Cost-Effective Signcryption for Securing IoT: A Novel Signcryption Algorithm Based on Hyperelliptic Curves

Abstract

Security and efficiency remain a serious concern for Internet of Things (IoT) environments due to the resource-constrained nature and wireless communication. Traditional schemes are based on the main mathematical operations, including pairing, pairing-based scalar multiplication, bilinear pairing, exponential operations, elliptic curve scalar multiplication, and point multiplication operations. These traditional operands are cost-intensive and require high computing power and bandwidth overload, thus affecting efficiency. Due to the cost-intensive nature and high resource requirements, traditional approaches are not feasible and are unsuitable for resource-limited IoT devices. Furthermore, the lack of essential security attributes in traditional schemes, such as unforgeability, public verifiability, non-repudiation, forward secrecy, and resistance to denial-of-service attacks, puts data security at high risk. To overcome these challenges, we have introduced a novel signcryption algorithm based on hyperelliptic curve divisor multiplication, which is much faster than other traditional mathematical operations. Hence, the proposed methodology is based on a hyperelliptic curve, due to which it has enhanced security with smaller key sizes that reduce computational complexity by 38.16% and communication complexity by 62.5%, providing a well-balanced solution by utilizing few resources while meeting the security and efficiency requirements of resource-constrained devices. The proposed strategy also involves formal security validation, which provides confidence for the proposed methodology in practical implementations.

1. Introduction

The Internet of Things (IoT) is a cutting-edge technology that enables communication between real-world entities through the Internet. The primary goal of IoT technology is to enable data exchange association among the surroundings and Internet-enabled devices. The IoT architecture framework permits interactions among smart systems and physical infrastructure. The IoT framework consists of a sensing layer, network layer, and application layer [1], as shown in Figure 1.

1.1. Physical Layer

The physical/perception layer contains sensors or actuators, which are resource constraints as they have limited processing and computational power [2]. These sensors sense the physical information (physical parameters, e.g., temperature, blood pressure, humidity, etc.) by using different technologies, e.g., NFC, RFID, etc. Due to resource limitations such as device and bandwidth constraints, several security threats arise as discussed: Denial-of-service (DoS) attack—This can potentially block the functionality of the system and make the network paradigm inaccessible to authorized users. Attack results can be achieved by sending spam or false flood messages, resulting in system crash or network overload and preventing accessibility to system services [3]. Node capture—This attack aims to compromise the IoT nodes; an adversary can easily control the network-connected nodes. Control over these nodes not only gives access to the cryptographic keys but also the protocol limitations, resulting in compromising the security of the whole network [4]. Replay attack—This is an attack in which valid data are intercepted and transmitted by the adversary several times without having authorization. This attack is performed against authentication protocols to steal sensitive data, and later, these data are re-transmitted to the victim [5]. DoSL attack—IoT networks comprise sensor nodes, which operate under certain conditions and time intervals to collect information. Due to power limitations, these nodes go to sleep to save battery life after sending the collected data. The purpose of a DoSL attack is to intensely stop the nodes from entering hibernation mode, with the aim of more power consumption and battery drainage [6]. Side-channel attack—The attack exploits physical system implementations and aims to gather information pertaining to hardware, power consumption, and the interference generated by the devices [7].

1.2. Network Layer

The primary function of the network layer is to permit data exchange between the physical layer and the application layer. The network layer gathers data from the application layer and processes gathered data gathered to the application layer. Data are exchanged using several communication or network gateway technologies, such as LTE, Wi-Fi, Bluetooth, etc. Data management is also performed by this layer with the provision of middleware technology [8]. The network layer is vulnerable to attacks; several potential threats have been identified, and a few of them are categorized as follows: Routing attack—In this attack, malicious nodes disrupt the routing path by misdirecting or discarding packet forwarding by filtering any protocol information [9], e.g., a black hole attack [10,11]. Grey hole attack—This attack utilizes the weaknesses in network topological information exchange, and by using this topological knowledge, the attackers disconnect the victim from target nodes of the current network and terminate the communication services [12], e.g., wormhole [13] and hello flood [14]. Also, there are types of routing attacks [15]. Passive attack—A type of attack in which the intruder accesses the communication link and listens to the private communication channel, e.g., eavesdropping [16]. Man-in-the-middle attack—This attack takes place when the external attacker breaches communication between two trusted entities and steals critical data [17].

1.3. Application Layer

In the IoT architecture, the application layer is positioned at the top and serves as a means to provide services to users through specialized applications. This layer holds significant importance as it facilitates the development of diverse applications utilized across various industrial and educational sectors e.g., smart cities, industry automation, agriculture, health care, and big data processing, which increases its significance [18]. The IoT framework does not adhere to any international standards; due to this, the application layer can suffer from several attacks [19]. In this layer, the attacker targets the running IoT system software, i.e., remote health monitoring software etc and gains access to the sensitive data by exploiting the software [20]. Potential attacks include cookie hijacking, spyware, scareware, botnets, Trojan horse, file infection, etc. [21].

The IoT environment faces numerous challenges in terms of security and efficiency due to limited CPU and storage resources. As a result, establishing reliable and secure communication channels becomes a major challenge for the IoT [22]. To deal with these issues, public-key cryptosystems play an important role in the IoT architecture by providing effective and secure communication by enhancing confidentiality, integrity, and authentication of transmitted data between the IoT devices.

2. Motivation and Methodology

The increasing popularity and involvement of IoT innovations in advanced technology has made them prominent in every aspect of life. However, this innovative technology faces several issues, including efficiency shortcomings and data protection. To address such challenges, the main contribution of our work is to design a lightweight and secure cryptosystem for IoT devices with limited resources.

•

Achieving efficiency and high security for resource-limited devices is a challenging task. To accomplish both of these objectives simultaneously, we use a hyperelliptic curve (HEC), which has exceptional dominance in cryptosystems due to its small key size and high security.

•

The proposed algorithm is based on hyperelliptic curve parameters. HEC computational operations are significantly faster than EC operations. This method attains reduced computational cost and increased efficiency, while its smaller key size reduces communication overload.

•

We complete a performance evaluation in terms of computational cost and bandwidth overload in comparison to existing techniques and to verify the efficiency of the proposed algorithm. The evaluation results provide evidence that the proposed solution is appropriate and well-suited for resource-constrained environment.

•

We validate and verify essential security properties using formal and informal methodologies, ensuring essential security attributes and the achieving of the desired security of the proposed algorithm required for the IoT framework.

The rest of the manuscript is organized into the following sections. Related Work: This section describes recent efforts and work that provide the basis of our study. Proposed Methodology: This section outlines the design of an efficient and provable cryptosystem for Internet of Things devices based on hyperelliptic curve cryptography suitable for resource-limited devices. We provide a comprehensive analysis and proof of the designed algorithm along with the essential security properties of the proposed cryptosystem. Results Analysis: We perform an efficiency comparison of the proposed algorithm with existing schemes in terms of communication and computational cost; we also provide a formal analysis for validation and verification of the proposed cryptosystem.

3. Related Work

With IoT-based architectures, two primary concerns are authenticity and data security due to the open nature of the Internet. Digital signatures are implemented to ensure the integrity [23], while encryption is used to secure the data during digital communication [24]. However, the resource-intensive architecture of the Internet of Things makes it difficult to execute both of these processes independently. In I997, Zheng developed an algorithm that performs the functionalities of both encryption and signatures together in a single process and termed it as signcryption [25]. The revolutionary algorithm saves up to 50% computational cost and 85% bandwidth cost in comparison to previously proposed sign-then-encrypt or encrypt-then-sign techniques [26]. The working of the algorithm is based on the idea of a public-key cryptosystem (PKC) [27]. Conventional public key infrastructure (PKI) relies on a trusted third party, the certificate authority (CA), which is responsible for managing and distributing users’ public keys and certificates. PKI has gained acceptance in IoT e-commerce applications as it requires a reliable certificate authority (CA) to issue certificates for public keys and the corresponding identity of the key holder, thus ensuring the validity of this relationship through the CA’s digital signature [28]. PKI-based cryptosystems are not suitable for resource-limited IoT devices as they lead to high storage and computational costs required for the management and storage of certificates, and also, they need extra computational time to verify public keys before use [29]. To reduce these difficulties, identity-based cryptosystems (IBCs) have been introduced. In an identity-based system, individuals are allowed to generate a public key based on their known identity, which can be a string. A third party, known as the private key generator (PKG), is responsible for generating the corresponding private key. The PKG publishes the master public key while retaining the master private key [30]. In an identity-based cryptography (IBC) system, the trusted private key generator (PKG) generates the corresponding private key using the system’s master secret key, which eliminates the need for users to verify the validity of public keys (which are meaningful strings) and store user certificates [31].

Generally, security schemes are evaluated on the basis of computationally hard problems like Revest–Shamir–Edelman (RSA), bilinear pairings (BPs), Diffie–Hellman (DH), and elliptic curve cryptography (ECC) [32]. The RSA cryptosystem uses 1024-bit keys due to its significant map-to-point computation and operational features. A BP is considered approximately 14.31% less efficient than RSA [33]. ECC was created to overcome the drawbacks of RSA and BP by reducing the key sizes; it requires 160-bit short keys for security efficiency and hardness [34]. These comparisons demonstrate how ECC outperforms in comparison to other cryptographic techniques in terms of both security and performance [35]. A novel type of cryptosystem called hyperelliptic curve cryptography (HECC) is introduced, which can be an extension or generalized of ECC. HECC offers a security level comparable to that of BP, RSA, DH, and ECC but with shorter key lengths: approximately 80 bits in size [36].

The key objective of cryptographic protocols is to provide security while ensuring the confidentiality and authenticity of data. Due to the distributed and resource-limited nature of IoT architecture, various types of cryptosystems have been implemented according to specific usage and computing requirements [37]. PKC and IBC are considered more appropriate solutions that are used for providing secure communications for IoT frameworks [38]. Several researchers have provided diverse techniques and solutions, each based on their research. By integrating several methodologies, these suggestions provide considerable advantages for the design and implementation of secure and efficient cryptosystems for IoT frameworks. Authors have presented a signcryption scheme based on elliptic curve cryptography that combines ECDSA and PSCE-1 and offers public verifiability and resistance against adaptively chosen cipher-text attacks. It achieves communication cost savings of at least 1.25 times, improves computation times compared to ECDSA-then-PSCE-1, and utilizes a uniform elliptic curve cryptosystem platform, eliminating the need for multiple cryptosystem components. The scheme is secure and efficient and can be implemented in software and hardware at a low price. Additionally, the article introduces a broadcast scheme for multiple recipients and a threshold scheme with distributed key generation for multiple senders [39]. Libert, B., et al. proposed a new identity-based signcryption approach that uses pairings over elliptic curves. The system combines signature and encryption features and has been shown to be secure in the random oracle model. The suggested approach is compared to existing methods in terms of security and efficiency, and a proof of semantic security is provided using the decisional bilinear Diffie–Hellman assumption; the scheme proves advantageous in terms of security and efficiency [40]. Significant security concerns in IoT applications have been identified by researchers [41]. Several cryptographic solutions have been developed to address these challenges maintaining the privacy and security of data transmitted by resource-constrained devices [42,43]. Various signcryption approaches have been employed to tackle security concerns within the IoT architecture framework which are concentrated on the key issues associated with different cryptographic algorithms. Considering major cryptographic features such as security strength, power consumption, and memory optimization [44]. To address limitations of resources in IoT technologies, lightweight cryptographic (LWC) approaches have been suggested [45]. The authors present a certificateless hybrid signcryption system based on bilinear computation, which they recognized to be computationally lightweight and secure in terms of computational utilization [46]. The authors pointed out the drawbacks of previous techniques and proposed a hybrid signcryption scheme for the IoT to overcome these challenges [47]. To reduce computing costs and transmission overhead, some authors have suggested an EPFIBSC method based on elliptic curve cryptography; they compared its performance and security accomplishments to those of other proposed schemes [48]. Zhang et al. developed the CGSC scheme, which was designed specifically for resource-constrained devices; it provides an efficient solution without requiring bilinear operations and overcomes the limitations of existing techniques [49]. Zhou et al. developed the CP-EHSC IoT approach for heterogeneous systems based on elliptic curve cryptography, performed a cryptanalysis, and claimed it had higher security and efficiency achievement in comparison to existing solutions [50]. However, the methodology they used required large computational costs and communication overhead, and it also lacks primary security essentials required for secure transmission of data in the IoT architecture framework. The aforementioned comparative research shows that the majority of existing methods are not suitable for the IoT framework due to their high computational and bandwidth requirements also lacks of essential security features makes these cryptographic vulnerable to several threats. Considering the security and efficiency requirements in a heterogeneous IoT environment, we have proposed a novel signcryption method designed for resource-constrained IoT environments. Our technique optimizes efficiency and provides protection against numerous attacks.

3.1. Preliminaries of Elliptic Curve Cryptography

An elliptic curve is an algebraic curve as shown in Figure 2, and it can be mathematically expressed by Equation [51]:

$$C:y^2=x^3+ax+b$$

(1)

In Equation (1), parameters a and b are constants that define the shape and characteristic of the curve, and x and y are variables that represents the coordinates of the curve that satisfy the equation. Suppose $F_p$C to be a prime function field defined over curve C and that can be expressed as C$\left(F_p\right)\{(x,y)$ ∈ $F\left(p\right)$, where $p=(x,y)$∪$(\infty )$}, where ∞ being the point at infinity on the elliptic curve [52].

Elliptic curve (EC) theory is the most recent and advanced technique used for modern cryptography: known as elliptic curve cryptography (ECC). ECC is commonly used to enhance the security of open communication networks and significantly improves security and efficiency. ECC is an improved version of public-key cryptography (PKC) that offers more security than other types of data encryption techniques currently used [53]. ECs’ mathematical structure and algebraic operations make these curves most suitable for use in cryptography. ECC can be used to encrypt and decode data [54], generate and exchange keys, and to create digital signatures [55,56].

Figure 2. Elliptic curve.

Figure 2. Elliptic curve.

3.2. Hyperelliptic Curve

A hyperelliptic curve (HEC) is the generalized form of an elliptical curve (EC), as illustrated in Figure 3. According to [57], hyperelliptic curve C of genus G is an imaginary quadratic model and can be mathematically expressed:

$$C:y^2=f\left(x\right)wheref\left(x\right)\in F_p\left(x\right)anddegf=2y+1$$

(2)

Suppose $F_p$C is a function field defined over C and that can be expressed as $C\left(F_p\right)$$=\{(u,v\in F_p.\left(V^2\right)=f_u\cup (\infty )\}$, where ∞ is the point at infinity on the hyperelliptic curve.

Figure 3. Hyperelliptic curve.

Figure 3. Hyperelliptic curve.

The hyperelliptic curve is a type of algebraic curve that is considered to be a generalized variant of the elliptic curve. An EC is a curve with a genus (G) value of 1, while an HEC has a genus value greater than 1. Curves with a genus value of 1 in the finite field F require 160-bit-long operands $\mathrm{\Theta }$ for group order (g). Hence, mathematical operations within the finite field require at least g log $2^{\left(\mathrm{\Theta }\right)}$ = $2^{160}$, while curves with a genus value of 2 or greater require only 80-bit-long operands. The characteristic of HEC with respect to RSA, EC, and bilinear pairing is that HEC provides the same security level with a smaller parameter size [58].

3.3. Elliptic Curve Discrete Logarithm Problem (HECDLP)

The security of ECC relies on the existence of a trapdoor or one-way function, enabling efficient calculations in one direction while rendering it computationally impractical to determine the solution in the opposite direction. This involves determining the solution for random elliptic curve elements corresponding to publicly known base points. The challenge of solving this problem is referred to as the elliptic curve discrete logarithm problem (ECDLP) [59].

Suppose there is a divisor D having order of q which belongs from the Jacobian Group $(F_q$) mathematically equation can be expressed as: $D_1$ = $L_1$ · D where $L_1$ ∈ $F_q$ therefore finding integer $L_1$ is called hyperelleptic Curve Discrete Logrithm problem [60].

HECC is an extension of elliptic curve cryptography (ECC) that operates on hyperelliptic curves, which are defined by Equation (2) to have the form $C:y^2=f\left(x\right)$, where $f\left(x\right)$ is a polynomial of higher degree compared to the cubic equation used in ECC. Like in ECC, the discrete logarithm problem (DLP) plays a fundamental role in the security of hyperelliptic curve cryptography (HECC).

HECC gains dominance in cryptosystems due to its minor key size, low computational cost, bandwidth savings, high speed, and decreased power consumption. Furthermore, its light weight makes it salutary for wireless sensor networks, web servers, e-commerce, IoT, and cryptocurrency. All these competencies make it possible to implement it in hardware as well as in software. Considering these advantages, HECC is a convenient choice for IoT devices to achieve efficiency and high security with fewer resources and limited computation.

4. Proposed Methodology

This section covers the system initialization phase for the proposed methodology.

4.1. System Setup Phase

The proposed cryptosystem is PKI-based, and the functionality of the algorithm is based on a key generation center (KGC). The algorithm’s characteristics depend on the initialization of the system in a few steps. The KGC maintains the list of public attributes. The proposed scheme comprises the following three phases: key generation phase (Section 4.2), signcryption phase (Section 4.3), and unsigncryption phase (Section 4.4).

Table 1. Basic notations for proposed algorithm.

D	Divisor on Generalized Hyperelliptic Curve
$C_p$	Private Key of IoT Node
$C_s$	Public Key of IoT Node
$D_s$	Control Center Public Key
$D_p$	Control Center Private Key
$\hslash ,{\hslash }_1,{\hslash }_2$	Hash Functions
C	Cipher Text
$B_a$	Fresh Nonce
M′	Encrypted Message
$K_1$,$K_2$	Secret Keys

depicts the basic notations used in the proposed algorithm. Similarly, Figure 4 highlights the importance of the notations used in the proposed algorithm and provides sufficient reasoning for each part of the proposed system. It also demonstrates how these parameters are utilized in each step of the proposed methodology.

4.2. Key Generation

The private-key generator (PKG) generates the private key $D_p$ from {1, ..., $q-1$}, where $q=2^{80}$, and public key $D_s$ = $D_p$ · D. Likewise, private keys can be calculated as $C_s$ = $C_p$ · D using HEC for the IoT devices in the proposed system architecture. On the basis of the chosen private keys, public keys are derived from a point on the hyperelliptic curve, e.g., $D_s$ = $D_p$ · D; this is known as the HECDLP.

4.3. Theorem—IoT Device Signcryption

Select a random number $\upsilon$∈ {1, ..., $q-1$} and a fresh nonce $B_a$ before sending tuple {C,S,R} to the control center.

i.

And then, compute R = $\upsilon$ · D mod q, $A_x$ · $B_x$;

ii.

Compute $K_1$ = ${\hslash }_1$ ($\upsilon$ · $A_x$,$B_a$ ) and $K_2$ = ${\hslash }_2$ ($\upsilon$ + $(K_1 · C_p$) · $Ds$);

iii.

Compute C = $E_{B_x}$$K_2$ ($M^{\prime }$);

iv.

Calculate $\gamma$ = ℏ (C, $K_1$);

v.

Calculate S = ${\upsilon }^{-1}$ ($\gamma$ + $C_p$ · $K_1$) mod q;

vi.

Send $\delta$ = {C,S,R} to the control center.

4.4. Theorem—Control Center Unsigncryption

Upon recieving the alert message or encrypted data frames from the IoT nodes $\delta$ = {C,S,R}, the control center will performs the following steps to decrypt the signcrypted message Firstly, the control center computes R = $\upsilon$ · D mod q, = $A_x$, $B_x$

i.

Compute $K_1$ = ${\hslash }_1$ (S($\upsilon$ · $A_x$ · $B_a$));

ii.

Compute $\gamma$ = ℏ (C, $K_1$);

iii.

Compute R = $S^{-1}$ (D · $\gamma$ + $C_s$ · $K_1$);

iv.

Compute $K_2$ = ${\hslash }_2$ ((R + $K_1$ · $C_s$) · $D_p$);

v.

Compute $M^{\prime }$ = $E_{B_x}$$K_2$ (C).

Receive tuple $\delta$ = {C,S,R}; then, decrypt it to recover the actual data.

4.5. Correctness Proof of Algorithm

Proof. 

The following calculations were performed by unsigncrypter to create a secret session key:

• $K_2$= ${\hslash }_2$ (R + $K_1$ · $C_s$ · $D_p$) and it should be equal to
• ${\hslash }_2$ ($\upsilon$ + $K_1$ · $C_p$ · $D_s$)
• = ${\hslash }_2$ (( $\upsilon$ · D + $K_1$ · $C_s$) · $D_p$) where R = $\upsilon$ · D
• = ${\hslash }_2$ (( $\upsilon$ · D + $K_1$ · $C_p$ · D) · $D_p$) where $C_s$ = $C_p$ · D
• = ${\hslash }_2$ (($\upsilon$ + $K_1$$C_p$) D · $D_p$) where $D_s$ = D · $D_p$
• = ${\hslash }_2$ ($\upsilon$ + $K_1$ · $C_p$) · $D_s$) = $K_2$ □

Proof. 

If any conflict occurs between the signcrypter and the unsigncrypter, the following calculations are perform by the trusted third party (TTP) to resolve the conflict easily by using the formula:

• R = $K^{-1}$ (D · $\gamma$ + $C_s$ · $K_1$)
• In the above formula, $K^{-1}$ can be calculated as ${\displaystyle \frac{(D · \gamma +C_s{K}_1)}{S}}$; hence,
• $\Rightarrow R=\frac{(D · \gamma +C_s{K}_1)}{S}$ where $S={\upsilon }^{-1}(\gamma +C_p · K_1)$
• $\Rightarrow \frac{(D · \gamma +C_s{K}_1)}{{\upsilon }^{-1}(\gamma +C_p · K_1)}$
• $\Rightarrow \frac{(D · \gamma +C_p · D · K_1)}{{\upsilon }^{-1}(\gamma +C_p · K_1)}\mathrm{where}Cs=Cp.D$
• $\Rightarrow R=\frac{D(\gamma +C_p · K_1)}{{\upsilon }^{-1}(\gamma +C_p · K_1)}$
• $\Rightarrow \frac{D}{{\upsilon }^{-1}}\mathrm{where}D\upsilon =R$□

5. Security Analysis and Correctness Proof

This section highlights the comprehensive analysis of the essential security attributes and their mathematical proofs as offered by the proposed algorithm. These attributes are the founding pillars of security as they essentially play a pivotal role in secure communication:

5.1. Confidentiality

Transmitted data confidentiality can be accomplished with the assistance of Equations (3) and (5) in Section 5.2 and Section 5.3 for signcryption and unsigncryption processes, accordingly.

5.2. Signcryption Process

$K_2$ in Equation (3) provides confidentiality during the signcryption process. In order to temper the confidentiality during the signcryption process, it is compulsory to obtain $C_p$ from Equation (4). Subsequently, it becomes crucial to find the solution of Equation (5) which is unsolvable due to its reliance on HECDLP.

$$K_2={\hslash }_2(\upsilon +K_1 · C_p) · D_s$$

(3)

$$C_s=C_p · D$$

(4)

$$R=\upsilon · D$$

(5)

5.3. Unsigncryption Process

Equation (6) shows that $K_2$ ensures confidentiality during the unsigncryption process. In order to temper the confidentiality during the unsigncryption process, it is compulsory to obtain $D_p$ from Equation (7); then, it is vital to solve Equation (5). It is practically not possible to generate the original data from a solution of HECDLP two times.

$$K_2={\hslash }_2(R+K_1 · C_s · D_p)$$

(6)

$$D_s=D · D_p$$

(7)

Hence, in the proposed architecture framework confidentiality of data is proven at both ends IoT node (signcrypter end) and the control center (unsigncrypter end).

5.4. Integrity

During encryption of C, Equation (8) depicts that the sensing unit of the IoT must first validate ($\upsilon$) by means of bypassing the hash function (ℏ) with the assistance of ($K_1$). The control center first checks the freshness of $B_a$ after obtaining data from IoT nodes; then, it will calculate its hash value from Equation (9). If the attacker succeeded at modifying the encrypted data, then changes from C to $C^{\prime }$ are spotted by the devices due to the collision-resistance property of hash functions ℏ and ${\hslash }_2$.

$$\gamma =\hslash (C · K_1)$$

(8)

$$K_1={\hslash }_1\left(S(\upsilon · A_x · B_a)\right)$$

(9)

5.5. Authenticity

In the proposed architecture framework, data authenticity for the data captured by IoT sensor nodes can be achieved by performing the following calculations. The control center extracts $A_x$, $B_x$ by calculating ${\hslash }_2$(R + $K_1$ · $C_s$) · $D_p$ = ${\hslash }_2$($\upsilon$ + $K_1$ · $C_p$) · $D_s$ = $K_2$. Moreover, the control center checks the validity of $A_x$, $B_x$ after decrypting cipher text (C).

5.6. Replay Attack Resistance

Our scheme ensures resistance against replay attacks. If an attacker wants to resend an old data set, then it is required to generate the tuple ($\delta )$ = (C,S,R) and send it to the control center. Upon receiving ($\delta )$, the control center first checks the $B_a$ freshness: if $B_a$ has a fresh value, then tuple ($\delta )$ = (C,S,R) is accepted; otherwise, it is rejected.

5.7. Unforgeability

In order to produce a forged signature, the forgery requires Equation (9). But the forger will need to find the value of the private random number $\upsilon$ and the sender’s private key $C_p$ to solve Equations (4) and (5). As mentioned above in Section 5.2, it is not feasible to solve HECDLP. Hence, the proposed work satisfies protection against unforgeability.

$$S={\upsilon }^{-1}(\gamma +C_p · K_1)$$

(10)

5.8. Forward Secrecy

As for the assumption if unluckily the private key $C_p$ of any IoT node is compromised the attacker will still unable to decrypt the original message and data contents because in this situation the intruder must need to penetrate into the direction of secret key to access data. Therefore, to generate the secret key $K_2$ as illustrates by Equation (3) in Section 5.2 the attacker needs random number $\upsilon$ which is private and only known to the signcrypter. On the other side, if the unsigncrypter’s private key $D_p$ is compromised the infiltrator needs to calculate $K_2$ from Equation (4) to attain R; this still remains infeasible for the adversary to solve the equation due to HECDLP hardness. Furthermore, Equations (3) and (4) are associated with random number $\upsilon$ and $K_1$ is the commitment to unsolvability of the equations and also ensures the guarantee of forward secrecy for the proposed algorithm.

5.9. Public Verifiability

With regard to public verifiability, the third person Trusted Certificate Authority (TCA) endorses that the signcrypted message is valid and verifies the integrity and confidentiality of the scheme. The TCA verifies it without knowing the private keys (neither the recipient’s key nor the sender’s key) of any party. TCA ensures and verifies absence of tampering in the original data.

5.10. Non-Repudiation

Our scheme achieves non-repudiation through the utilization of Equation (10), which verifies that IoT nodes cannot deny their ownership of the data or their actions taken on the data forwarded to the control center. Moreover, this property can be easily justified using the second Proof illustrated in Section 4.5.

5.11. Protection Lifetime

The assurance of non-renouncement and privacy remains in effect throughout the entire lifespan of the information, starting from its creation at the IoT node. These measures ensure the protection of all information before it is transmitted from the IoT node. Consequently, there is no need to doubt the trustworthiness of the cloud service provider in terms of maintaining data privacy and reliability.

5.12. Denial of Service

The key generation center cannot access either plain text nor encrypted text. Moreover, in place of an authentic IoT node no false message can be sent by any forged node to overburden the control center in the proposed system. In such a manner, the designed cryptosystem preserves security and imparts resistance against denial-of-service attacks.

6. Results

6.1. Security Analysis

The purpose of this section is to evaluate the security requirements for the proposed algorithm. The security requirements, which are indicated in

Table 2. Security Attribute comparison of proposed algorithm with refs. [49,50].

Security Property	Ref. [49]	Ref. [50]	Proposed
Confidentiality	✔	✔	✔
Integrity	✔	✔	✔
Authenticity	×	✔	✔
Replay Attack Resistance	×	✔	✔
Unforgeability	✔	✔	✔
Forward Secrecy	×	×	✔
Public Verifiability	✔	×	✔
Non-Repudiation	✔	✔	✔
Lifetime Protection	×	×	✔
DoS Protection	×	×	✔

, can be considered to be the baseline security needs for any secure system. Therefore, it is essential to consider these needs while developing secure cryptosystems. In Section 5, we highlight the security attributes guaranteed by the proposed algorithm and provide their correctness with strong mathematical proofs. Table 2 depicts a security attribute comparison of the proposed algorithm with the methods of refs. [49,50], where ✔ shows the presence of a particular security property offered by the each algorithm.

6.2. Computational Complexity Analysis

The main parameter to be used for measuring performance is computational time, and the frequent way used for determining computational cost is calculation of the total time it takes to complete the process. The process consists of several major mathematical operations, including pairing operation P, pairing-based scalar multiplication $PBSM$, bilinear pairing $BP$, exponential operation E, elliptic curve scalar multiplication or point multiplication $ECPM$, and hyperelliptic divisor multiplication $HECDM$ [60]. Based on experimental results, the execution time ($ET$) for basic operation $E{T}_P$ = 20.04 m·s, and $E{T}_{PBSM}$ = 6.38 m·s [61]. In accordance with experimental results $E{T}_{BP}$ = 5.4 m·s [62]. Furthermore, based on experimental results, $E{T}_{ECPM}$ = 2.21 m·s and $E{T}_{HECDM}$ = 1.105 m·s [63].

To compare the computational cost of the proposed method in contrast to those of existing schemes, we make the following assumptions based on elliptic curve point multiplication ECPM and hyperelliptic curve divisor multiplication HECDM operations. The computational time complexity can be calculated by adding up the number of operands required to complete each step. This measure estimates the time required to execute a computing activity based on the number of operations and the complexity of each operation involved. By examining the amount of operands and their time dependencies throughout the algorithm, we can evaluate the computation’s efficiency.

Table 3. Computational complexity analysis.

Scheme	Operands Utilized in Signcryption	Operands Utilized in Unsigncryption	Total Curve Operands Utilized	Time Consumed
Ref. [49]	4 Elliptic Curve Point Multiplication	5 Elliptic Curve Point Multiplication	9 Elliptic Curve Point Multiplication	19.8 m·s
Ref. [50]	2 Elliptic Curve Point Multiplication	5 Elliptic Curve Point Multiplication	7 Elliptic Curve Point Multiplication	15.4 m·s
Proposed	4 Hyperelliptic Curve Divisor Multiplication	4 Hyperelliptic Curve Divisor Multiplication	8 Hyperelliptic Curve Divisor Multiplication	8.8 m·s

depicts the computational cost calculations and a comparison of the proposed algorithm with refs. [49,50] in terms of cost and time complexity with respect to curve operands. The algorithms proposed in refs. [49,50] are based on an elliptic curve point multiplication (ECPM) operation, which requires more execution time and leads to high computational cost [61]. The time complexity of ref. [49] can be calculated by adding the number of operands involved in each step: it required four PM operations for signcryption at the sender’s side and five PM operations for unsigncryption at receiver’s side—hence, nine ECPM operations altogether. Likewise, the methodology introduced by ref. [50] utilized two ECPM operations for signcryption and five ECPM operations for unsigncryption—a cumulative of seven ECPM operations. However, our algorithm is based on HECDM, which is comparatively faster than ECPM [61]: our proposed algorithm implies four HECDM operations the at the signcrypter’s end and four HECDM operations at the unsigncrypter’s end—thus, eight HECDM operations are required for the entire signcryption process. These results show that the proposed methodology reduces the operational complexity, which increases its computational efficiency. The computational time can be calculated by the time consumed in each step involved. The complexity of the approach presented in ref. [49] was calculated as four ECPM operations at the sender’s end and five ECPM operations at the receiver’s end. As a result, the overall computing cost accumulated by this approach is estimated to be nine ECPM operations. Single elliptic curve point multiplication PM takes about 2.2 m·s, while the hyperelliptic curve divisor multiplication DM requires 1.1 m·s [64]. Based on these calculations, the signcryption process is expected to take approximately $E{T}_{SIGNCRYPTION}$ = 8.8 m·s, while the unsigncryption process is estimated to require $E{T}_{UNSIGNCRYPTION}$ = 11 m·s. Consequently, the total time calculated for both processes is approximately $E{T}_{TOTAL}$ = 19.8 m·s [49]. Similarly, $E{T}_{SIGNCRYPTION}$ = 4.4. m·s, $E{T}_{UNSIGNCRYPTION}$ = 11 m·s, and $E{T}_{TOTAL}$ = 15.4 m·s for ref. [50], whereas our proposed methodology requires $E{T}_{SIGNCRYPTION}$ = 4.4 m·s, $E{T}_{UNSIGNCRYPTION}$ = 4.4 m·s, and $E{T}_{TOTAL}$ = 8.8 m·s, as depicted in Figure 5. The outcomes clearly show that the suggested technique minimizes the time complexity while improving the overall efficiency. By optimizing the computational processes involved, the suggested technique achieves faster execution times than the alternative methods in refs. [49,50]. This time complexity reduction allows faster operations that enable IoT devices to perform more efficiently. The improved efficiency of the suggested algorithm has practical results, as it enables fast execution and high performance for a wide range of IoT applications.

6.3. Communication Overhead Complexity Analysis

Communication overhead refers to extra bits added to the actual data and converting it into cipher text. As discussed previously in Section 3.2, ECC requires 160 bits, while HEC provides the same security using 80 bits. Using comparison assumptions for the elliptic curve H and the field size q, with a large prime number $\ge 2^{160}$ as a comparison, the proposed work’s parameters are based on an $H^{\prime }$ hyperelliptic curve, and u$\ge 2^{80}$.

The computational overhead complexity for a cryptographic protocol can be calculated as $\left|C\right|+\left|H\right|+\left|q\right|$, where $\left|C\right|$ is the cipher text size used for encryption: as an instance, assume $\left|C\right|$ = 128 bits. In comparison to the proposed algorithm, the computational overhead of the algorithm proposed in ref. [49] can be calculated as $\left|C\right|+\left|H\right|+\left|3q\right|$, where $\left|H\right|$ is 160 bits, and $\left|3q\right|$ is $3\left|160\right|$ bits. Therefore, the total computational overhead is $\left|128\right|+\left|160\right|+3\left|160\right|=768$ bits. Likewise, the computational overhead for the algorithm proposed in ref. [50] can be calculated as $\left|C\right|+\left|H\right|+2\left|q\right|$, which is $\left|128\right|+\left|320\right|+\left|160\right|=608$ bits. In comparison, the computational cost of our algorithm is calculated as $\left|128\right|+\left|80\right|+\left|80\right|=288$ bits.

Table 4. Computational overhead complexity analysis.

Scheme	Cipher Size	128 bits	256 bits	512 bits	1024 bits
Ref. [49]	$\left|C\right|+\left|H\right|+3\left|q\right|$	768	896	1152	1664
Ref. [50]	$\left|C\right|+2\left|H\right|+\left|q\right|$	608	740	996	1508
Proposed	$\left|C\right|+\left|H^{\prime }\right|+\left|u\right|$	288	416	672	1184

reflects a computational overhead comparison at different key sizes $\left|C\right|$.

The efficiency of communication depends on the size of the additional bits. If the additional bits are smaller, the communication will be faster. However, if the additional bits are larger in size, this decreases the efficiency, which causes delays in communication. The comparison results show a significant reduction in communication costs when compared to the previous work in [49,50]. Figure 6 shows the efficient functioning of the proposed methodology at various key sizes. In addition, it also indicates that the proposed solution requires fewer extra bits; thereby, it reduces bandwidth complexity while enhancing overall communication efficiency. This implies that the current proposed work requires fewer computational resources, which makes it a suitable choice for resource-limited IoT devices to perform more efficiently.

6.4. Communication Overhead Reduction

Communication overhead reduction can be calculated with the help of formula [62]:

$$\frac{ExistingScheme-ProposedScheme}{ExistingScheme}\ast 100$$

We use hyperelliptic curve divisors scalar multiplication, which is faster than previously presented work. We contribute to reduce the computational cost up to 38.16% compared to ref. [49] and 17.6% compared to ref. [50], as depicted in Table 3. The proposed scheme also reduces the communication cost by 62.5% compared to ref. [49] and 52.6% compared to ref. [50], as illustrated in Figure 7.

6.5. Formal Analysis and Security Validation

This section highlights the formal security verification and validation for the proposed methodology. To validate the security requirements of the proposed scheme, we conducted an analysis using the AVISPA tool [65,66]. AVISPA employs four back-end protocols—namely, AT-OPMC, AT-AtSe, AT-SATMC, and TA4SP—to verify the functionality of the cryptographic algorithm HLPSL code, which is then converted to IF. The AVISPA tool is seamlessly integrated with SPAN to provide a user-friendly interface. The tool’s results are primarily based on two validation states: SAFE and UNSAFE, as shown in Figure 8. If the scheme fails to provide security or resistance against attacks, the validation results summary of the protocol will be labeled as UNSAFE. Simulation results suggest that the proposed protocol has been demonstrated to be secure and suitable for practical implementation. The summary of simulation results for OFMC and ATSE validation as reflected by Figure 9 and Figure 10 further confirm that the algorithm is resistant to cryptographic attacks. Moreover, the instances, roles, and parameters specified in the proposed algorithm are relevant and applicable to real-world scenarios. In conclusion, the evidence presented strongly supports that the proposed protocol is both secure and appropriate for practical use, ensuring that the suggested methodology meets the desired level of security for secure communication in an IoT architecture.

6.6. Discussion

The IoT is the dominant concept in the development of Information Technology and plays an important role by apprehending decidedly sensitive data. The work proposed in this article highlights the security and efficiency challenges in IoT environments. The proposed signcryption algorithm based on hyperelliptic curve cryptography offers a well-balanced solution for resource-constrained IoT devices. It enhances data security by reducing computational and communication complexity and providing high security using a smaller key size. The formal security verification validates its correctness, while comparison results depict the effectiveness of the proposed approach. Overall, the results indicate that the proposed methodology is well-suited for resource-constrained IoT devices by offering improved efficiency and resistance against cryptographic threats. This work contributes to the development of reliable and secure communication channels for IoT devices: ensuring the essential security attributes, i.e., confidentiality, integrity, and authentication of transmitted data. Efficiency is the major requirement for the IoT. Traditional elliptic curve operations, such as point multiplication and point addition, require extensive computations, which may result in negative effects on performance and efficiency. Comparatively, from the analysis presented in Section 6.2, it is evident that our scheme outperforms two previous works: ref. [49] takes 19.8 m·s, and ref. [50] takes 15.4 m·s for the combined signcryption and unsigncryption process, while our proposed scheme only requires 8.8 m·s for the entire process. Additionally, our scheme reduces communication costs by 62.5% compared to ref. [49] and 52.6% compared to ref. [50], as depicted in Figure 7. Furthermore, previous works lack formal analyses or validation proofs for their proposed methods. In contrast, the security of our proposed cryptosystem has been formally investigated using AVISPA. The results analysis is highly satisfactory and clearly demonstrates the superiority of our work over previously presented methodologies. The suggested system holds significant potential for enhancing data security and improving efficiency in IoT devices, and we hope that its practical implementation will help to overcome the security challenges faced by IoT technology.

7. Conclusions

Addressing the security and efficiency concerns inherent in IoT environments is paramount given their resource-constrained and wireless nature. Traditional cryptography methods are often impractical due to their high resource demands. To address these challenges, a novel signcryption algorithm based on hyperelliptic curve divisor multiplication is introduced. This innovative approach not only offers improved efficiency by being faster and requiring smaller key sizes, but it also enhances security through the use of hyperelliptic curves. By reducing computational and communication complexity, this methodology is well-suited for resource-constrained IoT devices. Furthermore, our methodology includes formal security validation: providing confidence in its practical implementation by reducing the security challenges. The proposed methodology provides a well-balanced solution that meets both security and efficiency requirements to ensure the secure and efficient operation of IoT devices. HECC’s characteristics make it an attractive contender for future cryptography applications, especially for IoT devices with limited resources. Continued research, optimization efforts, standardization activities, and improvements in post-quantum cryptography can help HECC become a valuable and widely utilized cryptographic technique in upcoming years, and future research effort can be directed towards advances in optimization methodologies to reduce the computational intensity and make HECC more feasible for resource-constrained devices. This may include efficient implementations and methods designed specifically for HECC that increase performance and reduce the computational complexity.