Review Reports - A Privacy-Preserving Scheme for V2V Double Auction Power Trading Based on Heterogeneous Signcryption and IoV

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Main issues are as follows.
Introduction: (1) It is recommended to cover related representative works in three years. (2) The item of Anti-replay attack is not in parallel with other items.
Preliminaries: (1) It is recommended to elaborate the principles of ECC and the structure of Blockchain. (2) It is recommended to supplement relevant content of Security Analysis
Scheme: (1) It is recommended to merge Chapter 3 and Chapter 4, conduct detailed descriptions according to main functions or key steps. (2) It is recommended to provide the necessary algorithms.
Scheme Analysis: (1) It is recommended to distinguish between Security and Privacy. (2) It is recommended to discuss the limitations of ROM.
Performance Analysis: It is recommended to provide the comparative analysis of latest related solutions.
Experiments: In my opinion, the testing results in IoV will greatly enhance the persuasiveness of proposed scheme.

Author Response

Reviewer 1：

Introduction: (1) It is recommended to cover related representative works in three years. (2) The item of Anti-replay attack is not in parallel with other items.
Preliminaries: (1) It is recommended to elaborate the principles of ECC and the structure of Blockchain. (2) It is recommended to supplement relevant content of Security Analysis
Scheme: (1) It is recommended to merge Chapter 3 and Chapter 4, conduct detailed descriptions according to main functions or key steps. (2) It is recommended to provide the necessary algorithms.
Scheme Analysis: (1) It is recommended to distinguish between Security and Privacy. (2) It is recommended to discuss the limitations of ROM.
Performance Analysis: It is recommended to provide the comparative analysis of latest related solutions.
Experiments: In my opinion, the testing results in IoV will greatly enhance the persuasiveness of proposed scheme.

Introduction: (1) It is recommended to cover related representative works in three years.

We sincerely thank the reviewer for this valuable suggestion. We have now expanded the introduction to better cover representative related works from the past three years, as recommended.

Literature [17] (Dai et al., 2023): A pairing-free certificateless aggregate signcryption scheme for vehicular sensor networks. While this work significantly improves efficiency and provides a security analysis under the ROM, it does not address cryptographic heterogeneity. Citing it helps delineate our work's scope. Literature [18][20][21] (2022): These are representative works on heterogeneous signcryption from the past three years, which we have now introduced to provide a more comprehensive foundation. Newly added Literature [22] (Zhou & Fan, 2025): To ensure the coverage is fully up-to-date, we have also incorporated this very recent study. It addresses secure heterogeneous communication in the Internet of Vehicles using an ECC-based online/offline signcryption method combined with a multi-ciphertext equivalence test, achieving secure communication from CLC to PKI with reduced costs. We believe this now provides a much more current and complete foundation for our research. These additions have been integrated into the introduction on page 3, line 109, 123, to provide a more thorough and current literature review.

[17] C. Dai and Z. Xu, "Pairing-Free Certificateless Aggregate Signcryption Scheme for Vehicular Sensor Networks," in IEEE Internet of Things Journal, vol. 10, no. 6, pp. 5063-5072, 15 March15, 2023, doi: 10.1109/JIOT.2022.3222237

[18] Jin, Chunhua, et al. "Heterogeneous online/offline signcryption for secure communication in Internet of Things." Journal of Systems Architecture 127 (2022): 102522.

[20] NIU Shufen, YAN Sen el al. Privacy-Preserving Heterogeneous Aggregated Signcryption Scheme in V2V Internet of Vehicles [J]. Computer Engineering,2022,48(09):20-27+36.DOI: 10.19678/j.issn.1000-3428.0063450.

[21] PAN X, JIN Y, WANG Z, et al. A pairing-free heterogeneous signcryption scheme for unmanned aerial vehicles[J]. IEEE Internet of Things Journal, 2022, 9(19): 19426-19437.

[22] Zhou Meixian, Fan Xinyue. Online/offline heterogeneous signcryption scheme with multi-ciphertext equivalence test in Internet of Vehicles [J/OL]. Telecommunications Science, 1-17 [2025-10-21]. https://link.cnki.net/urlid/11.2103.TN.20250925.1828.002.

Introduction (2) The item of Anti-replay attack is not in parallel with other items.

We thank the reviewer for this valuable comment regarding the non-parallel listing of security items. We have revised the specific item from "Anti-replay attack" to " anti-attack " to ensure it is grammatically parallel with other items in the table. Additionally, we have incorporated the property of "Integrity" into the table along with the "confidentiality". As suggested, to make the literature scheme analysis more complete, we have moved this enhanced comparison table to Section 5.3 (Security Function Analysis). The table now provides a proper foundation for the discussion in that section. Please see the revised manuscript for these changes in page 18, line 676.

3.Preliminaries: (1) It is recommended to elaborate the principles of ECC and the structure of Blockchain.

We sincerely thank the reviewer for this constructive suggestion to elaborate on the foundational concepts. We have thoroughly revised the "Preliminaries" section to provide a more comprehensive background. Firstly, in Section 2.1, we have expanded the explanation of Elliptic Curve Cryptography (ECC). We now elaborate that ECC is a public-key cryptosystem based on the algebraic structure of elliptic curves over finite fields. The revision discusses its security foundation based on the hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP) and details the process of key pair generation. We have also emphasized the advantages of ECC, particularly its high security strength with relatively short keys, making it highly suitable for resource-constrained environments. Secondly, in Section 2.3, we have enhanced the description of the blockchain structure. We now explicitly state that a blockchain is a decentralized and distributed ledger, where each block contains a batch of transactions, a timestamp, and the cryptographic hash of the previous block. This chain of hashes links the blocks together, forming an immutable and tamper-evident record. These additions provide the necessary theoretical foundation for the rest of the paper. The corresponding revisions can be found in Sections 2.1 and 2.3 of the revised manuscript in page 4-5, line 160 and 205.

4.Preliminaries：（2） It is recommended to supplement relevant content of Security Analysis

We thank the reviewer for the suggestion to strengthen the security foundations in the Preliminaries section. We agree that presenting the security model earlier provides a crucial theoretical framework for understanding the entire paper. In direct response, we have moved the original Section 3.4 ("Security Model") to become the new Section 2.4 within the "Preliminaries". This relocation allows the security goals, adversary models, and foundational security definitions to be established before introducing our specific scheme and its analysis. This creates a more logical flow, as readers are now equipped with the necessary security concepts upfront. This new Section 2.4 lays a solid theoretical groundwork, thereby providing a clear and consistent basis for the subsequent security analysis of our proposed scheme in the later sections. Please see the revised manuscript for details in page 5, line 211.

5.Scheme: (1) It is recommended to merge Chapter 3 and Chapter 4, conduct detailed descriptions according to main functions or key steps.

We sincerely thank the reviewer for this excellent suggestion. We agree that merging the original Chapter 3 (Scheme Design) and Chapter 4 (Scheme Realization) would significantly enhance the logical flow and readability of our scheme presentation. In direct response to this comment, we have undertaken a major restructuring of these sections. The original separation between high-level design and specific implementation details has been eliminated. The manuscript has been completely rewritten to form a new, unified Chapter 3: "Scheme Design and Realization". This new chapter is now organized around the core functional steps of our scheme, providing a coherent narrative that seamlessly integrates the design rationale with the precise implementation details for each step. The revised structure is as follows:

1. Scheme Overall Design Framework (incorporating design ideas, model, execution process, and symbol definitions)
2. Scheme Detailed Realization (describing the sequential steps from system parameter setting to malicious EVs tracking and revocation)

We are confident that this reorganization presents the entire operational process of our scheme in a logical, step-by-step manner, making it more focused and considerably easier to follow. The detailed changes are reflected throughout the revised Chapter 3 in page 5, line 231.

Scheme: (2) It is recommended to provide the necessary algorithms

We sincerely thank the reviewer for suggesting we provide the necessary algorithms. In the specific implementation of the scheme in Section 3, we give the relevant algorithms of the scheme execution phase and provide a specific experimental environment and specific parameters to describe our algorithm. We use the same environment as in the literature [31] and call the MIRACL library to calculate various cryptographic primitives, bilinear pairing operation, bilinear point addition operation, bilinear point multiplication operation, elliptic curve point multiplication operation, elliptic curve point addition operation, and hash to point operation running time. In order to reduce the experimental error, the time of each operation is taken as the average of 1000 actual running times. We choose a bilinear pairing , where is an additive cyclic group of order , and the sizes of and are 160 and 521 bits respectively. We also choose an additive cyclic group of order , where is the generator of and is a 160-bit prime. is the base point of the Koblitz curve Secp256k1, expressed as , and is a 256-bit prime. In the experiment, the above operation time is obtained as = 4.211ms, = 0.0964ms, = 1.819ms, =4.406ms, = 0.0018ms, = 0.4420ms. Please see the revised manuscript for details in Chapter 3.2 and 5.1.

[31] Imghoure A, El-Yahyaoui A, Omary F. ECDSA-based certificateless conditional privacy-preserving authentication scheme in Vehicular Ad Hoc Network[J]. Veh Commun 2022; 37:100504.

Scheme Analysis: (1) It is recommended to distinguish between Security and Privacy.

We sincerely thank the reviewer for this critical suggestion to clearly distinguish between security and privacy. We agree that this distinction is essential for a precise and comprehensive scheme analysis. we have thoroughly reorganized the original "Scheme Analysis" section to establish a clear conceptual and structural separation. The revised chapter now comprises three distinct parts:

1 Correctness Analysis: Demonstrates the functional validity of our scheme.
2 Security Analysis: Focuses on the system's security mechanisms and its resilience against active attacks. This includes formal proofs and discussions on Unforgeability, Traceability and Revocation, Resistance to Common Attacks (e.g., replay attacks, tampering attack and man-in-the-middle attack), and the security provided by dual-system parameters.
3 Privacy Analysis: Concentrates on identity and data protection features. This section now provides a targeted discussion on Confidentiality, Integrity, Anonymity, and Unlinkability.

This deliberate separation allows for a more targeted and profound discussion in each domain, ensuring readers can precisely appreciate the strengths of our scheme in both dimensions. We are confident that this revision has significantly strengthened the analytical rigor of our work. Please refer to the scheme analysis section in the revised manuscript, page 14-15.

Scheme Analysis: (2) It is recommended to discuss the limitations of ROM.

We are deeply grateful to the reviewer for raising this crucial point. We agree that a thorough discussion of the Random Oracle Model (ROM) and its limitations is essential for a comprehensive and transparent security analysis. In direct response, we have added a dedicated discussion at the end of Section 4.2.1 to explicitly address this. This addition serves to: (1) clearly state that the ROM is an idealization, and thus a security proof within it does not translate directly to practice if the hash function exhibits weaknesses; and (2) affirm that despite this limitation, a ROM-based proof remains highly valuable, as it certifies that no generic attack can break the scheme and any attack must exploit the specific implementation of the hash function.

We believe that proactively acknowledging and discussing this limitation significantly enhances the academic rigor and honesty of our work. It provides readers with a complete and balanced perspective on the cryptographic relevance and validity of our security findings. Please see the revised manuscript for details in page 14, line 547.

Performance Analysis: It is recommended to provide the comparative analysis of latest related solutions.

We sincerely thank the reviewer for this valuable suggestion to enhance our performance analysis with comparisons to the latest related solutions. In direct response, we have incorporated the very recent scheme by Zhou & Fan [22] (2025) into our comparative study. A comprehensive performance comparison is now provided in Section 5 (Performance Analysis), covering both computational overhead and communication costs. The results are detailed in:

Tables 4, 5, and 6: Which present a theoretical and quantitative comparison of computational and communication efficiency between our scheme and other leading works, including [22].
Figures 4 and 5: Which visually depict these comparisons, clearly demonstrating the performance advantages of our proposed scheme.

We believe that the inclusion of this state-of-the-art benchmark makes our performance evaluation more rigorous and up-to-date, thereby strengthening the validity of our claims regarding the efficiency of our scheme. Please see the revised manuscript for details in page 15, line 614.

Experiments: In my opinion, the testing results in IoV will greatly enhance the persuasiveness of proposed scheme.

We sincerely thank the reviewer for this insightful comment. We fully agree that validation within a real-world IoV testbed would be a compelling demonstration of the scheme's practical applicability. In this work, our primary objective has been to first establish a rigorous theoretical foundation and conduct a fair, reproducible comparison of core performance metrics—specifically computation time and communication overhead—which are critical benchmarks for any security scheme. The results confirm that our scheme achieves an average reduction of 14.56% in communication cost and 80.51% in aggregate decryption cost compared to recent schemes. We argue that demonstrating such significant efficiency gains is a fundamental prerequisite for any IoV application demanding low latency and high throughput.

The reviewer's suggestion has been instrumental in shaping our research roadmap. We have formally acknowledged this by adding a dedicated Section 6 (Discussion) in the revised manuscript, where we explicitly outline our plans for large-scale simulations and real-world IoV testing as the immediate next step. We are grateful for this guidance, which helps to clearly position the contribution of the current work and define a concrete path forward. Please see the revised manuscript for details in discussion, page 19, line 730.

Author Response File: Author Response.docx

Reviewer 2 Report

Comments and Suggestions for Authors [cryptography-3916030] A privacy-preserving scheme for V2V double auction power trading based on heterogeneous signcryption and IoV

The manuscript proposes a privacy-preserving scheme for Vehicle-to-Vehicle (V2V) electricity trading in the Internet of Vehicles (IoV), designed to address security and privacy leakage risks in double-auction–based power exchange among electric vehicles. To overcome the challenge of heterogeneous cryptographic environments in IoV, the authors develop a heterogeneous signcryption algorithm that enables secure communication between certificateless cryptography (CLC) and identity-based cryptography (IBC) entities. The scheme also integrates a pseudonym mechanism to protect EV user identities while still allowing malicious participants to be traced and revoked when necessary. A verification algorithm is further provided to ensure correctness, traceability, and tamper-resistance of transaction plans. Theoretical analysis demonstrates that the scheme meets confidentiality, anonymity, traceability, and anti-replay requirements, while experimental evaluation shows improved computational and communication efficiency compared to related solutions.

Review Comments:

Here are five strongest contributions of the manuscript:

1) First heterogeneous signcryption tailored for V2V double-auction trading

The paper proposes a customized heterogeneous signcryption mechanism enabling secure communication across CLC → IBC environments, specifically adapted to IoV-based energy trading — a gap not addressed by prior schemes.

2) Built-in privacy via pseudonym-based identity protection

The scheme integrates a pseudonym mechanism that hides real EV identities during trading while still supporting accountability — ensuring anonymity without sacrificing traceability.

3) Traceability and revocation of malicious EVs

Unlike many existing V2V trading protocols, this design embeds a supervised revocation path that allows authorities to detect, trace, and remove malicious participants without compromising global privacy.

4) Aggregated verification for computational efficiency

The scheme incorporates aggregation-based batch verification, reducing the computational cost for RSUs and PA during large-scale transactions and outperforming related works in measured efficiency.

5) Formal security proof and empirical performance evaluation

The manuscript provides both ROM-based cryptographic correctness and unforgeability proofs and a quantitative performance comparison, demonstrating superiority in communication and computation overheads relative to prior schemes.

Here are five weaknesses of the manuscript:

1) No real-world testbed or deployment evidence

The scheme is validated only via theoretical proofs and simulation-based performance metrics — no implementation on real EVs, RSUs, or blockchain nodes to show feasibility under real network constraints.

2) Privacy gains are not quantitatively measured

Although privacy features (anonymity, unlinkability) are argued at a conceptual level, the paper lacks quantitative privacy leakage metrics, adversarial inference tests, or entropy-based evaluation.

3) Scalability impact in dense IoV settings not fully addressed

The scheme introduces cryptographic overhead (especially aggregation and revocation management), but does not evaluate scalability under high transaction volume, mobility, or network congestion scenarios.

4) Adversarial threat modeling is limited

While standard ROM-based proofs are given, no explicit adversary models or simulated attacks (e.g., MITM, collusion, key compromise, timing attacks) are experimentally tested.

5) Cross-cryptosystem migration assumptions not discussed

The paper assumes coexistence of CLC and IBC systems but does not articulate deployment migration strategy, backward compatibility, or how real manufacturers would integrate heterogeneous schemes in practice.

Author Response

Reviewer 2：

1) First heterogeneous signcryption tailored for V2V double-auction trading

2) Built-in privacy via pseudonym-based identity protection

The scheme integrates a pseudonym mechanism that hides real EV identities during trading while still supporting accountability — ensuring anonymity without sacrificing traceability.

3) Traceability and revocation of malicious EVs

4) Aggregated verification for computational efficiency

The scheme incorporates aggregation-based batch verification, reducing the computational cost for RSUs and PA during large-scale transactions and outperforming related works in measured efficiency.

5) Formal security proof and empirical performance evaluation

Here are five weaknesses of the manuscript:

1) No real-world testbed or deployment evidence

2) Privacy gains are not quantitatively measured

Although privacy features (anonymity, unlinkability) are argued at a conceptual level, the paper lacks quantitative privacy leakage metrics, adversarial inference tests, or entropy-based evaluation.

3) Scalability impact in dense IoV settings not fully addressed

4) Adversarial threat modeling is limited

While standard ROM-based proofs are given, no explicit adversary models or simulated attacks (e.g., MITM, collusion, key compromise, timing attacks) are experimentally tested.

5) Cross-cryptosystem migration assumptions not discussed

No real-world testbed or deployment evidence

We thank the reviewer for reading our paper carefully and giving the above positive comments and we fully acknowledge that testing our proposed scheme in a specific real-world scenario of the Internet of Vehicles will greatly enhance our contribution and demonstrate its practical application value. In this work, our primary focus was to first establish the foundational theoretical security and computational efficiency of the proposed scheme. As is common in the foundational stage of cryptographic protocol design for VANETs (as seen in related works [19-22]), we relied on rigorous theoretical analysis and standardized simulations to provide a fair and reproducible comparison of core performance metrics, such as computation time and communication cost.

Our analysis demonstrates that the proposed scheme achieves a significant reduction in communication cost (by approximately 14.56%) and a substantial decrease in aggregate decryption computation cost (by 80.51% on average) compared to recent state-of-the-art schemes. We believe this efficiency gains are a critical prerequisite for any real-world IoV application demanding low latency and high throughput, and they provide strong preliminary evidence of our scheme's deployment potential. We fully agree with the reviewer that large-scale real-world testing is a vital next step. To explicitly outline this future direction, we have added a new Section 6. Discussion in the revised manuscript, where we articulate our plans for implementation and testing in realistic vehicular network environments. We are grateful again for this valuable suggestion, which has helped us better position the current contribution and define a clear roadmap for our future research. Please see the revised manuscript for details in page 18-19.

[19] I. Ali, T. Lawrence, A. A. Omala and F. Li, "An Efficient Hybrid Signcryption Scheme with Conditional Privacy-Preservation for Heterogeneous Vehicular Communication in VANETs," in IEEE Transactions on Vehicular Technology, vol. 69, no. 10, pp. 11266-11280, Oct. 2020, doi: 10.1109/TVT.2020.3008781

[21] PAN X, JIN Y, WANG Z, et al. A pairing-free heterogeneous signcryption scheme for unmanned aerial vehicles[J]. IEEE Internet of Things Journal, 2022, 9(19): 19426-19437.

Privacy gains are not quantitatively measured

Although privacy features (anonymity, unlinkability) are argued at a conceptual level, the paper lacks quantitative privacy leakage metrics, adversarial inference tests, or entropy-based evaluation.

We sincerely thank the reviewer for this insightful comment regarding the quantitative measurement of privacy gains. We agree that supplementing conceptual arguments with empirical and formal evaluations strengthens the validation of our scheme's privacy features. In response, we have taken the following steps to address this concern:

Theoretical Foundation: As outlined in the manuscript, our scheme protects EVs identity through two anonymous credentials and , which rely on random secrets and . The security of these credentials is fundamentally based on the computational hardness of the ECCDH problem, which prevents adversaries from inferring the real identity . In addition, an arbitrary random number is used to sign the information, making it impossible for attackers to link the information of the same EVs. Therefore, there is no correlation between any pseudonym information, thereby satisfying the privacy features for unlinkability.
Quantitative Performance Analysis: While the core privacy mechanism is theoretical, we have provided a comprehensive quantitative evaluation of the scheme's overhead, as detailed in Section 5. This includes benchmarking all cryptographic operations(e.g. ，， , ，， ) and demonstrating an average reduction of 14.56% in communication cost and 80.51% in aggregate decryption cost compared to recent schemes. These efficiency metrics are crucial for privacy in practice, as low overhead enables the widespread adoption and real-time execution of these strong cryptographic protections. These key findings have been highlighted in the abstract and conclusion.
Formal Verification with Scyther: To quantitatively assess the scheme's resilience against adversarial inference, we have performed formal security verification using the Scyther tool [32]. The final test process verifies that the scheme can ensure the privacy characteristics of EVs in the communication process, further demonstrating that the scheme can well protect the privacy of users.

We believe that the combination of a rigorous theoretical foundation, demonstrated practical efficiency, and formal verification provides a multi-faceted and compelling argument for the strength of our scheme's privacy protections. Please see the revised manuscript for details in chapter 4.2, 4.3 and chapter 5, page 14-15.

[31] Imghoure A, El-Yahyaoui A, Omary F. ECDSA-based certificateless conditional privacy-preserving authentication scheme in Vehicular Ad Hoc Network[J]. Veh Commun 2022; 37:100504.

[32] CREMERS C J F. The scyther tool: verification, falsification, and analysis of securityprotocols: tool paper[C]//Proceedings of the International Conference on Computer Aided Verification. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008: 414-418

Scalability impact in dense IoV settings not fully addressed

We sincerely thank the reviewer for raising this critical point regarding scalability in dense IoV environments. We agree that evaluating performance under high transaction volume, mobility, and network congestion is essential for assessing practical deployment potential. Our scheme is designed with scalability in mind, primarily through two key features:

Efficient Aggregation: In the signcryption aggregation phase, we employ a small exponent test technique. As demonstrated in our performance analysis, this approach ensures that the computational overhead for aggregate verification does not increase significantly as the number of EVs (n, i.e., transaction volume) grows. This gives our scheme a distinct advantage in handling high throughput compared to other schemes, as shown in our comparative analysis.
Lightweight Revocation: For managing malicious EVs, we utilize a simple revocation list mechanism. This method incurs minimal communication and storage cost, ensuring that revocation management remains efficient and does not become a bottleneck, even as the network scales.

Consequently, we contend that the cryptographic overhead introduced by our scheme is well-managed. The design choices for both aggregation and revocation ensure that the impact on overall system overhead remains low, thereby supporting better scalability under challenging conditions such as high mobility and network congestion. We have further clarified this analysis in the revised manuscript, page 18, line 689.

Adversarial threat modeling is limited

While standard ROM-based proofs are given, no explicit adversary models or simulated attacks (e.g., MITM, collusion, key compromise, timing attacks) are experimentally tested.

We sincerely thank the reviewer for this insightful comment regarding the expansion of our adversarial threat modeling. In the revised manuscript, we have significantly expanded Section 4.2 (Security Analysis) to explicitly model and analyze defenses against a wider range of practical attacks, including:

Replay Attacks: Defended against through the use of timestamps in both the anonymous authentication process and the power plan signature. Any replayed message with an expired timestamp will be rejected.
Tampering Attacks: The integrity of transaction information is protected by a verification formula . Any modification to the message will cause this verification to fail.
Man-in-the-Middle (MITM) Attacks: As established in Theorem 1, an adversary cannot forge a valid signature. Furthermore, the small exponent test technique employed during the aggregation and batch verification phase, as described in [30], inherently resists such attacks by ensuring the integrity of the aggregated batch.

To experimentally validate our threat model and provide quantitative assurance, we have employed the formal verification tool Scyther [31]. This tool, based on the Dolev-Yao adversary model, automatically searches for all possible attack paths. We configured the tool to run the protocol over 100 times for the roles of EVs and RSUs. The results, now included as Figure 3 in the manuscript, confirm that no effective attack path was found for security goals including secrecy, authentication, and resistance to replay and MITM attacks. This formal verification significantly enhances the credibility of our security claims. Please see the revised manuscript for details in 4.2(Resistance to attacks), page 14, line 576.

[30] POINTCHEVAL D, STERN J. Security arguments for digital signatures and blind signatures[J]. Journal of Cryptology, 2000(13): 361-396.

[31] CREMERS C J F. The scyther tool: verification, falsification, and analysis of securityprotocols: tool paper[C]//Proceedings of the International Conference on Computer Aided Verification. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008: 414-418

Figure 3. Scyther running results

Cross-cryptosystem migration assumptions not discussed

We are grateful for the reviewer's comments and sincerely thank the reviewer for this insightful and practical comment. We acknowledge that this is indeed a core consideration to ensure that our proposed scheme can move from theory to practical application. In direct response to this valuable feedback, we have clarified this in the discussion section at the end of the paper:

In our proposed scheme, we adopt the CLC cryptosystem with lower overhead to transmit information according to the computing power of EVs and RSUs, while PA and AC adopt the IBC cryptosystem because of the high computing power of the servers that can bear the larger overhead. Assume that there are EVs supporting CLC and IBC on the road at the same time:

Deployment migration strategy

Deploy the PKG required for the IBC system within a controllable area (such as a smart highway demonstration zone) and assign IBC identities and private keys to the PA and AC. Upgrade the RSU to add IBC client functionality. When EVs need to communicate with the PA or AC via the RSU, the RSU can be responsible for the conversion from CLC to IBC for EVs in the CLC system, while EVs in the IBC system can directly communicate with the same cryptographic system. Initially, newly manufactured EVs will be deployed with dual cryptographic system support, and then gradually migrated to CLC, gradually replacing IBC with CLC in EVs. The same approach will be applied to RSU deployment and migration. This will allow each entity to fully leverage the advantages of its own heterogeneous cryptographic system to achieve optimal performance, ensuring that each entity uses the cryptographic system most suitable for computing power, and then gradually deploy and migrate to a wider range.

Backward compatibility

As described in the deployment migration strategy above, for backward compatibility, we will gradually transition from deploying EVs supported by dual cryptographic systems to EVs supporting the CLC cryptographic system. This process allows participation in V2V power trading without requiring any hardware or software upgrades, thus ensuring backward compatibility. Specifically, when EVs need to interact with IBC-based systems (such as PAs and ACs), the RSU will act as a secure protocol agent, responsible for verifying the EV's CLC signature and converting its EV's request into a format recognizable by the IBC system, ensuring that legacy EVs can access all newly introduced system services without discrimination.

Real manufacturers integrate the scheme in practice

For automakers, from a hardware perspective, today's smart EVs already possess sufficient computing power to handle the CLC computational burden, and the hardware cost is negligible. From a software perspective, our proposed scheme can be implemented as a software library and integrated into EVs, making it feasible. RSUs typically have greater computing power than EVs, making the CLC cryptosystem more feasible for RSU manufacturers. Furthermore, PAs and ACs, due to their strong computing power, can also handle the burden of the IBC cryptosystem. Overall, integrating this scheme into manufacturers is feasible in practice. Please see the revised manuscript for details in discussion, page 18-19.

Author Response File: Author Response.docx

Reviewer 3 Report

Comments and Suggestions for Authors

This study proposes a privacy protection scheme for IoV-based V2V dual auction electricity trading using heterogeneous signature encryption. First, a heterogeneous signature encryption algorithm is designed to achieve secure communication, transitioning from certificate-less encryption to identity-based encryption. Second, this scheme utilizes a pseudonymization mechanism to protect the true identities of electric vehicles. Furthermore, a verification algorithm is designed to verify information transmitted by electric vehicles and ensure the tracking and disposal of malicious electric vehicles. Overall, the study is well-structured and demonstrates cost-effectiveness, making it a valuable engineering approach. However, the following minor modifications are required.
1. Table 1 in Section 1 should be moved to the comparison section after the research presented in the paper.
2. The proof of the theory should be more detailed and clear, and parts such as "Proof of Theorem 2. Like the proof of Theorem 1" should be revised.
3. In the Abstract and Conclusion, clearly state the numerical cost benefits.

Author Response

Reviewer 3：

This study proposes a privacy protection scheme for IoV-based V2V dual auction electricity trading using heterogeneous signature encryption. First, a heterogeneous signature encryption algorithm is designed to achieve secure communication, transitioning from certificate-less encryption to identity-based encryption. Second, this scheme utilizes a pseudonymization mechanism to protect the true identities of electric vehicles. Furthermore, a verification algorithm is designed to verify information transmitted by electric vehicles and ensure the tracking and disposal of malicious electric vehicles. Overall, the study is well-structured and demonstrates cost-effectiveness, making it a valuable engineering approach. However, the following minor modifications are required.
1. Table 1 in Section 1 should be moved to the comparison section after the research presented in the paper.
2. The proof of the theory should be more detailed and clearer, and parts such as "Proof of Theorem Like the proof of Theorem 1" should be revised.
3. In the Abstract and Conclusion, clearly state the numerical cost benefits.

Table 1 in Section 1 should be moved to the comparison section after the research presented in the paper.

We are grateful to the reviewer for the excellent suggestion to reposition Table 1. This feedback has helped us significantly improve the manuscript's structure. We have implemented the change by moving the table to Section 5 and creating a new subsection 5.3, "Security Function Analysis". This strategic placement ensures that the functional comparison is now presented in direct conjunction with the performance comparisons on computational and communication costs (in subsections 5.1 and 5.2), offering readers a unified and complete comparative assessment. We have also elaborated on the analysis within this new subsection. We believe this reorganization makes the comparative analysis more impactful and self-contained, and we thank the reviewer for this contribution to enhancing our paper's clarity. For detailed modifications, please see Section 5.3 of the revised manuscript in 5.3(Security function analysis), page 18, line 676.

The proof of the theory should be more detailed and clearer, and parts such as "Proof of Theorem Like the proof of Theorem 1" should be revised.

We are very grateful for the reviewer's comments. Your suggestion that the theoretical proof should be more detailed and clearer is very pertinent and we fully agree with it. Based on your suggestions, we have comprehensively revised and expanded the security proof of the entire paper, especially the proof of Theorem 2, which has been rewritten to remove the phrase "proof of the theorem". The detailed revisions are as follows:

Theorem 2. Unforgeability under attacker

Proof of Theorem 2: is the challenger, is the input of the hard problem, where , The goal of is to calculate the value of . The interaction proceeds as follows:

Phase 1: executes the initialization algorithm and provides the resulting system parameters to the .

Phase 2: can initiate random oracle queries for . This process is the same as the proof of Theorem 1 above. In addition, can also initiate the following queries, where store partial private keys, private keys, and public key information, respectively. The specific process is as follows:

Partial key query: When receiving a partial private key query about , if , stops querying; otherwise, it checks whether exists . If so, it returns to . Otherwise, it randomly selects , and then calculates , and insert into , and return to .

Private key query: When receiving a private key query about , if , stops querying; otherwise, it checks . If exists in it, it returns to . Otherwise, it randomly selects , obtains through partial key query, then inserts into and returns to .

Public key query: When receiving a public key query about , checks . If exists in it, it sends to . If not, checks for a record of . If so, it obtains and from them respectively, and calculates , and then returns to . If no relevant record exists, determine . If the equation is satisfied, randomly selects , calculates , then calculates , inserts into and returns to . If the equality does not hold, obtains and through the above partial key query and private key query, then calculates obtains , then inserts into , and returns to .

Public key replacement query: When receiving a public key replacement query regarding , replace the tuple in with .

Signcryption query: When receives a signcryption query, if , terminate the query. If the equality does not hold, obtains the private key of and runs the signcryption algorithm to generate the ciphertext , which is then sent to .

Phase 3: generates a forged signcryption and sends it to to check whether holds. If not, the forgery stops. Otherwise, the signcryption passes verification. According to the proof of Theorem 1, the value of can be calculated. Therefore, can solve the ECDLP problem with this advantage.

We believe that after the above substantial revisions and enhancements, the security proof of this manuscript has now reached the required rigor, clarity, and thoroughness. Thank you again for your valuable comments, which enabled us to significantly improve our work. Please see Section 4.2.1 of the revised manuscript for details in page 13-14.

In the Abstract and Conclusion, clearly state the numerical cost benefits.

We sincerely thank the reviewer for this valuable suggestion. Following the reviewer's advice, we have now explicitly stated the key quantitative performance benefits in both the Abstract and Conclusion of our revised manuscript. Specifically, we highlight that our scheme achieves a communication cost of 264 bytes, which represents an average reduction of 14.56% compared to the referenced schemes. Furthermore, in terms of computational cost, we emphasize the efficiency of our aggregate decryption process, demonstrating an average reduction of 80.51% when the number of EVs (n) is 100. We believe that bringing these specific numerical gains forward and incorporating them into the abstract will make the core contribution of our solution more direct, specific, and more appealing to readers. Finally, we thank the reviewer again for this suggestion, which has significantly strengthened the presentation of our work. Please see the revised manuscript for details in the Abstract and Conclusion, line 27 and 748.