Next Article in Journal
Efficient One-Time Signatures from Quasi-Cyclic Codes: A Full Treatment
Previous Article in Journal
A (k, n)-Threshold Progressive Visual Secret Sharing without Expansion
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Pairing Free Identity-Based Blind Signature Scheme with Message Recovery

Department of Engineering Mathematics, Andhra University, Visakhapatnam 530003, India
*
Author to whom correspondence should be addressed.
Submission received: 17 September 2018 / Revised: 4 October 2018 / Accepted: 5 October 2018 / Published: 9 October 2018

Abstract

:
With the rapid development of modern technology, personal privacy has become a critical concern in many applications. Various digitalized applications such as online voting systems and the electronic cash systems need authenticity and anonymity. Blind signature is an advanced technique that provides the authenticity and anonymity of the user by obtaining a valid signature for a message without revealing its content to the signer. The message recovery property minimizes the signature size and allows efficient communication in situations where bandwidth is limited. With the advantage of blind signature and message recovery properties, in this paper, we present a new pairing free blind signature scheme with message recovery in Identity-based settings. The proposed scheme is proven to be secure in the random oracle model under the assumption that the Elliptic Curve Discrete Logarithm Problem (ECDLP) is intractable. The proposed scheme meets the security requirements such as blindness, untracebility, and unforgeability. We compare our scheme with the well-known existing schemes in the literature, and the efficiency analysis shows that our scheme is more efficient in terms of computational and communicational point of view.

1. Introduction

Digital Signature is one of the most important applications of Public Key Cryptography (PKC) and provides authenticity, data integrity, and non-repudiation. In traditional PKC, proposed by Diffie and Hellman [1] in 1976, authentication of public key relies on the certificate issued by Certificate Authority (CA). However, certificate management leads to extra storage, large computation, and communication costs. To surmount the obstacles in traditional PKC, Shamir [2] introduced Identity–based PKC (ID-PKC). In this system, public key of a user is resulting from user’s identity such as email and phone number; and secret key is generated from user’s public key via a trusted third party called Private Key Generator (PKG). To implement the digital signature in the real-world applications, we need to consider different features and properties to make them adequate and proper for different usages. There are many digital signature schemes in the literature with different properties such as Proxy signature, Aggregate signature, Multi signature, Group signature, Ring signature, etc. One of such variant is Blind Signature.
Blind signature is used to protect anonymity of a user in many applications such as electronic payment on e-commerce and anonymous electronic voting systems [3,4,5,6,7,8]. The concept of blind signature was introduced by Chaum [7] in 1982. In contrast to regular digital signature schemes, a blind signature scheme is an interactive two-party protocol between a user and a signer. The user acquires a signature on a message from the signer, however the content of the message and the final blind signature is not known to the signer. With the development of electronic commerce, the preservation of anonymity of the user has been an imperative need. As blind signature allows secure electronic payment and protects customers’ privacy or anonymity in e-cash transactions, it is a very important tool for electronic cash transmission. Similarly, e-voting uses blind signatures to obtain votes without violating the anonymity of the voter.
Message recovery is a concept where some (partial), or all (full), of the message is embedded in the signature itself. A digital signature scheme with this feature allows conserving bandwidth when transmitting a signed message, compared to a signature scheme with appendix. The digital signature scheme with a message recovery was first introduced by Nyberg and Rueppel [9] in 1993. In this signature scheme, the message itself is not required to be transmitted together with the signature. In fact, the message is embedded in the signature and can be recovered during the verification/message recovery process. In this way, the total length of the message and the appended signature can be shortened. It is very much suitable in situations where bandwidth is one of the main concerns. Combination of blind signature technique with message recovery integrates the advantages of both and provides anonymity, untraceability, and unforgeability for low bandwidth devices.

1.1. Related Work

After the introduction of blind signatures by Chaum [7], many blind signature schemes [10,11,12,13,14] were proposed in traditional PKC. Advantages of Identity based cryptosystem attracted the researchers towards it [15]. The first ID-based blind signature scheme was proposed by Zhang et al. [16] in 2002. Later many identity-based blind signature schemes have been proposed in literature along with its applications in e-cash and e-voting systems [17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35]. Most of these schemes are designed using bilinear pairings over elliptic curves [17,18,19,20,21,22,23,25,26,28,31,35]. In 2003, Zhang et al. [17] and in 2005, Huang et al. [18] proposed different efficient ID-based blind signature schemes. In 2006, Zhao et al. [19] proposed a new identity based blind signature scheme from bilinear pairings. In 2008, Kalkan et al. [20] presented a generalized ID-based blind signature from bilinear pairings. In 2010, Rao et al. [21] proposed a blind signature scheme using bilinear pairings over elliptic curves. The proposed scheme is based on the Hess identity-based digital signature scheme [22] and the security is based on the CDH problem. In 2010, Fan et al. [23] proposed a provably secure randomized blind signature scheme based on bilinear pairings. They proved the security for unlinkability, unforgeability in ROM. In the same year, Zhang et al. [24] proposed a novel ID-based blind signature for electronic voting system and Shakerian et al. [25] proposed blind signature scheme from pairings. In 2011, He et al. [26] proposed an efficient identity-based blind signature scheme without bilinear pairings, and their work is motivated by the importance of blind signatures, which guarantees the anonymity of users. Later, Hu et al. [27] presented ID-based blind signature without random oracle model. In 2013, Xu et al. [28] presented an ID-based blind signature scheme from pairings with unlinkability. In the same year, Jain et al. [29] presented an efficient ID-based blind signature scheme in E-voting. Later, Li et al. [30] presented a partially blind signature scheme standard model. In 2014, Pance et al. [31] presented a comparison of ID-based blind signatures from pairings for E-voting. In 2015, Girish et al. [32] proposed a survey paper on Identity based blind signature schemes. In 2016, Islam et al. [33] proposed a provably secure pairing-free identity-based partially blind signature scheme and its application in online e-cash system. The security analysis of the proposed scheme was presented in the random oracle model, which substantiated that it was provably secure. In 2017, Kumar et al. [34] proposed a blind signature for E-voting in ID-based setting. In the same year Sarde et al. [35] presented a blind and proxy blind signature scheme. Most of these schemes are designed using bilinear pairings over elliptic curves. In addition to these, very few ID-based blind signature schemes with message recovery have been proposed in literature [23,36,37,38,39,40]. In 2007, Han et al. [36] proposed a blind signature scheme with message recovery, using pairings over elliptic curves. This paper is based on modified Weil/Tate pairings over elliptic curves, which improves the key size. In 2008, Hassan et al. [37] proposed a new identity-based blind signature scheme with message recovery based on Zhang et al. scheme. Their scheme is more efficient than Han et al. [36] scheme. It requires less bandwidth and is suitable for signing short messages such as pin card numbers and short identifiers. Additionally, in 2013, Diao et al. [38] proposed a new proxy blind signature scheme with message recovery. In 2017, James et al. [39] proposed an identity-based blind signature scheme with message recovery using bilinear pairings over elliptic curves. Recently, in 2018, Verma and Singh [40] proposed an efficient identity-based blind signature scheme with message recovery using bilinear pairings. However, the above-mentioned blind signature schemes are designed using bilinear pairings over elliptic curves. Additionally, these blind signature schemes are designed with message recovery using pairings.

1.2. Motivation

In any PKC, to provide the high security, the length of the key size must be sufficiently large. Larger keys in cryptographic schemes cause less computational efficiency and require more bandwidth. Thus, cryptographic schemes with smaller key size are desirable. To meet this requirement, Koblitz [41] and Miller [42] independently proposed the Elliptic Curve Cryptography (ECC) using elliptic curves. ECC has many advantages over PKC, especially; ECC provides high security with smaller keys in size. For instance, ECC with 512 bit key provides the same level of security as in AES (Advanced Encryption Standard; symmetric algorithm) with 256 bit key and in RSA with 15,360 bit key. Thus, ECC based schemes have shorter key sizes and requires low computational and communicational costs; consequently, time management, storage space, and consumption of bandwidth become very less with these small keys. Though ECC provides much security with short keys, the computational cost of a bilinear pairing over elliptic curve group is a costly operation, and is significantly more expensive than the elliptic curve scalar multiplication operation. In addition, map to point hash function is also very expensive cryptographic operation. Due to the expensive operations such as bilinear pairings and map to point hash functions, most of the cryptographic schemes are having less efficiency while implementing them. In view of this, ECC based schemes without pairing operation under general hash function would be more desirable to achieve high efficiency with the same level of security. Motivated by this, we focus on the design of new identity based blind signature scheme with message recovery in a pairing free environment.

1.3. Our Contribution

In this paper, we present a Pairing Free Identity based Blind Signature scheme with message recovery over elliptic curves. The blindness property provides anonymity and untraceability. This scheme is secure against forgeability and the security proof is presented in the ROM model under the hardness of ECDLP. To the best of our knowledge, this is the first blind signature scheme in identity-based setting addressing about message recovery in a pairing free environment. Our scheme achieves high efficiency and is more comfortable for resource constrained applications. We presented the comparative analysis of our scheme with existing schemes and it shows that the proposed scheme is efficient in terms of computational and communicational point of view.

1.4. Organization

The remaining part of this paper is organized as follows. In Section 2, we presented some preliminaries. The syntax and security model for our PF-IDBS-MR scheme are presented in Section 3. The proposed PF-IDBS-MR scheme is presented in Section 4. Security analysis and efficiency analysis of our PF-IDBS-MR scheme are presented in Section 5. The conclusions of the paper are presented in Section 6.

2. Preliminaries

This section briefly presents the fundamental concepts of ECC and the complexity assumption, on which the proposed scheme is designed and achieves the desired security.

2.1. Elliptic Curve Cryptography

Elliptic curve cryptography (ECC) has become more popular and plays a very important role in modern PKC [41,42].
Let E q ( a , b ) be a set of elliptic curve points over the prime field F q , defined by the non-singular elliptic curve equation: y 2 mod q = ( x 3 + a x + b ) mod p with a , b F q and ( 4 a 3 + 27 b 2 ) mod q 0 . The additive elliptic curve group is defined as G q = { ( x , y ) : x , y F q } and ( x , y ) E q ( a , b ) { O } , where the point O is known as “point at infinity”. The order of the elliptic curve over F q is ο ( E ( F q ) ) satisfies the relation 1 2 q ο ( E ( F q ) ) q + 1 . The scalar multiplication on the cyclic group G q defined as kP = P + P+∙∙∙+ P (k times). Here, P G q is the generator of order n.

2.2. Elliptic Curve Discrete Logarithm Problem

  • Given a tuple ( P , Q ) , it is computationally hard for any Probabilistic Polynomial Time (PPT) algorithm A dv to determine a , where Q = a P and a Z q .
  • The probability that any polynomial-time bounded algorithm A dv can solve the ECDLP is defined as A d v g A dv,Gg ECDLP = Prob { A d v ( P , Q ) = a P , Q G g   and   Q = a P , a Z q } .

2.3. Notations and Acronyms

The following Table 1 presents the acronyms that are used throughout this paper.
The following Table 2 presents the symbols and their descriptions, which have been used throughout this paper.

3. Syntax and Security Model of the Proposed PF-IDBS-MR Scheme

In this section we present the syntax and security model of the proposed PF-IDBS-MR scheme.

3.1. Syntax of PF-IDBS-MR

A formal model of the proposed scheme consists of the following four algorithms: System Setup, Key Extract, Blind Signature Generation, and Blind Signature Verification. The detailed description of these algorithms is described below.
  • System Setup. For a given security parameter k Z + , the Private Key Generator (PKG) runs this algorithm and generates the system parameters Params and the master key s. Params are made public and s is kept secret. Params are implicit input to all the following algorithms.
  • Key Extract. For a given user’s identity ID, the PKG runs this algorithm to generate the public key and private key. PKG sends the private key to the corresponding user over a secure channel.
  • Blind Signature Generation. This is an interactive and probabilistic polynomial time protocol, which is operated by the user and the signer. The user first blinds the message m and obtains a new version h ˜ of m , and then sends it to the signer. The signer uses his/her private key to sign on h ˜ and obtains z 1 , and then sends it to the sender/user. The sender un-blinds it to obtain Ω , which is a blind signature on the original message m .
  • Blind Signature Verification. For a signer’s identity ID and a blind signature Ω , a verifier runs this algorithm to recover the message and check the validity of the blind signature Ω , more precisely, the algorithm Verify ( I D ,   Ω ) outputs 1 if accepted, or 0 if rejected.

3.2. Security Requirements of the Proposed PF-IDBS-MR

A secure blind signature scheme must satisfy the following requirements:
  • Correctness. If the user and the signer, both comply with the algorithm of blind signature generation, then the blind signature Ω will always be accepted. The correctness of the signature can be checked by anyone using the signer’s public key.
  • Blindness. A signature is said to be blind if a given message-signature pair and the signer’s view are statistically independent. While correctly operating one instance of the blind signature scheme, let the output be ( m , R , Y , v ) (i.e., message-signature pair) and the view of the protocol V . At a later time, the signer is not able to link V to ( m , R , Y , v ) . Hence, the content of the message is blind to the signer.
  • Unforgeability. With this property, the user is not able to forge a valid blind signature. Only the signer can give a valid signature for the associated message.
Now we present the security definitions of blindness and unforgeability for our proposed scheme.
Definition 1.
(Blindness) Let A dv be a probabilistic polynomial-time adversary which plays the role of the signer, U 0   and   U 1 be two honest users. U 0   and   U 1 engage in the blind signature issuing scheme with A dv on messages m e   and   m 1 e , and output signatures σ e   and   σ 1 e , respectively, where e { 0 , 1 } is a random bit chosen uniformly. ( m e , m 1 e , σ e , σ 1 e ) are sent to A dv and then A dv outputs e { 0 , 1 } . For all such A dv, U 0   and   U 1 for any constant c , and for sufficiently large n ,   | Pr [ e = e ] 1 2 | < n c .
Definition 2.
(Unforgeability) The proposed PF-IDBS-MR is secure against existential forgery under the adaptive chosen message attack (EF-ACMA) and identity attacks if there is no probabilistic polynomial time adversary has a non-negligible advantage in the following game.
Our proposed scheme is existentially unforgeable in the Random Oracle Model (ROM) under an adaptive chosen-message and an adaptive chosen-ID attack. In this model (Game), a forger can choose its messages and its identities adaptively. We give the forger the power to request private keys on identities of its choice. The forger is also given access to the signing oracle for any messages for desired identities. A forger’s advantage Advg IBSSMR ,   A dv is defined as its probability of success in the following game between a challenger ξ and a forger A dv. The advantage to win the above game by a PPT-bounded adversary A dv with the help of ξ is defined as A d v g A d v = Pr [ A d v   succeeds ] .
Game Model.
  • Setup. The challenger ξ takes a security parameter k and executes the setup algorithm of the PF-IDBS-MR. ξ returns the system Params to A dv and keeps the master secret with itself.
  • Queries. The forger A dv adaptively makes the following different queries to the challenger ξ .
    -
    Hash Queries. When the involved hash functions are modeled by random oracles A dv also performs adaptive queries to the hash functions. The Challenger ξ answers these queries of the forger of this oracle, providing it with consistent and totally random values.
    -
    Extract Queries. When A dv requests the private key of an identity ID of its choice, the challenger ξ runs the key extraction algorithm on ID and forwards the output d I D to A dv.
    -
    Sign Queries. When A dv requests, adaptively, a signature on a given message m with an identity ID, ξ returns a signature Ω .
  • Output. A dv outputs ( m * ,   I D * ,   Ω * ) and we say that A dv succeeds if:
    (i)
    I D * has never requested to the private key extraction oracle;
    (ii)
    Ω * has not been obtained as an answer of the challenger to a sign query ( m * , I D * ) ;
    (iii)
    Ω * is a valid signature.

4. Proposed PF-IDBS-MR Scheme

The proposed Pairing Free Identity based Blind signature with Message Recovery scheme consists of the following four algorithms:
  • System Setup. For a given security parameter k Z + , the PKG runs this algorithm as follows.
    • Choose a cyclic additive group G of prime order q with the points on an elliptic curve E and P as the generator of G .
    • Select s Z q * randomly and compute the system public key P p u b = s P .
    • Choose H 1 : { 0 , 1 } Z q , H 2 : { 0 , 1 } Z q , H 3 : G { 0 , 1 } | q | and F 1 : { 0 , 1 } l 1 { 0 , 1 } l 2 , F 2 : { 0 , 1 } l 2 { 0 , 1 } l 1 as hash functions. l 1   and   l 2 are positive integers such that | q | = l 1 + l 2 .
    • PKG publishes the system parameters P a r a m s = { E , G , q , P , P p u b , H 1 , H 2 , H 3 , F 1 , F 2 , l 1 , l 2 } as public and keeps the master key < s > as secret.
  • Key Extract. Given a user’s identity ID, the PKG runs this algorithm by choosing r Z q * and computes R = r P ; h 1 = H 1 ( I D , R , P p u b ) ; d = ( r + s h 1 ) mod q .
    This algorithm returns D = ( d , R ) and sends it securely to the corresponding user I D as his private key.
  • Blind signature generation. In order to sign a message m { 0 , 1 } l 1 blindly by a signer, whose identity is I D , the user and the signer should follow the scenario given below:
    • Signer: Chooses a number k Z q and computes X = k P and sends X , R to the user as a commitment.
    • Blinding: The user chooses blinding factors a , b Z q randomly and computes
      β = F 1 ( m ) ( F 2 ( F 1 ( m ) ) m ) ,   Y = a X + b β P ,   h 2 = H 2 ( I D , R , Y ) ,   h ˜ = a 1 h 2 mod q .
      Now the user sends h ˜ to the signer.
    • Signing: The signer computes z 1 = ( k + h ˜ d ) mod q and sends back to the user.
    • Unblinding: The user computes the following.
      z 2 = ( a z 1 + b β ) mod q ,   α = H 3 ( I D , z 2 P ) ,   v = [ α β ] 10 .
      The user outputs ( m , Y , R , v ) and Ω = ( Y , R , v ) is the blind signature on the message m .
      The blind signature issuing protocol is shown in Table 3.
  • Blind signature verification. To verify the signature Ω = ( Y , R , v ) for the message m and the identity I D , the verifier computes h 1 = H 1 ( I D , R , P p u b ) , h 2 = H 2 ( I D , R , Y ) , α ˜ = H 3 ( I D , Y + h 2 ( R + h 1 P p u b ) ) , β ˜ = [ v ] 2 α ˜ .
    The verifier recovers the message m ˜ = | β ˜ | l 1 F 2 [ | β ˜ | l 2 ]   ( = m ) .
    Accept the signature Ω as valid on m ˜ = m   iff   | β ˜ | l 2 = F 1 ( m ˜ ) .

5. Analysis of the Proposed PF-IDBS-MR Scheme

This section presents the security analysis and efficiency analysis of the proposed PF-IDBS-MR scheme.

5.1. Security Analysis of the Proposed Scheme

In the following we will analyse the security of our PF-IDBS-MR scheme. We prove the correctness property, blindness property and unforgeability of our PF-IDBS-MR scheme by the following two theorems.
Theorem 1.
(Proof of Correctness) The proposed scheme satisfies the property of correctness.
Proof of Theorem 1.
The following equations give the correctness of the proposed scheme.
Consider   z 2 P = { a z 1 + b β } P = { a [ k + h ˜ d ] + b β } P = { a [ k + h ˜ ( r + h 1 s ) ] + b β } P = { a [ k + a 1 h 2 ( r + h 1 s ) ] + b β } P = a k P + h 2 ( r + h 1 s ) P + b β P = a X + h 2 ( R + h 1 P p u b ) + b β P = ( a X + b β P ) + h 2 ( R + h 1 P p u b ) = Y + h 2 ( R + h 1 P p u b ) .
Theorem 2.
(Blindness) The proposed scheme satisfies the blindness property.
Proof of Theorem 2.
We consider the condition in Definition 1. Let ( m , R , Y , v ) be one of the two signatures given to adversary A dv. Let ( X , h ˜ , z 1 ) be the data exchanged during one of the signature issuing schemes in the view of A dv. It is sufficient to show that there exists two random factors ( a , b )   that   map   ( X , h ˜ , z 1 ) to ( m , R , Y , v ) . From the description of the scheme, we know the following equations must hold.
Y = a X + b β
h ˜ = a 1 h 2 mod q
z 2 = ( a z 1 + b β ) mod q  
From Equation (3), we get b β = z 2 a z 1 mod q and if replacing b β = z 2 a z 1 mod q in Equation (1), we get that it is obvious that a Z q is unique. Then b is unique, since b β = z 2 a z 1 mod q . Thus, ( X , h ˜ , z 1 ) and ( m , R , Y , v ) have exactly the same relation defined by the signature issuing protocol. Such a , b always exist regardless of the values of ( X , h ˜ , z 1 ) and ( m , R , Y , v ) . Even an infinitely powerful A dv outputs a correct value e with a probability exactly 1 2 . Thus, the proposed scheme is unconditionally blind. □
Theorem 3.
(Unforgeability) The proposed scheme is existential unforgeable against the adaptive chosen message and identity attacks based on the infeasibility assumption of the ECDLP.
Proof of Theorem 3.
Let ξ be an ECDLP challenger, and it is given a random instance Q = s P of the ECDL problem in G for a randomly chosen s Z q * . Its goal is to compute s . Let A dv be an adversary who interacts with ξ , as described in security model of the proposed scheme (Section 3.2). Now, we prove that ξ can solve the ECDLP using A dv. During the simulation process, ξ needs to guess the target identity of A dv. Without loss of generality, ξ takes I D * as target identity of A dv on a message m .
  • Initialization phase. ξ runs the setup algorithm and sets P p u b = Q = s P as public key and generates system parameters params and sends params, P p u b   to A dv.
  • Queries phase. A dv can access the following oracle in an adaptive manner and the algorithm ξ responds to these oracles as follows.
    -
    Extraction oracle. ξ maintains an initial-empty H 1 - oracle   list   L 1 , which includes the tuples like ( I D i , R i , P p u b , d i , h 1 i ) when A dv makes this query on identity I D i ,   ξ looks for I D i in the list L 1 and returns the output to A dv as follows.
    • If I D i = I D ,   ξ aborts.
    • If I D i I D ,   ξ   selects   a i , b i Z q   and   sets   d i = b i ,   R i = a i P p u b + b i P   and   h 1 i = a i .
      Clearly ( d i , R i ) satisfies the equation d i P = R i + h 1 i P p u b . Then ξ outputs d i as secret key of the user I D i and incorporates the tuple ( I D i , R i , P p u b , d i , h 1 i ) to L 1 list and returns d i to A dv.
    -
    Queries on oracle H 2 : H 2 ( I D i , R i , Y i ) . When A dv asks a H 2 query with the input ( I D i , R i , Y i ) , ξ then replies with previous value h 2 i Z q , if the tuple ( I D i , R i , Y i , h 2 i ) is in L 2 . Otherwise ξ picks a random h 2 i Z q and returns h 2 i to A dv and adds ( I D i , R i , Y i , h 2 i ) to the list L 2 .
    -
    Queries on oracle H 3 : H 3 ( I D i , z 2 i P ) . ξ maintains a list L 3 , which is initially empty. It contains tuples of the form ( I D i , z 2 i P , h 3 i ) . After receiving the query on ( I D i , z 2 i P ) , if a tuple ( I D i , z 2 i P , h 3 i ) exists on L 3 , ξ returns h 3 i Z q . Otherwise, ξ picks a random h 3 i Z q and returns h 3 i . ξ adds ( I D i , z 2 i P , h 3 i ) to L 3 .
    -
    Queries on F 1 , F 2 : ξ maintains two separate lists F 1 - l i s t , F 2 - l i s t , which are initially empty. If the queries are made earlier, then it returns the same answer. Otherwise, ξ picks random numbers from { 0 , 1 } l 2   and   { 0 , 1 } l 1 respectively, and returns to adversary. ξ stores these values in F 1 , F 2 lists, respectively.
    -
    Signing oracle. When A dv makes this query on ( I D i , m i ) ,   ξ first makes queries on H 2 , H 3 , F 1 , F 2 oracles and recovers the tuples ( I D i , R i , Y i , h 2 i ) , ( I D i , z 2 i P , h 3 i ) from lists, respectively. Then, ξ does the following.
    • Choose z 2 i , h 2 i Z R q .
    • Set H 2 ( I D i , R i , Y i ) h 2 i   and   store   ( I D i , R i , Y i , h 2 i ) to the list L 2 .
    • Compute α i = H 3 ( I D i , z 2 i P ) , β i = F 1 ( m i ) ( F 2 ( F 1 ( m i ) ) m i ) , Y i = z 2 i P h 2 i ( R i + h 1 i P p u b ) , v i = [ α i β i ] 10 .
Finally, ξ responds to A dv with the signature ( m i , Y i , R i , v i ) .
Forgery. After forgery, a valid signature ( m i , Y i , R i , v i ) on the message m i under the identity I D i by A dv, ξ recovers the corresponding tuples ( I D i , R i , Y i , h 2 i ) , ( I D i , z 2 i P , h 3 i ) from L 2 , L 3 lists. From the tuples, if I D i I D ,   then   ξ   halts and fails. Otherwise, if I D i = I D , then   ξ computes the value of s as follows. From Forking Lemma (Pointcheval et al. [43]), if we have a replay of ξ with the same random tape but different choices of H 2 , H 3 , A dv will output another signature ( m i , Y i , R i , v i ) . This signature satisfies the verification equation.
By r i , s , we now denote discrete logarithms of R i , P p u b , respectively, which is R i = r i P ,   P p u b = s P .
As the signatures ( m i , Y i , R i , v i ) , ( m i , Y i , R i , v i ) satisfy the verification equations, we get two linearly independent equations as Y i ( j ) = z 2 i ( j ) P h 2 i ( j ) ( R i + h 1 i ( j ) P p u b )   for   j = 1 , 2 . ξ solves the unknown values r i , s , from the above two linearly independent equations and outputs s as the solution of ECDLP. However, the ECDLP is computationally infeasible by any polynomial-time bounded algorithm. Therefore, based on the intractability assumption of ECDLP, our scheme is provably secure in the ROM against the adaptive chosen message and identity attacks. □

5.2. Efficiency Analysis of the Proposed Scheme

In this section, we analyze the performance of our PF-IDBS-MR scheme. We compare our scheme with the relevant schemes in terms of computational and communicational cost. We consider the experimental results (Ren et al. [44], Cao et al. [45], and Tan et al. [46]), to achieve the comparable security with 1024-bit RSA key, where the bilinear pairing (Tate pairing) is defined over the super singular elliptic curve E q : y 2 = x 3 + x with embedding degree 2 and the 160-bit Solinas prime number q = 2 159 + 2 17 + 1 with 512-bit prime number p satisfying p + 1 = 12 q r . The running time is calculated for different cryptographic operations in References [44,45,46] using MIRACL (Shamus software) [47], a standard cryptographic library and implemented on a hardware platform PIV (Pentium-4) 3GHZ processor with 512-MB memory and a windows XP operating system. Furthermore, Chung et al. [48] indicated that the time needed to execute the elliptic curve scalar multiplication ( T E M ) is approximately 29 T M L , and the time needed to execute the modular exponentiation ( T E X ) is approximately 240 T M L . It was also mentioned in Reference [45] that the time needed to execute one pairing based scalar multiplication ( T E M ) is approximately 6.38 ms, i.e, T E M 6.38 m s , the time needed to execute one bilinear pairing (Tate pairing) operation ( T B P ) is approximately 20.01 ms, i.e., T B P 20.01 m s and the time needed to execute one pairing-based exponentiation T P X is approximately 11.20 m s , i.e., T P X 11.20 ms . Now, from the works proposed by Baretto et al. [49] and Tan et al. [46], 1 T B P 3 T E M and 1 T P X ( 1 / 2 ) T B P . We summarize these computational results in Table 4.

5.2.1. Computational Efficiency

The comparison of our proposed PF-IDBS-MR scheme with the existing blind signature schemes, in terms of a computational point of view, is presented in Table 5. The total computational cost of our proposed scheme is 156.96 T M L , which is much more efficient than the well-known existing schemes. While the computational cost of our scheme is equal to Islam et al. scheme [33], our proposed scheme achieves message recovery. Hence, our scheme is considered to be more efficient compared to Islam et al. scheme [33]. From Table 5, it is clear that the computation cost of our PF-IDBS-MR scheme is 156.96 T M L , which is 76.37% less than Han et al. scheme [36], 67.98% less than Hassan et al. scheme [37], 70.60% less than Fan et al. scheme [23], 69.95% less than Prasad et al. [21], 32.34% less than He et al. scheme [26], 67.01% less than James et al. [39], and 71.01% less than Verma et al. scheme [40]. Hence, our scheme is computationally more efficient when compared to the well-known related schemes [21,23,26,33,36,37,39,40].

5.2.2. Communicational Efficiency

The comparison of our proposed PF-IDBS-MR scheme with the existing blind signature schemes, in terms of communicational point of view, is presented in Table 6. The schemes [21,23,36,37,39,40] are established on bilinear pairings. The remaining related schemes [26,33] and our proposed scheme is established on ECC. To achieve a security level of 80 bits, in bilinear pairing, we consider e ^ : G 1 × G 1 G T , where G 1 is an additive group that is generated by P ^ with the order q ^ on the super singular elliptic curve E ^ : y 2 = x 3 + x mod p ^ with embedding degree 2. Here, p ^ consists of 512 bit prime number and q ^ is of 160 bit solinas prime number. To achieve the same 80 bit security level, in ECC, we consider G as an additive cyclic group generated by a point P on a non-singular elliptic curve E : y 2 = x 3 + a x + b mod p and its order is q where p , q are prime numbers of 160 bit each and a , b Z q . Hence, the size of p ^ is 512 bits (i.e., 64 bytes) and the size of p is 160 bits (i.e., 20 bytes). Hence, the size of elements in G 1 is 512 × 2 = 1024 bits and the size of elements in G is 160 × 2 = 320 bits. Additionally, the size of the elements in Z q is 160 bits.
Since our proposed scheme is with message recovery, the original message of the signature is not required to be transmitted together with the signature, and hence the signature length of our proposed scheme is | q | + 2 | G | and the communication cost is 160 + 2 × 320 = 800 bits = 100 bytes.
From Table 6, it is clear that our PF-IDBS-MR scheme is more efficient compared to the existing blind signature schemes [21,23,26,33,36,37,39,40], in a communicational point of view.
The following bar graphs (Figure 1 and Figure 2) clearly show that our scheme is much more efficient than the existing schemes. Hence, our PF-IDBS-MR scheme is much more efficient than the existing blind signature schemes, both from a computational and communicational cost point of view.

6. Conclusions

In this paper, we have presented a pairing-free Identity-based blind signature scheme with message recovery. This PF-IDBS-MR scheme combines the advantages of blind signature, message recovery property in ID-based setting. Moreover, it is designed in pairing-free environment. The correctness of the proposed scheme has been validated. The proposed scheme is secure and existential unforgeable against the adaptive chosen message and identity attacks under the assumption that ECDLP intractable. The blindness property of the proposed scheme provides the anonymity of the user and the message recovery property of the proposed scheme enhances the bandwidth efficiency. To the best of our knowledge, this is the first blind signature scheme with message recovery in pairing free environment. The comparison of our PF-IDBS-MR scheme with the existing schemes shows that the proposed scheme is efficient in terms of computational and communicational point of view. The proposed scheme is very useful in practical applications such as mobile communications, wireless sensor networks etc., where bandwidth is the main constrain. Due to the blindness and message recovery property, computational, and communicational efficiency, the proposed PF-IDBS-MR scheme can be applied efficiently in the design of e-voting and e-payment applications.

Author Contributions

Conceptualization, S.J.; Investigating, S.J.; Problem Designing, P.V.R.; Formal Analysis and Writing, N.B.G.; Review and Editing, N.B.G.; Supervision, P.V.R.

Funding

This research is received no external funding.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Diffie, W.; Hellman, M.E. New Directions in Cryptography. IEEE Trans. Inf. Theory 1976, 22, 644–654. [Google Scholar] [CrossRef]
  2. Shamir, A. Identity-Based Cryptosystems and Signature Schemes. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques, Santa Barbara, CA, USA, 20–24 August 2000; pp. 47–53. [Google Scholar]
  3. Chang, C.C.; Lee, J.S. An anonymous voting mechanism based on the key exchange protocol. Comput. Secur. 2006, 25, 307–314. [Google Scholar] [CrossRef]
  4. Fan, C.I.; Sun, W.Z. An efficient multi-receipt mechanism for uncoercible anonymous electronic voting. Math. Comput. Model. 2008, 48, 1611–1627. [Google Scholar] [CrossRef]
  5. Liaw, H.T. A secure electronic voting protocol for general elections. Comput. Secur. 2004, 23, 107–119. [Google Scholar] [CrossRef]
  6. Delaune, S.; Kremer, S.; Ryan, M. Coercion-resistance and receipt-freeness in electronic voting. In Proceedings of the 19th IEEE Computer Security Foundations Workshop, Venice, Italy, 5–7 July 2006; pp. 28–42. [Google Scholar]
  7. Chaum, D. Blind Signatures for Untraceable Payments. Available online: https://0-link-springer-com.brum.beds.ac.uk/chapter/10.1007%2F978-1-4757-0602-4_18#citeas (accessed on 3 October 2018).
  8. Chaum, D.; Fiat, A.; Naor, M. Untraceable electronic cash. Adv. Cryptol. 1990, 403, 319–327. [Google Scholar]
  9. Nyberg, K.; Rueppel, R.A. A New Signature Scheme Based on the DSA Giving Message Recovery. In Proceedings of the 1st ACM Conference on Communication and Computer Security, Fairfax, VA, USA, 3–5 November 1993. [Google Scholar]
  10. Jeng, F.G.; Chen, T.L.; Chen, T.S. An ECC-based blind signature scheme. J. Netw. 2010, 5, 921–928. [Google Scholar] [CrossRef]
  11. Shen, V.R.L.; Chung, Y.F.; Chen, T.S.; Lin, Y.A. A Blind Signature Based on Discrete Logarithm Problem. Int. J. Innov. Comput. Inf. Control 2011, 7, 5403–5416. [Google Scholar]
  12. Garcia, L.L.; Perez, L.J.D.; Henriquez, F.R. A pairing-based blind signature e-voting scheme. Comput. J. 2014, 57, 1460–1471. [Google Scholar] [CrossRef]
  13. Verma, G.K.; Singh, B.B. New ID based fair blind signatures. Int. J. Current Eng. Sci. Res. 2016, 3, 41–47. [Google Scholar]
  14. Darwish, A.; Gendy, M.M.E. A New Cryptographic Voting Verifiable Scheme for E-Voting System Based on Bit Commitment and Blind Signature. Int. J. Swarm Intel. Evol. Comput. 2017, 6, 2. [Google Scholar] [CrossRef]
  15. Sahu, R.A.; Padhye, S. ID-based signature scheme from bilinear pairings: A survey. Front. Electr. Electron. Eng. 2011, 6, 487–500. [Google Scholar] [CrossRef]
  16. Zhang, F.; Kim, K. ID-based blind signature and ring signature from pairings. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Queenstown, New Zealand, 1–5 December 2002. [Google Scholar]
  17. Zhang, F.; Kim, K. Efficient ID-based blind signature and proxy signature. In Proceedings of the Australasian Conference on Information Security and Privacy, Sydney, NSW, Australia, 9–11 July 2003. [Google Scholar]
  18. Huang, Z.; Chen, K.; Wang, Y. Efficient identity-based signatures and blind signatures. In Proceedings of the International Conference on Cryptology and Network Security, Xiamen, China, 14–16 December 2005. [Google Scholar]
  19. Zhao, Z.; Zhao, Z.; Tang, X.; Liu, Y. A New ID-Based Blind Signature from Bilinear Pairings. In Proceedings of the 2006 IET International Conference on Wireless, Mobile and Multimedia Networks, Hangzhou, China, 6–9 November 2006. [Google Scholar]
  20. Kalkan, S.; Kaya, K.; Selcuk, A.A. Generalized ID-Based Blind Signatures from Bilinear Pairings. In Proceedings of the 23rd International Symposium on Computer and Information Sciences, Istanbul, Turkey, 27–29 October 2008. [Google Scholar]
  21. Rao, B.U.; Ajmath, K.A.; Reddy, P.V.; Gowri, T. An ID-Based Blind Signature Scheme from Bilinear Pairings. Int. J. Comput. Sci. Secur. 2010, 4, 98–106. [Google Scholar]
  22. Hess, F. Efficient identity-based signature schemes based on pairings. In Proceedings of the International Workshop on Selected Areas in Cryptography, St. John’s, NF, Canada, 15–16 August 2002. [Google Scholar]
  23. Fan, C.I.; Sun, W.Z.; Huang, V.S.M. Provably secure randomized blind signature scheme based on bilinear pairing. Comput. Math. Appl. 2010, 60, 285–293. [Google Scholar] [CrossRef]
  24. Zhang, L.; Hu, Y.; Tian, X.; Yang, Y. Novel identity-based blind signature for electronic voting system. In Proceedings of the 2010 Second International Workshop on Education Technology and Computer Science, Wuhan, China, 6–7 March 2010; pp. 122–125. [Google Scholar]
  25. Shakerian, R.; Pour, T.M.; Kamali, S.H. An identity based public key cryptography blind signature scheme from bilinear pairings. In Proceedings of the 2010 3rd International Conference on Computer Science and Information Technology, Chengdu, China, 9–11 July 2010; pp. 28–32. [Google Scholar]
  26. He, D.; Chen, J.; Zhang, R. An efficient identity-based blind signature scheme without bilinear pairings. Comput. Electr. Eng. 2011, 37, 444–450. [Google Scholar] [CrossRef]
  27. Hu, X.; Wang, J.; Yang, Y. Secure ID-based blind signature scheme without random oracle. In Proceedings of the 2011 International Conference on Network Computing and Information Security, Guilin, China, 14–15 May 2011; pp. 245–249. [Google Scholar]
  28. Xu, G.; Xu, G. An ID-based Blind Signature from Bilinear Pairing with Unlinkability. In Proceedings of the 3rd International Conference on Consumer Electronics, Communications and Networks, Xianning, China, 20–22 November 2013. [Google Scholar]
  29. Jain, R.T.; Patel, A.A. Computationally Efficient ID-Based Blind Signature Scheme in E-Voting. Int. J. Sci. Res. Dev. 2013, 1. Available online: https://s3.amazonaws.com/academia.edu.documents/33502839/IJSRDV1I3034.pdf?AWSAccessKeyId=AKIAIWOWYYGZ2Y53UL3A&Expires=1539744028&Signature=o5N7XWZ%2BVlfugIaaf%2FESsqJzfCc%3D&response-content-disposition=inline%3B%20filename%3DComputationally_Efficient_ID-Based_Blind.pdf (accessed on 26 September 2018).
  30. Li, F.; Zhang, M.; Takagi, T. Identity-based partially blind signature in the standard model for electronic cash. Math. Comput. Model. 2013, 58, 196–203. [Google Scholar] [CrossRef]
  31. Pance, R.; Ljupcho, A. Comparison of ID-Based Blind Signatures from Pairings for E-Voting Protocols. In Proceedings of the 37th International Convention on Information and Communication Technology, Electronics and Microelectronics, Opatija, Croatia, 26–30 May 2014; pp. 26–30. [Google Scholar]
  32. Girish; Krupa, K.T.; Phaneendra, H.D. Survey on Identity Based Blind Signature. Int. J. Comput. Sci. Inf. Technol. 2015, 6, 2678–2681. [Google Scholar]
  33. Islam, S.H.; Amin, R.; Biswas, G.P.; Obaidat, M.S.; Khan, M.K. Provably Secure Pairing-Free Identity-Based Partially Blind Signature Scheme and Its Application in Online E-Cash System. Arab. J. Sci. Eng. 2016, 41, 3163–3176. [Google Scholar] [CrossRef]
  34. Kumar, M.; Katti, C.P.; Saxena, P.C. An Identity-Based Blind Signature Approach for E-Voting System. Int. J. Modern Educ. Comput. Sci. 2017, 10, 47–54. [Google Scholar] [CrossRef]
  35. Sarde, P.; Banerjee, A. A Secure ID-Based Blind and Proxy Blind Signature Scheme from Bilinear Pairings. J. Appl. Secur. Res. 2017, 12, 2. [Google Scholar] [CrossRef]
  36. Han, S.; Chang, E. A Pairing-Based Blind Signature Scheme with Message Recovery. Int. J. Inf. Technol. 2007, 1, 2602–2607. [Google Scholar]
  37. Hassan, E.; Yasmine, A. A New Blind Identity-Based Signature Scheme with Message Recovery. Online J. Electron. Electr. Eng. 2008, 2, 2. [Google Scholar]
  38. Diao, L.; Gu, J.; Yen, I.L. A New Proxy Blind Signature Scheme with Message Recovery. Inf. Technol. J. 2013, 12, 6159–6163. [Google Scholar]
  39. James, S.; Gowri, T.; Babu, G.R.; Reddy, P.V. Identity-Based Blind Signature Scheme with Message Recovery. Int. J. Electr. Comput. Eng. 2017, 7, 2674–2682. [Google Scholar]
  40. Verma, G.K.; Singh, B.B. Efficient identity-based blind message recovery signature scheme from pairings. Inst. Eng. Technol. J. 2018, 12, 150–156. [Google Scholar] [CrossRef]
  41. Koblitz, N. Elliptic curve cryptosystem. J. Math. Comput. 1987, 48, 203–209. [Google Scholar] [CrossRef]
  42. Miller, V.S. Use of elliptic curves in cryptography. Proc. Adv. Cryptol. 1985, 218, 417–426. [Google Scholar]
  43. Pointcheval, D.; Stern, J. Security arguments for digital signatures and blind signatures. J. Cryptol. 2000, 13, 361–396. [Google Scholar] [CrossRef]
  44. Ren, K.; Lou, W.; Zeng, K.; Moran, P.J. On broadcast authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 2007, 6, 4136–4144. [Google Scholar] [CrossRef]
  45. Cao, X.; Kou, W.; Du, X. A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges. Inf. Sci. 2010, 180, 2895–2903. [Google Scholar] [CrossRef]
  46. Tan, S.Y.; Heng, S.H.; Goi, B.M. Java Implementation for Pairing-Based Cryptosystems. Proc. Int. Conf. Comput. Sci. Appl. 2010, 6019, 188–198. [Google Scholar]
  47. Shamus Software Ltd. Miracl Library. Available online: https://www.miracl.com (accessed on 3 October 2018).
  48. Chung, Y.F.; Huang, K.H.; Lai, F.; Chen, T.S. ID-based digital signature scheme on the elliptic curve cryptosystem. Comput. Stand. Interfaces 2007, 29, 601–604. [Google Scholar] [CrossRef]
  49. Barreto, P.S.L.M.; Libert, B.; McCullagh, N.; Quisquater, J.J. Efficient and provably secure identity-based signatures and signcryption from bilinear maps. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, 4–8 December 2005; Volume 3788, pp. 515–532. [Google Scholar]
Figure 1. Graphical representation of Total Computation Cost.
Figure 1. Graphical representation of Total Computation Cost.
Cryptography 02 00029 g001
Figure 2. Graphical representation of Total Communication Cost.
Figure 2. Graphical representation of Total Communication Cost.
Cryptography 02 00029 g002
Table 1. Acronyms and explanation.
Table 1. Acronyms and explanation.
AcronymsExplanation
ECDLPElliptic Curve Discrete Logarithm Problem
PKCPublic Key Cryptography
PF-IDBS-MRPairing-Free Identity-based Blind Signature with Message Recovery
ECCElliptic Curve Cryptography
PPTProbabilistic Polynomial Time
PKGPrivate Key Generator
ROMRandom Oracle Model
EF-ACMAExistential Forgery under the Adaptive Chosen Message Attack
Table 2. Notation and Meaning.
Table 2. Notation and Meaning.
NotationMeaning
E ( F q ) Group of elliptic curve points over F q
k Security parameter
G 1 An additive group which is generated by P ^ with the order q ^ on the super singular elliptic curve
G An additive cyclic group generated by a point P on a non-singular elliptic curve
H 1 , H 2 , H 3 , F 1 , F 2 Cryptographic hash functions
a || b Concatenation of two strings a   and   b
X-OR computation in the binary system
[ x ] 10 Decimal   representation   of   x { 0 , 1 }
[ y ] 2 Binary representation of y Z
| β | l 2 The   first   l 2 bits of β from the left side
| β | l 1 The   first   l 1 bits of β from the right side
Ω Signature on the message m
Table 3. The blind signature issuing protocol.
Table 3. The blind signature issuing protocol.
User Signer
k Z q
Compute   X = k P
  X , R
Chooses a , b Z q
Computes β = F 1 ( m ) ( F 2 ( F 1 ( m ) ) m )
Y = a X + b β P
h 2 = H 2 ( I D , R , Y )
h ˜ = a 1 h 2 mod q
h ˜
Compute   z 1 = ( k + h ˜ d ) mod q
z 1
Compute z 2 = ( a z 1 + b β ) mod q
α = H 3 ( I D , z 2 P )
v = [ α β ] 10
Ω = ( Y , R , v ) is the blind signature on message m
Table 4. Notations and descriptions of various cryptographic operations and their conversions.
Table 4. Notations and descriptions of various cryptographic operations and their conversions.
NotationsDescriptions
T M L Time needed to execute the modular multiplication operation
T E M Time needed to execute the elliptic curve point multiplication (Scalar multiplication in G 1 ): T E M 29 T M L
T B P Time needed to execute the bilinear pairing operation in G 2 : T B P 87 T M L
T P X Time needed to execute the pairing-based exponentiation operation in G 2 : T P X 43.5 T M L
T E X Time needed to execute modular exponentiation operation in Z q * : T E X 240 T M L
T I N Time needed to execute modular inversion operation in Z q * : T I N 11.6 T M L
T M T P Time needed to execute a map-to-point (hash function): T M T P T E M 29 T M L
T P A Time needed to execute addition of 2 elliptic curve points (point addition in G 1 ): T P A 0.12 T M L
Table 5. Comparison of computational efficiency of our proposed scheme with the related schemes.
Table 5. Comparison of computational efficiency of our proposed scheme with the related schemes.
SchemeSigning CostVerification CostTotal Cost
Han et al. (2005) [36] 6 T E M + 2 T B P + 1 T I N + 2 T P A 3 T B P + 1 T P X 664.34 T M L
Hassan et al. (2006) [37] 6 T E M + 1 T B P + 1 T I N + 2 T P A 2 T B P + 1 T P X 490.34 T M L
Fan et al. (2010) [23] 7 T E M + 1 T M T P + 1 T I N + 3 T P A 3 T B P + 1 T M T P 533.96 T M L
Rao, et al. (2010) [21] 2 T B P + 3 T E M + 1 T P X + 4 T P A 2 T B P + 1 T P X 522.48 T M L
He et al. (2011) [26] 5 T E M 3 T E M 232 T M L
Islam et al. (2016) [33] 4 T E M + 2 T P A + 1 T I N 1 T P A + 1 T E M 156.96 T M L
James et al. (2017) [39] 6 T E M + 1 T B P + 1 T I N + 2 T P A 2 T B P + 1 T E M 475.84 T M L
Verma et al. (2018) [40] 3 T E M + 1 T M T P + 1 T B P + 1 T I N 1 T B P + 1 T E X 541.6 T M L
Our Proposed Scheme 3 T E M + 1 T P A + 1 T I N 2 T E M + 2 T P A 156.96 T M L
Table 6. Comparison of communicational efficiency of our proposed scheme with the related schemes.
Table 6. Comparison of communicational efficiency of our proposed scheme with the related schemes.
SchemeMessage RecoverySignature LengthIn Bytes
Han et al. (2005) [36] 2 | G 1 | 256   b y t e s
Hassan et al. (2006) [37] | q | + | G 1 | 148   b y t e s
Fan et al. (2010) [23] | m | + 2 | G 1 | 256   b y t e s + | m |
Rao et al. (2010) [21] | q | + | G 1 | 148   b y t e s + | m |
He et al. (2011) [26] | q | + 2 | G | 100   b y t e s + | m |
Islam et al. (2016) [33] | q | + 2 | G | 276   b y t e s + | m |
James et al. (2017) [39] | q | + | G 1 | 148   b y t e s + | m |
Verma et al. (2018) [40] | q | + | G 1 | 148   b y t e s
Our Proposed Scheme | q | + 2 | G | 100   b y t e s

Share and Cite

MDPI and ACS Style

James, S.; Gayathri, N.B.; Reddy, P.V. Pairing Free Identity-Based Blind Signature Scheme with Message Recovery. Cryptography 2018, 2, 29. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography2040029

AMA Style

James S, Gayathri NB, Reddy PV. Pairing Free Identity-Based Blind Signature Scheme with Message Recovery. Cryptography. 2018; 2(4):29. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography2040029

Chicago/Turabian Style

James, Salome, N.B. Gayathri, and P. Vasudeva Reddy. 2018. "Pairing Free Identity-Based Blind Signature Scheme with Message Recovery" Cryptography 2, no. 4: 29. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography2040029

Article Metrics

Back to TopTop