Search Results (58)

As a data-centric next-generation network architecture, Named Data Networking (NDN) exhibits inherent compatibility with the distributed nature of the Internet of Things (IoT) through its name-based routing mechanism. However, existing signature schemes for NDN-IoT face dual challenges: resource-constrained IoT terminals struggle with certificate management and computationally intensive bilinear pairings under traditional Public Key Infrastructure (PKI), while NDN routers require low-latency batch verification for high-speed data forwarding. To address these issues, this study proposes ECAE, an efficient certificateless aggregate signature scheme based on elliptic curve cryptography (ECC). ECAE introduces a partial private key distribution mechanism in key generation, enabling the authentication of identity by a Key Generation Center (KGC) for terminal devices. It leverages ECC and universal hash functions to construct an aggregate verification model that eliminates bilinear pairing operations and reduces communication overhead. Security analysis formally proves that ECAE resists forgery, replay, and man-in-the-middle attacks under the random oracle model. Experimental results demonstrate substantial efficiency gains: total computation overhead is reduced by up to 46.18%, and communication overhead is reduced by 55.56% compared to state-of-the-art schemes. This lightweight yet robust framework offers a trusted and scalable verification solution for NDN-IoT environments. Full article

In response to the issues of high transaction transparency and regulatory difficulties in blockchain account-model transactions, this paper presents a supervised blockchain anonymous transaction model based on certificateless signcryption aimed at ensuring secure blockchain transactions while minimizing both computational and communication overhead. During the transaction process, this approach utilizes certificateless public key signcryption without bilinear pairs to generate anonymous user identities, achieving strong anonymity of user identities and confidentiality of transaction amounts. It employs the Paillier homomorphic encryption algorithm to update transaction amounts and uses the FO commitment-based zero-knowledge proof scheme to validate transaction legality. Additionally, adopting a publicly verifiable secret threshold sharing scheme for hierarchical regulatory authority reduces the security risk of a single regulator storing the regulatory key. This model not only meets the privacy and timely update requirements of account-based blockchain transactions but also effectively regulates abnormal transactions. Rigorous security analysis and proofs demonstrate that this model possesses excellent anonymity, traceability, forward security, and backward security. When compared to similar schemes, the computational cost is reduced by at least 33.18%, effectively fulfilling the requirements for security. Full article

Cryptographic accumulators are now fundamental for secure applications across blockchain, IoT, and big data, powering anonymous credentials, streamlining key management, and enabling efficient data filtering. However, existing accumulator methods, like RSA, bilinear pairing, and Merkle trees, are hampered by storage bloat, computational burdens, and reliance on trusted administrators. To solve these problems, we introduce a hash-chain-based ordered universal accumulator that eliminates these drawbacks. Our scheme uses collision-resistant hash functions to dynamically manage sets while providing strong, verifiable membership and non-membership proofs, all without a trusted administrator. The benefits include self-certification, batch verification, and consistent representation of accumulated sets. Testing shows our scheme cuts storage by roughly 50% compared to Merkle trees and significantly speeds up computation over RSA-based approaches. This lightweight and scalable solution is ideal for constrained environments like IoT and blockchain, unlocking wider decentralized application adoption. Full article

The implementation of universal designated verifier signatures proofs (UDVSPs) enhances data privacy and security in various digital communication systems. However, practical applications of UDVSP face challenges such as high computational overhead, onerous certificate management, and complex public key initialization. These issues hinder UDVSP adoption in daily life. To address these limitations, existing solutions attempt to eliminate bilinear pairing operations, but their proposal still involves cumbersome certificate management and inherent interactive operations that can sometimes significantly degrade system efficiency. In this paper, we first utilize the identity-based (ID-based) SM2 digital signature scheme to construct an ID-based UDVSP system which sidesteps the cumbersome certificate management issue. To further remove the interactive requirement, we also employ the OR proof and Fiat–Shamir technologies to design the other ID-based UDVSP system. Our designs not only possess the same bilinear pairing-free advantage as Lin et al.’s proposal, but also achieve the certificate-free or non-interactive goals. Security proofs and performance analysis confirm the viability and efficiency of our systems. Full article

IoT-based applications require effective anonymous authentication and key agreement (AKA) protocols to secure data and protect user privacy due to open communication channels and sensitive data. While AKA protocols for these applications have been extensively studied, achieving anonymity remains a challenge. AKA schemes using one-time pseudonyms face resynchronization issues after desynchronization attacks, and the high computational overhead of bilinear pairing and public key encryption limits its applicability. Existing schemes also lack essential security features, causing issues such as vulnerability to ephemeral secret leakage attacks and key compromise impersonation. To address these issues, we propose two novel AKA schemes, PUAKA and RCAKA, designed for different IoT traffic patterns. PUAKA improves end device anonymity in the periodic update pattern by updating one-time pseudonyms with authenticated session keys. RCAKA, for the remote control pattern, ensures anonymity while reducing communication and computation costs using shared signatures and temporary random numbers. A key contribution of RCAKA is its ability to resynchronize end devices with incomplete data in the periodic update pattern, supporting continued authentication. Both protocols’ security is proven under the Real-or-Random model. The performance comparison results show that the proposed protocols exceed existing solutions in security features and communication costs while reducing computational overhead by 32% to 50%. Full article

Cloud-to-Vehicle (C2V) integration serves as a fundamental infrastructure to provide robust computing and storage support for Vehicular Social Networks (VSNs). However, the proliferation of sensitive personal data within VSNs poses significant challenges in achieving secure and efficient data sharing while maintaining data usability and precise retrieval capabilities. Although existing searchable attribute-based encryption schemes offer the secure retrieval of encrypted data and fine-grained access control mechanisms, these schemes still exhibit limitations in terms of bilateral access control, dynamic index updates, and search result verification. This study presents a Dual-Policy Attribute-based Searchable Encryption (DP-ABSE) scheme with dynamic keyword update functionality for VSNs. The scheme implements a fine-grained decoupling mechanism that decomposes data attributes into two distinct components: immutable attribute names and mutable attribute values. This decomposition transfers the attribute verification process from data owners to the encrypted files themselves, enabling data attribute-level granularity in access control. Through the integration of an identity-based authentication mechanism derived from the data owner’s unique identifier and bilinear pairing verification, it achieves secure updates of the specified keywords index while preserving both the anonymity of the non-updated data and the confidentiality of the message content. The encryption process employs an offline/online two-phase design, allowing data owners to pre-compute ciphertext pools for efficient real-time encryption. Subsequently, the decryption process introduces an outsourcing local-phase mechanism, leveraging key encapsulation technology for secure attribute computation outsourcing, thereby reducing the terminal computational load. To enhance security at the terminal decryption stage, the scheme incorporates a security verification module based on retrieval keyword and ciphertext correlation validation, preventing replacement attacks and ensuring data integrity. Security analysis under standard assumptions confirms the theoretical soundness of the proposed solution, and extensive performance evaluations showcase its effectiveness. Full article

Proxy re-encryption (PRE) is a cryptographic primitive that extends public key encryption by allowing ciphertexts to be re-encrypted from one user to another without revealing information about the underlying plaintext. This makes it an essential privacy-enhancing technology, as only the intended recipient is able to decrypt sensitive personal information. Previous PRE schemes were commonly based on symmetric bilinear pairings. However, these have been found to be slower and less secure than the more modern asymmetric pairings. To address this, we propose two new PRE scheme variants, based on the unidirectional symmetric pairing-based scheme by Weng et al. and adapted to utilize asymmetric pairings. We employ a known automated black-box reduction technique to transform the base scheme to the asymmetric setting, identify its shortcomings, and subsequently present an alternative manual transformation that fixes these flaws. The adapted schemes retain the properties of the base scheme and are therefore CCA-secure in the adaptive corruption model without the use of random oracles, while being faster, practical, and more secure overall than the base scheme. Full article

In mobile social networks, users can easily communicate with others through smart devices. Therefore, the protection of user privacy in social networks is becoming a significant subject. To solve this problem, this paper proposes a fine-grained data access control scheme that uses attributes to match friends. In our scheme, the friend-making parties generate friend preference and self-description lists, respectively, realizing attribute hiding by converting friendship preference into ciphertext access control policies and self-description into attribute keys. The social platform matches user profiles to quickly eliminate unmatched users and avoids invalid decryption. In order to reduce the computational burden and communication cost of mobile devices, we adopt an algorithm mechanism for outsourcing decryption. When the user meets the matching conditions, the algorithm outsources the bilinear pair operation with large computation to the friend server. After that, the user finally decrypts the ciphertext. Security analysis shows that our scheme is safe and effective. In addition, performance evaluation shows that the proposed scheme is efficient and practical. Full article

Security and efficiency remain a serious concern for Internet of Things (IoT) environments due to the resource-constrained nature and wireless communication. Traditional schemes are based on the main mathematical operations, including pairing, pairing-based scalar multiplication, bilinear pairing, exponential operations, elliptic curve scalar multiplication, and point multiplication operations. These traditional operands are cost-intensive and require high computing power and bandwidth overload, thus affecting efficiency. Due to the cost-intensive nature and high resource requirements, traditional approaches are not feasible and are unsuitable for resource-limited IoT devices. Furthermore, the lack of essential security attributes in traditional schemes, such as unforgeability, public verifiability, non-repudiation, forward secrecy, and resistance to denial-of-service attacks, puts data security at high risk. To overcome these challenges, we have introduced a novel signcryption algorithm based on hyperelliptic curve divisor multiplication, which is much faster than other traditional mathematical operations. Hence, the proposed methodology is based on a hyperelliptic curve, due to which it has enhanced security with smaller key sizes that reduce computational complexity by 38.16% and communication complexity by 62.5%, providing a well-balanced solution by utilizing few resources while meeting the security and efficiency requirements of resource-constrained devices. The proposed strategy also involves formal security validation, which provides confidence for the proposed methodology in practical implementations. Full article

Due to the openness of the vehicle-to-grid (V2G) network, the upload of charging and discharging data faces severe security challenges such as eavesdropping, tampering, and forgery. These challenges can lead to privacy breaches, transmission delays, and service quality degradation. To address these issues, a V2G network architecture based on cloud–fog-end is designed, and a charging and discharging data privacy protection scheme is proposed. We employ a pseudonym mechanism to achieve the conditional privacy protection of electric vehicle (EV) users. We design a certificateless aggregate signcryption (CLASC) algorithm to guarantee the security of uploading the charging and discharging privacy data. The algorithm solves certificate management and key escrow issues, utilizes aggregate signature operations to save network bandwidth, and avoids complex computations like bilinear pairings and exponents. Additionally, the scheme delegates the aggregate verification process to the fog layer, thereby alleviating the computational burden on the cloud layer, decreasing transmission delays, and enhancing the efficiency and reliability of the V2G network. The analysis results indicate that the scheme not only meets the required security objectives, but also has lower computational and communication overheads, making it suitable for scenarios involving the charging and discharging of large-scale EVs in V2G networks. Full article

With superior computing power and efficient data collection capability, Internet of Medical Things (IoMT) significantly improves the accuracy and convenience of medical work. As most communications are over open networks, it is critical to encrypt data to ensure confidentiality before uploading them to cloud storage servers (CSSs). Public key encryption with keyword search (PEKS) allows users to search for specific keywords in ciphertext and plays an essential role in IoMT. However, PEKS still has the following problems: 1. As a semi-trusted third party, the CSSs may provide wrong search results to save computing and bandwidth resources. 2. Single-keyword searches often produce many irrelevant results, which is undoubtedly a waste of computing and bandwidth resources. 3. Most PEKS schemes rely on bilinear pairings, resulting in computational inefficiencies. 4. Public key infrastructure (PKI)-based or identity-based PEKS schemes face the problem of certificate management or key escrow. 5. Most PEKS schemes are vulnerable to offline keyword guessing attacks, online keyword guessing attacks, and insider keyword guessing attacks. We present a certificateless verifiable and pairing-free conjunctive public keyword searchable encryption (CLVPFC-PEKS) scheme. An efficiency analysis shows that the performance advantage of the new scheme is far superior to that of the existing scheme. More importantly, we provide proof of security under the standard model (SM) to ensure the reliability of the scheme in practical applications. Full article

In the advanced metering infrastructure (AMI), impersonation, eavesdropping, man-in-the-middle and other attacks occur in the process of communication between entities through public channels, which will lead to the leakage of user privacy or the incorrect issuance of control instructions, resulting in economic losses and even power system operation failures. In view of this situation, we design a lightweight key agreement scheme based on a chaotic map for the AMI. We use the chaotic map to replace the time-consuming bilinear pairing and elliptic curve method and establish a secure communication channel between legal entities. In addition, we also design a multicast key generation mechanism for message transmission in AMI. The security analysis proves the security of the proposed scheme in the random oracle model, which can meet the security characteristics of anonymity and forward secrecy, and can effectively resist common attacks such as impersonation, replay and man-in-the-middle. The performance analysis results show that the proposed scheme requires lower computational and communication costs than related schemes, so it is more suitable for AMI scenarios with limited resources. Full article

A transitive signature scheme enables anyone to obtain the signature on edge $(i,k)$ by combining the signatures on edges $(i,j)$ and $(j,k)$, but it suffers from signature theft and signature abuse. The existing work has solved these problems using a universal designated verifier transitive signature (UDVTS). However, the UDVTS scheme only enables the designated verifier to authenticate signatures, which provides a simple way for the signer to deny having signed some messages. The fact that the UDVTS is not publicly verifiable prevents the verifier from seeking help arbitrating the source of signatures. Based on this problem, this paper proposes a traceable universal designated verifier transitive signature (TUDVTS) and its security model. We introduce a tracer into the system who will trace the signature back to its true source after the verifier has submitted an application for arbitration. To show the feasibility of our primitive, we construct a concrete scheme from a bilinear group pair $(\mathbb{G},{\mathbb{G}}_{\mathbb{T}})$ of prime order and prove that the scheme satisfies unforgeability, privacy, and traceability. Full article

Internet of Things (IoT) applications have been increasingly developed. Authenticated key agreement (AKA) plays an essential role in secure communication in IoT applications. Without the PKI certificate and high time-complexity bilinear pairing operations, identity-based AKA (ID-AKA) protocols without pairings are more suitable for protecting the keys in IoT applications. In recent years, many pairing-free ID-AKA protocols have been proposed. Moreover, these protocols have some security flaws or relatively extensive computation and communication efficiency. Focusing on these problems, the security analyses of some recently proposed protocols have been provided first. We then proposed a family of eCK secure ID-AKA protocols without pairings to solve these security problems, which can be applied in IoT applications to guarantee communication security. Meanwhile, the security proofs of these proposed ID-AKA protocols are provided, which show they can hold provable eCK security. Some more efficient instantiations have been provided, which show the efficient performance of these proposed ID-AKA protocols. Moreover, comparisons with similar schemes have shown that these protocols have the least computation and communication efficiency at the same time. Full article

Blockchain integrates peer-to-peer networks, distributed consensus, smart contracts, cryptography, etc. It has the unique advantages of weak centralization, anti-tampering, traceability, openness, transparency, etc., and is widely used in various fields, e.g., finance and healthcare. However, due to its open and transparent nature, attackers can analyze the ledger information through clustering techniques to correlate the identities between anonymous and real users in the blockchain system, posing a serious risk of privacy leakage. The ring signature is one of the digital signatures that achieves the unconditional anonymity of the signer. Therefore, by leveraging Distributed Key Generation (DKG) and Elliptic Curve Cryptography (ECC), a blockchain-enabled secure ring signature scheme is proposed. Under the same security parameters, the signature constructed on ECC has higher security in comparison to the schemes using bilinear pairing. In addition, the system master key is generated by using the distributed key agreement, which avoids the traditional method of relying on a trusted third authorizer (TA) to distribute the key and prevents the key leakage when the TA is not authentic or suffers from malicious attacks. Moreover, the performance analysis showed the feasibility of the proposed scheme while the security was ensured. Full article