Lightweight Group Signature Scheme Based on PUF for UAV Communication Security

Abstract

This paper presents a certificateless group signature scheme designed specifically for Unmanned Aerial Vehicle (UAV) communications in resource-constrained environments. The scheme leverages Physical Unclonable Functions (PUFs) and elliptic curve cryptography (ECC) to provide a lightweight security solution while maintaining essential security properties including anonymity, unforgeability, traceability, and unlikability. We describe the cryptographic protocols for system setup, key generation, signing, verification, and revocation mechanisms. The implementation shows promising results for UAV applications where computational resources are limited, while still providing robust security guarantees for group communications. Our approach eliminates the need for computationally expensive certificate management while ensuring that only legitimate group members can create signatures that cannot be linked to their identities except by authorized group managers.

1. Introduction

Unmanned Aerial Vehicles (UAVs) have emerged as transformative technologies across diverse domains including surveillance, delivery services, smart agriculture, disaster response, and military applications [1,2,3,4]. The global UAV market is experiencing unprecedented growth, projected to reach substantial valuations in coming years [5,6]. As these autonomous systems become increasingly interconnected in mission-critical applications, establishing secure and efficient communication frameworks becomes a paramount concern [7]. Security in UAV communications presents unique challenges that traditional cryptographic solutions struggle to address effectively [8,9]. UAVs operate in potentially hostile environments with strict constraints on computational resources, power consumption, and communication bandwidth [10,11,12]. Additionally, as UAVs often work collaboratively in swarms or fleets, there is a need for secure group communication protocols that balance anonymity with accountability [13].

Group signatures, first introduced by Chaum and van Heyst [14], enable members of a group to produce signatures that can be verified as coming from the group without revealing the specific signer’s identity. The group manager, however, possesses a special key that allows for the identification of signers when necessary.

Traditional group signature schemes often rely on complex mathematical constructs such as zero-knowledge proofs, bilinear pairings, or RSA-based cryptography [15,16], making them computationally expensive for resource-constrained devices [17].

This paper introduces a lightweight, certificateless group signature scheme specifically tailored for UAV communications, with the following contributions:

• A certificateless approach that leverages Physical Unclonable Functions (PUFs) [18,19] to reduce computational overhead while maintaining security;
• Integration of elliptic curve cryptography (ECC) [20] for efficient signing and verification operations;
• An epoch-based revocation mechanism that maintains security after member revocation [21];
• Security analysis proves the scheme’s resistance against various attack vectors [22];
• Implementation and performance evaluation on representative UAV hardware [23].

The proposed scheme achieves the essential security proper- ties of anonymity, unforgeability, traceability, and unlikability while minimizing computational and communication overhead [24,25]. Our experimental evaluation demonstrates that the approach is viable for resource-constrained UAV platforms without compromising security guarantees [26].

2. Related Work

2.1. The Emerging UAV Security Landscape

The rapid proliferation of UAVs across civilian, commercial, and military applications has created an urgent need for specialized security solutions. Several factors motivate our research into lightweight group signatures for UAV communications:

• Resource Constraints in UAV Environments: UAVs typically operate with limited onboard computing capabilities, restricted battery capacity, and constrained communication bandwidth [27,28]. These constraints make traditional cryptographic solutions impractical for real-time UAV operations [29,30]. For instance, standard group signature schemes based on RSA or pairing-based cryptography require significant computational resources for key generation, signing, and verification operations [31]. Our measurements show that existing group signature implementations consume between 150 and 300 mJ of energy per signature operation, which can significantly impact mission duration for battery-powered UAVs [32].
• Growing Threat Landscape: As UAVs become more prevalent, they face an expanding array of security threats [33,34]:
  • Signal jamming and spoofing attacks that can disrupt communications [35,36];
  • Capture and tampering attempts to extract cryptographic keys [37];
  • Man-in-the-middle attacks to intercept or modify messages [38];
  • Impersonation attacks where adversaries attempt to join UAV swarms [39,40,41];
  • Privacy breaches where UAV identities and movements are tracked [42].

Recent security incidents involving UAVs highlight the urgency of addressing these threats. For adjacent transportation systems, it has been shown that anonymous and leak-resistant authentication protocols scale without compromising privacy and can be adapted to UAV scenarios with dense inter-node traffic. In industrial settings, there have been documented cases of corporate espionage using compromised UAVs. Military operations have also faced disruptions from adversarial signal jamming targeting UAV communications [43,44,45].

3.

Regulatory and Privacy Requirements: Emerging regulations for UAV operations in civilian airspace mandate strong security measures, including authentication, non-repudiation, and privacy protections [46,47]. For example, the European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) are developing frameworks that require secure identification of UAVs while preserving privacy in certain applications [48,49]. Our proposed group signature scheme addresses these requirements by providing authentication and accountability while maintaining privacy when appropriate.

2.2. Limitations of Existing Solutions

Current approaches to securing UAV communications exhibit significant limitations [48]:

• Traditional PKI Overhead: Public Key Infrastructure (PKI) approaches require certificate management, which introduces substantial computational and communication overhead [50,51,52]. Certificate validation, revocation checking, and storage impose burdens that are particularly challenging for resource-constrained UAVs operating in dynamic environments. Our measurements indicate that certificate validation alone can consume up to 20% of available computational resources on typical UAV hardware [53,54].
• Inadequate Anonymous Authentication: Existing solutions often force a binary choice between strong authentication and privacy [55]. Many systems either fully identify UAVs (compromising privacy) or provide anonymity without accountability (creating security risks) [56]. Group signatures offer a balanced approach, but existing implementations are too resource-intensive for practical UAV deployment [57].
• Hardware Security Challenges: UAVs are vulnerable to physical capture, which can lead to key extraction through side-channel attacks [58]. Conventional key storage methods, even with hardware security modules, remain vulnerable to sophisticated attacks [59]. This vulnerability motivates our exploration of PUF-based approaches that bind cryptographic operations to the physical characteristics of UAV hardware [60].

2.3. The Case for PUF-Based Group Signatures

The integration of Physical Unclonable Functions with lightweight cryptographic primitives offers a promising solution to the identified challenges [61,62]:

• Hardware-Bound Security: PUFs leverage inherent manufacturing variations in integrated circuits to generate device specific responses, providing a hardware root of trust that is difficult to clone or simulate [63]. This characteristic is particularly valuable for UAVs, as it binds cryptographic operations to physical hardware, significantly increasing the difficulty of key extraction even if the device is physically captured [64,65].
• Certificateless Authentication: By deriving cryptographic keys from PUF responses, our approach eliminates the need for explicit certificate management, reducing the computational and storage overhead associated with traditional PKI [66]. This certificateless approach is especially beneficial in dynamic UAV environments where membership may change frequently [67].
• Balancing Security, Privacy, and Efficiency: Our research is motivated by the need to strike an optimal balance between seemingly conflicting requirements: strong security guarantees, privacy protection, and operational efficiency in resource-constrained environments [68]. The proposed group signature scheme with PUF integration offers a pathway to achieving this balance, enabling secure and private group communications among UAVs without imposing prohibitive resource demands [10].

Through this research, we aim to address a critical gap in the current landscape of UAV security solutions, providing a practical approach that meets the unique requirements of modern UAV applications while accommodating their inherent resource limitations [9].

Table 1. UAV communication threats and countermeasures.

Threat Category	Specific Attacks	Our Countermeasures
Network Attacks	Message interception, main-in-the-middle, replay attacks	Message signatures with epoch validation, PUF-derived unique signatures
Physical Security	Device capture, side-channel analysis, memory extraction	Hardware-bound PUF keys, constant-time implementations, secure storage
Cryptographic Attacks	ECDLP solving, hash collisions, random number weaknesses	NIST P-256 curve (128-bit security), SHA-256 hash, proper entropy collection
Group Management	Revoked member access, denial of service, identity spoofing	Epoch-based revocation, manager-controlled revocation

presents UAV communication threats and countermeasures.

2.4. Group Signatures

Group signatures, first introduced by Chaum and van Heyst [12], enable members of a group to produce signatures that can be verified as coming from the group without revealing the specific signer’s identity. The group manager, however, possesses a special key that allows for the identification of signers when necessary.

Traditional group signature schemes often rely on complex mathematical constructs such as zero-knowledge proofs, bilinear pairings, or RSA-based cryptography [15,16], making them computationally expensive for resource-constrained devices [20].

2.5. Physical Unclonable Functions (PUFs)

Physical Unclonable Functions are hardware security primitives that exploit the inherent physical variations in integrated circuits to generate device specific responses to challenges [18,19]. These functions are practically impossible to duplicate, clone, or predict, making them suitable for device identification and secure key generation [63].

PUFs have been increasingly applied in IoT and resource constrained environments as they provide a lightweight alternative to storing cryptographic keys in memory, which may be vulnerable to extraction attacks [62,63].

2.6. UAV Security Challenges

UAVs face unique security challenges due to their mobility, limited computational resources, and exposure to physical capture [1,2]. These challenges include

• Resource constraints: Limited processing power, memory, and energy budget [27];
• Exposure to physical attacks: Susceptibility to capture and tamper attempts [36];
• Dynamic network topology: Frequently changing communication links [28];
• Real-time requirements: Need for low-latency security operations [10].

Therefore, while existing cryptographic methods provide a baseline level of security, they often fall short of the stringent requirements for efficiency, scalability, and privacy in UAV environments. Considering the challenges such as high computational overhead, limited support for anonymous authentication, and susceptibility to physical attacks, a more tailored solution is necessary. The integration of Physical Unclonable Functions (PUFs) with lightweight group signatures offers a promising pathway to enabling secure, privacy-preserving, and resource-efficient communication in UAV networks. The following section presents the design and implementation of the proposed PUF-based group signature scheme.

3. System and Threat Model

The system model consists of a group of UAVs operating as a coordinated swarm or fleet, a ground control station (GCS) that acts as the group manager, and potentially adversarial entities attempting to compromise communication security. The UAVs communicate with each other and with the GCS using wireless channels that are assumed to be publicly accessible. Each UAV is equipped with a PUF that provides device specific cryptographic material.

We consider the following threat model:

• External Passive Adversary: Can eavesdrop on all communication channels between UAVs and the ground control station;
• External Active Adversary: Can inject, modify, or replay messages in the communication network;
• Compromised UAV: An adversary who has gained control of one or more legitimate UAVs in the group;
• Physical Capture: An adversary who has physical possession of a UAV and can attempt hardware-level attacks.

We assume the group manager (ground control station) is trusted and that physical attacks on the PUF devices are limited by their inherent resistance to cloning. Before presenting the detailed algorithms, we establish the mathematical foundation of our group signature scheme [16,20]. We use elliptic curve cryptography defined over a finite field Fp where p is a large prime. The elliptic curve E is defined by the following equation:

E: y² = x³ + ax + b mod p,

(1)

where a, b ∈ Fp and 4a³ + 27b² ≠ 0 mod p.

The points on this curve, along with a special point at infinity O, form an additive group. Let G ∈ E be a base point generator of prime order n, such that nG = O (Figure 1).

In this paper, a small finite domain GF(97) is chosen for the example. Real industrial parameters are too large to display. The diagram in Figure 1 shows the elliptic curve with selected valid points, including the base point G and its multiples (2G, 3G, 4G). This demonstrates the principle of elliptic curve point addition used for key generation and Schnorr-based signature operations. These points were chosen because they can be explicitly computed and visualized, demonstrating the principle of point addition in ECC.

The security of our scheme relies on the Elliptic Curve Discrete Logarithm Problem (ECDLP): given points P, Q ∈ E where Q = kP for some integer k, it is computationally infeasible to determine k. A Physical Unclonable Function (PUF) can be modeled as a function P: {0, 1}ⁿ → {0, 1}^m mapping challenges to responses with the following properties:

P(c) = r + η,

(2)

where c ∈ {0, 1}ⁿ is the challenge, r ∈ {0, 1}^m is the ideal response, and η represents the noise component due to environmental factors and inherent variations.

To handle this noise, we employ helper data h and a reconstruction function R such that:

R(c, h, P(c)) = r.

(3)

Proposed Group Signature Scheme consists of six main components: system setup, key generation, signing, verification, revocation, and key update mechanisms Σ = (Setup, KeyGen, Sign, Verify, Open, Revoke, Update) consists of the following functions:

Setup: {1}^λ→ (params, mk),

(4)

KeyGen: params × PUF → (sk_i, pk_i, id_i, cert_i),

(5)

Sign: params × sk_i × PUF × m → σ,

(6)

Verify: params × m × σ → {0, 1},

(7)

Open: params × mk × m × σ → id_i,

(8)

Revoke: params × mk × id_i → params′,

(9)

U pdate: params′ × ski × PUF → sk′_i,

(10)

where λ is the security parameter, params are public parameters, mk is the manager’s key, sk_i and pk_i are the signing and verification keys for member i, id_i is the member’s identity, cert_i is the member’s certificate, m is a message, and σ is a signature.

The Schnorr signature in our scheme relies on the following mathematical relationships: For a private key sk and corresponding public key pk = sk·G, the signature (R, s) on message m satisfies:

R = k·G,

(11)

e = H(R‖pk‖m),

(12)

s = k − e·sk mod n,

(13)

Verification checks if R = s·G + e·pk, which holds because:

s·G + e·pk = (k − e·sk)·G + e·(sk·G),

(14)

= k·G − e·sk·G + e·sk·G,

(15)

= k·G,

(16)

= R.

(17)

The system setup phase initializes the cryptographic foundation of our group signature scheme shows in Algorithm 1 [17,64]. This phase is executed once by the group manager (ground control station) before any UAVs join the group [8]. The primary goal is to establish group parameters that will be shared with all members and to generate the secret keys that enable the group manager to manage memberships and trace signatures when necessary [26].

Algorithm 1 SystemSetup

1: function SystemSetup 2: Generate group manager’s key pair (skGM, pkGM) using ECC 3: Create random opening key okGM ∈ {0, 1} 256 for tracing 4: Select generator point g from the elliptic curve E 5: Set initial epoch e = 1 6: Compute parameters hash h = Hash(g‖e) 7: Initialize empty member list M = ∅, revoked set R = ∅, and revocation history H = ∅ 8: return Group parameters (g, e, h) and manager keys (skGM, pkGM, okGM, M, R, H) 9: end function

The selection of appropriate elliptic curve parameters is crucial for security [25]. We use the NIST P-256 curve due to its widespread security analysis and performance characteristics suitable for resource-constrained environments [26]. The opening key (ok_GM) is specifically designed for traceability without compromising anonymity during normal operations [12,20]. The hash value h serves as a binding commitment to the current state of the group, incorporating both the cryptographic parameters and the current epoch [32]. Each epoch represents a distinct timeframe in the group’s lifecycle, typically changed after member revocations [57]. The group manager maintains three important data structures: a member list M containing registration information, a revoked set R tracking revoked member, and a revocation history H documenting all revocation events with their corresponding epochs [21,46].

The key generation Algorithm 2 is executed when a new UAV joins the group. It establishes the cryptographic identity of the UAV within the group context and binds this identity to the physical device through PUF-derived keys. This binding is essential for our certificateless approach, as it eliminates the need for certificate management while maintaining security.

Algorithm 2 KeyGen

1: function KeyGen (group parameters (g, e, h), manager keys, device ID, PUF) 2: Generate UAV’s key pair: skUAV $\underleftarrow{R}$ [1, n − 1] and pkUAV = skUAV·g 3: Extract device-specific key kP UF = PUF(“DEVICE_KEY_CHALLENGE”) 4: Compute member ID: id = Hash(pkUAV‖deviceID) 5: Create group certificate: cert = Signsk (id‖pkUAV‖e) 6: Store member info in manager’s list: M = M ∪ {(id, pkUAV, e, false, ∅)} 7: Precompute nonce k $\underleftarrow{R}$ [1, n − 1] and commitment R = k·g for optimization 8: return Member keys (id, skUAV, pkUAV, kP UF, cert, e, k, R) 9: end function

A significant optimization in our implementation is the precomputation of the nonce k and commitment R for future Schnorr proofs. This reduces the computational overhead during signature generation, which is particularly beneficial for resource-constrained UAVs. The device-specific key derived from the PUF (k_{P UF}) serves as an anchor to the physical hardware, making key extraction attacks substantially more difficult compared to traditional key storage methods.

The member ID is a cryptographic hash that binds together the UAV’s public key and device identifier, ensuring uniqueness within the group while maintaining the anonymity properties required for group signatures. The group certificate, signed by the group manager, confirms the legitimate membership of the UAV and includes the current epoch to facilitate epoch-based revocation checking. The Schnorr zero-knowledge proof (Algorithm 3) is a foundational component of our group signature scheme, allowing UAVs to prove knowledge of their private keys without revealing them. This property is essential for creating anonymous signatures that can still be verified as coming from legitimate group members (Algorithm 4).

Algorithm 3 CreateSchnorrProof

1: function CreateSchnorrProof (private key sk, message m, group parameters, precomputed (k, R) (optional)) 2:   if precomputed (k, R) not available then 3:   Select random k $\underleftarrow{R}$ [1, n − 1] where n is the curve order 4:   Compute commitment R = k·g 5:   end if 6:   Compute public key pk = sk·g 7:   Encode R and pk as byte arrays Rbytes and pkbytes 8:   Compute challenge e = Hash(Rbytes‖pkbytes‖m) 9:   Compute response s = (k − e·sk) mod n 10:    return Proof (Rbytes, e, s) 11: end function

Algorithm 4 VerifySchnorrProof

1: function VerifySchnorrProof (message m, proof (Rbytes, e, s), public key pk, group parameters) 2: Parse Rbytes to recover point R on curve 3: Encode pk as byte array pkbytes 4: Compute expected challenge e′ = Hash(Rbytes‖pkbytes‖m) 5: Verify that e = e′ 6: Compute R′ = s·g + e·pk 7: Verify that R = R′ 8: return True if both verifications pass, False otherwise 9: end function

The security of the Schnorr proof relies on the hardness of the discrete logarithm problem in elliptic curve groups. Our implementation includes an optimization for UAV environments by allowing the use of precomputed nonces and commitments, which can significantly reduce the computational burden during signature generation. This is particularly important for realtime communication scenarios in UAV swarms.

The proof consists of three components: a commitment R (which hides the random nonce k), a challenge e (derived from the commitment, public key, and message), and a response s (which combines the nonce, challenge, and private key). The challenge computation incorporates the message being signed, making the proof non-transferable to other messages—an essential property for security against replay attacks.

The verification process checks the consistency of the proof without requiring knowledge of the private key. The verifier recomputes the challenge using the provided commitment, public key, and message, then verifies it matches the challenge in the proof. The second verification equation (R = s·g + e·pk) confirms the prover’s knowledge of the private key corresponding to the public key without revealing the private key itself. This algebraic check works because:

s·g + e·pk = (k − e·sk)·g + e·(sk·g) = k·g − e·sk·g + e·sk·g = k·g = R

(18)

The signing algorithm (Algorithm 5) is the core operation performed by UAVs to authenticate messages while maintaining anonymity within the group. Our implementation integrates the Schnorr proof with PUF-derived keys to provide strong security guarantees with minimal computational overhead.

Algorithm 5 Sign

1: function Sign (message m, member keys (id, skUAV, pkUAV, kP UF, cert, e, k, R), group parameters, PUF, manager keys) 2: Verify current epoch: if e ≠ current epoch, call UpdateMemberKeys 3: Verify member is not revoked: if id ∈ R, return error 4:   Generate challenge c = Random (32) for PUF 5:   Obtain PUF response r = PUF(c) 6:   Generate helper data hdata = GetHelperData(c, PUF) 7:   Compute message hash hm = Hash(m) 8:   Create Schnorr proof π = CreateSchnorrProof(skUAV, hm, params, (k, R)) 9:   Compute signature tag t = HMACr(id‖hm) 10: Encrypt member ID: s = SymmEncryptokGM (id‖r) 11: return Signature (c, s, t, e, hdata, hm, π) 12: end function

The signing process first ensures that the UAV is operating with the current epoch information and has not been revoked. This prevents revoked UAVs from generating valid signatures. The algorithm then integrates hardware-binding through the PUF challenge-response mechanism, generating a unique response r that will be used both for linking the signature to the physical device and for facilitating the tracing operation by the group manager.

The signature tag t is computed using an HMAC keyed with the PUF response, binding together the signer’s identity and the message hash. This tag serves as a consistency check during the opening procedure. The member’s identity is encrypted using the group manager’s opening key, ensuring that only the authorized manager can determine the signer’s identity.

The returned signature combines multiple elements to provide the security properties of anonymity, unforgeability, traceability, and unlikability. The PUF challenge c and helper data h data are included to allow verification without requiring the actual PUF device, while the encrypted signer information s enables traceability by the group manager.

The verification algorithm (Algorithm 6) allows any entity to check the validity of a signature without learning the signer’s identity. This property is essential for anonymous group communications, enabling verification that a message came from a legitimate group member without identifying which specific member created it.

Algorithm 6 Verify

1: function Verify (message m, signature (c, s, t, e, hdata, hm, π), group parameters, manager keys) 2: Verify signature epoch: if e ̸= current epoch, check revocation history 3: Verify message hash: if hm ̸= Hash(m), return false 4: Extract commitment R, challenge e′, and response s′ from π 5: Verify Schnorr proof π using VerifySchnorrProof 6: Check revocation: if signature from revoked member, return false 7: return True if all verifications pass, False otherwise 8: end function

The verification process begins with epoch validation, ensuring the signature was created during a valid epoch. For signatures from previous epochs, the algorithm checks the revocation history to determine if the signature was valid at the time of creation. The message hash verification ensures the integrity of the message, preventing tampering attacks.

The core of the verification is the Schnorr proof check, which confirms knowledge of a valid member private key without revealing which key was used. The revocation check ensures that signatures from revoked members are rejected, maintaining the security of the group even after member compromise.

Our verification algorithm is designed to be computationally efficient, with operations that can be performed by other UAVs in the swarm or by base stations. This enables secure intra-swarm communication without requiring constant connectivity to the group manager.

The opening algorithm (Algorithm 7) is a privileged operation that can only be performed by the group manager, allowing for accountability while maintaining anonymity under normal circumstances. This capability is essential for scenarios where malicious behavior must be attributed to specific UAVs. The opening procedure first validates the signature to ensure it meets all verification criteria. It then uses the group manager’s opening key to decrypt the signer information embedded in the signature. This reveals both the member ID and the PUF response used during signing.

Algorithm 7 Open

1: function Open (message m, signature (c, s, t, e, hdata, hm, π), manager keys (skGM, pkGM, okGM, M, R, H)) 2: Verify that signature is valid using Verify algorithm 3: Decrypt signer info: id‖r = SymmDecryptokGM (s) 4: Lookup member information in M using id 5: Verify tag consistency: if t ≠ HMACr(id‖hm), return error 6: return Member ID id 7: end function

To prevent manipulation, the algorithm performs a consistency check using the signature tag. By recomputing the HMAC with the decrypted PUF response and checking it against the provided tag, the algorithm confirms that the signature components are consistent. This prevents attacks where an adversary might attempt to frame innocent UAVs by manipulating signature components.

The opening capability is designed with strong access controls in mind, as it should only be available to authorized personnel for legitimate purposes such as investigating security incidents or unauthorized actions. Our revocation mechanism (Algorithm 8) uses an epoch-based approach to efficiently manage member revocation without requiring frequent re-keying of all group members.

Algorithm 8 Revoke

1: function Revoke(member ID id, group parameters (g, e, h), manager keys (skGM, pkGM, okGM, M, R, H)) 2: Add member to revoked set: R = R ∪ {id} 3: Update member status in M: set member.revoked = true, member.revocation_epoch = e 4: Record revocation in history: H = H ∪ {(e, id)} 5: Increment epoch: e = e + 1 6: Update group parameters hash: h = Hash(g‖e) 7: return Success indicator 8: end function

This is particularly important in dynamic UAV environments where connectivity may be intermittent, and resources limited. The revocation process maintains three distinct records: it adds the member to the current revocation set, updates the member’s status in the member list, and records the revocation event in the historical record. This comprehensive tracking allows for proper verification of signatures from different epochs and facilitates security audits. Each revocation triggers a new epoch, requiring no revoked members to update their keys to continue participating in the group (Algorithm 9).

This epoch increment serves as a versioning mechanism that prevents revoked members from creating valid signatures after revocation. The key update procedure allows legitimate members to transition to new epochs after revocations occur. It incorporates fresh randomness through a new PUF challenge derived from the epoch number, ensuring that signatures from different epochs cannot be linked together (enhancing unlikability). The procedure also refreshes the precomputed Schnorr nonce and commitment, maintaining the performance optimization for future signing operations.

Algorithm 9 UpdateMemberKeys

1: function UpdateMemberKeys (member keys (id, skUAV, pkUAV, kP UF, cert, eold, k, R), new group parameters (g, enew, h), PUF 2: Verify member is not revoked: if id ∈ R, return error 3: Update current epoch in member keys: e = enew 4: Generate epoch-specific challenge: cepoch = Hash(“EPOCH”‖enew) 5: Generate new PUF response: rnew = PUF(cepoch) 6: Precompute new Schnorr nonce k new $\underleftarrow{R}$ [1, n − 1] commitment Rnew = knew·g 7: return Updated member keys (id, skUAV, pkUAV, kP UF, cert, enew, knew, Rnew) 8: end function

By reusing the existing private/public key pair and only updating epoch specific elements, the update process minimizes communication and computational overhead while maintaining security. This approach is particularly well-suited for UAV environments where full rekeying operations could be prohibitively expensive in terms of bandwidth and energy consumption.

For scenarios involving multiple UAVs communicating simultaneously, such as in swarm applications, our scheme supports efficient batch verification (Algorithm 10). This optimization allows multiple signatures to be verified together at a lower computational cost than verifying each signature individually.

Algorithm 10 BatchVerify

1: function BatchVerify (messages {m1, m2, …, ml}, signatures {σ1, σ2, …, σl}, group parameters, manager keys) 2:   Generate random weights: αi ← [1, n − 1] for i = 1,2,…l 3:   Extract Schnorr proofs πi = (Ri, ei, si) from each signature σi 4:   Compute R′ = ∑ilαiRi 5:   Compute s′ = ∑ilαisi mod n 6:   Compute e′ = ∑ilαiei mod n 7:   Extract Schnorr proofs πi = (Ri, ei, si) 8:   Extract public keys pki for each signature using helper data 9:   Compute Y = ∑il1aiei ∙pki 10: Verify that R′ = s′·g + Y 11: return True if verification passes and no signature is from a revoked member, False otherwise 12: end function

The batch verification algorithm uses random weights to combine multiple signature verifications into a single equation check. This randomization prevents adversaries from crafting special combinations of invalid signatures that might pass batch verification. The approach leverages the homomorphic properties of elliptic curve operations to combine multiple verification equations (

Table 2. Security properties and attack resistance.

Property Theoretical Basis Attack Protection	Property Theoretical Basis Attack Protection	Property Theoretical Basis Attack Protection
Anonymity	Semantic security of encryption, Zero-knowledge property of Schnorr proofs	Identity revelation attacks, Privacy breaches, Correlation attacks
Unforgeability	ECDLP hardness, PUF unclonability, HMAC security	Forgery attacks, Replay attacks, Key compromise, Rogue key attacks
Traceability	Correctness of decryption, Tag binding	Frame attacks, Repudiation, Signature manipulation

).

The computational advantage comes from reducing the number of expensive elliptic curve operations. Instead of performing 2l scalar multiplications for l signatures in individual verification, batch verification requires only l + 2 scalar multiplications. This represents significant savings for resource constrained UAVs, especially as the number of signatures increases.

The algorithm still maintains the security properties of individual verification, rejecting the batch if any signature is invalid or comes from a revoked member. This makes it suitable for applications where multiple UAVs need to verify signatures from other swarm members efficiently.

4. Result

Our proposed group signature scheme is designed to provide robust security guarantees for UAV communications while accommodating the resource constraints of these devices [26,62]. Recent studies have highlighted the critical importance of tailored information security solutions for UAV systems, addressing both the unique threat models and the challenges of wireless communication in radio-visible zones [69,70,71]. In this section, we provide a formal security analysis of the scheme against various attack vectors within our defined threat model [9,42].

We consider adversaries with the following capabilities [8,32]:

• External Passive Adversary: Can eavesdrop on all communication channels between UAVs and the ground control station [34];
• External Active Adversary: Can inject, modify, or replay messages in the communication network [35];
• Compromised UAV: An adversary who has gained control of one or more legitimate UAVs in the group [44];
• Physical Capture: An adversary who has physical possession of a UAV and can attempt hardware-level attacks [36].

We assume the group manager (ground control station) is trusted and that physical attacks on the PUF devices are limited by their inherent resistance to cloning [61,66]. Overall, our security analysis demonstrates that the proposed scheme provides strong security guarantees against a wide range of attack vectors while maintaining efficiency for resource-constrained UAV applications [25,47].

We implemented the proposed group signature scheme in Python v.3.11 using the cryptography library for elliptic curve operations and a simulated PUF implementation [10,63]. Our implementation uses the NIST P-256 elliptic curve for all ECC operations, which provides 128-bit security level [15,20]. For the PUF simulation, we created a model that simulates the manufacturing variations of silicon-based PUFs [60,62].

We evaluated the performance of our scheme using the following metrics [21,59]:

• Setup time: Time required to initialize the group parameters and manager keys [17];
• Signing time: Time required for a UAV to create a signature [24];
• Verification time: Time required to verify a signature [25];
• Revocation time: Time required to revoke a member and update the group state [57];
• Memory usage per UAV: Memory footprint per individual UAV [27];
• Total memory: Overall memory requirements for the entire UAV swarm [56].

We conducted extensive testing with 100 iterations per UAV group size to ensure statistical significance. The results presented are mean values across all iterations, providing a reliable measure of expected performance. Our evaluation covers UAV swarm sizes from 3 to 1000 devices, demonstrating the scalability of our approach.

The results in

Table 3. Performance evaluation results.

UAV Count	Setup (ms)	Sign (ms)	Verify (ms)	Revocation (ms)	Memory/UAV (KB)	Total Memory (MB)
3	6.21	0.93	0.047	1.42	129.04	0.38
5	6.35	1.01	0.096	3.45	129.04	0.63
10	20.37	1.14	0.054	5.71	129.04	1.26
25	59.88	1.89	0.060	18.67	129.04	3.15
50	140.26	1.18	0.049	18.58	129.04	6.3
100	183.65	1.17	0.058	58.15	129.04	12.6
150	293.78	1.61	0.055	77.64	129.04	18.9
250	405.89	1.26	0.054	137.92	129.04	31.5
500	949.97	2.44	0.058	442.59	129.04	63.01
750	1052.44	0.99	0.043	475.11	129.04	94.51
1000	1720.31	1.46	0.048	879.15	129.04	126.02

demonstrate that our scheme scales efficiently with increasing UAV swarm size, from small groups of 3 UAVs to large swarms of 1000 devices. Several key observations can be made:

Setup time increases linearly with the number of UAVs, which is expected as each UAV requires individual initialization. The setup time grows from 6.21 ms for 3 UAVs to 1720 ms for 1000 UAVs, demonstrating predictable linear scaling that remains practical even for very large swarms (Figure 2).

Signing time remains remarkably consistent across all swarm sizes, varying only between 0.93 ms and 2.44 ms. This consistency is critical for real-time UAV operations and demonstrates that our precomputation optimizations effectively minimize computational overhead regardless of swarm size.

Verification time is exceptionally efficient, maintaining sub-millisecond performance (0.043–0.096 ms) across all tested swarm sizes. This ultra-low latency enables rapid validation of messages in time-sensitive scenarios, which is particularly important for UAV applications requiring quick decision-making.

Revocation operations scale linearly with swarm size, increasing from 1.42 ms for 3 UAVs to 879.15 ms for 1000 UAVs. This indicates that our epoch-based revocation mechanism remains efficient even as the swarm grows to very large sizes (Figure 3).

Memory requirements are constant per UAV at 129.04 KB, resulting in predictable total memory usage that scales linearly with the number of UAVs. Even for large swarms of 1000 UAVs, the total memory footprint remains under 130 MB, making our scheme suitable for memory-constrained environments.

Energy consumption demonstrates remarkable consistency across all swarm sizes, with signing operations consuming exactly 2297.7 J and verification operations consuming 3990.4 J regardless of swarm size. This constant energy consumption is a key advantage for UAV applications where battery life is critical.

Figure 2 and Figure 3 visualize the performance data from our experiments. The graphs clearly demonstrate the linear scaling of setup time and the practical revocation times across different swarm sizes. Since the signing and verification times remain constant (sub-2.5 ms and sub-millisecond, respectively) regardless of swarm size, we do not include separate graphs for these metrics.

We also evaluated memory usage, as shown in Figure 4, which confirms the linear scaling of total memory with UAV count. With a constant memory requirement of 129.04 KB per UAV, our scheme remains practical for deployment on resource-constrained UAV platforms.

In comparison to existing approaches, our scheme demonstrates superior performance. The linear growth of time and memory remains within the norm, and the constant signing and verification times make the system particularly suitable for UAV networks in the early days, even with thousands of devices.

5. Discussion and Future Work

Our energy consumption analysis highlights the practical viability of the proposed group signature scheme for UAV communication but also reveals several important limitations that must be acknowledged. The presented energy model relies on ARM Cortex-M4 and Raspberry Pi 4 specifications, which may not perfectly represent all UAV hardware platforms. While the current evaluation offers valuable insights, future research must validate results on actual UAV hardware, test performance under varying environmental conditions such as temperature fluctuations and voltage variations and analyze consumption during different flight phases. Moreover, the reported energy measurements assume optimal conditions, whereas real-world deployment introduces additional factors including network communication overhead, memory management costs during extended operations, and hardware-specific variations.

Despite these limitations, the analysis emphasizes the environmental impact of efficient cryptography in UAVs. By minimizing the energy overhead of secure communication, our scheme contributes to sustainable drone operations, reducing the overall environmental footprint of large-scale deployments while ensuring robust security guarantees. When compared to traditional group signature schemes that typically require 10–50 ms for signing and 20–100 ms for verification, our approach achieves sub-2.5 ms signing and sub-millisecond verification. This performance makes it well-suited for real-time UAV applications where strict latency constraints are critical.

The energy model employed incorporates the computational costs of elliptic curve operations, hash functions, PUF challenge-response processing, and symmetric cryptography. Results demonstrate remarkable consistency across swarm sizes from 3 to 1000 UAVs: signing operations consume 2297.7 J per signature, verification consumes 3990.4 J, and the total cryptographic overhead for a typical mission session represents only 0.6013% of a 10,000 mAh battery. This minimal impact enables extended mission durations of over eight hours, supports continuous secure communications, and ensures scalability without increasing the per-device energy cost. This constant energy profile across swarm sizes is particularly advantageous for applications such as surveillance, delivery, and disaster response, where scalability and endurance are crucial.

Nevertheless, critical limitations remain. The scheme’s reliance on Physical Unclonable Functions (PUFs) raises concerns regarding environmental sensitivity, response variability, and the need for error correction mechanisms. While simulated PUFs demonstrate the potential of the approach, real-world validation on hardware platforms with actual PUF devices is essential for practical deployment. Scalability beyond 1000 UAVs also presents challenges, including increased communication overhead for revocation updates, memory management at very large swarm sizes, and resilience to network partitioning. Furthermore, certain assumptions of the threat model, such as the permanent trustworthiness of the group manager, may not be held in all scenarios. While PUFs provide resistance to cloning, sophisticated physical attacks on UAV hardware remain a potential risk, and reliance on elliptic curve cryptography raises questions about quantum resistance in the long term.

A comparison with alternative lightweight cryptographic approaches highlights additional trade-offs. Lattice-based cryptography offers post-quantum security but requires significantly more computational resources, leading to increased energy consumption that may be prohibitive for UAVs. Blockchain-based solutions provide decentralized trust but introduce consensus overhead, latency issues, and high energy costs. Identity-based cryptography avoids certificates but suffers from key escrow problems, complex revocation processes, and trust requirements for key generation authorities. Against these approaches, the proposed scheme demonstrates a more practical balance between security, energy efficiency, and scalability.

Future research directions include the development of a fully certificateless architecture, for example, by integrating Merkle tree proofs and PUF-only authentication mechanisms, thereby further reducing system overhead. Improving environmental robustness of PUFs through adaptive error correction, multi-PUF redundancy, and integration of environmental monitoring sensors will also be essential. Advanced security features such as forward secrecy, post-quantum variants, and privacy-preserving analytics represent promising avenues for enhancing applicability. Beyond theoretical development, comprehensive real-world deployment studies, including hardware implementations, field testing, and formal security audits, will be critical. Furthermore, progress toward standardization and interoperability across UAV platforms, including protocol specifications and compliance with regulatory frameworks, will support wider adoption in the industry.

The implications of this work for the UAV sector are substantial. Commercial applications such as secure large-scale delivery networks, privacy-preserving surveillance systems, and resilient disaster response swarms stand to benefit directly from the proposed scheme’s efficiency and scalability. In research and development, the approach creates new opportunities for lightweight cryptography in UAV and IoT applications, stimulates industry-driven solutions, and contributes to emerging standards for secure UAV communications. Overall, the proposed group signature scheme demonstrates not only strong performance and minimal energy impact but also a foundation for future research that addresses existing limitations and prepares UAV communication systems for the challenges of scalability, sustainability, and post-quantum security.

6. Conclusions

This paper presented a lightweight, PUF-based group signature scheme specifically designed for UAV communications in resource-constrained environments. Our approach successfully addresses the unique security challenges of UAV systems by

• Achieving essential security properties (anonymity, unforgeability, traceability, and unlikability) with minimal computational overhead;
• Eliminating certificate management through PUF integration, reducing communication and storage requirements;
• Demonstrating remarkable performance metrics: consistent 1.4 ms signing time, 0.06 ms verification time, and linear scaling for setup and revocation operations;
• Providing a practical security solution for UAV swarms scaling to 150+ devices with predictable resource utilization.

Our experimental evaluation confirms that the proposed scheme outperforms traditional group signature approaches by an order of magnitude, making secure group communications viable for real-time UAV applications with strict latency and energy constraints. This aligns with recent advancements in UAV information security frameworks, which emphasize the integration of lightweight cryptographic protocols adapted for wireless and resource-limited environments [69]. Additionally, methods for protecting data transmission in direct radio visibility zones, as investigated by [71], further corroborate the relevance and applicability of our certificateless PUF-based group signature scheme for secure UAV swarm communications. The constant signature verification is particularly valuable for safety-critical UAV operations where predictable performance is essential. The lightweight security approach demonstrated in this work represents an important step toward enabling secure, privacy-preserving communications for the next generation of UAV applications in smart cities, disaster response, and autonomous delivery systems. Future work will explore a fully certificateless approach that eliminates the need for member certificates entirely, further reducing communication overhead and computational requirements by relying solely on PUF-derived authentication, Merkle tree proofs for group membership verification, and direct inclusion of epoch information in signatures.

The proposed lightweight group signature scheme is highly relevant to UAV-based remote sensing systems employed in precision agriculture. In this context, UAVs equipped with multispectral and thermal sensors perform field scouting and crop monitoring, collecting real-time data on plant health, soil conditions, and pest activity. These insights enable data-driven decision-making for variable-rate application of inputs such as fertilizers, pesticides, and irrigation, significantly improving resource efficiency and crop yield. To ensure the integrity, authenticity, and privacy of sensor data exchanged within UAV swarms and ground stations, robust and efficient cryptographic protocols are essential. The integration of certificateless, PUF-based group signatures provide a scalable and secure communication foundation, directly supporting the operational needs of AI-powered agricultural optimization systems such as those developed under the Agroscope project.