# An Improved Digital Signature Protocol to Multi-User Broadcast Authentication Based on Elliptic Curve Cryptography in Wireless Sensor Networks (WSNs)

^{1}

^{2}

^{3}

^{4}

^{5}

^{6}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Related Works

#### Design Goal

## 3. Preliminary Material

#### Binary Elliptic Curve Cryptography

^{m}) by two parameters, b ≠ 0 and a, b ∈ GF(2

^{m}), where m is a positive integer. An elliptic curve over GF(2

^{m}) is the point at infinity, denoted as O, as well as all points (x, y) with the proviso that x, y ∈ GF(2

^{m}) and also satisfies Equation (1).

^{m}), then the main points, in the encryption system, are the following:

- $O+O=O.$
- $O+P=P$ for all values of $P=\left(x,y\right)\in Z$.
- $P+Q=O$ for all values of $P=\left(x,y\right)\in Z$ and $Q=\left(x,-x-y\right)\text{}\in Z$.
- Point addition operation in an Elliptic Curve

_{1}, y

_{1}) on the elliptic curve to obtain another point L = (x

_{2}, y

_{2}) = 2P on the same elliptic curve [27,28].

## 4. Adversary Model

**Active Attack**

**Compromise Attack**

**Denial-of-Service Attack (DoS)**

**User Anonymity**

## 5. An Improved Proposed Protocol Based on Elliptic Curve Cryptography

#### 5.1. Pre-Distribution Phase

_{x},G

_{y}) on the elliptic curve with the proviso that G is a finite point on the elliptic curve and also has the largest order n.

#### 5.2. Key Generation Phase

#### 5.3. Signed Production Phase

#### 5.4. Signature Verification Phase

## 6. Proposed Scheme for Broadcast Authentication in Wireless Sensor Network

- (1)
**System initialization phase:**Before deploying sensor nodes, each of them is preloaded with system parameters such as elliptic curve parameters and public key of sink and also $<{Q}_{i},I{D}_{i}>$ for all users. ID denotes the identity and Q denotes the public key of a user.- (2)
**User addition:**A user chooses a unique identifier ID and sends it to the sink. Next, the sink generates a public key and private key $<{Q}_{i},{d}_{i}>$ in the key generation phase of the proposed protocol for $use{r}_{i}$. The sink delivers $<{Q}_{i},{d}_{i}>$ for $use{r}_{i}$ and also broadcasts $<{Q}_{i},I{D}_{i}>$ to sensor networks using secure channel.- (3)
**Broadcast authentication message**: In order to broadcast an authenticated message to the sensor networks, the $use{r}_{i}$ with identifier $I{D}_{i}$ sends the following message:$<M,{T}_{i},Sig(M,{T}_{i},I{D}_{i}),{Q}_{i}>$, where M denotes the message, ${T}_{i}$ denotes the timestamp, and $Sig(M,{T}_{i},I{D}_{i})$ is the signature generation phase of proposed protocol over $(M,{T}_{i},I{D}_{i})$. When the message is received, the sensor node takes the following action:- (a)
- Check whether the timestamp ${T}_{i}$ is fresh.
- (b)
- Verify the received signature using the proposed protocol if ${T}_{i}$ is fresh, otherwise drop the message.
- (c)
- If the signature verification on the received message succeeds, then disseminate the authenticated message to the adjacent sensor nodes, otherwise reject the message and report the potential attack to the sink immediately.

- (4)
**User revocation:**When a user is compromised by an attacker, the sink may revoke her/him from the WSN. As a result, in order to revoke a user, the sink broadcasts a revoke message to the sensor network. Sensor nodes listen to the sink’s broadcast and remove the ID and the public key of the compromised user. After that, if each sensor node that received the broadcast message is from the same user, it will drop it and report the potential attack to the sink.

- First, the attacker creates a fake message $\widehat{m}$.
- In this step, the potential attacker calculates ${R}_{result}=hash\left(m\right)\xf7hash\left(\widehat{m}\right)$ (if $hash\left(m\right)$ can be divided by $hash(\widehat{m})$).
- Also, the attacker calculates the ${X}^{\prime}={R}_{result}\times X$.
- Finally, the attacker uses $(\widehat{X},s)$ as the signature of the message $\widehat{m}$ and broadcasts the fake package $\left({X}^{\prime},s,\widehat{m}\right)$ into wireless sensor networks.
- Finally, the intended victim receives the fake package $\left({X}^{\prime},s,\widehat{m}\right)$ and calculates and compares the values $u={e}^{\ast}{X}^{\prime}+Q$ and $v=s\times G$ to each other. Since $v$ and $u$ are equal, as a result, the intended victim approves the fake message $\widehat{m}$ as a valid message.

#### 6.1. When Output $e$ mod ${e}^{\ast}$ = 0 with the Condition that $e>{e}^{\ast}$

#### 6.2. When Output ${e}^{\ast}$ mod $e$ = 0 with the Condition that $e<{e}^{\ast}$

#### 6.3. When Output $e$ mod ${e}^{\ast}\ne $ 0 with the Condition that $e>{e}^{\ast}$

#### 6.4. When Output ${e}^{\ast}$ mod $e$ ≠ 0 with the Condition that $e<{e}^{\ast}$

**Signature Generation**

- Selects an integer number k randomly in the range of 1 to n − 1, where $k\ne d$.
- Computes $F=kG$.
- Extracts the integer $e$ from the message $m$ using a hash-function operation, $e=hash\left(m\right)$ and sets the most significant bit (MSB) of $e$ to 1.
- Computes $s=\left(kre+d\right)modn$.
- Finally, the generated signature for the message $m$ by the signer $A$ is $\left(s,F,X\right)$.

**Signature Verification**

- Computes ${e}^{\ast}=hash\left(m\right)$ and sets the most significant bit (MSB) of ${e}^{\ast}$ to 1.
- Computes $v=s\times G$ and u=${e}^{\ast}$X + Q.

**1**1111111 mod

**1**1111111 is 0. It means that the content of message $m$ is not altered. Moreover, this example can be extended to N-bits. As a result, we can easily prevent the mentioned attack.

## 7. Security Analysis

#### 7.1. Security Analysis of Proposed Protocol

#### 7.2. Security Strength of Proposed Scheme

**Active Attack**

**Compromise Attack**

**Denial-of-Service Attack (DoS)**

**User Anonymity**

## 8. Results and Evaluations

- T
_{Mul}: time complexity of implementing a modular multiplication. - T
_{Add}: time complexity for implementing a modular add operation. - T
_{EC Mul}: time complexity for implementation of multiplying points in an elliptic curve. - T
_{EC Add}: time complexity to implement the sum of two points of the elliptic curves. - T
_{Inv}: time complexity for executing a reverse acting modular. - T
_{Hash}: time complexity to run a one-way hash function.

- The Cao et al.’s time complexity scheme equals ${T}_{excute}\cong 30{T}_{Mul}+1000\left(87.24{T}_{Mul}\right)=87270{T}_{Mul}$.
- The Ren et al.’s time complexity scheme equals ${T}_{excute}\cong 31{T}_{Mul}+1000\left(60.12{T}_{Mul}\right)=60151{T}_{Mul}$.
- Time complexity of our proposed scheme equals ${T}_{excute}\cong 60{T}_{Mul}+1000\left(58.12{T}_{Mul}\right)=58180{T}_{Mul}$.

## 9. Conclusions

## Author Contributions

## Conflicts of Interest

## References

- Akyildiz, I.F.; Su, W.; Sankarasubramaniam, Y. A survey on Sensor Networks. IEEE Commun. Mag.
**2002**, 40, 102–116. [Google Scholar] [CrossRef] - Mainwaring, A.; Polastre, J.; Szewczyk, R.; Culler, D.; Anderson, J. Wireless sensor networks for habitat monitoring. In Proceedings of the 1st ACM International Workshop on Wireless Sensor Networks and Applications (WSNA ’02), Atlanta, GA, USA, 28 September 2002; pp. 88–97. [Google Scholar]
- Lorincz, K.; Malan, D.J.; Fulford-Jones, T.R.F.; Nawoj, A.; Clavel, A.; Shnayder, V.; Mainland, G.; Welsh, M.; Moulton, S. Sensor Networks for Emergency Response: Challenges and Opportunities. IEEE Pervasive Comput.
**2004**, 3, 16–23. [Google Scholar] [CrossRef] - Akyildiz, I.F.; Kasimoglu, I.H. Wireless Sensor and Actor Networks: Research challenges. Ad Hoc Netw.
**2004**, 2, 351–367. [Google Scholar] [CrossRef] - Ren, K.; Lou, W. Communication Security in Wireless Sensor Networks; VDM Ve: Saarbrücken, Germany, 2008. [Google Scholar]
- Ren, K.; Zeng, K.; Moran, J. On Broadcast Authentication in Wireless Sensor Networks. IEEE Trans. Wirel. Commun.
**2007**, 6, 4136–4144. [Google Scholar] [CrossRef] - Liu, D.; Ning, P.; Zhu, S.; Jajodia, S. Practical Broadcast Authentication in Sensor Networks. In Proceedings of the Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous), San Diego, CA, USA, 17–21 July 2005; pp. 118–132. [Google Scholar]
- Ren, K.; Lou, W.; Zhang, Y. Multi-user Broadcast Authentication in Wireless Sensor Networks. IEEE Trans. Veh. Technol.
**2009**, 58, 4554–4564. [Google Scholar] [CrossRef] - Liu, D.; Ning, P. Multi-level μTESLA: Broadcast Authentication for Distributed Sensor Networks. ACM Trans. Embed. Comput. Syst.
**2004**, 3, 800–836. [Google Scholar] [CrossRef] - Perrig, A.; Szewczyk, R.; Wen, V.; Culler, C.; Tygar, J.D. SPINS: Security Protocols for Sensor Networks. ACM Wirel. Netw.
**2002**, 8, 521–534. [Google Scholar] [CrossRef] - Wu, T.; Cui, Y.; Kusy, B.; Ledeczi, A.; Sallai, J.; Skirvin, N.; Werner, J.; Xue, Y. A Fast and Efficient Source Authentication Solution for Broadcasting in Wireless Sensor Networks. In New Technologies, Mobility and Security; Springer: Dordrecht, The Netherlands, 2007. [Google Scholar]
- Zhou, Y.; Fang, Y. Babra: Batch-Based Broadcast Authentication in Wireless Sensor Networks. In Proceedings of the IEEE GLOBECOM’06, San Francisco, CA, USA, 27 November–1 December 2006; pp. 1–5. [Google Scholar]
- Ning, P.; Liu, A.; Du, W. Mitigate DOS Attacks Against Broadcast Authentication in Wireless Sensor Networks. ACM Trans. Sens. Netw.
**2008**, 4, 1. [Google Scholar] [CrossRef] - Hu, Y.; Perrig, A.; Johnson, D. Packet leashes: A Defense Against Wormhole Attacks in Wireless Ad Hoc networks. In Proceedings of the INFOCOM, Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, San Francisco, CA, USA, 30 March–3 April 2003; pp. 1976–1986. [Google Scholar]
- Chang, S.; Shieh, S.; Hsieh, C. An Efficient Broadcast Authentication Scheme in Wireless Sensor Networks. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), Taipei, Taiwan, 21–24 March 2006; pp. 311–320. [Google Scholar]
- Lee, J.; Kim, S.; Cho, Y.; Chung, Y.; Park, Y. HORSIC: An Efficient One-Time Signature Scheme for Wireless Sensor networks. Inf. Process. Lett.
**2012**, 112, 783–787. [Google Scholar] [CrossRef] - Reyzin, L.; Reyzin, N. Better than biba: Short One-Time Signatures with Fast Signing and Verifying. In Information Security and Privacy; Springer: Berlin/Heidelberg, Germany, 2002; pp. 1–47. [Google Scholar]
- Cao, X.; Kou, W.; Dang, L.; Zhao, B. IMBAS: Identity-Based Multi-User Broadcast Authentication in Wireless Sensor Networks. Comput. Commun.
**2008**, 31, 659–667. [Google Scholar] [CrossRef] - Yamakawa, S.; Cui, Y.; Kobara, K.; Imai, H. Lightweight Broadcast Authentication Protocols Reconsidered. In Proceedings of the IEEE Wireless Communications & Networking Conference (WCNC), Budapest, Hungary, 5–8 April 2009; pp. 3076–3081. [Google Scholar]
- Gura, N.; Patel, A.; Wander, A. Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems (CHES’04), Cambridge, MA, USA, 11–13 August 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 119–132. [Google Scholar]
- Du, W.; Wang, R.; Ning, P. An Efficient Scheme for Authenticating Public Keys in Sensor Networks. In Proceedings of the 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc’05), Urbana-Champaign, IL, USA, 25–27 May 2005; ACM: New York, NY, USA, 2005; pp. 58–67. [Google Scholar]
- Cao, X.; Kou, W.; Du, X. A Pairing-Free Identity-Based Authenticated Key Agreement Protocol with Minimal Message Exchanges. Inf. Sci.
**2010**, 180, 2895–2903. [Google Scholar] [CrossRef] - Benenson, Z.; Gedicke, N.; Raivio, O. Realizing Robust User Authentication in Sensor Networks. In Proceedings of the First REALWSN 2005 Workshop on Real-World Wireless Sensor Networks, Stockholm, Sweden, 20–21 June 2005. [Google Scholar]
- Jiang, C.; Li, B.; Xu, H. An Efficient Scheme for User Authentication in Wireless Sensor Networks. In Proceedings of the 21st International Conference, Advanced Information Networking and Applications Workshops (AINAW ’07), Niagara Falls, ON, Canada, 21–23 May 2007; pp. 438–442. [Google Scholar]
- Wang, D.; Wang, P. Two Birds with One Stone: Two-Factor Authentication with Security beyond Conventional Bound. IEEE Trans. Dependable Secur. Comput.
**2016**. [Google Scholar] [CrossRef] - Nyang, D.H.; Song, J.S. Knowledge-Proof Based Versatile Smart Card Verification Protocol. Comput. Commun. Rev.
**2000**, 30, 39–44. [Google Scholar] [CrossRef] - Hankerson, D.; Menezes, A.; Vanstone, S. Guide to Elliptic Curve Cryptography; Springer Professional Computing Series; Springer: New York, NY, USA; London, UK, 2004. [Google Scholar]
- Dormale, G.; Quisquater, J. Area and Time Trade-Offs for Iterative Modular Division Over GF(2(m)): Novel Algorithm and Implementations on FPGA. Int. J. Electron.
**2007**, 94, 515–529. [Google Scholar] [CrossRef] - Wang, D.; He, D.; Wang, P.; Chu, C. Anonymous Two-Factor Authentication in Distributed Systems: Certain goals are Beyond Attainment. IEEE Trans. Depend. Secur. Comput.
**2015**, 12, 428–442. [Google Scholar] [CrossRef] - Huang, X.; Chen, X.; Li, J.; Xiang, Y.; Xu, L. Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems. IEEE Trans. Parallel Distrib. Syst.
**2014**, 25, 1767–1775. [Google Scholar] [CrossRef] - Wang, D.; Wang, P. On the Anonymity of Two-Factor Authentication Schemes for Wireless Sensor Networks: Attacks, principle and solutions. Comput. Netw.
**2014**, 73, 41–57. [Google Scholar] [CrossRef] - Li, X.; Qiu, W.; Zheng, D.; Chen, K.F.; Li, J. Anonymity Enhancement on Robust and Efficient Password-Authenticated key Agreement Using Smart Cards. IEEE Trans. Ind. Electron.
**2010**, 57, 793–800. [Google Scholar] - Koblitz, N.; Menezes, A.; Vanstone, S. The State of Elliptic Curve Cryptography. Des. Code Cryptogr.
**2000**, 19, 173–193. [Google Scholar] [CrossRef] - Johnson, D.; Menezes, A.; Vanstone, S. The Elliptic Curve Digital Signature Algorithm (ECDSA). Int. J. Inf. Secur.
**2001**, 1, 36–63. [Google Scholar] [CrossRef] - Nikooghadam, N.; Bonyadi, M.R.; Malekian, E.; Zakerolhosseini, A. A Protocol for Digital Signature Based on the Elliptic Curve Discrete Logarithm Problem. J. Appl. Sci.
**2008**, 8, 1919–1925. [Google Scholar] - Li, L.H.; Tzeng, S.F.; Hwang, M.S. Improvement of Signature Scheme Based on Factoring and Discrete Logarithms. Appl. Math. Comput.
**2005**, 161, 49–54. [Google Scholar] [CrossRef] - Rabah, K. Elliptic Curve Elgamal Encryption and Signature Scheme. Inf. Technol.
**2005**, 4, 299–306. [Google Scholar] - Chung, Y.F.; Huang, K.H.; Lai, F.; Chen, T.S. ID-Based Digital Signature Scheme on the Elliptic Curve Cryptosystem. Comput. Stand. Interfaces
**2007**, 29, 601–604. [Google Scholar] [CrossRef] - Junru, H. The Improved Elliptic Curve Digital Signature Algorithm. In Proceedings of the 2011 International Conference on Electronic & Mechanical Engineering and Information Technology, Harbin, China, 12–14 August 2011; Volume 1, pp. 12–14. [Google Scholar]
- Technical Guideline TR-0311 Elliptic Curve Cryptography Version 2.0. Available online: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03111/BSI-TR-03111_pdf.html (accessed on 20 March 2018).

Time Complexity of an Operation Unit | Time Complexity Based on Modular Multiplication |
---|---|

${\mathit{T}}_{\mathit{E}\mathit{C}\_\mathit{M}\mathit{u}\mathit{l}}$ | $\mathbf{29}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}$ |

${\mathit{T}}_{\mathit{E}\mathit{C}\_\mathit{A}\mathit{d}\mathit{d}}$ | $\mathbf{0.12}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}$ |

${\mathit{T}}_{\mathit{I}\mathit{n}\mathit{v}}$ | $\mathbf{0.073}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}$ |

${\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}$ | Negligible |

${\mathit{T}}_{\mathit{M}\mathit{i}\mathit{n}\mathit{u}\mathit{s}}$ | Negligible |

${\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ | Negligible |

Various Protocols | Signature Generation Phase | Computation Complexity Based on ${\mathit{T}}_{\mathit{M}\mathit{U}\mathit{L}}$ | Signature Verification Phase | Computation Complexity Based on ${\mathit{T}}_{\mathit{M}\mathit{U}\mathit{L}}$ |
---|---|---|---|---|

Rabah, 2005, [37] | ${\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{I}\mathit{n}\mathit{v}}$ | $\mathbf{31.073}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{3}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{87.12}{\mathit{T}}_{\mathit{M}\mathit{U}\mathit{L}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ |

ECDSA Johnson et al., 2001, [34] | ${\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{I}\mathit{n}\mathit{v}}$ | $\mathbf{31.073}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{I}\mathit{n}\mathit{v}}$ | $\mathbf{60.193}{\mathit{T}}_{\mathit{M}\mathit{U}\mathit{L}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ |

Chung et al., 2007, [38] | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{60.12}{\mathit{T}}_{\mathit{M}\mathit{U}\mathit{L}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{3}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{87.24}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ |

Nikooghadam et al., 2008, [35] | ${\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{31}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{59.12}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ |

Hu Junru, 2011, [39] | ${\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{I}\mathit{n}\mathit{v}}+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}$ | $\mathbf{31.073}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}$ | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{60.12}{\mathit{T}}_{\mathit{M}\mathit{U}\mathit{L}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ |

TR0311, 2012, [40] | ${\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{M}\mathit{i}\mathit{n}\mathit{u}\mathit{s}}$ | $\mathbf{30}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{M}\mathit{i}\mathit{n}\mathit{u}\mathit{s}}$ | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{I}\mathit{n}\mathit{v}}$ | $\mathbf{60.193}{\mathit{T}}_{\mathit{M}\mathit{U}\mathit{L}}+{\mathit{T}}_{\mathit{H}\mathit{a}\mathit{s}\mathit{h}}$ |

Our proposed protocol | ${\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{30}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{58.12}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ |

Schemes | Signature Generation Phase | Time Complexity in ${\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}$ | Signature Verification Phase | Time Complexity in ${\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}$ |
---|---|---|---|---|

Cao et al.’s scheme [18] | ${\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}$$+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{30}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{3}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}+\mathbf{2}{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{87.24}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ |

Ren et al.’s scheme [8] | ${\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+\mathbf{2}{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{i}\mathit{n}\mathit{v}}$ | $\mathbf{31.073}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+\mathbf{2}{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}$$+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}+{\mathit{T}}_{\mathit{i}\mathit{n}\mathit{v}}$ | $\mathbf{60.193}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ |

Our proposed scheme | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+\mathbf{2}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}$$+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{60}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{A}\mathit{d}\mathit{d}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{2}{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{E}\mathit{C}-\mathit{A}\mathit{d}\mathit{d}}$$+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ | $\mathbf{58.12}{\mathit{T}}_{\mathit{M}\mathit{u}\mathit{l}}+{\mathit{T}}_{\mathit{h}\mathit{a}\mathit{s}\mathit{h}}$ |

© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Bashirpour, H.; Bashirpour, S.; Shamshirband, S.; Chronopoulos, A.T.
An Improved Digital Signature Protocol to Multi-User Broadcast Authentication Based on Elliptic Curve Cryptography in Wireless Sensor Networks (WSNs). *Math. Comput. Appl.* **2018**, *23*, 17.
https://doi.org/10.3390/mca23020017

**AMA Style**

Bashirpour H, Bashirpour S, Shamshirband S, Chronopoulos AT.
An Improved Digital Signature Protocol to Multi-User Broadcast Authentication Based on Elliptic Curve Cryptography in Wireless Sensor Networks (WSNs). *Mathematical and Computational Applications*. 2018; 23(2):17.
https://doi.org/10.3390/mca23020017

**Chicago/Turabian Style**

Bashirpour, Hamed, Saman Bashirpour, Shahaboddin Shamshirband, and Anthony T. Chronopoulos.
2018. "An Improved Digital Signature Protocol to Multi-User Broadcast Authentication Based on Elliptic Curve Cryptography in Wireless Sensor Networks (WSNs)" *Mathematical and Computational Applications* 23, no. 2: 17.
https://doi.org/10.3390/mca23020017