A secure data sharing scheme based on broadcast signcryption in data center

Runyuan Dong; Yang Li; Liangyu Zhu

doi:10.1371/journal.pone.0335757

Abstract

In today’s digital age, data centers have become one of the most important infrastructures in businesses and organizations. They store and manage critical enterprise data and resources, as well as being the core support for business operations. However, as data centers grow and expand, cybersecurity has become an important challenge. In order to efficiently retrieve ciphertexts and achieve secure communication between data center and data user, this article proposes a multi-ciphertext equality test broadcast signcryption scheme. The scheme uses broadcast signcryption technology to ensure the confidentiality and unforgeability of messages, and uses multi-ciphertext equality test to achieve efficient retrieval of ciphertexts on cloud servers. Based on the hypothesis of difficult problems, the security of the scheme has been proven under the random oracle model. Numerical analysis shows that our work has relatively high computational and communication efficiency, when the number of receivers is 100, the computational efficiency of our scheme has increased by more than 20% compared to the existing schemes and is suitable for data communication in data center.

Citation: Dong R, Li Y, Zhu L (2025) A secure data sharing scheme based on broadcast signcryption in data center. PLoS One 20(11): e0335757. https://doi.org/10.1371/journal.pone.0335757

Editor: Elochukwu Ukwandu, Cardiff Metropolitan University - Llandaff Campus: Cardiff Metropolitan University, UNITED KINGDOM OF GREAT BRITAIN AND NORTHERN IRELAND

Received: March 20, 2025; Accepted: October 15, 2025; Published: November 10, 2025

Copyright: © 2025 Dong et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Data Availability: All relevant data are within the experimental analysis section of the manuscript.

Funding: This research was funded by the National Key Research and Development Program of China (2023YFC3007305-03). The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.

Competing interests: The authors have declared that no competing interests exist.

Introduction

In today’s information age, massive amounts of information flood into terminal devices every day, resulting in the problem of digital devices storing and calculating the received massive data. Data centers have become the infrastructure for storing and managing data in the digital age. The network architecture of the data center is shown in Fig 1. During the process of data transmission, data centers face many security issues such as data leakage, unauthorized access, and illegal operations. Security is the core of data center construction, and ensuring the security control of physical space and network is the cornerstone of guaranteeing the stable operation of data centers. Fig 2 shows the hacker attack paths that exist in data communication. After the sensors transmit the collected data to the data center, there may be malicious attackers attacking sensitive data in data communication.

Download:

Fig 1. The network architecture of the data center.

https://doi.org/10.1371/journal.pone.0335757.g001

Download:

Fig 2. The attack of data communication.

https://doi.org/10.1371/journal.pone.0335757.g002

To protect data privacy and achieve information security, data owner encrypts sensitive information and stores it in the cloud server, which poses a challenge for cloud server to perform calculations on encrypted data. To resist honest and curious cloud servers and various malicious attacks from external sources, scholars have proposed the concept of searchable encryption, the data owner only needs to encrypt the message once to achieve the function of multiple receivers searching simultaneously. However, searchable encryption only applies to ciphertext encrypted with the same public key. In order to address the limitations of searchable encryption, scholars have proposed the concept of equality test [1], which can retrieve ciphertexts encrypted with different public keys. Equality test has also been well applied in practical environments, as it is possible to retrieve ciphertexts encrypted with different public keys, and equality test has also been well applied in practical environments. Zhao et al. [2] proposed a dual server uncertified public key encryption scheme that supports authorization equality test in bilinear groups, providing confidentiality protection for outsourced ciphertexts and authentication tokens, and can resist internal keyword guessing attacks. Yuan et al. [3] proposed an image centric privacy protection architecture for social discovery services, which allows people to find friends with similar interests by testing the similarity of encrypted images. Zhao et al. [4] proposed an authorization equality test scheme for identity based cryptographic systems, which allows servers to test whether two different ciphertexts encapsulate the same message. Additionally, it supports different authorization methods to enhance privacy. However, the equality test in the above scheme only targets two ciphertexts. In order to improve the retrieval efficiency of ciphertexts, we propose a broadcast signcryption scheme with multi-ciphertext equality test in data center.

Our contributions

– The scheme realizes data confidentiality, unforgeability and receiver’s identity anonymity. We use hybrid signcryption to ensure data security and achieve secure communication between data center and data user. The data receivers do not know each other’s identities, ensuring the anonymity of the receivers.
– Our proposed scheme carries out multi-ciphertext equality test to implement efficient retrieval of ciphertexts. When data users need to retrieve ciphertexts, they upload trapdoors to the cloud server, which performs multi-ciphertext equality test based on the trapdoors.
– Our proposed work has higher computation efficiency than existing schemes and implement a lightweight broadcast signcryption scheme. We use hybrid signcryption to ensure data security while also improving the efficiency of algorithms in the data center.

Organization

The article is organized as follows. The Related works section summarizes the related work. The Preliminaries section introduces the preliminary work. The proposed scheme section presents the scheme structure and correctness. The Security proof section proves the security of our work. The Performance evaluation section shows the performance evaluation. Finally, we conclude this work in the Conclusion section.

Related works

Yang et al. [1] first proposed Public Key Encryption with support for equality test(PKEET), and provided a specific scheme that anyone can check whether the messages of any two ciphertexts are the same without decrypting. In order to meet different privacy needs, Tang [5] introduces agents in the PKEET, only authorized users can perform equality test. Ma et al. [6] further limit the scope of authorization to only designated agents authorized by the user who can access the user’s confidential information, they also proposed a PKEET scheme that implemented four types of authorization strategies. Wu et al. [7] proposed an efficient identity based scheme with bilinear pairing, which reduces the time-consuming function computation and each trapdoor can only be used to perform equality test on specific keywords. However, the above scheme only compare two ciphertexts and have lower efficiency. In order to settle above problems, Susilo et al. [8] proposed an encryption scheme that supports multi ciphertext equality test, which can be used to test the relationship between multiple messages. Each ciphertext can be assigned a number s, allowing cloud servers to only perform equality test on that ciphertext with other s–1 ciphertexts. Unfortunately, the above PKEET schemes only ensure the confidentiality of information, but cannot guarantee unforgeability of data. In order to achieve both confidentiality and unforgeability of sensitive data within a single time unit, scholars have proposed a signcryption scheme [9–11]. For the reason that settle various hacker attacks and guarantee data security in different cryptosystems communication, heterogeneous signcryption scheme [12–14] have been proposed to meet sensitive information’s confidentiality and unforgeability during data transmission. However, the above works suitable for one to one transmission environment. To meet the requirements of one to many communication, Yu et al. [15] proposed a provably secure multi receiver implicit certificate based signcryption scheme based on implicit certificate cryptosystem and polynomial interpolation evaluation for one to many communication in edge computing. Wang et al. [16] proposed a secure certificate free multi receiver signature scheme to address the security issues of remote downlink control command multicast in advanced metering infrastructure. This scheme not only ensures the confidentiality, integrity, and unforgeability of commands sent by power companies, but also prevents the identity of smart meters receiving commands from being leaked. In order to improve the computational efficiency of the scheme. Shen et al. [17] proposed a lightweight uncertified data secure transmission protocol in wireless body area network environments. Zhang et al. [18] proposed a multi-receiver conditional anonymous signcryption scheme in the internet of vehicles, the scheme use attributed-based and signcryption achieve security of sensitive data. Zhang et al. [19] utilized signcryption and blockchain designed secure generic communication framework. Zhu et al. [20] used lattice-based and proxy signature proposed a proxy signcryption scheme, which have strong identifiability and defeat quantum attack. Niu et al. [21] proposed broadcast signcryption scheme to addressed the data security issues in wireless sensor network.Tanveer et al. [22] have presented a chaotic map-based authenticated data sharing framework for the IoT-enabled cloud storage environment. This scheme uses chaotic map, hash functions and encryption algorithm to ensure the confidentiality, integrity and authentication of data. Tanveer et al. [23] have presented an access control scheme based on an authenticated encryption algorithm. The schemes use an authenticated encryption algorithm, called elliptic curve cryptography, and hash function to achieve data sharing. However, above schemes do not implement the retrieval function for ciphertext. Table 1 summarizes some literatures mentioned above. In order to guarantee sensitive information security while also achieve multi-ciphertext retrieval, we propose the broadcast signcryption scheme used certificateless cryptography and multi-ciphertext equality test.

Download:

Table 1. Summarized literature.

https://doi.org/10.1371/journal.pone.0335757.t001

Preliminaries

System model

The scheme defines four entities: Key Generation Center (KGC), data center, cloud server, and data receiver. Firstly, KGC initializes the system and generates public and partial private keys for data center and receivers. Then, the data center signcrypts the data information, generates ciphertext, and uploads it to the cloud server. The cloud server broadcasts the ciphertext to the data receivers. Finally, the data receiver verifies and decrypts the ciphertext. When the data receiver wants to retrieve the ciphertext, they upload a trapdoor to the cloud server, which executes an equality test algorithm to retrieve the ciphertext. The system model is shown in Fig 3. The definition of our proposed work includes the five algorithms as follows:

Download:

Fig 3. The system model of scheme.

https://doi.org/10.1371/journal.pone.0335757.g003

Setup: KGC carries out this algorithm, inputs the security parameters λ, and outputs system public parameters Pars, retain master key MSK.
Keygen: Users (data center and receivers) and KGC jointly implement the algorithm, given the user’s identities U, public parameters Pars and master key MSK, generate the user’s public PK_i and private keys SK_i.
Signcrypt: The data center implements this algorithm, inputs public parameters Pars, messages set M, the data center’s private key SK_s and receiver’s public key PK_i, and outputs ciphertext δ.
Unsigncrypt: Data receiver carrys out the algorithm, given ciphertext δ, data center’s public key PK_s and receiver’s private key SK_i. Receiver checks whether the ciphertext is valid. If the message is unforgeable, it decrypts the ciphertext with its own private key to obtain the plaintext.
Equality test: Given ciphertexts, the maximum number of ciphertexts that can be equality test with each ciphertext is − 1. Data receiver uploads the trapdoor tk_i to the cloud server, which performs equality test on the ciphertexts to achieve efficient retrieval of ciphertexts.

Security model

For polynomial adversary , if the following game cannot be won with a non negligible probability, the proposed work meet indistinguishability under the chosen ciphertext attack (IND-CCA) security, existential unforgeability of chosen message attack (EUF-CMA) security, and anonymity indistinguishability under the chosen ciphertext attack (ANON-IND-CCA) security. Adversary and challenger as follows:

Game 1. IND-CCA security

Setup: generates the system master MSK key and public parameters Pars, sends Pars to , and retains MSK.

Phase 1: selects the target identity set and sends it to the adversary, who initiates a series of adaptive queries.

Challenge: selects two challenge messages and sends them to the challenger. selects and returns the ciphertext δ to .

Phase 2: initiates a series of inquiries to as Phase 1, except uses , interact and executes unsigncryption query.

Guess: outputs , if , the adversary wins the game. The adversary’s advantage is: − .

Definition 1. In polynomial time, if no adversary can win Game 1 with an undeniable advantage, then the scheme satisfies IND-CCA security.

Game 2. EUF-CMA security

Setup: generates the system master key and system public parameters, sends the system public parameters to the , and retains the system master key.

Query: initiates a series of adaptive queries, and responds to the queries.

Forgery: outputs a forged ciphertext CT of the message m . If CT is valid, wins Game 2.

Definition 2. In polynomial time, if no adversary can win Game 2 with an undeniable advantage, then the scheme satisfies EUF-CMA security.

Game 3. ANON-IND-CCA security

Setup: generates the system master MSK key and public parameters Pars, sends Pars to , and retains MSK.

Phase 1: selects the target identity and sends it to , who initiates a series of adaptive queries.

Phase 2: initiates a series of inquiries to as Phase 1, except uses , and executes unsigncryption query.

Challenge: selects multiple challenge messages and sends it to the challenger. selects and returns the ciphertext δ to .

Guess: outputs , if , the adversary wins the game. The adversary’s advantage is: − .

Definition 3. In polynomial time, if no adversary can win Game 3 with an undeniable advantage, then the scheme satisfies ANON-IND-CCA security.

The proposed scheme

This section mainly introduces the specific algorithm of the proposed scheme. In order to achieve secure communication and efficient retrieval of ciphertext, a broadcast signcryption scheme with multi-ciphertext equality test is proposed. Table 2 shows the notation of the scheme. The scheme consists of the following five algorithms:

Download:

Table 2. Notations.

https://doi.org/10.1371/journal.pone.0335757.t002

Setup: This algorithm is executed by KGC. Enter the security parameter λ, KGC outputs the system’s public parameters, and retains the master key.

- Given a cyclic additive group G of prime order p, where ;
- Define five hash functions: , , , , , where ψ is key space;
- KGC randomly selects as master key, computes , outputs , retains s, where (Enc, Dec) are encryption and decryption algorithm.

Keygen: This algorithm is executed by data users and KGC. KGC generates partial private key and sends it to data users, who verify the legality of the partial private keys and calculate private key.

- Given data users set , each data user randomly selects as secret value, computes and sends to KGC;
- KGC selects , computes , public key , partial private key , and sends , d_i to data users;
- Data users verify the legitimacy of partial private keys by checking whether equation holds true. If the equation holds true, computes private key , otherwise the algorithm is aborted.

Signcryption: This algorithm is executed by the data center. Given the system’s public parameters, message set, and data receiver identity, the data center outputs ciphertext.

- Inputs Pars, , data center randomly selects , computes , , ;
- Rnomly selects , computes
- Computes , sets , where Γ is a mapping table from to [1,n], computes key , where , ciphertext , CT = {W,C_j}, , ;
- Given that the number of ciphertexts for equality test with each ciphertext is l, computes coefficients , , , , generates polynomial , randomly selects , computes , , outputs ciphertext .

Unsigncryption: This algorithm is executed by the data receiver. After receiving the broadcast ciphertext from the cloud server, the data receiver decrypts ciphertext using the private key and verifies the unforgeability using data center’s public key.

- Inputs receiver’s SK_i and data center’s PK_s, receiver computes , , and checks whether holds;
- If equation holds, computes ⋅ , , , , decrypts and obtains message .

Equality-test: This algorithm is executed by cloud server. The cloud server performs multi-ciphertext equality test based on the trapdoor of receivers to achieve the function of retrieving ciphertext.

- Given λ ciphertexts, the maximum number of ciphertext that can be equality test with each ciphertext is , receiver uploads trapdoor to cloud server, cloud server computes ;
- From can be obtain
- Set , where , , the system of equations has a unique solution ;
- Checks equation whether holds,if holds,outputs 1, otherwise, outputs 0.

Correctness:

(1) To verify the legality of partial private keys, it is necessary to prove the following equation holds true:

(2) To prove the correctness of the signature, it is necessary to verify the following equation holds true:

(3) By the following calculation get :

From compute , obtain message .

(4) To prove the correctness of the equality test, it is necessary to verify that the following system of equations has a unique solution:

, so the system of equation has unique solution, hold.

Security proof

Define two types of adversaries: and , where adversary is a malicious user who can replace the user’s public key but cannot access the master key, and adversary is a malicious KGC who is allowed to access the system’s master key but cannot replace the user’s public key. The scheme has been proven to be safe under the random oracle model.

Theorem 1. If no wins Game 1 with non-negligible advantage, then the scheme has IND-CCA security.

Proof. and interact as follows:

Setup: sets , and sends public parameters Pars to .

Phase 1: selects sender’s identity , n receiver’s identities and send to , creates a empty list L_i and interact as follows:

H₁ query: Given ID_i, challengr checks list L₁ whether exist , if exist, returns , otherwise, randomly selects and stores tuple in L₁;

H₂ query: Given , challenger checks list L₂ whether exist

, if exist, returns , otherwise, randomly selects , stores in L₂;

H₃ query: Given , checks list L₃ whether exist , if exist, returns , otherwise, randomly selects , stores in list L₃;

Key query: Given ID_i, checks list L_U whther exist , if exist, returns public key PK_i to , otherwise, randomly selects , computes , , , sets and updates L_U, sends PK_i to .

Secret-value query: Given ID_i, checks list L_U whether exist , if , returns , otherwise, outputs .

Public key replace query: Input , checks list L_U whether exist , if exist, uses repalces PK_i, otherwise, uses ID_i initiates public key replace query.

Signcryption query: Given identites set , message , if , challenger randomly selects , computes , , stores and in L₃, otherwise, uses executes signcryption algorithm, generates ciphertext and sends to adversary .

Unsigncryption query: Given ID_s, ID_i, δ, challenger computes K = s ⋅ P + , searches by (ID_i,K) for , computes to adversary .

Challenge: selects two message sets of equal length , and sends to , randomly selects , , computes , , outputs challenge ciphertext to adversary .

Phase 2: initiates the same query to as phase 1, but can’t uses , and executes unsigncryption algorithm.

Guess: outputs the guess result , if , adversary wins the game. If wins the game with non-negligible advantage, must have the right t_i, and uses initiates H₂ query to make . as a solution to the CDH difficulty problem, the probability of wins Game 1 is: .

Theorem 2. If no wins Game 1 with non-negligible advantage, then the scheme has IND-CCA security.

Proof. and interact as follows:

Setup: sets , sends public parameters Pars to .

Phase 1: It is the same as Theorem 1 except public key repalce query. Given ID_i, checks list L_U whether exist , if exist, returns PK_i to , otherwise, randomly selects , computes , , , sets , and updates L_U, sends PK_i to .

Phase 2: initiates the same query to as phase 1, but can’t uses , and executes unsigncryption algorithm.

Guess: outputs the guess result , if , wins the game. If adversary wins the game with non-negligible advantage, must have the right t_i and uses initiates H₂ query to make . as a solution to the CDH difficulty problem, the probability of wins Game 1 is: .

Theorem 3. If no adversary wins Game 2 with non-negligible advantage,the scheme satisfies the EUF-CMA security.

Proof. and interact as follows:

Setup: sets master key , and sends public parameters Pars to .

Phase 1: can adaptively initiate queries, similar to phase 1 and 2 in Theorem 1, excepts key query and secret-value query.

key query: Given identity ID_i, challenegr checks whether exist in L_U. If exist, returns PK_i to , otherwise, randomly selects , computes , , , sets and updates L_U, sends PK_i to .

secrect-value query: Given ID_i, checks whther L_U exist in , if exist, sets , returns to . Otherwise, randomly selects , computes , , , , updates L₁ and L_U, sends to .

forge: Adversary outputs forge ciphertext . If a key query with the same identity is queried first, subsequent key queries with the same identity will change the corresponding public key due to changes in the secret value generated by the user. Therefore, the ciphertext forged by the adversary is invalid.

Theorem 4. If no adversary wins Game 2 with non-negligible advantage, the scheme satisfies the EUF-CMA security.

Proof. and interact as follows:

Setup: sets master key , sends Pars to .

Phase 1: can adaptively initiate queries, similar to phase 1 and 2 in Theorem 2, excepts key query and secret-value query.

key query: Given identity ID_i, challenger checks whether exist in L_U. if exist, returns PK_i to , otherwise, randomly selects , computes , , , sets and updates L_U, sends PK_i to .

secret-value query: Given ID_i, checks whether L_U exist in . if exist, sets , returns to , otherwise, randomly selects , computes , , , , updates L₁ and L_U, sends to .

Forge: Adversary outputs a forge ciphertext . If a key query with the same identity is queried first, subsequent key queries with the same identity will change the corresponding public key due to changes in the secret value generated by the user. Therefore, the ciphertext forged by the adversary is invalid.

Theorem 5. If no adversary wins Game 3 with non-negligible advantage, the scheme satisfies the ANON-IND-CCA security.

Proof. Given a CDH difficulty problem, and interact as follows:

Phase 1: randomly selects and sends to , initiates the same query as theorem 1.

Phase 2: initiates the same query as phase 1, but can’t uses , and initiates unsigncryption query. randomly selects , computes , , , sets and updates L₁, L_U, then sends PK_i to .

Challenge: selects m messages , n identities and sends to . If , challenger returns , otherwise, randomly selects , , sets , and computes K = s ⋅ , . Generates challenge ciphertext and sends to .

Guess: outputs the result of guess . If , wins the game, if adversary wins the game with non-negligible advantage, must have t_i and uses initiates H₂ query to make . Outputs as a solution to the CDH problem the probability of wins Game 3 is: .

Theorem 6. If no adversary wins Game 3 with non-negligible advantage,the scheme satisfies the ANON-IND-CCA security.

Proof. Given a CDH difficulty problem, and interact as follows:

Phase 1: randomly selects and sends to , initiates the same query as theorem 2.

Phase 2: initiates the same query as phase 1, but can’t uses , and initiates unsigncryption query. randomly selects , computes , , , sets and updates L₁, L_U, sends PK_i to .

Challenge: selects m messages , n identities and sends to . If , challenger returns . Otherwise, randomly selects , and sets , computes , . generates challenge ciphertext and sends to .

Guess: outputs the result of guess . If , wins the game, if adversary wins the game with non-negligible advantage, must have t_i and uses initiates H₂ query to make . Outputs as a solution to the CDH problem the probability of wins Game 3 is: .

Performance evaluation

We compared the functionality and analyzed the computational efficiency of the proposed scheme in this paper with the exisiting work. Numerical analysis was conducted on the execution time of algorithms in each stage of the scheme on the Linux operating system using PBC library [62] and C language.

Functional Comparison

Table 3 compares the functional differences between existing signcryption schemes and the scheme proposed in this paper. Reference [12] proposes a heterogeneous signcryption scheme for wireless body area networks in a heterogeneous environment from IBC to PKI, which addressed the security issues in data transmission. However, the scheme is not suitable for one to many broadcasting environments. Although reference [15] achieves one to many broadcast communication security, this scheme does not support ciphertext retrieval. Reference[24] implements classification management of ciphertexts using equality test, but only compares two ciphertexts, which is inefficient, and the scheme has the problem of key leakage. We proposed the broadcast signcryption scheme achieves multi-ciphertext retrieval functions while ensuring confidentiality and unforgeability during data transmission, making it suitable for data centers.

Download:

Table 3. Functional comparison.

https://doi.org/10.1371/journal.pone.0335757.t003

Experimental analysis

We compared the efficiency of the existing scheme with the scheme proposed in this paper, and our experiment is run under a Linux operation system using a pairing-based cryptography library with Type-A bilinear pairing parameters.

Table 4 shows the definition represented by each character. The computation overhead of signcryption, unsigncryption and equality test as shown in Table 5. Table 6 presents the key and ciphertext memory space of schemes. The computation and communication costs increase with the increase of the number of receivers.

Download:

Table 4. Character definition.

https://doi.org/10.1371/journal.pone.0335757.t004

Download:

Table 5. Computation costs.

https://doi.org/10.1371/journal.pone.0335757.t005

Download:

Table 6. Communication costs.

https://doi.org/10.1371/journal.pone.0335757.t006

In the signcryption, unsigncryption and equality test stage, the computational efficiency of the proposed scheme in this paper is optimal compared with schemes [12,15,24]. When the number of receivers is 100, as presented in Fig 4, our scheme’s signcryption algorithm has increased computational efficiency by 58%, 35%, 70% respectively compared to exisited schemes. The unsigncryption computational time of the proposed work has increased by 71%, 10%, 67% respectively compared to above schemes as shown in Fig 5. It can be seen from Fig 6 that the efficiency of the proposed work has improved to 21% and 35% respectively compared to schemes [12,24] in equality test. As shown in Fig 7, Our scheme requires less ciphertext storage space than scheme [12], and higher rates than schemes [15] and [24]. Although the communication overhead of our scheme is not the lowest, it is a reasonable cost paid to improve computational efficiency.

Download:

Fig 4. The time of signcryption.

https://doi.org/10.1371/journal.pone.0335757.g004

Download:

Fig 5. The time of unsigncryption.

https://doi.org/10.1371/journal.pone.0335757.g005

Download:

Fig 6. The time of equality test.

https://doi.org/10.1371/journal.pone.0335757.g006

Download:

Fig 7. The size of ciphertext.

https://doi.org/10.1371/journal.pone.0335757.g007

Conclusion

This paper proposes a secure data sharing scheme based on broadcast signcryption that supports multi-ciphertext equality test addressing security issues such as privacy data leakage. By combining broadcast signcryption and equality test techniques, the scheme ensures the confidentiality and unforgeability of privacy data. When data users want to retrieve ciphertext, they upload a trapdoor to the cloud server, which executes equality test algorithm to achieve efficient retrieval of ciphertext. The security of the scheme has been proven based on difficult problems in the random oracle model, and numerical experiment analysis have shown that the scheme has relatively low computational overhead and certain advantages in data center. Compared to some existing schemes, signcryption, unsigncryption, equality test algorithm of our scheme’s computational efficiency is superior, increasing by over 35%, 10% and 20% when the number of receivers is 100. While our scheme’s ciphertext storage overhead is not optimal, its computational efficiency is. In future work, we will focus on designing a broadcast signcryption scheme for heterogeneous communication environments and work to reduce storage overhead while maintaining high computational efficiency.

References

1. Yang TCHHQDS, Guomin. Probabilistic public key encryption with equality test. In: Cryptographers’ Track at the RSA Conference. 2010. p. 119–31.
2. Zhao M, Ding Y, Tang S, Liang H, Yang C, Wang H. Dual-server certificateless public key encryption with authorized equality test for outsourced IoT data. Journal of Information Security and Applications. 2023;73:103441.
- View Article
- Google Scholar
3. Yuan X, Wang X, Wang C, Squicciarini AC, Ren K. Towards privacy-preserving and practical image-centric social discovery. IEEE Trans Dependable and Secure Comput. 2018;15(5):868–82.
- View Article
- Google Scholar
4. Hassan A, Elhabob R, Eltayieb N, Wang Y. An authorized equality test on identity-based cryptosystem for mobile social networking applications. Trans Emerging Tel Tech. 2021;32(12).
- View Article
- Google Scholar
5. Tang Q. Public key encryption supporting plaintext equality test and user-specified authorization. Security Comm Networks. 2012;5(12):1351–62.
- View Article
- Google Scholar
6. Ma S, Zhang M, Huang Q, Yang B. Public key encryption with delegated equality test in a multi-user setting. The Computer Journal. 2014;58(4):986–1002.
- View Article
- Google Scholar
7. Wu L, Zhang Y, Choo K-KR, He D. Efficient identity-based encryption scheme with equality test in smart city. IEEE Trans Sustain Comput. 2018;3(1):44–55.
- View Article
- Google Scholar
8. Susilo W, Guo F, Zhao Z, Wu G. PKE-MET: public-key encryption with multi-ciphertext equality test in cloud computing. IEEE Trans Cloud Comput. 2022;10(2):1476–88.
- View Article
- Google Scholar
9. Liu X, Wang Z, Ye Y, Li F. An efficient and practical certificateless signcryption scheme for wireless body area networks. Computer Communications. 2020;162:169–78.
- View Article
- Google Scholar
10. Hussain S, Ullah I, Khattak H, Khan MA, Chen C-M, Kumari S. A lightweight and provable secure identity-based generalized proxy signcryption (IBGPS) scheme for Industrial Internet of Things (IIoT). Journal of Information Security and Applications. 2021;58:102625.
- View Article
- Google Scholar
11. Kasyoka PN, Kimwele M, Mbandu SA. Efficient certificateless signcryption scheme for wireless sensor networks in ubiquitous healthcare systems. Wireless Pers Commun. 2021;118(4):3349–66.
- View Article
- Google Scholar
12. Xiong H, Hou Y, Huang X, Zhao Y, Chen C-M. Heterogeneous signcryption scheme from IBC to PKI with equality test for WBANs. IEEE Systems Journal. 2022;16(2):2391–400.
- View Article
- Google Scholar
13. Xiong H, Zhao Y, Hou Y, Huang X, Jin C, Wang L, et al. Heterogeneous signcryption with equality test for IIoT environment. IEEE Internet Things J. 2021;8(21):16142–52.
- View Article
- Google Scholar
14. Hou Y, Huang X, Chen Y, Kumar S, Xiong H. Heterogeneous signcryption scheme supporting equality test from PKI to CLC toward IoT. Trans Emerging Tel Tech. 2020;32(8).
- View Article
- Google Scholar
15. Yu X, Zhao W, Tang D. Efficient and provably secure multi-receiver signcryption scheme using implicit certificate in edge computing. Journal of Systems Architecture. 2022;126:102457.
- View Article
- Google Scholar
16. Wang B, Rong J, Zhang S, Liu L. Research on data security of multicast transmission based on certificateless multi-recipient signcryption in AMI. International Journal of Electrical Power & Energy Systems. 2020;121:106123.
- View Article
- Google Scholar
17. Shen J, Gui Z, Chen X, Zhang J, Xiang Y. Lightweight and certificateless multi-receiver secure data transmission protocol for wireless body area networks. IEEE Trans Dependable and Secure Comput. 2022;19(3):1464–75.
- View Article
- Google Scholar
18. Zhang J, Luo Y. Multi-receiver conditional anonymous signcryption mechanism based on multi-dimensional decision attributes for IoV. In: Proceedings of the 2024 6th International Conference on Big-data Service and Intelligent Computation. 2024. p. 1–7. https://doi.org/10.1145/3686540.3686541
19. Zhang L, Kan H, Li Y, Huang J. Poster: blockchain-envisioned secure generic communication framework using signcryption. In: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies. 2022. p. 251–3. https://doi.org/10.1145/3532105.3535034
20. Zhu H, Wang Y, Wang C, Cheng X. An efficient identity-based proxy signcryption using lattice. Future Generation Computer Systems. 2021;117:321–7.
- View Article
- Google Scholar
21. Niu S, Zhou S, Fang L, Hu Y, Wang C. Broadcast signcryption scheme based on certificateless in wireless sensor network. Computer Networks. 2022;211:108995.
- View Article
- Google Scholar
22. Tanveer M, Bashir AK, Alzahrani BA, Albeshri A, Alsubhi K, Chaudhry SA. CADF-CSE: Chaotic map-based authenticated data access/sharing framework for IoT-enabled cloud storage environment. Physical Communication. 2023;59:102087.
- View Article
- Google Scholar
23. Tanveer M, Khan AU, Ahmad M, Nguyen TN, El-Latif AAA. Resource-efficient authenticated data sharing mechanism for smart wearable systems. IEEE Trans Netw Sci Eng. 2023;10(5):2525–36.
- View Article
- Google Scholar
24. Xiong H, Hou Y, Huang X, Zhao Y. Secure message classification services through identity-based signcryption with equality test towards the Internet of vehicles. Vehicular Communications. 2020;26:100264.
- View Article
- Google Scholar

[ref1] 1. Yang TCHHQDS, Guomin. Probabilistic public key encryption with equality test. In: Cryptographers’ Track at the RSA Conference. 2010. p. 119–31.

[ref2] 2. Zhao M, Ding Y, Tang S, Liang H, Yang C, Wang H. Dual-server certificateless public key encryption with authorized equality test for outsourced IoT data. Journal of Information Security and Applications. 2023;73:103441.
View Article
Google Scholar

[3] View Article

[4] Google Scholar

[ref3] 3. Yuan X, Wang X, Wang C, Squicciarini AC, Ren K. Towards privacy-preserving and practical image-centric social discovery. IEEE Trans Dependable and Secure Comput. 2018;15(5):868–82.
View Article
Google Scholar

[6] View Article

[7] Google Scholar

[ref4] 4. Hassan A, Elhabob R, Eltayieb N, Wang Y. An authorized equality test on identity-based cryptosystem for mobile social networking applications. Trans Emerging Tel Tech. 2021;32(12).
View Article
Google Scholar

[9] View Article

[10] Google Scholar

[ref5] 5. Tang Q. Public key encryption supporting plaintext equality test and user-specified authorization. Security Comm Networks. 2012;5(12):1351–62.
View Article
Google Scholar

[12] View Article

[13] Google Scholar

[ref6] 6. Ma S, Zhang M, Huang Q, Yang B. Public key encryption with delegated equality test in a multi-user setting. The Computer Journal. 2014;58(4):986–1002.
View Article
Google Scholar

[15] View Article

[16] Google Scholar

[ref7] 7. Wu L, Zhang Y, Choo K-KR, He D. Efficient identity-based encryption scheme with equality test in smart city. IEEE Trans Sustain Comput. 2018;3(1):44–55.
View Article
Google Scholar

[18] View Article

[19] Google Scholar

[ref8] 8. Susilo W, Guo F, Zhao Z, Wu G. PKE-MET: public-key encryption with multi-ciphertext equality test in cloud computing. IEEE Trans Cloud Comput. 2022;10(2):1476–88.
View Article
Google Scholar

[21] View Article

[22] Google Scholar

[ref9] 9. Liu X, Wang Z, Ye Y, Li F. An efficient and practical certificateless signcryption scheme for wireless body area networks. Computer Communications. 2020;162:169–78.
View Article
Google Scholar

[24] View Article

[25] Google Scholar

[ref10] 10. Hussain S, Ullah I, Khattak H, Khan MA, Chen C-M, Kumari S. A lightweight and provable secure identity-based generalized proxy signcryption (IBGPS) scheme for Industrial Internet of Things (IIoT). Journal of Information Security and Applications. 2021;58:102625.
View Article
Google Scholar

[27] View Article

[28] Google Scholar

[ref11] 11. Kasyoka PN, Kimwele M, Mbandu SA. Efficient certificateless signcryption scheme for wireless sensor networks in ubiquitous healthcare systems. Wireless Pers Commun. 2021;118(4):3349–66.
View Article
Google Scholar

[30] View Article

[31] Google Scholar

[ref12] 12. Xiong H, Hou Y, Huang X, Zhao Y, Chen C-M. Heterogeneous signcryption scheme from IBC to PKI with equality test for WBANs. IEEE Systems Journal. 2022;16(2):2391–400.
View Article
Google Scholar

[33] View Article

[34] Google Scholar

[ref13] 13. Xiong H, Zhao Y, Hou Y, Huang X, Jin C, Wang L, et al. Heterogeneous signcryption with equality test for IIoT environment. IEEE Internet Things J. 2021;8(21):16142–52.
View Article
Google Scholar

[36] View Article

[37] Google Scholar

[ref14] 14. Hou Y, Huang X, Chen Y, Kumar S, Xiong H. Heterogeneous signcryption scheme supporting equality test from PKI to CLC toward IoT. Trans Emerging Tel Tech. 2020;32(8).
View Article
Google Scholar

[39] View Article

[40] Google Scholar

[ref15] 15. Yu X, Zhao W, Tang D. Efficient and provably secure multi-receiver signcryption scheme using implicit certificate in edge computing. Journal of Systems Architecture. 2022;126:102457.
View Article
Google Scholar

[42] View Article

[43] Google Scholar

[ref16] 16. Wang B, Rong J, Zhang S, Liu L. Research on data security of multicast transmission based on certificateless multi-recipient signcryption in AMI. International Journal of Electrical Power & Energy Systems. 2020;121:106123.
View Article
Google Scholar

[45] View Article

[46] Google Scholar

[ref17] 17. Shen J, Gui Z, Chen X, Zhang J, Xiang Y. Lightweight and certificateless multi-receiver secure data transmission protocol for wireless body area networks. IEEE Trans Dependable and Secure Comput. 2022;19(3):1464–75.
View Article
Google Scholar

[48] View Article

[49] Google Scholar

[ref18] 18. Zhang J, Luo Y. Multi-receiver conditional anonymous signcryption mechanism based on multi-dimensional decision attributes for IoV. In: Proceedings of the 2024 6th International Conference on Big-data Service and Intelligent Computation. 2024. p. 1–7. https://doi.org/10.1145/3686540.3686541

[ref19] 19. Zhang L, Kan H, Li Y, Huang J. Poster: blockchain-envisioned secure generic communication framework using signcryption. In: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies. 2022. p. 251–3. https://doi.org/10.1145/3532105.3535034

[ref20] 20. Zhu H, Wang Y, Wang C, Cheng X. An efficient identity-based proxy signcryption using lattice. Future Generation Computer Systems. 2021;117:321–7.
View Article
Google Scholar

[53] View Article

[54] Google Scholar

[ref21] 21. Niu S, Zhou S, Fang L, Hu Y, Wang C. Broadcast signcryption scheme based on certificateless in wireless sensor network. Computer Networks. 2022;211:108995.
View Article
Google Scholar

[56] View Article

[57] Google Scholar

[ref22] 22. Tanveer M, Bashir AK, Alzahrani BA, Albeshri A, Alsubhi K, Chaudhry SA. CADF-CSE: Chaotic map-based authenticated data access/sharing framework for IoT-enabled cloud storage environment. Physical Communication. 2023;59:102087.
View Article
Google Scholar

[59] View Article

[60] Google Scholar

[ref23] 23. Tanveer M, Khan AU, Ahmad M, Nguyen TN, El-Latif AAA. Resource-efficient authenticated data sharing mechanism for smart wearable systems. IEEE Trans Netw Sci Eng. 2023;10(5):2525–36.
View Article
Google Scholar

[62] View Article

[63] Google Scholar

[ref24] 24. Xiong H, Hou Y, Huang X, Zhao Y. Secure message classification services through identity-based signcryption with equality test towards the Internet of vehicles. Vehicular Communications. 2020;26:100264.
View Article
Google Scholar

[65] View Article

[66] Google Scholar

Figures

Abstract

Introduction

Our contributions

Organization

Related works

Preliminaries

System model

Security model

The proposed scheme

Security proof

Performance evaluation

Functional Comparison

Experimental analysis

Conclusion

References