\varphi}_{i}$ | These two symbols are used to indicate the private key of U_{i} |

9 | ${\varphi}_{i}$ | This is used to represent the private number of U_{i} |

10 | $I{D}_{i}$ | This is used to represent the identity of U_{i} |

11 | ${\omega}_{i}{}^{new}$$,{\varphi}_{i}{}^{new}$ | This is used to represent the update private key pair of U_{i} |

12 | ${\mathcal{I}}_{i},{\mathcal{Q}}_{i}$ | This is used to represent the public key pair of U_{i} |

13 | ${\mathcal{Q}}_{i}{}^{new}$$,{\mathcal{I}}_{i}{}^{new}$ | This is used to represent the update public key pair of U_{i} |

14 | $K,\beta $ | This is used to represent the signature pair generated by signer |

15 | $\mathcal{B}\mathcal{M}$ | This is used to represent bilinear pairing-based multiplication |

16 | Xⅇ | This is used to represent the exponential |

17 | $\mathcal{E}\mathcal{C}\mathcal{M}$ | This is used to represent elliptic curve multiplication |

18 | $\mathcal{H}\mathcal{E}\mathcal{C}\mathcal{M}$ | This is used to represent hyperelliptic curve multiplication |

19 | $\mathcal{B}\U0001d4c0$ | This is used to represent the bilinear pairing operation |

20 | ${C}_{n}$ | This is used to represent the challenger, which will support the adversary during security analysis |

21 | ${A}_{n}$ | This is used to represent the type 1 adversary |

22 | ${A}_{m}$ | This is used to represent the type 2 adversary |

23 | $\mathcal{E}$ | This is used to represent the non-negligible probability type 1 and type 2 adversaries |

24 | $Q{H}_{l}$ | This is used to represent the query for H_{l} |

25 | ${Q}_{ppt}$ | This is used to represent partial private key query |

26 | ${Q}_{U}$ | This is used to represent user creation query |

27 | $Q{H}_{k}$ | This is used to denote the query for H_{k} |

28 | $Q{H}_{j}$ | This is used to denote the query for H_{j} |

Schemes | Key Update | Sender | Receiver | Total |
---|---|---|---|---|

Kim et al. [21] | $8\mathrm{Xe}+5\mathcal{B}\mathcal{M}$ | $5\mathcal{B}\mathcal{M}+6\mathrm{Xe}$ | $3\mathcal{B}\mathcal{M}+3\mathrm{Xe}+4\mathcal{B}\U0001d4c0$ | $17\mathrm{Xe}+13\mathcal{B}\mathcal{M}+4\mathcal{B}\U0001d4c0$ |

Oh et al. [22] | $1\mathrm{Xe}$ | $3\mathrm{Xe}$ | $2\mathrm{Xe}$ | $6\mathrm{Xe}$ |

Ko et al. [23] | 1Xⅇ | 2Xⅇ | $3\mathrm{Xe}$ | $6\mathrm{Xe}$ |

Zhang et al. [26] | $1\mathrm{Xe}$ | $2\mathcal{E}\mathcal{C}\mathcal{M}$ | $1\mathcal{E}\mathcal{C}\mathcal{M}$ | $1\mathrm{Xe}+3\mathcal{E}\mathcal{C}\mathcal{M}$ |

Our Scheme | - | $3\mathcal{H}\mathcal{E}\mathcal{C}\mathcal{M}$ | $4\mathcal{H}\mathcal{E}\mathcal{C}\mathcal{M}$ | $7\mathcal{H}\mathcal{E}\mathcal{C}\mathcal{M}$ |

Schemes | Key Update | Sender | Receiver | Total |
---|---|---|---|---|

Kim et al. [21] | 8 × 1.25 + 5 × 4.31 = 31.55 | 5 × 4.31 + 6 × 1.25 = 29.05 | 3 × 4.31 + 3 × 1.25 + 4 × 14.90 = 76.28 | 17 × 1.25 + 13 × 4.31 + 4 × 14.90 = 136.88 |

Oh et al. [22] | 1 × 1.25 = 1.25 | 3 × 1.25 = 3.75 | 2 × 1.25 = 2.5 | 6 × 1.25 = 7.5 |

Ko et al. [23] | 1 × 1.25 = 1.25 | 2 × 1.25 = 2.5 | 3 × 1.25 = 3.75 | 6 × 1.25 = 7.5 |

Zhang et al. [26] | 1 × 1.25 = 1.25 | 2 × 0.97 = 1.94 | 1 × 0.97 = 0.97 | 1 × 1.25 + 3 × 0.97 = 4.16 |

Our Scheme | - | 3 × 0.48 = 1.44 | 4 × 0.48 = 1.92 | 7 × 0.48 = 3.36 |

Schemes | Communication Overheads | Communication Overheads in Bits |
---|---|---|

Kim et al. [21] | $\left|\mathcal{M}\right|+6\left|G\right|$ | $6\ast 1024+1024=7168bits$ |

Oh et al. [22] | $\left|\mathcal{M}\right|+2\left|\ua754\right|+\left|\mathscr{H}\right|$ | $1024+2\ast 1024+256=3328bits$ |

Ko et al. [23] | $\left|\mathcal{M}\right|+3\left|\ua754\right|$ | $1024+3\ast 1024=4096bits$ |

Zhang et al. [26] | $\left|\mathcal{M}\right|+2\left|\mathcal{Q}\right|$ | $1024+2\ast 160=1344bits$ |

Our Scheme | $\left|\mathcal{M}\right|+2\left|\U0001d4c3\right|$ | $1024+2\ast 80=1184bits$ |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Shah, T.A.; Ullah, I.; Khan, M.A.; Lorenz, P.; Innab, N.
An Efficient Certificateless Forward-Secure Signature Scheme for Secure Deployments of the Internet of Things. *J. Sens. Actuator Netw.* **2023**, *12*, 10.
https://doi.org/10.3390/jsan12010010

**AMA Style**

Shah TA, Ullah I, Khan MA, Lorenz P, Innab N.
An Efficient Certificateless Forward-Secure Signature Scheme for Secure Deployments of the Internet of Things. *Journal of Sensor and Actuator Networks*. 2023; 12(1):10.
https://doi.org/10.3390/jsan12010010

**Chicago/Turabian Style**

Shah, Tahir Ali, Insaf Ullah, Muhammad Asghar Khan, Pascal Lorenz, and Nisreen Innab.
2023. "An Efficient Certificateless Forward-Secure Signature Scheme for Secure Deployments of the Internet of Things" *Journal of Sensor and Actuator Networks* 12, no. 1: 10.
https://doi.org/10.3390/jsan12010010