HSC-MET: Heterogeneous signcryption scheme supporting multi-ciphertext equality test for Internet of Drones

Xiaodong Yang; Ningning Ren; Aijia Chen; Zhisong Wang; Caifen Wang

doi:10.1371/journal.pone.0274695

Abstract

Internet of Drones (IoD) is considered as a network and management architecture, which can enable unmanned aerial vehicles (UAVs) to collect data in controlled areas and conduct access control for UAVs. However, the current cloud-assisted IoD scheme cannot efficiently achieve secure communication between heterogeneous cryptosystems, and does not support multi-ciphertext equality tests. To improve the security and performance of traditional schemes, we propose a heterogeneous signcryption scheme (HSC-MET) that supports multi-ciphertext equality test. In this paper, we use a multi-ciphertext equality test technique to achieve multi-user simultaneous retrieval of multiple ciphertexts safely and efficiently. In addition, we adopt heterogeneous signcryption technology to realize secure data communication from public key infrastructure (PKI) to certificateless cryptography (CLC). At the same time, the proposed scheme based on the computation without bilinear pairing, which greatly reduces the computational cost. According to the security and performance analysis, under the random oracle model (ROM), the confidentiality, unforgeability and number security of HSC-MET are proved based on the computational Diffie-Hellman (CDH) problem.

Citation: Yang X, Ren N, Chen A, Wang Z, Wang C (2022) HSC-MET: Heterogeneous signcryption scheme supporting multi-ciphertext equality test for Internet of Drones. PLoS ONE 17(9): e0274695. https://doi.org/10.1371/journal.pone.0274695

Editor: Shadab Alam, Jazan University Faculty of Computer Science, SAUDI ARABIA

Received: June 2, 2022; Accepted: September 1, 2022; Published: September 29, 2022

Copyright: © 2022 Yang et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Data Availability: All relevant data are within the paper and its Supporting information files.

Funding: Our work was supported by the National Natural Science Foundation of China, Award/Grant Numbers: 61562077, 61662069 and 61702552; The China Postdoctoral Science Foundation, Award/Grant Number: 2017M610817; The Science and Technology Project of Lanzhou City of China, Award/Grant Number: 2013-4-22; The Foundation for Excellent Young Teachers by Northwest Normal University, Award/Grant Number: NWNU-LKQN-14-7. The funders had no role in study design, data collection, and analysis, decision to publish, or preparation of the manuscript.

Competing interests: The authors have declared that no competing interests exist.

Introduction

Unmanned aerial vehicles(UAVs) [1, 2] as devices using radio remote control technology and self-provided program control mechanism, have the advantages of small size, low cost, and flexible deployment. As a result, it is widely used in film and television shooting, environmental monitoring, and smart farms. To provide coordinated and orderly access for UAVs, the Internet of Drones(IoD) [3–5] came into being. IoD is a sophisticated heterogeneous network containing a large number of sensors and actuators. In IoD environment, entities communicate through open wireless channels, thus facing many privacy and security issues [6]. Entities in IoD also have limited computing and storage capabilities, so it is extremely important to design an efficient and secure algorithm. Bharany et al. [7] proposed a clustering protocol for flying ad-hoc networks (FANETs) based on a moth flame optimization algorithm for safe and efficient UAV access. It ensures UAVs’ efficient and safe access while also improving FANET fault tolerance. Bharany et al. [8] proposed a unique clustering algorithm EE-SS for FANETs to increase the service life of UAVs in forest fire detection, which reduced cluster head overhead and improved system efficiency. With the wide application of UAVs, the storage and processing of big data in IoD have become a top priority. Fortunately, cloud computing technology can provide users with computing services regardless of time and place. However, since cloud servers are not trusted, data is usually encrypted or signcrypted and stored in cloud servers, which makes efficient data retrieval difficult.

To ensure the security of UAVs, Bera et al. [9] proposed a blockchain-based secure access control scheme to achieve authentication between drones and between drones and a ground station server. The scheme satisfies the immutability of data. Hussain et al. [10] proposed an authentication scheme based on elliptic curve cryptography to secure the communication between a data user and a drone. Khan et al. [11] proposed an identity-based proxy signcryption scheme based on hyperelliptic curves. The scheme allows for outsourced decryption to reduce the computational cost. They proved that the scheme satisfies indistinguishability against adaptive selected scrambled text attacks and existential forgery for adaptive selected plaintext attacks under the ROM. Gope and Sikdar [12] proposed an efficient privacy-aware authenticated key agreement scheme for edge-assisted IoD. The scheme does not need to store any secret keys in the devices but still can provide the desired security features. But the IoD is a heterogeneous and complex network, so these schemes in [9–12] are inapplicable. To realize secure communication between heterogeneous cryptosystems, Sun and Li [13] proposed a heterogeneous signcryption scheme (HSC), which realized the secure communication from public key infrastructure (PKI) to identity-based cryptography (IBC). Inspired by Sun and Li, many HSC schemes have been proposed [14–20].

Although the schemes proposed in [14–20] have realized the secure communication between heterogeneous cryptosystems, it does not consider the efficient retrieval of ciphertexts. Cloud storage has brought great convenience, but this approach reduces the availability of data. Boneh et al. [21] proposed to use keyword search-based public key encryption (PKE-KS) to realize ciphertext retrieval in cloud servers, but it only supports retrieval of ciphertext encrypted with the same public key. To improve this limitation, Yang et al. [22] proposed a public key encryption scheme that supports the ciphertext equality test (PKE-ET), which allows users to compare two ciphertexts obtained by using the different public keys. Subsequently, scholars have proposed a series of similar schemes [23–27], but these schemes only support the equality test after dividing two ciphertexts into a group. Therefore, it faces the challenges of low retrieval efficiency and high computational cost. To reduce computational cost and improve the efficiency of ciphertext retrieval, Susilo et al. [28] proposed public-key encryption with flexible multi-ciphertext equality test (PKE-FMET). Although this scheme supports the equality test of more than two ciphertexts, there are problems such as not satisfying message authentication and communication between heterogeneous cryptosystems.

Our contributions

With the motivation of solving the above-mentioned problems, we present a heterogeneous signcryption scheme that supports the multi-ciphertext equality test (HSC-MET). The main contributions are as follows.

Our scheme utilizes heterogeneous signcryption technology to realize secure communication from PKI to certificateless public key cryptography (CLC), eliminating the limitation of existing schemes that only support communication in the same cryptosystem.
We adopt the multi-ciphertext equality testing technique to address the limitations of pairwise ciphertext equality testing to reduce the computational cost required for ciphertext equality testing in multi-user and multi-ciphertext environments.
Our scheme is based on computation without bilinear pairing, which greatly reduces the computing cost and improves the communication and retrieval efficiency for the problem of limited computing resources of UAVs.
Our scheme is proven to meet unforgeability and confidentiality based on the CDH problem under the ROM. We demonstrated our scheme’s number security using the definition of a new security number-security proposed in [26].
We compared our scheme with similar schemes in terms of confidentiality, unforgeability, and computational costs. Analysis results show that our scheme meets higher confidentiality, unforgeability and lower computational costs.

Organization

The rest of this paper is structured as follows. The complexity assumption, Kramer’s rule, Vandermonde determinant, formal definition, and security design are all introduced in section 2. The system design is presented in section 3. In section 4, we go over the algorithm processes of the HSC-MET scheme in detail. section 5 describes our scheme’s correct analyses. Our scheme’s securities were proven in section 6. Section 7 then compares the performance of our scheme to existing similar schemes in terms of efficiency and function. Finally, in section 8, we summarize the paper’s conclusion.

Related work

Table 1 summarizes the functional properties, confidentiality, and unforgeability analyses of the references [13–28].

Download:

Table 1. Characteristics of various works.

https://doi.org/10.1371/journal.pone.0274695.t001

The concept of heterogeneous signcryption (HSC) was proposed by Sun and Li [13]. Although their scheme realizes the heterogeneous communication from PKI to IBC, it has low security performances and high computational costs. Inspired by Sun and Li, many scholars have studied HSC. Eltayeeb et al. [14] proposed a HSC scheme without pairing computation, which realizes secure communication from CLC to PKI. Ali et al. [15] designed a HSC scheme from IBC to PKI to realize heterogeneous communication between vehicles and other entities in VANETs. The scheme supported the receivers to decrypt messages in batches, which greatly reduced the computational cost. Qiu et al. [16] proposed a HSC scheme based on the dense communication and heterogeneity of the intelligent mobile Internet of Things, which realized secure communication from IBC to CLC. The proposed scheme does not need to perform bilinear pairing operations and outsources part of the verification operations to the gateway, which greatly reduces the calculation and communication overhead of the sender and the receiver. Cao et al. [17] proposed an improved mutual HSC scheme between PKI and IBC for problems, in which the scheme of Wang et al. [18] could not resist attacks. They analyzed the security of the proposed scheme based on the assumption of the CDH problem. However, the scheme of Cao et al. uses bilinear pairing, which has a significant computational overhead. Luo et al. [19] proposed a mutual HSC scheme based on different system parameters for 5G network slices, which realized the mutual communication between CLC and PKI cryptosystem and satisfied the anonymity of messages. Ji et al. [20] proposed a mutual HSC scheme based on PKI and IBC, and proved the confidentiality and unforgeability of the scheme based on the q-Diffie-Hellman inverse problem.

The concept of PKE-ET was proposed by Yang et al. [22]. A tester can determine whether the underlying plaintext corresponding to two ciphertexts encrypted with different public keys is equal according to [22]. It has attracted the attention of many scholars. Rashad et al. [23] proposed CL-PKC-ET, a certificateless public key cryptography with equality test, to support the ciphertext equality test in IoV. Li et al. [24] designed a cryptographic scheme in IoT-based healthcare systems using proxy re-encryption and ciphertext equality test technology. The scheme realizes the flexible sharing of medical data. Shen et al. [29] proposed a group public key encryption scheme supporting equality test without bilinear pairings, G-PKEET, which greatly reduces the computational overhead. In [22–24, 29], anyone can perform the equality test algorithm on two ciphertexts, which brings many security risks. Therefore, there are many authorized equality test schemes were presented [30–32], in which only the authorized tester is promised to execute the equality test algorithm. Furthermore, some equality test schemes for heterogeneous systems have been proposed. Xiong et al. [25] proposed a HSC scheme supporting the ciphertext equality test for Internet of Things (IIOT). The scheme realizes a flexible ciphertext equality test under heterogeneous communication between sensors in PKI and cloud server in IBC. They also prove the security of the scheme in ROM. Xiong et al. [26] proposed a HSC scheme from IBC to PKI with equality test (HSCIP-ET), which realized secure communication between sensors and data users. According to the IoT application scenario, Hou et al. [27] proposed a HSC scheme supporting the ciphertext equality test, which realized secure communication between PKI and CLC. In [25–27], the schemes only support equality testing after grouping two ciphertexts and have many bilinear pairing operations. As a result, they face the challenges of low retrieval efficiency and high computational costs. Susilo et al. [28] proposed public-key encryption with flexible multi-ciphertext equality test (PKE-FMET) to achieve efficient ciphertext retrieval in multi-user scenarios.

Preliminaries

Complexity assumption

Definition 1. Computational Diffie-Hellman (CDH) problem [27]: Given a group G, and (P, aP, bP) ∈ G, computing abP ∈ G, where .

Cramer’s rule

For the non-homogeneous linear equation set its coefficient determinant is If det(V) ≠ 0, then there is a unique solution for the equation set.

Vandermonde determinant

The matrix of the form called the Vandermonde matrix, and the corresponding Vandermonde determinant is .

Formal definition

The HSC-MET scheme consists of the following algorithms.

Setup: Input the system security parameter λ, and the key generation center (KGC) and certificate authority (CA) output the system master key s and system parameter para. The KGC publicizes para and keeps s secretly.
PKI-Gen: Input the identity ID_p of the PKI system user, and the CA outputs a digital certificate.
CLC-PGen: Input the system parameter para and identity ID_c of the CLC system user, and the KGC outputs the partial private-public key pair.
CLC-SSV: ID_c selects randomly and sets it as a secret value.
CLC-CGen: Input the system parameter para, the secret value s₂, partial private-public key pair (SK_c1, PK_c1), and the user outputs the complete private-public key pair (SK_c, PK_c).
Trapdoor: Input the private key SK_c, and the user outputs td_c as trapdoor.
Signcryption: Input the system parameter para, the plaintext message m, the receiver’s public key PK_c, and the sender’s private key SK_p, and the sender calculates the ciphertext δ.
Unsigncryption: Input the system parameter para, ciphertext δ, receiver’s private key key SK_c and sender’s public key PK_p, and the receiver outputs the plaintext message m or error symbol ⊥.
Test: Input ciphertexts δ_i and trapdoors td_i where i ∈ {1, 2, ⋯, t}, the cloud server outputs error symbol ⊥ or multi-ciphertext equality test result 0/1.

Security model

In the ROM, the HSC-MET scheme needs to meet the confidentiality of the message, IND-CCA2, and the unforgeability of ciphertext, EUF-CMA.

Confidentiality.

We define two types of adversaries, Type-1 and Type-2. A Type-1 adversary does not know the system master key, but can replace any user’s public key. A Type-2 adversary can obtain the system master key, but cannot replace any user’s public key.

Definition 2. If no Type-1 adversary wins game 1 with a non-negligible advantage in PPT, the HSC-MET scheme satisfies IND-CCA2–1.

Game 1. The game process between challenger and adversary is as follows.

Setup: executes the setup algorithm, outputs the system parameter para and the master key s, returns para to , and stores s secretly.

Phase 1: can perform limited following polynomial queries.

Partial private key query: queries for the partial private key of ID_c. executes the CLC-PGen algorithm to generate SK_c1 and return it to .
Private key query: queries for the private key of ID_c. executes the CLC-CGen algorithm to generate (SK_c, PK_c) and return SK_c to .
Public key query: queries for the public key of ID_c. executes the CLC-CGen algorithm to generate (SK_c, PK_c) and return PK_c to .
Replace public key query: can select any public key to replace the original public key PK_c2.
Trapdoor query: queries for the trapdoor of ID_c. executes the Trapdoor algorithm to generate td_c and return it to .
Signcryption query: When receiving the query with (m_i, ID_pi, ID_ci) submitted by , executes the Signcryption algorithm to generate δ_i, and returns it to .
Unsigncryption query: When receiving the query with (ID_pi, ID_ci, δ_i) submitted by , executes the Unsigncryption algorithm to generate m_i, and returns it to .

Challenge: selects the sender’s identity , receiver’s identity and two plaintexts of equal length m₀ and m₁ to . selects randomly ξ ∈ {0, 1} and performs the signcryption algorithm to generate ciphertext δ* and return it to .

Phase 2: After receiving δ*, the adversary continues to execute the queries in Phase 1. However, can neither query the private key of , nor can make unsigncryption query of . also can’t query the trapdoor of .

Guess: outputs a guess value ξ* ∈ {0, 1}. wins the game if ξ* = ξ. We define the advantage of as , where Pr[ξ* = ξ] represents the probability of ξ* = ξ.

Definition 3. If no Type-2 adversary wins game 2 with a non-negligible advantage in PPT, the HSC-MET scheme satisfies IND-CCA2–2 security.

Game 2. The game process between challenger and adversary is as follows.

Setup: executes the setup algorithm, outputs the system parameter para and the master key s, and returns them to .

Phase 1: can perform all the queries in Definition 2 except the replace public key query.

The challenge, phase 2, and guess stage are the same as Definition 2 and will not be repeated here. We define the advantage of as where Pr[ξ* = ξ] represents the probability of ξ* = ξ.

Unforgeability.

Definition 4. If no adversary wins Game 3 with a non-negligible advantage ε in PPT, it is said that the HSC-MET scheme can satisfy EUF-CMA security.

Game 3. The game between challenger and adversary is as follows.

Training: can perform limited following polynomial queries.

Key query: queries for the public key of ID_p, and executes the PKI-Gen algorithm to generate (SK_p, PK_p) and return to .
Signcryption query: When receiving the query with (m_i, ID_pi, ID_ci) submitted by , executes the signcryption algorithm to generate δ_i, and returns it to .
Unsigncryption query: When receiving the query with (ID_pi, ID_ci, δ_i) submitted by , executes the unsigncryption algorithm to obtain m_i, and returns it to .

Forgery: selects the sender’s identity and the receiver’s identity , and forges a ciphertext δ*. If δ* can meet the following requirements, can win the Game 3.

The error symbol ⊥ will not be returned when the unsigncryption query is performed on .
The adversary can not query for the private key of the .
δ* cannot be generated by the signcryption query of .

We define the advantage of to win in this game as .

Scheme design

Research questions and methodologies: Table 2 displays the main research problems and relevant solutions of this paper, which are based on the previous relevant work subsection’s collections and analyses of references.
Scheme processes:
- Setup: The KGC and CA initialize the system and generate the system parameters.
- User-Gen: The CA generates digital certificates for UAVs in PKI. The KGC generates partial keys for data users in CLC.
- Signcrypt and upload: UAVs signcrypt the collected data and upload it to the cloud server.
- Test: The cloud server performs the equality test for multi-ciphertexts.
- Download and unsigncrypt: Data users download and unsigncrypt data from the cloud server.
System model: The system model of our scheme is composed of five entities: KGC, CA, UAVs, cloud server and data users. The functions of each entity are as follows. The system model diagram is shown in Fig 1.
- KGC. The KGC initializes the system, generates the key and system parameter, and distributes partial keys to data users.
- CA. The CA issues digital certificates for UAVs.
- UAVs. UAVs collect and signcrypt the collected environmental data, and upload it to the cloud server.
- Cloud server. The cloud server stores the uploaded ciphertext, and processes the data user’s request to execute the test algorithm, and returns the test result to the users.
- Data users. Users who wish to obtain environmental data, such as monitoring personnel and data processing centers, are responsible for submitting the trapdoor of the ciphertext equality test to the cloud server and verifying the ciphertext that meets the requirements.

Download:

Fig 1. System model.

https://doi.org/10.1371/journal.pone.0274695.g001

Download:

Table 2. Research questions and solutions.

https://doi.org/10.1371/journal.pone.0274695.t002

Our construction

Setup: Given the system security parameter λ. KGC selects a large prime number q(q ≥ 2^λ) and an additive cyclic group G with order q and generator P. Four hash functions, , H₂: G → {0, 1}^2l, H₃: G → {0, 1}^nl and H₄: {0, 1}* → {0, 1}^λ are defined. KGC randomly selects as the system master key SK and calculates the public key PK = sP. It also selects the maximum number of ciphertexts that can perform the multi-ciphertext equality test, n. KGC sets and exposes para = {λ, G, q, P, PK, H₁, H₂, H₃, H₄, n}.
PKI-Gen: ID_p selects randomly, and calculates PK_p = s_pP. The user sends (ID_p, PK_p) to CA which generates a digital certificate for it.
CLC-PGen: When receiving the registration request from ID_c, KGC randomly selects , and calculates PK_c1 = s₁P and SK_c1 = s₁ + SKH₁(ID_c). Then the KGC returns (SK_c1, PK_c1) to ID_c securely.
CLC-SSV: ID_c randomly selects as a secret value.
CLC-CGen: ID_c sets SK_c2 = s₂, PK_c2 = s₂P, SK_c = (SK_c1, SK_c2) and PK_c = (PK_c1, PK_c2).
Trapdoor: Input the private key SK_c = (SK_c1, SK_c2), output the td_c = SK_c2.
Signcryption: Input (para, m, PK_c, SK_p) and output δ. Specific steps are as follows.
1. Calculate f_0,n = H₁(m||n) and f_i,n = H₁(m||n||f_0,n||⋯||f_{i − 1, n}) where i ∈ {1, 2, ⋯, n − 1}.
2. Calculate f_i,j = H₁(f_i,j+1) where i ∈ {k, ⋯, n − 1} & j ∈ {0, 1, ⋯, i − 1}. And calculate f_i(x) = f_0,i + f_1,i x + ⋯ + f_{i − 1, i} xⁱ⁻¹, i ∈ {k, ⋯, n}, where k is the number of ciphertexts that can be tested for equality.
3. Select randomly. Calculate Y = SK_p(PKH₁(ID) + PK_c1) and R = rPK_c2.
4. Calculate C₁ = rP, C₂ = (m||r) ⊕ H₂(Y) ⊕ H₂(R), C₃ = (X||f_k(X)||⋯ ||f_n(X)) ⊕ H₃(R) and C₄ = H₄(C₁||C₂||C₃||f_0,k||f_1,k||⋯||f_{k − 1, k}||R||k).
5. Output the ciphertext δ = (C₁, C₂, C₃, C₄, k).
Unsigncryption: Input (para, δ, PK_p, SK_c) and output m′ or ⊥. Specific steps are as follows.
1. Calculate , and ⊕ C₂.
2. Calculate and where i ∈ {1, 2, ⋯, n − 1}.
3. Calculate where i ∈ {k, ⋯, n − 1} & j ∈ {0, 1, ⋯, i − 1} and .
4. Verify that the Eqs (1), (2) and (3) are true, where i ∈ {k, ⋯, n}. (1) (2) (3)
  If the equations are all true, return . Otherwise, return ⊥.
Test: Input t ciphertexts δ_i = (C_i_,1, C_i,₂, C_i, ₃, C_i,₄, k_i) and trapdoors td_i. Let k = max{k₁, k₂, ⋯, k_t}. If k ≤ min{t, n}, perform the following computations. Otherwise, return ⊥.
1. Calculate and extract f_1,k(X₁), f_2,k(X₂), ⋯, f_{k − 1, k}(X_k−1) from the ciphertexts.
2. Assume that the plaintexts corresponding to t ciphertexts δ_i are equal. By calculating , we can get the non-homogeneous linear equation set
  Let where i₁, i₂ ∈ {1, 2, ⋯, k} and j ∈ {1, 2, ⋯, k − 1}. If , is regarded as the solution of the equation set. And X_i is regarded as the coefficient. det(V) ≠ 0 can be known according to Kramer’s rule and Vandermonde determinant. The unique solution of the equation set can be obtained.
3. For each ciphertext δ_i = (C_i_,1, C_i,₂, C_i, ₃, C_i,₄, k_i), verify whether the equation holds.
  If the equation is true for every δ_i, it represents m₁ = m₂ = ⋯ = m_t, and the test result 1 is returned. Otherwise, 0 is returned.

Correctness analysis

Theorem 1.The unsigncryption algorithm is correct.

Proof. The correctness of the unsigncryption algorithm can be verified by the following two equations.

After receiving the ciphertext δ = (C₁, C₂, C₃, C₄, k), the data user can get m′ by calculating m′ ∥r′ = H₂ (Y′) ⊕ H₂ (R′) ⊕ C₂. Eq (4) holds. (4)
The data user can calculate to verify the legitimacy of the message and signature. Eq (5) holds. (5)

Through the above verification, theorem 1 is established.

Theorem 2.The Test algorithm is correct.

Proof. The correctness of the Test algorithm can be verified by the following equations.

Given t ciphertexts δ_i = (C_i_,1, C_i,2, C_i, ₃, C_i,4, k_i). Let k = max{k₁, k₂, ⋯, k_t}. If k ≤ min{t, n}, calculate .

Assume that the plaintexts of t ciphertexts δ_i are m₁, m₂, ⋯, m_t respectively.

When the plaintexts corresponding to the tested t ciphertexts are equal, the correctness of the Test algorithm is proved as follows.
If m₁ = m₂ = ⋯ = m_t, we must have where i₁, i₂ ∈ {1, 2, ⋯, t} and j ∈ {0, 2, ⋯, t − 1}. Let . We can get the equation set Eq (6). (6)
If is regarded as the solution of the equation set, and X_i is regarded as a coefficient. The equation set corresponds to the Vandermonde matrix Eq (7). (7)
The determinant of V is . Due to the randomness of X_i, the probability of det(V) = 0 is The equation set has a unique solution when det(V) ≠ 0 from Cramer’s rule. For each ciphertext δ_i, the equation holds. We can get Test(para, δ₁, δ₂, ⋯, δ_k, td₁, td₂, ⋯, td_k) = 1.
When the plaintexts corresponding to the tested t ciphertexts are not equal, the correctness of the Test algorithm is proved as follows.
If m₁ ≠ m₂ = ⋯ = m_t, there is , where i₁, i₂ ∈ {2, 3, ⋯, t} and j ∈ {0, 2, ⋯, t − 1}. We can obtain the equation set Eq (8). (8)
Let where j ∈ {0, 2, ⋯, t − 1}. The unique solution can be obtained. It cannot make the Eqs (9) and (10) hold at the same time. (9) (10)

Through the above verification, theorem 2 is established.

Security proofs

Confidentiality

Theorem 3. If an adversary can win the Game 1 in PPT with a non-negligible advantage ε₁ after H_i queries, q_d partial private key queries, q_sc signcryption queries and q_usc unsigncryption queries, the challenger can solve the CDH problem with the nonnegligible advantage as show in Eq (11). (11)

Proof: is a challenger to solve the CDH problem. is a Type-1 adversary. Given a challenge example (P, aP, bP) where . and interact as follows.

Setup: executes the setup algorithm to output the system parameter para = {λ, G, q, P, PK, H₁, H₂, H₃, H₄, n}.

Phase 1: needs to maintain initially empty lists L_hi, i = 1, 2, 3, 4, L_d, L_sk, L_pk and L_td to record the query results of .

H₁ query: When receiving the query with ID_i submitted by , searches for whether there is (ID_i, h₁) in L_h1. When it exists, returns h₁ to . Otherwise, slelects randomly and returns to . inserts (ID_i, h_i) into L_h1 finally.
H₂ query: When receiving the query with R_i submitted by , searches for whether there is (R_i, h₂) in L_h2. When it exists, returns h₂ to . Otherwise, randomly selects h₂ = {0, 1}^2l and returns to . And inserts (R_i, h₂) into L_h2.
H₃ query: When receiving the query with (r_i, PK_ic2) submitted by , searches for whether there is (r_i, PK_ic2, h₃) in L_h3. When it exists, returns h₃ to . Otherwise, randomly selects h₃ = {0, 1}^nl and returns to . And inserts (r_i, PK_ic2, h₃) into L_h3.
H₄ query: When receiving the query with (C_1,i, C_2,i, C_3,i, f_i,k, r_i, PK_ic2, k_i) submitted by , searches for whether there is the corresponding h₄ in L_h4. When it exists, returns h₄ to . Otherwise, selects h₄ = {0, 1}^l randomly and returns to . Then inserts (C_1,i, C_2,i, C_3,i, f_i,k, r_i, PK_ic2, k_i, h₄) into L_h4.
Partial private key query: When receiving the query with ID_ci from , if (ID_ci, SK_ic1) exists, returns it to . Otherwise, executes CLC-PGen algorithm to generate SK_ic1 and return to . inserts (ID_ci, SK_ic1) into L_d.
Private key query: When receiving the query with ID_ci from , if (ID_ci, SK_ci) exists, returns it to . Otherwise, executes CLC-CGen algorithm to generate SK_ci and return to . inserts (ID_ci, SK_ci) into L_sk.
Public key query: When receiving the query with ID_ci from , if (ID_ci, PK_ci) exists, returns it to . Otherwise, executes CLC-PGen algorithm to generate PK_ci and return to . inserts (ID_ci, PK_ci) into L_pk.
Replace public key query: can select any public key to replace the user’s original public key PK_c2.
Trapdoor query: When receiving the query with ID_ci from , if (ID_ci, td_ci) exists, returns it to . Otherwise, executes Trapdoor algorithm to generate td_ci and return to , and inserts (ID_ci, td_ci) into L_td.
Signcryption query: When receiving the query with (m_i, ID_pi, ID_ci) submitted by , executes the Signcryption algorithm to obtain the ciphertext δ_i, and returns it to .
Unsigncryption query: When receiving the query with (ID_pi, ID_ci, δ_i) submitted by , executes the Unsigncryption algorithm to obtain the plaintext m_i, and returns it to .

Challenge: submits the sender’s identity , receiver’s identity , and two plaintexts m₀ and m₁ of the same length to . has never asked for the private key for . randomly selects as the secret value of and calculates . Then randomly selects ξ ∈ {0, 1} and performs the following calculations.

Calculate f_0,n = H₁(m_ξ||n) and f_i,n = H₁(m_ξ||n||f_0,n||⋯||f_{i − 1, n}) where i ∈ {1, 2, ⋯, n − 1}.
Calculate f_i,j = H₁(f_i,j+1) where i ∈ {k, k + 1, ⋯, n − 1} and j ∈ {0, 1, ⋯, i − 1}.
Calculate f_i(x) = f_0,i + f_1,i x + ⋯ + f_{i − 1, i} xⁱ⁻¹ where i ∈ {k, k + 1, ⋯, n}.
Randomly select , and calculate and .
Calculate , , f_n(X))⊕H₃(R*) and .
returns to .

Phase 2: continues to perform the queries after receiving δ*, but cannot query the private key of the ID_ci, nor can it perform unsigncryption query on δ*.

Guess: outputs the guess value ξ*. If ξ* = ξ, wins the game. will select (R_i, H₂(R_i)) from the list L_h2 and take R_i = abP as the solution of the CDH problem. However, there is currently no effective way to solve the CDH problem. Theorem 3 is proved.

Theorem 4. If an adversary can win the Game 2 in PPT with a non-negligible advantage ε₂ after H_i queries, q_d partial private key queries, q_sc signcryption queries and q_usc unsigncryption queries, the challenger can solve the CDH problem with the advantage as show in Eq (12). (12)

The proof process is similar to Theorem 3 and will not be repeated here.

Unforgeability

Theorem 5. If an adversary can win the Game 3 in PPT with a non-negligible advantage ε₃ after H_i queries, q_pk public key queries and q_sc signcryption queries, the challenger can solve the CDH problem with the advantage as show in Eq (13). (13)

Proof: is a challenger to solve the difficult problems of CDH. is an adversary. selects as the challenge identity. Given a challenge example (P, aP, bP) where . and interact as follows.

Setup: randomly selects and calculates PK = aP. outputs the system parameter para = {λ, G, q, P, PK, H₁, H₂, H₃, H₄, n}.

Training: The same queries as Theorem 3 will not be repeated here. The different queries are described below.

Key query: When receiving the query with ID_pi submitted by , executes the PKI-Gen algorithm to generate (SK_p, PK_p) and return to if . Otherwise, randomly selects and calculates PK_p = bP. Then renturns PK_p to .
Signcryption query: When receiving the query with (ID_pi, ID_ci, m_i) submitted by , executes the signcryption algorithm to generate and return to if . Otherwise, performs the following operations.
- Calculate f_0,n = H₁(m_i||n) and f_i,n = H₁(m_i||n||f_0,n||⋯||f_{i − 1, n}) where i ∈ {1, 2, ⋯, n − 1}.
- Calculate f_i,j = H₁(f_i,j+1) where i ∈ {k, ⋯, n − 1} and j ∈ {0, ⋯, i − 1}.
- Calculate f_i(x) = f_0,i + f_1,i x + ⋯ + f_{i − 1, i} xⁱ⁻¹ where i ∈ {k, k + 1, ⋯, n}.
- Randomly select . Calculate Y* = b(PKH₁(ID_ci) + PK_ic1) and R* = rPK_ic2.
- Calculate , , ||f_n(X))⊕H₃(R*) and .
- Return to .

Forgery: outputs a forged ciphertext for m_i. If the forgery is successful, can select from the list L_h2 and take as the solution of the CDH problem. However, there is currently no effective way to solve the problem. Theorem 5 is proved.

Number security

In this section, we proved the number security of our scheme based on the definition of number security in reference [28].

Theorem 6. If there is an adversary , after H_i queries, q_td trapdoor queries, q_sc signcryption queries and q_usc unsigncryption queries, can determine whether the underlying plaintext corresponding to t < K ciphertext δ_i = (C_i,1, C_i,2, C_i,3, C_i,4, k_i) is equal in PPT with a non-negligible advantage ε₄, where k = max{k₁, k₂, ⋯, k_t}. can solve the problem of CDH with the advantage as show in Eq (14). (14)

Proof: There are the following two ways to determine for .

can determine by obtaining and comparing the plaintexts m₁, m₂, ⋯, m_t.
In subsection Confidentiality, we have proved the confidentiality of our scheme. So this way is not feasible for .
can determine by obtaining the value of , where i ∈ {1, 2, ⋯, t − 1}, l ∈ {1, 2, ⋯, t} and . For this way, we do the following analysis.

For t ciphertexts δ₁, δ₂, ⋯, δ_t, is allowed to perform public key queries and trapdoor queries. So it can calculate and where k_i < j < n. Let k = max{k₁, ⋯, k_t}. can get the equation set Eq (15). (15)

Since X₁, X₂, ⋯, X_t are randomly selected by users, the probability of non-linear correlation of t equations is . Let , where i ∈ {1, 2, ⋯, t} and j ∈ {0, 1, ⋯, k − 1}. If is regarded as an independent variable, and X_i is regarded as a coefficient of the equations, the equation set consisting of t equations with k independent variables can be obtained. Because of k > t, there is no solution to make the equation set true. So this way is not feasible for .

In summary, the HSC-MET scheme satisfies the number security. Theorem 6 is proved.

Scheme analysis

Functional analysis

Table 3 summarizes the functional properties, confidentiality, and unforgeability analyses of our scheme. can be seen in Tables 1 and 3. To begin, in comparison to the references [13–20], our scheme incorporates the MET function to achieve safe and efficient cloud data retrieval, which is more appropriate for application scenarios involving large amounts of data. Second, when compared to the schemes in [22–27], our scheme overcomes the limitation of only supporting pairwise grouping for ciphertext equality tests, making it more appropriate for multi-user and multi-ciphertext application scenarios. Third, unlike [13, 15, 17, 18, 20, 22–27], our scheme does not use bilinear pairing and has lower computational costs. Furthermore, our scheme has higher confidentiality than [13, 22–24, 27, 28]. Finally, unlike [22–24, 28], our scheme has unforgeability and introduces heterogeneous signcryption technology to ensure the confidentiality, and integrity of data, and realizes the secure communication between heterogeneous cryptosystems.

Download:

Table 3. Characteristics of our scheme.

https://doi.org/10.1371/journal.pone.0274695.t003

Performance analysis

Our scheme is compared with the schemes in references [25, 27, 28] in terms of performance. Reference [28] uses the traditional public key encryption scheme. We use a PC equipped with Intel Core i7–7500u CPU@3.5GHz, 8G memory, and Windows 10 for simulation. The representative symbols and their meaning and computational time are shown in Table 4. The computational cost of each comparison scheme is shown in Table 5. With the increase of plaintexts/ciphertexts, the computational costs of our scheme and the comparison schemes in the signcryption/encryption, unsigncryption/decryption, and test phases are shown in Figs 2–4 respectively.

Download:

Table 4. Notations.

https://doi.org/10.1371/journal.pone.0274695.t004

Download:

Table 5. Comparison of computational cost.

https://doi.org/10.1371/journal.pone.0274695.t005

Download:

Fig 2. Computational cost of signcryption/encryption.

https://doi.org/10.1371/journal.pone.0274695.g002

Download:

Fig 3. Computational cost of unsigncryption/decryption.

https://doi.org/10.1371/journal.pone.0274695.g003

Download:

Fig 4. Computational cost of test.

https://doi.org/10.1371/journal.pone.0274695.g004

In the signcryption/encryption phase, it can be seen from Table 5 and Fig 2 that compared with the schemes in [25] and [27], our scheme does not have bilinear pairing operations, which greatly reduces the computational cost. Although compared with the scheme in [28], the computational cost of our scheme is higher, our scheme not only achieves confidentiality, but also satisfies non-repudiation. And our scheme supports communication between heterogeneous cryptosystem. In the unsigcryption/decryption and test phases, Figs 3 and 4 clearly show that our scheme has lower computational costs than the schemes in [25, 27, 28]. When the number of ciphertexts reaches 20, the computational efficiency in unsigcryption/decryption phase of our scheme is approximately 2000 times, 1500 times and 30 times that of the three comparison schemes. And as the number of ciphertexts increases, the advantages of our scheme become more obvious in the test phase.

Conclusion

We proposed the HSC-MET scheme to overcome the problems in the existing schemes, such as not supporting the communication between heterogeneous cryptosystems, high computational overhead, and low efficiency of ciphertext retrieval. Our scheme uses HSC technology to realize secure communication from PKI to CLC. The scheme has no bilinear pairing operation, which greatly reduces the computational cost and improves communication efficiency. In addition, the multi-ciphertext equality test technology is introduced to realize the simultaneous retrieval of multiple ciphertexts by multiple users, which reduces the computational cost of the ciphertext equality test in the multi-user scenario. Under the ROM, we proved the confidentiality, unforgeability, and number security of the HSC-MET scheme based on the CDH problem. Finally, we compared the scheme with several similar schemes. The results show that our scheme not only has more functional features and higher security but also has lower computational costs in signcryption, unsigncryption, and test phases. However, our scheme’s security is proved under the random oracle model, which is not universal in reality more or less. In the future, we will further investigate the security under the standard model to make the HSC-MET scheme more practical.

Supporting information

S1 Fig. Cloud server.

Image URL: https://www.iconfont.cn/search/index?searchType=iconq=cloud.

https://doi.org/10.1371/journal.pone.0274695.s001

(TIF)

S2 Fig. KGC.

Image URL: https://www.iconfont.cn/search/index?searchType=iconq=sever.

https://doi.org/10.1371/journal.pone.0274695.s002

(TIF)

S3 Fig. UAVs.

Image URL: https://www.iconfont.cn/search/index?searchType=iconq=UAV.

https://doi.org/10.1371/journal.pone.0274695.s003

(TIF)

S4 Fig. Data users.

Image URL: https://www.iconfont.cn/search/index?searchType=iconq=user.

https://doi.org/10.1371/journal.pone.0274695.s004

(TIF)

S5 Fig. CA.

Image URL: https://www.iconfont.cn/search/index?searchType=iconq=host.

https://doi.org/10.1371/journal.pone.0274695.s005

(TIF)

References

1. Liu Y, Dai HN, Wang Q, Shukla MK, Imran M. Unmanned aerial vehicle for internet of everything: opportunities and challenges. Computer Communications. 2020;155:66–83.
- View Article
- Google Scholar
2. Wang BH, Wang DB, Ali ZA, Ting BT, Wang H. An overview of various kinds of wind effects on unmanned aerial vehicle. Measurement and Control. 2019;52(7-8): 731–739.
- View Article
- Google Scholar
3. Boccadoro P, Striccoli D, Grieco LA. An extensive survey on the internet of drones. Ad Hoc Networks. 2021;122:102600.
- View Article
- Google Scholar
4. Gharibi M, Boutaba R, Waslander SL. Internet of drones. IEEE Access. 2016;4: 1148–1162.
- View Article
- Google Scholar
5. Yahuza M, Idris M, Ahmedy IB, Wahab A, Bala A. Internet of drones security and privacy issues: taxonomy and open challenges. IEEE Access. 2021;9:57243–57270.
- View Article
- Google Scholar
6. Srinivas J, Das AK, Kumar N, Rodrigues JJPC. TCALAS: temporal credential- based anonymous lightweight authentication scheme for internet of drones environment. IEEE Transactions on Vehicular Technology. 2019;68(7):6903–6916.
- View Article
- Google Scholar
7. Bharany S, Sharma S, Bhatia S, MKI Rahmani, Shuaib M, et al. Energy Efficient Clustering Protocol for FANETS Using Moth Flame Optimization. Sustainability 2022;14(10):6159.
- View Article
- Google Scholar
8. Bharany S, Sharma S, Frnda J, Shuaib M, Khalid MI, et al. Wildfire Monitoring Based on Energy Efficient Clustering Approach for FANETS. Drones. 2022;6(8):193.
- View Article
- Google Scholar
9. Bera B, Chattaraj D, Das AK. Designing secure blockchain-based access control scheme in IoT-enabled internet of drones deployment. Computer Communications. 2020;153:229–249.
- View Article
- Google Scholar
10. Hussain S, Chaudhry SA, Alomari OA, Alsharif MH, Khan MK, Kumar N. Amassing the security: an ECC-based authentication scheme for internet of drones. IEEE Systems Journal. 2021;15(3):4431–4438.
- View Article
- Google Scholar
11. Khan M, Shah H, Rehman S, Kumar N, Ghazali R, Shehzad D, et al. Securing internet of drones with identity-based proxy signcryption. IEEE Access. 2021;p: 89133–89142.
- View Article
- Google Scholar
12. Gope P, Sikdar B. An efficient privacy-preserving authenticated key agreement scheme for edge-assisted internet of drones. IEEE Transactions on Vehicular Technology. 2020;69(11):13621–13630.
- View Article
- Google Scholar
13. Sun Y, Li H. Efficient signcryption between TPKC and IDPKC and its multi- receiver construction. Science China Information Sciences. Science China Information Sciences. 2010;53(3):557–566.
- View Article
- Google Scholar
14. Elkhalil A, Zhang J, Elhabob R, Eltayieb N. An efficient signcryption of heterogeneous systems for internet of vehicles. Journal of Systems Architecture. 2021;113:101885.
- View Article
- Google Scholar
15. Ali I, Lawrence T, Omala AA, Li F. An efficient hybrid signcryption scheme with conditional privacy-preservation for heterogeneous vehicular communication in VANETs. IEEE Transactions on Vehicular Technology. 2020;69(10):11266–11280.
- View Article
- Google Scholar
16. Qiu J, Fan K, Zhang K, Pan Q, Yang Y. An efficient multi-message and multi- receiver signcryption scheme for heterogeneous smart mobile IoT. IEEE Access. 2019;7:180205–180217.
- View Article
- Google Scholar
17. Cao S, Lang X, Liu X, Zhang Y, Wang C. Improvement of a provably secure mutual and anonymous heterogeneous signcryption scheme between PKI and IBC. Journal of Electronics Information Technology. 2019;41(8):1787–1792.
- View Article
- Google Scholar
18. Wang CF, Liu C, Li YH, Niu SF, Zhang YL. Two-way and anonymous heterogeneous signcryption scheme between PKI and IBC. Journal on communications. 2017;38(10):10.
- View Article
- Google Scholar
19. Luo M, Pei Y, Huang W. Mutual heterogeneous signcryption schemes with different system parameters for 5G network slicings. Wireless Networks. 2021;27(3):1901–1912.
- View Article
- Google Scholar
20. Ji HF, Liu LD, Huang YY, Chen QF. A mutual and anonymous heterogeneous signcryption scheme between PKI and IBC. Telecommunications Science;2020,36(4):91–98.
- View Article
- Google Scholar
21. Boneh D, Di Crescenzo G, Ostrovsky R, Persiano G. Public key encryption with keyword search. International Conference on The Theory And Applications of Cryptographic Techniques; 2004. P. 506–522.
22. Yang G, Tan CH, Huang Q, Wong DS. Probabilistic public key encryption with equality test. Cryptographers’ Track at the RSA Conference; 2010. p. 119–131.
23. Elhabob R, Zhao Y, Sella I, Xiong H. Efficient certificateless public key cryptography with equality test for internet of vehicles. IEEE Access. 2019;7: 68957–68969.
- View Article
- Google Scholar
24. Li W, Jin C, Kumari S, Xiong H, Kumar S. Proxy re-encryption with equality test for secure data sharing in internet of things-based healthcare systems. Transactions on Emerging Telecommunications Technologies. 2020;2:e3986.
- View Article
- Google Scholar
25. Xiong H, Zhao Y, Hou Y, Huang X, Jin C, Wang L, et al. Heterogeneous signcryption with equality test for IIOT environment. IEEE Internet of Things Journal. 2021;8(21):16142–16152.
- View Article
- Google Scholar
26. Xiong H, Hou Y, Huang X, Zhao Y, Chen CM. Heterogeneous signcryption scheme from IBC to PKI with equality test for WBANs. IEEE Systems Journal. 2021;(99):1–10.
- View Article
- Google Scholar
27. Hou Y, Huang X, Chen Y, Kumar S, Xiong H. Heterogeneous signcryption scheme supporting equality test from PKI to CLC toward IoT. Transactions on Emerging Telecommunications Technologies. 2021;32(8):e4190.
- View Article
- Google Scholar
28. Susilo W, Guo F, Zhao Z, Wu G. PKE-MET: public-key encryption with multi-ciphertext equality test in cloud computing. IEEE Transactions on Cloud Computing. 2020.
- View Article
- Google Scholar
29. Shen X, Wang B, Wang L, Duan P, Zhan B. Group public key encryption supporting equality test without bilinear pairings. Information Sciences. 2022;(605):202–224.
- View Article
- Google Scholar
30. Hassan A, Wang Y, Elhabob R, Eltayieb N, Li F. An efficient certificateless public key encryption scheme with authorized equality test in healthcare environments. Journal of Systems Architecture 2020;109:10177.
- View Article
- Google Scholar
31. Elhabob R, Zhao Y, Sella I, Xiong H. An efficient certificateless public key cryptography with authorized equality test in IIoT. Journal of Ambient Intelligence and Humanized Computing 2020;11(3):1065–10.
- View Article
- Google Scholar
32. Choi S, Lee HT. Attack and improvement of the recent identity-based encryption with authorized equivalence test in cluster computing. Cluster Computing 2022;25(1):633–646.
- View Article
- Google Scholar

[ref1] 1. Liu Y, Dai HN, Wang Q, Shukla MK, Imran M. Unmanned aerial vehicle for internet of everything: opportunities and challenges. Computer Communications. 2020;155:66–83.
View Article
Google Scholar

[2] View Article

[3] Google Scholar

[ref2] 2. Wang BH, Wang DB, Ali ZA, Ting BT, Wang H. An overview of various kinds of wind effects on unmanned aerial vehicle. Measurement and Control. 2019;52(7-8): 731–739.
View Article
Google Scholar

[5] View Article

[6] Google Scholar

[ref3] 3. Boccadoro P, Striccoli D, Grieco LA. An extensive survey on the internet of drones. Ad Hoc Networks. 2021;122:102600.
View Article
Google Scholar

[8] View Article

[9] Google Scholar

[ref4] 4. Gharibi M, Boutaba R, Waslander SL. Internet of drones. IEEE Access. 2016;4: 1148–1162.
View Article
Google Scholar

[11] View Article

[12] Google Scholar

[ref5] 5. Yahuza M, Idris M, Ahmedy IB, Wahab A, Bala A. Internet of drones security and privacy issues: taxonomy and open challenges. IEEE Access. 2021;9:57243–57270.
View Article
Google Scholar

[14] View Article

[15] Google Scholar

[ref6] 6. Srinivas J, Das AK, Kumar N, Rodrigues JJPC. TCALAS: temporal credential- based anonymous lightweight authentication scheme for internet of drones environment. IEEE Transactions on Vehicular Technology. 2019;68(7):6903–6916.
View Article
Google Scholar

[17] View Article

[18] Google Scholar

[ref7] 7. Bharany S, Sharma S, Bhatia S, MKI Rahmani, Shuaib M, et al. Energy Efficient Clustering Protocol for FANETS Using Moth Flame Optimization. Sustainability 2022;14(10):6159.
View Article
Google Scholar

[20] View Article

[21] Google Scholar

[ref8] 8. Bharany S, Sharma S, Frnda J, Shuaib M, Khalid MI, et al. Wildfire Monitoring Based on Energy Efficient Clustering Approach for FANETS. Drones. 2022;6(8):193.
View Article
Google Scholar

[23] View Article

[24] Google Scholar

[ref9] 9. Bera B, Chattaraj D, Das AK. Designing secure blockchain-based access control scheme in IoT-enabled internet of drones deployment. Computer Communications. 2020;153:229–249.
View Article
Google Scholar

[26] View Article

[27] Google Scholar

[ref10] 10. Hussain S, Chaudhry SA, Alomari OA, Alsharif MH, Khan MK, Kumar N. Amassing the security: an ECC-based authentication scheme for internet of drones. IEEE Systems Journal. 2021;15(3):4431–4438.
View Article
Google Scholar

[29] View Article

[30] Google Scholar

[ref11] 11. Khan M, Shah H, Rehman S, Kumar N, Ghazali R, Shehzad D, et al. Securing internet of drones with identity-based proxy signcryption. IEEE Access. 2021;p: 89133–89142.
View Article
Google Scholar

[32] View Article

[33] Google Scholar

[ref12] 12. Gope P, Sikdar B. An efficient privacy-preserving authenticated key agreement scheme for edge-assisted internet of drones. IEEE Transactions on Vehicular Technology. 2020;69(11):13621–13630.
View Article
Google Scholar

[35] View Article

[36] Google Scholar

[ref13] 13. Sun Y, Li H. Efficient signcryption between TPKC and IDPKC and its multi- receiver construction. Science China Information Sciences. Science China Information Sciences. 2010;53(3):557–566.
View Article
Google Scholar

[38] View Article

[39] Google Scholar

[ref14] 14. Elkhalil A, Zhang J, Elhabob R, Eltayieb N. An efficient signcryption of heterogeneous systems for internet of vehicles. Journal of Systems Architecture. 2021;113:101885.
View Article
Google Scholar

[41] View Article

[42] Google Scholar

[ref15] 15. Ali I, Lawrence T, Omala AA, Li F. An efficient hybrid signcryption scheme with conditional privacy-preservation for heterogeneous vehicular communication in VANETs. IEEE Transactions on Vehicular Technology. 2020;69(10):11266–11280.
View Article
Google Scholar

[44] View Article

[45] Google Scholar

[ref16] 16. Qiu J, Fan K, Zhang K, Pan Q, Yang Y. An efficient multi-message and multi- receiver signcryption scheme for heterogeneous smart mobile IoT. IEEE Access. 2019;7:180205–180217.
View Article
Google Scholar

[47] View Article

[48] Google Scholar

[ref17] 17. Cao S, Lang X, Liu X, Zhang Y, Wang C. Improvement of a provably secure mutual and anonymous heterogeneous signcryption scheme between PKI and IBC. Journal of Electronics Information Technology. 2019;41(8):1787–1792.
View Article
Google Scholar

[50] View Article

[51] Google Scholar

[ref18] 18. Wang CF, Liu C, Li YH, Niu SF, Zhang YL. Two-way and anonymous heterogeneous signcryption scheme between PKI and IBC. Journal on communications. 2017;38(10):10.
View Article
Google Scholar

[53] View Article

[54] Google Scholar

[ref19] 19. Luo M, Pei Y, Huang W. Mutual heterogeneous signcryption schemes with different system parameters for 5G network slicings. Wireless Networks. 2021;27(3):1901–1912.
View Article
Google Scholar

[56] View Article

[57] Google Scholar

[ref20] 20. Ji HF, Liu LD, Huang YY, Chen QF. A mutual and anonymous heterogeneous signcryption scheme between PKI and IBC. Telecommunications Science;2020,36(4):91–98.
View Article
Google Scholar

[59] View Article

[60] Google Scholar

[ref21] 21. Boneh D, Di Crescenzo G, Ostrovsky R, Persiano G. Public key encryption with keyword search. International Conference on The Theory And Applications of Cryptographic Techniques; 2004. P. 506–522.

[ref22] 22. Yang G, Tan CH, Huang Q, Wong DS. Probabilistic public key encryption with equality test. Cryptographers’ Track at the RSA Conference; 2010. p. 119–131.

[ref23] 23. Elhabob R, Zhao Y, Sella I, Xiong H. Efficient certificateless public key cryptography with equality test for internet of vehicles. IEEE Access. 2019;7: 68957–68969.
View Article
Google Scholar

[64] View Article

[65] Google Scholar

[ref24] 24. Li W, Jin C, Kumari S, Xiong H, Kumar S. Proxy re-encryption with equality test for secure data sharing in internet of things-based healthcare systems. Transactions on Emerging Telecommunications Technologies. 2020;2:e3986.
View Article
Google Scholar

[67] View Article

[68] Google Scholar

[ref25] 25. Xiong H, Zhao Y, Hou Y, Huang X, Jin C, Wang L, et al. Heterogeneous signcryption with equality test for IIOT environment. IEEE Internet of Things Journal. 2021;8(21):16142–16152.
View Article
Google Scholar

[70] View Article

[71] Google Scholar

[ref26] 26. Xiong H, Hou Y, Huang X, Zhao Y, Chen CM. Heterogeneous signcryption scheme from IBC to PKI with equality test for WBANs. IEEE Systems Journal. 2021;(99):1–10.
View Article
Google Scholar

[73] View Article

[74] Google Scholar

[ref27] 27. Hou Y, Huang X, Chen Y, Kumar S, Xiong H. Heterogeneous signcryption scheme supporting equality test from PKI to CLC toward IoT. Transactions on Emerging Telecommunications Technologies. 2021;32(8):e4190.
View Article
Google Scholar

[76] View Article

[77] Google Scholar

[ref28] 28. Susilo W, Guo F, Zhao Z, Wu G. PKE-MET: public-key encryption with multi-ciphertext equality test in cloud computing. IEEE Transactions on Cloud Computing. 2020.
View Article
Google Scholar

[79] View Article

[80] Google Scholar

[ref29] 29. Shen X, Wang B, Wang L, Duan P, Zhan B. Group public key encryption supporting equality test without bilinear pairings. Information Sciences. 2022;(605):202–224.
View Article
Google Scholar

[82] View Article

[83] Google Scholar

[ref30] 30. Hassan A, Wang Y, Elhabob R, Eltayieb N, Li F. An efficient certificateless public key encryption scheme with authorized equality test in healthcare environments. Journal of Systems Architecture 2020;109:10177.
View Article
Google Scholar

[85] View Article

[86] Google Scholar

[ref31] 31. Elhabob R, Zhao Y, Sella I, Xiong H. An efficient certificateless public key cryptography with authorized equality test in IIoT. Journal of Ambient Intelligence and Humanized Computing 2020;11(3):1065–10.
View Article
Google Scholar

[88] View Article

[89] Google Scholar

[ref32] 32. Choi S, Lee HT. Attack and improvement of the recent identity-based encryption with authorized equivalence test in cluster computing. Cluster Computing 2022;25(1):633–646.
View Article
Google Scholar

[91] View Article

[92] Google Scholar

Figures

Abstract

Introduction

Our contributions

Organization

Related work

Preliminaries

Complexity assumption

Cramer’s rule

Vandermonde determinant

Formal definition

Security model

Confidentiality.

Unforgeability.

Scheme design

Our construction

Correctness analysis

Security proofs

Confidentiality

Unforgeability

Number security

Scheme analysis

Functional analysis

Performance analysis

Conclusion

Supporting information

S1 Fig. Cloud server.

S2 Fig. KGC.

S3 Fig. UAVs.

S4 Fig. Data users.

S5 Fig. CA.

References