The mushroom growth of IoT has been accompanied by the generation of massive amounts of data. Subject to the limited storage and computing capabilities of most IoT devices, a growing number of institutions and organizations outsource their data computing tasks to cloud servers to obtain efficient and accurate computation while avoiding the cost of local data computing. One of the most important challenges facing outsourcing computing is how to ensure the correctness of computation results. Linearly homomorphic proxy signature (LHPS) is a desirable solution to ensure the reliability of outsourcing computing in the case of authorized signing right. Blockchain has the characteristics of tamper-proof and traceability, and is a new technology to solve data security. However, as far as we know, constructions of LHPS have been few and far between. In addition, the existing LHPS scheme does not focus on homomorphic unforgeability and does not use blockchain technology. Herein, we improve the security model of the LHPS scheme, and the usual existential forgery and homomorphic existential forgery of two types of adversaries are considered. Under the new model, we present a blockchain-based LHPS scheme. The security analysis shows that under the adaptive chosen message attack, the unforgeability of the proposed scheme can be reduced to the CDH hard assumption, while achieving the usual and homomorphic existential unforgeability. Moreover, compared with the previous LHPS scheme, the performance analysis shows that our scheme has the same key size and comparable computational overhead, but has higher security.

In the past decade, the way of data collection and dissemination have inspired the rapid development of the Internet of Things (IoT) [

The IIoT continuously integrates all kinds of acquisition, sensors or controllers with sensing abilities, as well as mobile communication technology, into all aspects of industrial production, to improve production efficiency, reduce costs, and ultimately realize the conversion of traditional industry to smart industry [

The rapid development of IIoT and MHSs, along with the generation of massive medical and industrial data, has led to increasing computing overhead and resource consumption, which makes traditional local computing model (most IoT devices have limited processing and computing power and are not economical to calculate) unable to meet the application requirements. Fortunately, due to the convenience and rapidity of cloud computing, many users migrate local data to cloud servers to meet the above challenge.

However, as an unsecure third party, cloud servers may return incomplete or wrong calculation results due to software and hardware errors and commercial interest inducement. Homomorphic signature (HS) provides a natural method for verifying outsourced computing, which can effectively solve the above problems. HS can enable untrusted servers to run calculations on outsourced data and generate a short signature to ensure the integrity and correctness of the calculation results. In recent years, HS has been extensively studied and developed [

Furthermore, consider such an application scenario: a hospital authorizes a sensor to sign data and communicate with the cloud server. The cloud server first confirms the authenticity of the sender (i.e., the sensor connected to the bodies of remote patients) and then sends the data calculation result and the derived signature to the hospital or research institution to verify its correctness. In an IIoT environment, an executive officer issues instructions to subordinates (such as the plant manager) to perform communication tasks. Thus, the data signature was often carried out by the subordinate on behalf of the superior organization. To realize this kind of authentication mechanism, it is necessary to authorize the signing right. In order to implement such kind of authentication mechanism, signature rights need to be authorized. Mambo et al. [

Naturally, to ensure the reliability of outsourced computing in the case of authorized signing rights, constructing a PS scheme with the homomorphism is interesting, which combines the delegation characteristics and homomorphism in the authentication method. In this type of scheme, Alice can authorize Bob, and Bob can create a proxy signature with homomorphic properties. However, as far as we know, constructions of linearly homomorphic proxy signature (LHPS) have been few and far between; in addition, the existing LHPS scheme [

To overcome this security flaw, we improve the security definition for LHPS and construct a new LHPS scheme for IoT environments, and makes the following main contributions in this paper:

The security model for LHPS is improved. For the two types of adversaries, considering the situation of an adversary’s output of a homomorphic existential forgery, the types of forgeries are more comprehensive, so the model security standard is higher.

We construct a blockchain-based LHPS scheme and prove that this scheme is secure against existentially forgery (including the usual existential forgery and homomorphic existential forgery) on adaptive CMA based on the CDH assumption under two types of adversaries.

The performance of the new LHPS is analyzed in detail. The discussion shows that our scheme has the same key size and comparable computational overhead as Lin et al.’s LHPS scheme [

The concept of HS scheme was first proposed by Goldwasser et al. [

Since Mambo et al. [

Blockchain is a new type of decentralized protocol that can securely store Bitcoin transactions or other data. The information cannot be forged or tampered with, and smart contracts can be automatically executed without the audit of any centralized organization [

In the architecture of a cloud-based IoT environment using delegation and authentication computing, five entities are involved: CA, data owner, cloud server, end user and blockchain, as shown in

A LHPS scheme proposed in this paper includes seven polynomial-time algorithms (

For any

For all

We consider two type of adversaries, and denoted by

We use the following game between challenger

–

–

For any

For a

–

–

–

For any

For a

The advantage of adversary

Our proposed LHPS scheme is described in detail as follows:

Choose two groups

Selects different hash functions

Retrieve the relevant

Otherwise, it chooses a random number

Calculate hash values

Choose a random number

Output

Given a tuple

Given a tuple

Therefore, for the

This section presents the security analysis of our LHPS scheme. In this section,

–

Randomly choose numbers

Define the hash values of

Recover

Finally,

Therefore, we have

The CDH problem can be solved by calculating the following equation:

Next we calculate the probability of

We only need to analyze the probability of

If list

and returns the signature

Therefore, we have

If

Now, we show that

Moreover, according to the definition of type 2 forgery,

Assume

Note that

From Gramer criterion,

–

Suppose that

–

–

–

–

If

Otherwise,

Further, we have

Next,

Then the CDH problem has been solved.

It is not difficult to see that the probability of not aborting in delegation queries, signing queries and forgery stage is at least

–

–

–

–

If

If

Therefore, we have

If

Now, we need to show that

We compare our scheme with the only LHPS scheme proposed by Lin et al. [

Type-1 adversary | Type-2 adversary | |||
---|---|---|---|---|

Scheme | U-EUF | H-EUF | U-EUF | H-EUF |

Lin-LHPS [ |
||||

Proposed scheme |

Note: U-EUF: Usual Existential-Unforgeability; H-EUF: Homomorphic Existential-Unforgeability.

Communication overhead | Delegation overhead | |||
---|---|---|---|---|

Scheme | DeleSize | SigSize | DeleGen | DeleVer |

Lin-LHPS [ |
2 |
|||

Proposed scheme | 2 |

Note: DeleSize: the size of delegation; SigSize: the size of the proxy signature; DeleGen: the computational cost of generating the delegation signature; DeleVer: the computational cost of delegation verification.

As seen in

As shown in

In this paper, we improve the security model of the LHPS for the two types of adversaries, considering the situation in which adversaries output homomorphic existential forgeries. Under the new model, we present a blockchain-based LHPS scheme and prove that this scheme is secure against existential forgery (including the usual existential forgery and homomorphic existential forgery) under adaptive CMA based on the CDH assumption. The tamper-proof modification of the blockchain ensures the validity of the original signer’s warrant, which prevents problems such as the abuse of proxy signing rights. Moreover, the performance analysis shows that this new scheme has the same key size and comparable computing cost as Lin et al.’s LHPS scheme [

This research is funded by the

The authors declare that they have no conflicts of interest to report regarding the present study.