Processing math: 100%
Research article

A heterogeneous signcryption scheme for smart grid with trusted multi-ciphertext equality test


  • Received: 02 August 2023 Revised: 26 September 2023 Accepted: 12 October 2023 Published: 08 November 2023
  • Energy utilization rates have been largely improved thanks to the wide application of smart grids, thereby realizing the reliable, economic and efficient operation of the grids. However, such an application is also accompanied by many security issues. In response to the many problems within existing security schemes, such as not supporting the communication between heterogeneous cryptosystems, low security levels and a low data retrieval efficiency, a heterogeneous signcryption (HSC) scheme that supports a trusted multi-ciphertext equality test (MET) is proposed. The adoption of the HSC helps to identify secure communications from identity-based cryptosystems to certificateless cryptosystem, eliminates the certificate management problems in the traditional public key cryptography scheme, and ensures the confidentiality and authentication of power data. The introduction of the MET technology can avoid the high cost of equality test calculations after grouping ciphertexts in pairs. Using blockchain and smart contract technologies ensure the credibility of test results and eliminates the reliance on trusted cloud servers. Under the random oracle model, on the basis of the bilinear Diffie-Hellman, the computational Diffie-Hellman and the q-strong Diffie-Hellman problems, this paper proves that the scheme proposed herein meets the requirements of indistinguishability and one-way security under adaptive choice ciphertext attacks, and the unforgeability under the adaptive choice message attack. From the findings of the analysis, it has been shown that the proposed scheme satisfies more security attributes and requires lower computational overhead compared to similar schemes.

    Citation: Xiaodong Yang, Ruixia Liu, Bin Shu, Ningning Ren, Wenjia Wang. A heterogeneous signcryption scheme for smart grid with trusted multi-ciphertext equality test[J]. Mathematical Biosciences and Engineering, 2023, 20(11): 20295-20316. doi: 10.3934/mbe.2023898

    Related Papers:

    [1] Xiao Dong Yang, Wen Jia Wang, Bin Shu, Mei Juan Li, Rui Xia Liu, Cai Fen Wang . Multi-message multi-receiver signcryption scheme based on blockchain. Mathematical Biosciences and Engineering, 2023, 20(10): 18146-18172. doi: 10.3934/mbe.2023806
    [2] Xiao-Dong Yang, Ze-Fan Liao, Bin Shu, Ai-Jia Chen . Blockchain-based multi-authority revocable data sharing scheme in smart grid. Mathematical Biosciences and Engineering, 2023, 20(7): 11957-11977. doi: 10.3934/mbe.2023531
    [3] Yang Zhao, Xin Xie, Xing Zhang, Yi Ding . A revocable storage CP-ABE scheme with constant ciphertext length in cloud storage. Mathematical Biosciences and Engineering, 2019, 16(5): 4229-4249. doi: 10.3934/mbe.2019211
    [4] Dawei Li, Enzhun Zhang, Ming Lei, Chunxiao Song . Zero trust in edge computing environment: a blockchain based practical scheme. Mathematical Biosciences and Engineering, 2022, 19(4): 4196-4216. doi: 10.3934/mbe.2022194
    [5] Kittur Philemon Kibiwott , Yanan Zhao , Julius Kogo, Fengli Zhang . Verifiable fully outsourced attribute-based signcryption system for IoT eHealth big data in cloud computing. Mathematical Biosciences and Engineering, 2019, 16(5): 3561-3594. doi: 10.3934/mbe.2019178
    [6] Shiyou Chen, Baohui Li, Lanlan Rui, Jiaxing Wang, Xingyu Chen . A blockchain-based creditable and distributed incentive mechanism for participant mobile crowdsensing in edge computing. Mathematical Biosciences and Engineering, 2022, 19(4): 3285-3312. doi: 10.3934/mbe.2022152
    [7] Zhanying Tong, Yingying Zhou, Ke Xu . An intelligent scheduling control method for smart grid based on deep learning. Mathematical Biosciences and Engineering, 2023, 20(5): 7679-7695. doi: 10.3934/mbe.2023331
    [8] Yunqian Yu, Zhenliang Hao, Guojie Li, Yaqing Liu, Run Yang, Honghe Liu . Optimal search mapping among sensors in heterogeneous smart homes. Mathematical Biosciences and Engineering, 2023, 20(2): 1960-1980. doi: 10.3934/mbe.2023090
    [9] Xiang Gao, Yipeng Zhang . Advancing remote consultation through the integration of blockchain and ant colony algorithm. Mathematical Biosciences and Engineering, 2023, 20(9): 16886-16912. doi: 10.3934/mbe.2023753
    [10] Yanmei Jiang, Mingsheng Liu, Jianhua Li, Jingyi Zhang . Reinforced MCTS for non-intrusive online load identification based on cognitive green computing in smart grid. Mathematical Biosciences and Engineering, 2022, 19(11): 11595-11627. doi: 10.3934/mbe.2022540
  • Energy utilization rates have been largely improved thanks to the wide application of smart grids, thereby realizing the reliable, economic and efficient operation of the grids. However, such an application is also accompanied by many security issues. In response to the many problems within existing security schemes, such as not supporting the communication between heterogeneous cryptosystems, low security levels and a low data retrieval efficiency, a heterogeneous signcryption (HSC) scheme that supports a trusted multi-ciphertext equality test (MET) is proposed. The adoption of the HSC helps to identify secure communications from identity-based cryptosystems to certificateless cryptosystem, eliminates the certificate management problems in the traditional public key cryptography scheme, and ensures the confidentiality and authentication of power data. The introduction of the MET technology can avoid the high cost of equality test calculations after grouping ciphertexts in pairs. Using blockchain and smart contract technologies ensure the credibility of test results and eliminates the reliance on trusted cloud servers. Under the random oracle model, on the basis of the bilinear Diffie-Hellman, the computational Diffie-Hellman and the q-strong Diffie-Hellman problems, this paper proves that the scheme proposed herein meets the requirements of indistinguishability and one-way security under adaptive choice ciphertext attacks, and the unforgeability under the adaptive choice message attack. From the findings of the analysis, it has been shown that the proposed scheme satisfies more security attributes and requires lower computational overhead compared to similar schemes.



    A smart grid [1,2,3] is a new type of modern grid combining such technologies as advanced sensing measurements, information communications, and an automatic control, and is highly integrated within the grid infrastructure. Through the two-way transmission of real-time monitoring and control data, it can balance the power generation and demand of the entire power grid and is featured by a strong stability and self-healing ability. The components and equipment of a smart grid are usually distributed in a large geographical area, covering the whole process from power generation to users, thereby making it a complex heterogeneous network [4]. As the size of smart grid data rapidly increases, the storage and processing of big data has become a top priority. This big problem has been solved with the emergence of cloud computing technology [5]. Having powerful data processing capabilities, the cloud can provide users with computing services without being limited by time and location. In the cloud-assisted smart grid, numerous users' power data are outsourced to the cloud server (CS) for processing, thus alleviating the problems of high storage and computing overhead faced by the entities of smart grids. However, since the CS is not trusted, in order to ensure the confidentiality of the user's power data, data is often stored in the cloud in the form of ciphertext, thereby making data retrieval difficult and greatly reducing data availability.

    To solve the conflict between data confidentiality and efficient retrieval, Boneh et al. [6] proposed a public key encryption scheme with a keyword search (PKE-KS). The proposed scheme is capable of retrieving target data with keywords from the CS without decryption, and further capable of downloading and decrypting on a similar basis. However, this scheme only supports the retrieval of ciphertexts encrypted with the same public key, thereby indicating certain limitations. To break this limitation, Yang et al. [7] first proposed a public key encryption scheme (PKE-ET) that supports an equality test (ET). It allows users to compare two ciphertexts encrypted with different public keys to determine whether their corresponding underlying plaintexts are the same. Since then, many PKE-ET schemes have been proposed [8,9,10]. However, these schemes only support ET after grouping ciphertexts in pairs. In environments with multiple users and ciphertexts, their retrieval efficiency is low and the computational overhead is high. To address this problem, Susilo et al. [11] proposed an PKE-MET supporting multi-ciphertext equality test (MET). This scheme supports utilizing the CS to test the equality of multiple ciphertexts at the same time, thus greatly reducing the computational overhead and improving the efficiency of the ciphertext retrieval.

    Although the schemes [7,8,9,10,11] ensure the confidentiality of data through encryption, it does not achieve data authentication. In the smart grid, if the user's power data is not verifiable, it may not only cause data users (DUs) such as the distribution substation to waste computing resources for useless processing, but it may also lead to the incorrect judgment of the users' power consumption, resulting in unstable distribution and power failures.

    In order to meet the requirements of data confidentiality and authentication at the same time, many scholars at home and abroad have combined ET with signcryption technology [12] and proposed signcryption schemes supporting ET [13,14,15]. However, their schemes only support the communication between single cryptosystems. A smart grid is a complex heterogeneous network, thereby making these schemes not applicable. To better apply the ET schemes to heterogeneous systems, Xiong et al. [16] proposed a heterogeneous signcryption (HSC) scheme supporting ET for the Industrial Internet of Things (IIOT), thus allowing sensors in the public key infrastructure (PKI) to execute data encryption and upload ciphertext to CS. When users in the identity-based cryptosystem (IBC) want to search and download data, the scheme entrusts CS to execute ET on ciphertext. Shan and Zhuang [17] utilized a game-theoretic approach to model attacks and the defenses of smart grids. This study provides valuable insights into the analysis of security strategies in small grid systems. However, in the test phase, the ciphertexts were grouped in pairs and compared one by one. Therefore, it requires a high computational overhead and is not suitable for multi-user scenarios.

    In the application scenario of the smart grid, we propose an HSC scheme supporting MET. The main contributions are as follows.

    1) The adoption of the HSC enables communication from IBC to a certificateless cryptosystem (CLC), eliminates the certificate management problem in the traditional public key cryptography scheme, and ensures the confidentiality, integrity and authentication of the user's power data in the smart grid.

    2) The introduction of the MET allows testers to execute ET on multiple ciphertexts at the same time according to the user's trapdoors, thus realizing the safe and efficient retrieval of ciphertexts. It avoids the problems of a high computational overhead in traditional schemes supporting ciphertext ET, which divides ciphertexts into pairs before the ET.

    3) Using blockchain technology, the MET operation is performed by a smart contract deployed on the alliance chain platform, resulting in the test operation's decentralization.

    4) In the random oracle model (ROM), based on the bilinear Diffie Hellman (BDHP), the computational Diffie-Hellman (CDHP) and the q-strong Diffie-Hellman (q-SDHP) problems, the confidentiality, one-way security and unforgeability of the proposed scheme have been proven.

    5) We compared the proposed scheme with several similar schemes in terms of functions, security attributes and computational overhead. The analysis findings have shown that our scheme has more functions, higher security attributes and a lower computational overhead.

    The rest of this paper is organized as follows. Section 2 introduces the related work. Section 3 describes the preliminaries. In Section 4, we provide the system design. In Section 5, the algorithm processes of our scheme are presented. The correctness analyses, security, and efficiency of the proposed scheme are discussed in Sections 6–8, respectfully. Finally, Section 9 summarizes this paper.

    In 2010, Yang et al. [7] first proposed the PKE-ET scheme, thereby allowing anyone to determine whether the underlying plaintext corresponding to two ciphertexts encrypted with different public keys was equal by executing an ET. However, this scheme failed to meet the requirement of indistinguishability under plaintext attacks. To solve this problem, Tang [18] introduced the fine-grained authorization mechanism into the ET scheme and proposed the fine-grained authorisation PKEET scheme (FG-PKEET). In this scheme, after the user negotiated to generate a test trapdoor, it would be provided to the agent to execute the ET. This scheme improves the security of the user's data but increased the storage cost of the agent. Since then, Tang has proposed the PKEET scheme [19] with authorization of different granularity (ADG-PKEET) and the all-or-nothing PKEET scheme (AON-PKEET) [20]. Inspired by the work of Tang, many PKE-ET schemes supporting authorization were proposed [21,22,23].

    In order to improve the security and usability of the PKE-ET scheme, many scholars proposed to combine PKE-ET with various cryptosystems. By combining identity-based encryption (IBE) with PKE-ET, Ma [24] proposed the IBE-ET scheme, which used the identity of the receiver for encryption, thus avoiding the problems in certificate management. Qu et al. [25] integrated certificateless public key encryption into the PKE-ET scheme to avoid the key escrow problem in IBE-ET. Xiong et al. [13] proposed an ET scheme for the Internet of Vehicles (IoV) by combining identity based signcryption, thus realizing the classification of vehicle messages and ensuring the confidentiality and authentication of vehicle data. Yang et al. [15] proposed a certificateless ciphertext ET signcryption scheme for wireless body area networks by combining blockchain technology, eliminating the dependence of ET operations on trusted CS. Xiong et al. [26] proposed an HSC scheme to support ET by combining HSC, thus realizing the ciphertext data retrieval between IBC and PKI heterogeneous systems. Hou et al. [27] proposed an HSC scheme from PKI to CLC that supports ET. Zhao et al. [28] designed a certificateless signcryption scheme with ciphertext ET, and defined its framework and security model.

    To solve the high-cost problem of the ET calculation after dividing the ciphertexts into pairs, Susilo et al. [11] proposed an MET public key encryption scheme, which realized the simultaneous retrieval of multiple ciphertexts by CS and reduced the calculation cost. However, the scheme failed to meet the requirements of authentication, thus indicating a low level of security. Furthermore, in the schemes described above, the test operation is carried out by a semi-trusted CS. If the CS either fails unexpectedly or is maliciously attacked and produces incorrect results, it may result in an incorrect diagnosis of the user's power consumption and even leak the user's privacy. Yang et al. [29] proposed an aggregated signcryption scheme for wireless body area networks that supports multi-ciphertext equivalence tests. The scheme aggregates multiple ciphertexts for signcryption, thereby leading to reduced computational overhead.

    If the coefficient determinant corresponds to the non-homogeneous linear equation group Eq (1), where n unknowns xi satisfies det(V)0, it has a unique solution.

    {a1,1x1+a1,2x2++a1,nxn=b1a2,1x1+a2,2x2++a2,nxn=b2 an,1x1+an,2x2++an,nxn=bn (1)

    Equation (2) is a Vandermonde matrix. The corresponding Vandermonde has computational properties det(V)=1i<jn(aiaj).

    V=[1a1a21an111a2a22an121ana2nan1n] (2)

    Let q be a large prime number. G1 and G2 are additive cyclic and multiplicative cyclic groups of order q, respectively. P is the generator. e:G1×G1G2 is a bilinear map that satisfies the following three conditions:

    1) Non-degeneracy: e(P,P)1;

    2) Bilinearity: For any a,bZq, e(aP,bP)=e(P,P)ab;

    3) Computability: For any E,QG1, there is an algorithm that can calculate e(E,Q).

    G1 and G2 are additive and multiplicative cyclic groups of prime q, respectively. P is the generator. The relevant and difficult problems are defined below:

    1) BDHP: Given (P,aP,bP,cP) where a,b,cZq and a bilinear map e:G1×G1G2, it is hard to calculate e(P,P)abc;

    2) CDHP: Given (P,aP,bP), in which a,bZq, it is hard to calculate abP;

    3) q-SDHP: Given q+1 vectors (P,aP,,aqP) where a,qZq, it is hard to calculate (k,1k+aP).

    Blockchains [30] can eliminate the dependence on trusted clouds and realize the decentralization of cryptographic schemes. Blockchains are divided into public chains, alliance chains and private chains according to the degree of openness. The public chain is a consensus blockchain open to everyone, which allows everyone to issue and confirm transactions. The alliance chain is a blockchain jointly built and maintained by multiple organizations. Each participant builds a consensus mechanism through a contract to achieve partial decentralization. Compared with the public chain, it has a stronger controllability. The trust degree of the private chain is lower than that of the public chain, and its write and read permissions are controlled by a centralized organization, which has a higher flexibility. The blockchain uses a specific reward mechanism to motivate each node to provide either computing power or resources and uses cryptographic algorithms to ensure the security of transactions.

    The smart contract [15] is a piece of code deployed on the blockchain platform, which can conduct trusted transactions without relying on third parties. Blockchain nodes deploy predefined rules on the blockchain in the form of smart contracts by publishing transactions. When a transaction meets the trigger conditions, the smart contract will automatically perform relevant calculations and record the transaction information in the block in the chain. Smart contracts provide the blockchain application layer with various interfaces responsible for either storing or processing external data, thereby enabling blockchain to replace semi-trusted CSs to perform operations such as ciphertext retrieval. Using blockchain and smart contract technology eliminates the reliance on trusted CSs, improves the system scalability, ensures better maintainability and upgradability of the system, and minimizes the adverse effects of these updates on the power grid operation.

    The scheme needs to achieve security under the following four kinds of adversaries:

    1) Type-I: Those who can't obtain the system master key and user's trapdoor, but can replace the public key of any user;

    2) Type-II: Those who can obtain the system master key, but cannot obtain the user's trapdoor, nor can they replace the user's public key;

    3) Type-III: Those who can't obtain the system master key, but can obtain the user's trapdoor and replace the public key of any user;

    4) Type-IV: Those who can obtain the system master key and user's trapdoor, but cannot replace the user's public key.

    Facing the four types of adversaries, our scheme can achieve the following security goals.

    1) Integrity and confidentiality of power data

    The smart grid transmits and stores the power data of numerous users. The leakage and illegal tampering of power data will not only bring economic losses, but also endanger the users' personal safety. Our scheme achieves the integrity and confidentiality of type-I and type-II adversary attacks in the transmission of power data through HSC technology.

    2) Unforgeability of user's signature

    The receivers and illegal users may forge the user's electricity data to obtain illegal benefits. To avoid this problem, our scheme adopts HSC technology, thus ensuring the unforgeability of power data.

    3) One-way security of trapdoor

    In the process of MET, plaintext messages related to ciphertexts cannot be obtained through trapdoors. In the test process, the proposed scheme guarantees the one-way security of the trapdoor against adversary Type-III and Type-IV.

    4) The credibility of the test result

    The MET phase can determine whether the plaintexts of ciphertexts are equal without unsigncryption. It is necessary to output a correct result during the test phase.

    The system model of the proposed scheme is shown in Figure 1. It consists of six entities: key generation center (KGC), private key generation center (PKG), CS, data owner (DO), DU and blockchain. The functions of each entity are described below.

    Figure 1.  System model.

    1) KGC: It generates the master key, the system parameter, and a partial private key for DUs in the CLC cryptosystem.

    2) PKG: It generates the master key and system parameters, and issues the private key to the DU in the IBC cryptosystem.

    3) DO: It is usually an intelligent terminal device, such as an advanced metering infrastructure (AMI), which is responsible for collecting the users' power data and uploading it to the CS after signcrypting.

    4) CS: It stores the power data ciphertexts uploaded by the DO.

    5) Blockchain: A consortium chain with smart contracts is deployed. It is responsible for downloading power consumption ciphertext data from CS, performing tests and returning the test results.

    6) DU: This represents the power companies. It uploads a trapdoor and requests a blockchain for MET, downloads and unsigncrypts ciphertexts of the power data.

    A) Setup

    Given the system safety parameter λ, KGC selects the large prime number q and the cyclic groups G1 and G2 of the order q. P is the generator.

    1) KGC defines a bilinear map e:G1×G1G2, calculates g=e(P,P), and chooses hash functions H1:{0,1}Zq, H2:{0,1}G1, H3:G1{0,1}lm+l0, H4:{0,1}{0,1}λ and H5:G2{0,1}lm+l0, in which lm represents the length of the plaintext and l0 represents the length of |Zq|.

    2) PKG randomly selects the master key s1Zq and calculates the public key Pub1=s1P.

    3) KGC randomly selects the master key s2Zq and calculates Pub2=s2P. The output params={λ,q,P,G1,G2,e,g,Pub1,Pub2,H1,H2,H3,H4,H5}.

    B) IBC-Gen

    Key-extract: The DO sends the identity IDs to PKG. The PKG calculates SKs=1H1(IDs)+s1P as private key and returns it safely to the DO.

    C) CLC-Gen

    1) PPK-Gen: The DU sends the identity IDr to the KGC. It calculates a partial private key Dr=s2H2(IDr) and returns to the DU safely.

    2) SV-Set: The DU randomly selects the secret value xrZq.

    3) Key-Gen: The DU calculates PKr=xrP and SKr=(Dr,xr).

    D) Trapdoor

    Input the user's private key SKr and output the trapdoor tdr=SKr1.

    E) Signcryption

    Given the system parameter params, the plaintext m, the identity of DU, IDr and public key PKr, the DO executes the following operations:

    1) Calculate f0=H1(m||n), f1=H1(m||n||f0), , fn1=H1(m||n||f0||||fn2), and let f(x)=f0+f1x++fn1xn1, in which n is the number of ciphertext that allows the MET;

    2) Randomly select r1,r2,XZq; and calculate U1=r1PKr, Qr=H2(IDr) and U2=e(Pub2,Qr)r2;

    3) Calculate C1=r1P, C2=r2P, C3=(m||r1)H3(U1)H5(U2), C4=(r1+H1(m))SKs, C5=(X||f(X))H3(U2) and C6=H4(n||C1||||C5||U2||f0||||fn1);

    4) Upload δ = (C1,C2,C3,C4,C5,C6,n) to CS.

    F) MET

    Data users send trapdoors tdi,i{1,2,,t} to the blockchain, which executes the following MET operations to t ciphertexts δi = (Ci,1,Ci,2,Ci,3,Ci,4,Ci,5,Ci,6,ni):

    1) Test whether n1=n2==nt=t is true; if yes, execute the following calculation. Otherwise, return the error symbol ;

    2) Calculate Ui,2=e(tdi,Ci,2) and Xi||f(Xi)=Ci,5H3(Ui2). Thus, we can obtain Eq (3):

    {f(X1)=f1,0+f1,1X1++f1,t1X1t1f(X2)=f2,0+f2,1X2++f2,t1X2t1 f(Xt)=ft,0+ft,1Xt++ft,t1Xtt1 (3)

    3) Let fi,k=fj,k, where i,j{1,2,,t} and k{0,1,,t1}. According to Cramer's rule and the properties of the Vandermonde matrix, we can obtain det(V)0, thus obtaining the unique solution fi,0,fi,1,,fi,t1.

    4) For each ciphertext δi, if Ci,6=H4(ni||Ci,1||||Ci,5||Ui,2||fi,0||||fi,t1) holds, meaning m1=m2==mt, then return with test result 1. Otherwise, return with result 0.

    G) Unsigncryption

    Given params and the identity IDs of the DO, the DU downloads cyphertext δ from CS and executes the following operations:

    1) Calculate U1=SKr2C1, U2=e(SKr1,C2) and m||r1=H3(U1)H5(U2)C3;

    2) Calculate t=H1(m) and test whether gr1=e(C4,H1(IDs)P+Pub1)gt1 is true. If yes, execute the following calculation. Otherwise, return ;

    3) Calculate f1=H1(m||n||f0), , fn1=H1(m||n||f0||||fn2);

    4) Calculate X||f(X)=C5H3(U2). Test whether f(X)=f0++fn1Xn1 and C6=H4(n||C1||||C5||U2||f0||||fn1) are true. If both are true, return m. Otherwise, return .

    After the DU uploads the trapdoor to the blockchain, the smart contract completes the MET operation according to the pre-defined rules, and Algorithms 1 and 2.

    Algorithm 1: Definition of data structure
    Input: Define method
    Output: Ciphertext_Tuple, DU_Tuple and Test_Tuple
    Structure Ciphertext_Tuple {% Used to store ciphertext
    Number int
    C1,C2,C3,C4,C5,C6 string}
    Structure DU_Tuple {% Used to store the identity and public key of DU
    ID string
    PK string}
    Structure Test_Tuple {% Used to store the information required in the MET phase
    ID string
    Trappdoor string
    Cipher Ciphertext_Tuple}

    By calculating m||r1=H3(U1)H5(U2)C3, the DU can get plaintext m, in which U1=SKr2C1 and U2=e(SKr1,C2). Equations (4) and (5) hold:

    U1=SKr2C1=SKr2r1P=r1PKr=U1 (4)
    U2=e(SKr1,C2)=e(s2H2(IDr),r2P)=e(Pub2,Qr)r2=U2 (5)

    Then, we get U1=U1 and U2=U2, and Eq (6) holds:

    m||r1=H3(U1)H5(U2)C3 =H3(U1)H5(U2)H3(U1)H5(U2)(m||r1) =m||r1 (6)

    To sum up, the correctness of the unsigncryption is established.

    Algorithm 2: MET
    Input: Identities, trapdoors and ciphertexts
    Output: Test result
    Query (Index string)    % It queries data by index value
    Return Q[key] or     % Q is a map value of the form (key, value)
    End Query
    Update (flag, id, message, counter)
    Retrieve the Test_Tuple x = Q [id || counter] of the user by (id, counter) from Q.
    IF flag = =1 THEN
      Set x.Trapdoor = message
    ELSE
      Convert the message to the Ciphertext_Tuple data
      Set x.Cipher = data
      Set n = data.Number
    END IF
    END Update
    Set M [id || counter] = x
    IF Each ciphertext corresponds to the same value of ni THEN
      Test (idiidj,tditdj):
      While i < n
        do Retrieve the Test_Tuple xi = Q [idi] of the DU i
        IF xi= THEN
          return null
        ELSE
          Parse xi.Cipher into δi = (Ci,1,Ci,2,Ci,3,Ci,4,Ci,5,Ci,6,ni)
          Computes Ui,2=e(tdi,Ci,2) and Xi||f(Xi)=Ci,5H3(Ui2)
        END IF
      END While
    ELSE
      return null
    END IF
    Computes the unique solution fi,0,fi,1,,fi,n1
    IF Ci,6=H4(ni||Ci,1||||Ci,5||Ui,2||fi,0||||fi,t1) is established for xi.Cipher
      return 1
    ELSE
      return 0
    END IF

    The DU can calculate t=H1(m), and further verify gr1=e(C4,H1(IDs)P+Pub1)gt1. Thus, we can obtain Eq (7):

    gr1=e(C4,H1(IDs)P+Pub1)gt1=e((r1+t)SKs,(H1(IDs)+s1)P)gt1=e((r1+t)1H1(IDs)+s1P,(H1(IDs)+s1)P)gt1=gr1 (7)

    To sum up, the signature verification correctness of our scheme is established.

    Given t ciphertexts δi = (Ci,1,Ci,2,Ci,3,Ci,4,Ci,5,Ci,6,ni), the blockchain verifies whether n1=n2==nt=t is established. If yes, execute the following operation. If not, return .

    1) Calculate Ui2=e(tdi,Ci,2) and Xi||f(Xi)=H3(Ui,2)Ci,5. Assume that the plaintexts are m1,m2,,mt.

    2) If m1=m2==mt, we can obtain fi,k=fj,k, where i,j{1,2,,t} and k{0,1,,t1}. Thus, we obtain Eq (8):

    V=[1X1X21Xt111X2X22Xt121XtX2tXt1t] (8)

    3) According to the randomness of Xi, the probability of det(V)0 is 11q(q1)(qt+1). There is a unique solution fi,0,fi,1,,fi,t1. For t ciphertexts δi, it can establish Ci,6=H4(ni||Ci,1|||Ci,5||Ui,2||fi,0||||fi,t1).

    4) If m1m2==mt, we can obtain f1,kfi,k=fj,k, in which i,j{2,3,,t} and k{0,1,,t1}. Obviously, the solution can't establish Eqs (9) and (10) at the same time.

    C1,6=H4(n1||C1,1||C1,2||C1,3||C1,4||C1,5||U1,2||fi,0||fi,1||||fi,t1) (9)
    C2,6=H4(n2||C2,1||C2,2||C2,3||C2,4||C2,5||U2,2||fi,0||fi,1||||fi,t1) (10)

    To sum up, the test algorithm is correct when the underlying plaintexts are either equal or not.

    When the MET transaction is released on the consortium blockchain platform, the smart contract will perform testing operations according to the predefined rules. Then, the test results are publicly recorded as contract state values in the consortium blockchain. As a result, everyone in the consortium chain can verify the test results. Based on this feature, the proposed scheme meets the credibility of the equivalent test results.

    In ROM, the proposed scheme satisfies the indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) under type-I and type-II.

    Theorem 1(IND-CCA2-1). In ROM, there is an adversary of type-I, A1. After trapdoor queries of at most qtd times, qsk times of private key queries, qsc times of signcryption queries and qusc times of unsigncryption queries, if A1 can win the following game in polynomial time with a non-negligible advantage ε1, then a challenger C can solve the BDHP with the probability ε1 shown in Eq (11):

    ε11q(1qtd2λ)(1qsk2λ)(11qsc+qsk+1)qsc+qsk(1qusc2λ)ε1 (11)

    Proof. C is the challenger to solve the BDHP problem. A1 is a type-I adversary. Given (P,aP,bP,cP), where a,b,cZq, with A1, C can calculate e(P,P)abc.

    Setup. C randomly selects aZq, calculates Pub2=aP, and returns params to A1.

    Phase 1. Initially, C maintains empty lists Li,(i=1,2,3,4,5) and records A1 queries of Hi,(i=1,2,3,4,5). A1 can make the following queries.

    1) H1 query: A1 submits IDri to inquire about the hashed value. C inquires whether there is an h1i in L1. If yes, return it to A1. Otherwise, C randomly selects h1iZq and returns to A1. Then, C inserts (IDri,h1i) into L1.

    2) H2 query: A1 submits IDri to inquire about the hashed value. C inquires whether there is an h2i in L2. If yes, return it to A1. Otherwise, C randomly selects h2iG1 and returns to A1. Then, C inserts (IDri,h2i) into L2.

    3) H3 query: A1 submits Ui,1 to inquire about the hashed value. C inquires whether there is an h3i in L3. If yes, return it to A1. Otherwise, C randomly selects h3i{0,1}lm+l0 and returns to A1, then inserts (Ui,1,h3i) into L3.

    4) H4 query: A1 submits ni||Ci,1||||Ci,5||Ui,2||fi,0||||fi,t1 to inquire about the hashed value. C inquires whether there is h4i in L4. If yes, return it to A1. Otherwise, C randomly selects h4i={0,1}λ, returns it to A1. C inserts (ni||Ci,1||||Ci,5||Ui,2||fi,0||||fi,t1,h4i) into L4.

    5) H5 query: A1 submits Ui,2 to inquire about the hashed value. C inquires whether there is an h5i in L5. If yes, return it to A1. Otherwise, C randomly selects h5i{0,1}lm+l0 and returns it to A1. C inserts (Ui,2,h5i) into L5.

    6) Partial private key query: A1 makes the query to identity IDri. C executes the PPK-Gen algorithm to calculate Dri and returns it to A1.

    7) Private key query: A1 makes the query to identity IDri. C executes the SV-set and Key-Gen algorithms to calculate SKri. Then, C returns it to A1.

    8) Public key query: A1 makes the query to identity IDri. C executes the Key-Gen algorithm to calculate PKri and returns it to A1.

    9) Replace public key query: A1 can select PKri to replace the pubic key PKri of IDri.

    10) Signcryption query: A1 selects the sender's identity IDsi, the plaintext mi and the receiver identity IDri. C executes the signcryption algorithm to calculate ciphertext δi and returns it to A1. Besides, if the public key PKri has been replaced by A1, A1 needs to provide C with the secret value.

    11) Unsigncryption query: A1 selects the sender's identity IDsi, the receiver's identity IDri and the ciphertext δi. C executes the unsigncryption algorithm to calculate the plaintext mi and returns it to A1.

    Challenge. A1 can decide when to stop phase 1 and enter this. A1 selects the sender's identity IDs, the receiver's identity IDr and two plaintext messages of equal length, m0 and m1. A1 has not made a private key query to IDr. C randomly selects ξ{0,1} and executes the following calculation.

    1) Calculate f0=H1(mξ||n), f1=H1(mξ||n||f0), , fn1=H1(mξ||n||f0||||fn2) and f(x)=f0+f1x++fn1xn1.

    2) Randomly select r1,b,c,XZq.

    3) Calculate U1=r1PKr, Qr=bP and U2=e(Pub2,Qr)c.

    4) Calculate C1=r1P, C2=cP, and C3=(mξ||r1)H3(U1)H5(U2).

    5) Calculate C4=(H1(mξ)+r1)SKs, C5=(X||f(X))H3(U2) and C6=H4(n||C1||||C5||U2||f0||||fn1).

    6) Return δ = (C1,C2,C3,C4,C5,C6,n) to A1.

    Phase 2. After receiving δ, A1 continues to make queries in phase 1. However, A1 can neither query the private key of IDr nor make the unsigncryption query about (δ,IDs,IDr).

    Guess. A1 outputs the guessed value ξ{0,1}. If ξ=ξ, then A1 wins the game. C will select (U2,H5(U2)) in L5 and take U2=e(Pub2,Qr)c=e(aP,bP)c=e(P,P)abc as the solution to BDHP. However, the problem is intractable in the polynomial time. Then, the proposed scheme meets the IND-CCA2 security requirements under type-I attacks.

    Theorem 2 (IND-CCA-2). In ROM, there is an adversary of type-II, A2. After the trapdoor queries of at most qtd times, qsk times of private key queries, qsc times of signcryption queries and qusc times of unsigncryption queries, if A2 can win the following game process in polynomial time with a non-negligible advantage ε2, then a challenger C can solve the CDHP problem with the probability ε2 shown in Eq (12):

    ε21q(1qtd2λ)(1qsk2λ)(11qsc+qsk+1)qsc+qsk(1qusc2λ)ε2 (12)

    Proof. C is the challenger to solve the CDHP problem. A2 is a type-II adversary. Given (P,aP,bP), in which a,bZq, with A2, then C can get abP.

    Setup. C executes the setup algorithm and returns the master key s2 and system parameter params to A2.

    Phase 1. A2 can execute other queries except replace the public key query in Theorem 1.

    Challenge. A2 can decide when to stop phase 1 and enter this. A2 selects the sender's identity IDs, the receiver's identity IDr, and two plaintexts of equal length, m0 and m1. A2 has not made the private key queries and replace public key queries about IDr. When A2 makes a public key query about IDr, then C randomly selects aZq, calculates PKr=aP and returns to A2. C randomly selects ξ{0,1} and executes the following calculation.

    1) Calculate f0=H1(mξ||n), f1=H1(mξ||nf0), , fn1=H1(mξ||nf0||||fn2) and let f(x)=f0+f1x++fn1xn1.

    2) Randomly select b,r2,XZq.

    3) Calculate U1=bPKr, Qr=H2(IDr) and U2=e(Pub2,Qr)r2.

    4) Calculate C1=bP, C2=r2P, C3=(mξ||r1)H3(U1)H5(U2), C4=(H1(mξ)+r1)SKs, C5=(X||f(X))H3(U2) and C6=H4(n||C1||||C5||U2||f0||||fn1).

    5) Return δ = (C1,C2,C3,C4,C5,C6,n) to A2.

    Phase 2. After receiving δ, A2 continues with the queries of phase 1; howwver, A2 can neither query about the private key of IDr nor make an unsigncryption query about (δ,IDs,IDr).

    Guess. A2 outputs the guessed value ξ{0,1}. If ξ=ξ, A2 wins the game. C will select (U1,H3(U1)) from L3 and take U1=bPKr=abP as the solution to the CDHP problem. However, the problem is intractable in the polynomial time; therefore, the proposed scheme satisfies IND-CCA2 security under type-II attacks.

    In ROM, the scheme in this paper satisfies the one way against an adaptive chosen ciphertext attacks (OW-CCA2) under type-III and type-IV.

    Theorem 3 (OW-CCA2-1). In ROM, there is an adversary of type-III, A3. After qsk times of private key queries, qsc times of signcryption queries and qusc times of unsigncryption queries, if A3 can win the relevant game in polynomial time with a non-negligible advantage ε3, then a challenger C can solve the BDHP with the probability ε3 shown in Eq (13):

    ε31q(1qsk2λ)(11qsc+qsk+1)qsc+qsk(1qusc2λ)ε3 (13)

    The proof process is similar to Theorem 1. We will not repeat it here.

    Theorem 4 (OW-CCA2-2). In ROM, there is an adversary of type-IV, A4. After qsk times of private key queries, qsc times of signcryption queries and qusc times of unsigncryption queries, if A4 can win the relevant game in polynomial time with a non-negligible advantage ε4, then a challenger C can solve the CDHP with the probability ε4 shown in Eq (14):

    ε41q(1qsk2λ)(11qsc+qsk+1)qsc+qsk(1qusc2λ)ε4 (14)

    The proof process is similar to Theorem 2, so we will not repeat it here.

    In ROM, the proposed scheme meets the requirements of the existential unforgerability against chosen message attack (EUF-CMA).

    Theorem 5 (EUF-CMA). In ROM, if there is an adversary F after qsk times of key queries, qsc times of signcryption queries and qusc times of unsigncryption queries, with non-negligible advantage ε5, it wins the following game process in polynomial time. Then, a challenger C can solve the q-SDHP problem with the probability ε5 shown in Eq (15):

    ε5(1qsk2λ)(11qsc+qsk+1)qsc+qskε5 (15)

    Proof. C is a challenger to solve the q-SDHP problem. F is an adversary. Given (P,aP,a2P,,aqP), in which a,qZq, with F, then C can calculate (k,1k+aP).

    Setup. C randomly selects k1,k2,,kq1,aZq. C calculates f(x)=q1i=1(x+ki)=q1i=1zixi, P=q1i=1zi(aiP)=f(a)PG1 and Pub1=qi=1zi1(aiP)=aP. Then, C returns identity IDs and params to F, and secretly saves a.

    Training. C maintains initially empty lists Lsk and Li(i=1,2,3,4,5) to record the results of the key and Hi,(i=1,2,3,4,5) queries made by F. The same query process as in theorem 1 will not be repeated here.

    1) H1 query: F submits IDsi to inquire the hashed value. If IDsi=IDs, C randomly selects kZq and k{k1,k2,,kq1}. C returns it to F, and inserts (IDs,k) into L1. If IDsiIDs, then C randomly selects ki{k1,k2,,kq1} and returns to F. Finally, C inserts (IDsi,ki) into L1.

    2) Key query: F makes the query about the identity IDsi. If IDsi=IDs, then C terminates the query and returns with . If not, C inquires L1 to obtain (IDsi,ki). C calculates SKi=1ki+aP and returns to F, then inserts (IDsi,ki,SKi) into Lsk.

    3) Signcryption query: F makes this query about (IDsi,mi,IDri). If IDsi=IDs, then C terminates the query and returns with . If not, C inquires Lsk to obtain (IDsi,ki,SKi), and executes the following steps.

    1) Calculate fi,0=H1(mi||n), , fi,n1=H1(mi||n||fi,0||||fi,n2), and let fi(x)=fi,0+fi,1x++fi,n1xn1.

    2) Randomly select ri,1,ri,2,XiZq.

    3) Calculate Ui,1=ri,1PKri, Qri=H2(IDri) and Ui,2=e(Pub2,Qri)ri,2.

    4) Calculate ti=H1(mi), Ci,1=ri,1P, Ci,2=ri,2P, Ci,3=(mi||ri,1)H3(Ui,1)H5(Ui,2), Ci,4=(ri,1+ti)SKi, Ci,5=(Xi||f(Xi))H3(Ui,2) and Ci,6=H4(n||Ci,1||||Ci,5||Ui,2||fi,0||||fi,n1).

    5) Return δi = (Ci,1,Ci,2,Ci,3,Ci,4,Ci,5,Ci,6,n) to F.

    Forgery. According to the forking lemma [26], F can forge signatures (IDs,mi,t,C4) and (IDs,mi,t,C4) in which tt.

    1) C calculate C4C4=(r1+t)SKs(r1+t)SKs, get 1a+ksP=h(C4C4), in which h=r1+tr1t.

    2) C calculate f(a)a+ksP=h1(C4C4).

    3) C calculate f(x)=g(x)(x+ks)+g1, in which g(x)=q2i=0zixi, g1Zq.

    Through the above calculations, we can obtain Eqs (16) and (17):

    f(x)x+ks=q2i=0zixi+g1x+ks (16)
    1a+ksP=(C4C4hq2i=0zi(aiP))+g11 (17)

    That is, C can output (ks,1a+ksP) as a solution of the q-SDHP problem. However, the problem is intractable in the polynomial time. The proposed scheme meets the EUF-CMA security.

    We compared our scheme with the schemes in references [26,27,29] in terms of function and security, and the results are shown in Table 1.

    Table 1.  Comparison of function.
    Scheme ET MET HSC Credibility Confidentiality One way security Unforgeability
    [26] × × IND-CCA2 OW-CCA2 EUF-CMF
    [27] × × IND-CCA2 OW-CCA EUF-CMF
    [29] × × × IND-CCA OW-CCA ×
    Ours IND-CCA2 OW-CCA2 EUF-CMF

     | Show Table
    DownLoad: CSV

    Compared with scheme in [29], by introducing HSC, our scheme realizes the heterogeneous communication from IBC to CLC. Our scheme achieves the higher securities of IND-CCA2, OW-CCA2, and EUF-CMF. The schemes in references [26,27,29] introduced ET technology; however, their test method is to group ciphertexts in pairs and then test one by one, thereby resulting in a high computational overhead. In our scheme, MET technology is introduced, which enables a tester to test n ciphertexts at the same time, reduces the computational cost of testers, improves the retrieval efficiency, and is thus more suitable for multi-user scenarios. In addition, compared with the scheme in reference [26], the scheme in this paper adopts a CLC and avoids certificate management problems in this way. Compared with the scheme in reference [27], the proposed scheme achieves a higher IND-CCA2 and OW-CCA2 security.

    To evaluate the computing performance, we use the operating system equipped with i7-7500u, 3.5GHz processor, 8G memory, and Windows 10 for a simulation with PBC library in VC6.0 environment. The average value of 50 simulations is taken as the result. The representative symbols and descriptions are shown in Table 2.

    Table 2.  Symbol and description.
    Symbol Meaning Time(ms)
    n Number of plaintexts/ciphertexts
    Th Time of an ordinary hash operation 0.0001
    Tm Time of a Map-to-Point hash operation 0.1521
    Ta Time of a scalar multiplication operation 1.3667
    Te Time of an exponential operation 4.2511
    Tp Time of a bilinear pairing operation 9.4326

     | Show Table
    DownLoad: CSV

    We compared the computational overhead of our scheme with the schemes in [26,27] at the signcryption, unsigncryption and test phases. The results are shown in Table 3. At each phase, with the increase of the number of plaintexts/ciphertexts, the computational overhead is shown in Figures 2, 3, and 4, respectively.

    Table 3.  Comparison of computational cost.
    Scheme Signcryption Unsigncryption Test
    [26] 3nTh+2nTa+nTe+3nTp=35.2826n 4nTh+2nTa+nTe+3nTp=35.2827n n(n1)(Th+Ta+Te+Tp)=15.0505(n2n)
    [27] 3nTh+nTm+5nTa+2nTe+2nTp=34.3533n 3nTh+nTm+5nTa+2nTp=25.8511n n(n1)(Th+Ta+2Tp)=20.2320(n2n)
    Ours n(n+4)Th+nTm+4nTa+nTe+nTp=0.0001n2+19.3030n n(n+5)Th+2nTa+3nTe+2nTp=0.0001n2+34.3524n 2nTh+nTp=9.4328n

     | Show Table
    DownLoad: CSV
    Figure 2.  Computational overhead at signcryption phase.
    Figure 3.  Computational overhead at unsigncryption phase.
    Figure 4.  Computational overhead at test phase.

    It can be seen from Table 3 and Figures 2, 3 and 4 that compared with the schemes in [26,27], our scheme reduces the bilinear pairing operation with a large computational overhead in signcryption phase. Although it involves more hash computation, the time cost of the hash is very small. Therefore, the computational overhead of our scheme in the signcryption phase is lower than schemes in [26,27]. In the unsigncryption phase, the computational overhead of our scheme is lower than that of the scheme in [26]. Compared with the scheme in reference [27], the computational overhead is large; however, in the previous subsection, we have proved that our scheme has a higher security than that in reference [27]. In the ET phase, the schemes in references [26,27] only support grouping ciphertexts in pairs and then performing the ET. With the increase of ciphertexts, the computational cost dramatically increases. In our scheme, a tester can test multiple ciphertexts equivalently at the same time, which greatly reduces the overhead.

    In the real world, the adoption of this solution may face the following challenges and obstacles.

    Technical compatibility: Smart grid solutions typically involve multiple technologies. Ensuring the compatibility between different technologies and integration with existing devices may pose certain challenges, thus requiring specific planning and testing.

    Investment cost: Implementing this solution in a smart grid requires significant investment, thus necessitating thorough economic evaluation and planning.

    Relevant policies and regulations: Smart grids involve aspects such as data privacy and market transactions, among others. It is necessary to align with relevant policies and regulations. System design, operation, and data usage need to be compliant to ensure adherence to legal requirements.

    This paper proposed an HSC scheme for the smart grid with a trusted MET. The adoption of an HSC realizes the secure communication from IBC to CLC, avoids the limitation of a single cryptosystem scheme, and ensures the confidentiality, integrity and authentication of user power data in the smart grid. The introduction of MET technology enables testers to retrieve multiple ciphertexts safely and efficiently at the same time, thereby greatly reducing the computational overhead. The use of blockchains and smart contracts ensures the credibility of test results and eliminates the dependence of equivalent test operations on trusted CSs. We compared the proposed scheme with some similar schemes. The results show that the scheme in this paper has higher security attributes, additional functional features, and a lower computational overhead. However, its security is proven under the ROM. In future works, we will aim to design a scheme in the standard model, and further optimize the algorithm, protocol and architecture design to improve the scalability of the system.

    The authors declare they have not used Artificial Intelligence (AI) tools in the creation of this article.

    This work was supported in part by the National Natural Science Foundation of China (nos. 62362059, 62172337), the Industrial Support Plan Project of Gansu Provincial Education Department (no. 2023CYZC-09) and the Key Research and Development Program of Gansu Province (no. 23YFGA0081).

    The authors declare there is no conflict of interest.



    [1] J. Zhang, P. Dai, T. Wu, H. Yu, B. Lin, B. Qi, Architecture design and demand analysis of new generation technical standard system for smart grid, Autom. Electr. Power Syst., 44 (2020), 12–20.
    [2] O. M. Butt, M. Zulqarnain, T. M. Butt, Recent advancement in smart grid technology: Future prospects in the electrical power network, Ain Shams Eng. J., 12 (2021), 687–695. https://doi.org/10.1016/j.asej.2020.05.004 doi: 10.1016/j.asej.2020.05.004
    [3] S. K. Rathor, D. Saxena, Energy management system for smart grid: an overview and key issues, Int. J. Energy Res., 44 (2020), 4067–4109. https://doi.org/10.1002/er.4883 doi: 10.1002/er.4883
    [4] C. Ren, P. Li, Y. Bai, B. Xu, A resource allocation method of smart grid based on heterogeneous network, Inf. Technol., 12 (2021), 89–94. https://doi.org/10.13274/j.cnki.hdzj.2021.12.016 doi: 10.13274/j.cnki.hdzj.2021.12.016
    [5] T. Dillon, C. Wu, E. Chang, Cloud computing: issues and challenges, in 2010 24th IEEE International Conference on Advanced Information Networking and Applications, (2010), 27–33. https://doi.org/10.1109/AINA.2010.187
    [6] D. Boneh, G. D. Crescenzo, R. Ostrovsky, G. Persiano, Public key encryption with keyword search, in International Conference on the Theory and Applications of Cryptographic Techniques, (2004), 506–522. https://doi.org/10.1007/978-3-540-24676-3_30
    [7] G. Yang, C. H. Tan, Q. Huang, D. S. Wong, Probabilistic public key encryption with equality test, in Cryptographers' Track at the RSA Conference, (2010), 119–131. https://doi.org/10.1007/978-3-642-11925-5_9
    [8] H. T. Lee, S. Ling, J. H. Seo, H. Wang, T. Youn, Public key encryption with equality test in the standard model, Inf. Sci., 516 (2020), 89–108. https://doi.org/10.1016/j.ins.2019.12.023 doi: 10.1016/j.ins.2019.12.023
    [9] G. G. Deverajan, V. Muthukumaran, C. Hsu, M. Karuppiah, Y. Chung, Y. Chen, Public key encryption with equality test for industrial internet of things system in cloud computing, Trans. Emerging Telecommun. Technol., 33 (2022), 4202. https://doi.org/10.1002/ett.4202 doi: 10.1002/ett.4202
    [10] H. Zhu, L. Wang, H. Ahmad, D. Xie, Pairing-free for public key encryption with equality test scheme, IEEE Access, 9 (2021), 77239–77249. https://doi.org/10.1109/ACCESS.2021.3081709 doi: 10.1109/ACCESS.2021.3081709
    [11] W. Susilo, F. Guo, Z. Zhao, G. Wu, PKE-MET: Public-key encryption with multi-ciphertext equality test in cloud computing, IEEE Trans. Cloud Comput., 10 (2022), 1476–1488. https://doi.org/10.1109/TCC.2020.2990201 doi: 10.1109/TCC.2020.2990201
    [12] Y. Zheng, Digital signcryption or how to achieve cost (signature & encryption) ≪ cost(signature) + cost (encryption), in Annual International Cryptology Conference, 1924 (1997), 165–179. https://doi.org/10.1007/BFb0052234
    [13] H. Xiong, Y. Hou, X. Huang, Y. Zhao, Secure message classification services through identity-based signcryption with equality test towards the internet of vehicles, Veh. Commun., 26 (2020), 100264. https://doi.org/10.1016/j.vehcom.2020.100264 doi: 10.1016/j.vehcom.2020.100264
    [14] Y. Zhang, Q. Bai, Y. Ma, C. Yan, C. Wang, Certificateless signcryption with equality test, J. Electron. Inf. Technol., 43 (2021), 2534–2541.
    [15] X. Yang, H. Zhou, Z. Wang, S. Yuan, C. Wang, Blockchain-based certificateless signcryption scheme with equality test for wireless body area network, Acta Electron. Sin., 51 (2023), 922–932.
    [16] H. Xiong, Y. Zhao, Y. Hou, X. Huang, C. Jin, L. Wang, et al., Heterogeneous signcryption with equality test for IoT environment, IEEE Int. Things J., 8 (2021), 16142–16152. https://doi.org/10.1109/JIOT.2020.3008955 doi: 10.1109/JIOT.2020.3008955
    [17] X. G. Shan, J. Zhuang, A game-theoretic approach to modeling attacks and defenses of smart grids at three levels, Reliab. Eng. Syst. Saf., 195 (2020), 106683. https://doi.org/10.1016/j.ress.2019.106683
    [18] Q. Tang, Towards public key encryption scheme supporting equality test with fine-grained authorization, in Australasian Conference on Information Security and Privacy, 6812 (2011), 389–406. https://doi.org/10.1007/978-3-642-22497-3_25
    [19] Q. Tang, Public key encryption schemes supporting equality test with authorisation of different granularity, Int. J. Appl. Cryptogr., 2 (2012), 304–321. https://doi.org/10.1504/IJACT.2012.048079 doi: 10.1504/IJACT.2012.048079
    [20] Q. Tang, Public key encryption supporting plaintext equality test and user-specified authorization, Secur. Commun. Networks, 5 (2012), 1351–1362. https://doi.org/10.1002/sec.418 doi: 10.1002/sec.418
    [21] N. Li, Efficient equality test on identity-based ciphertexts supporting flexible authorization, Entropy, 25 (2023), 362. https://doi.org/10.3390/e25020362 doi: 10.3390/e25020362
    [22] P. S. Roy, D. H. Duong, W. Susilo, A. Sipasseuth, K. Fukushima, S. Kiyomoto, Lattice-based public-key encryption with equality test supporting flexible authorization in standard model, Theor. Comput. Sci., 929 (2022), 124–139. https://doi.org/10.1016/j.tcs.2022.06.034 doi: 10.1016/j.tcs.2022.06.034
    [23] X. Lin, L. Sun, H. Qu, X. Zhang, Public key encryption supporting equality test and flexible authorization without bilinear pairings, Comput. Commun., 170 (2021), 190–199. https://doi.org/10.1016/j.comcom.2021.02.006 doi: 10.1016/j.comcom.2021.02.006
    [24] S. Ma, Identity-based encryption with outsourced equality test in cloud computing, Inf. Sci., 328 (2016), 389–402. https://doi.org/10.1016/j.ins.2015.08.053 doi: 10.1016/j.ins.2015.08.053
    [25] H. Qu, Z. Yan, X. Lin, Q. Zhang, L. Sun, Certificateless public key encryption with equality test, Inf. Sci., 462 (2018), 76–92. https://doi.org/10.1016/j.ins.2018.06.025 doi: 10.1016/j.ins.2018.06.025
    [26] H. Xiong, Y. Hou, X. Huang, Y. Zhao, C. Chen, Heterogeneous signcryption scheme from IBC to PKI with equality test for WBANs, IEEE Syst. J., 16 (2022), 2391–2400. https://doi.org/10.1109/JSYST.2020.3048972 doi: 10.1109/JSYST.2020.3048972
    [27] Y. Hou, X. Huang, Y. Chen, S. Kumar, H. Xiong, Heterogeneous signcryption scheme supporting equality test from PKI to CLC toward IoT, Trans. Emerging Telecommun. Technol., 32 (2021), 4190. https://doi.org/10.1002/ett.4190 doi: 10.1002/ett.4190
    [28] Y. Zhao, Y. Hou, Y. Chen, S. Kumar, F. Deng, An efficient certificateless public key encryption with equality test toward internet of vehicles, Trans. Emerging Telecommun. Technol., 33 (2022), 3812. https://doi.org/10.1002/ett.3812 doi: 10.1002/ett.3812
    [29] X. Yang, H. Zhou, N. Ren, S. Yuan, C. Wang, An aggregated signcryption scheme for wireless body area networks supporting multi-ciphertext equivalence tests, J. Comput. Res. Dev., 2 (2023), 341–350. https://doi.org/10.7544/issn1000-1239.202110775 doi: 10.7544/issn1000-1239.202110775
    [30] J. Kim, K. H. Lee, J. Kim, Linking blockchain technology and digital advertising: How blockchain technology can enhance digital advertising to be more effective, efficient, and trustworthy, J. Bus. Res., 160 (2023), 113819. https://doi.org/10.1016/j.jbusres.2023.113819
  • This article has been cited by:

    1. Gurjot Kaur, Neha Sharma, Sonal Malhotra, Swati Devliyal, Rupesh Gupta, 2024, Pigpen Cipher 9-Grid Characters Classification Using Enhanced CNN Deep Learning Architecture, 979-8-3503-8269-3, 1, 10.1109/ICITEICS61368.2024.10625036
  • Reader Comments
  • © 2023 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

Metrics

Article views(1285) PDF downloads(38) Cited by(1)

Figures and Tables

Figures(4)  /  Tables(3)

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return

Catalog