1 Introduction

Due to continuous increase in prices of liquid petroleum gas (LPG) and crudeoil (fossil fuel), natural gas is the best option as fuel with better parameters and has increase in demand for domestic and automobile industry [1, 2]. The processing and distribution of natural gas up to the end users encounters several challenges like leakages in pipe, bursting due to over pressure, contaminations due changing weather conditions and maintaining pressure and flow through pipes.

To deal with these difficulties, access to information related to gas and its grid is very important to develop advanced strategies for gas distribution management. Combining information and Communication technologies (ICT) into the present gas transportation system is one feasible salutation to gather the gas associated data. This upgraded infrastructure that configures ICT into the gas distribution approach [3] is termed as Smart Gas Distribution Grid (SGDG) Fig. 1 describes the overview of Smart Gas Distribution Grid.

Fig. 1
figure 1

Overview of smart gas distribution grid (SGDG)

Full size image

By establishing bidirectional data exchange between metering devices, the smart gas distribution grid concept aims to improve existing gas distribution grids. Utilities, gas flow instruments, and end users are all involved. IoT-enabled gas distribution grids provide the same benefits as water and electrical grids while also improving gas infrastructure management in terms of hazard minimization.

Deploying smart metering [4, 5] is believed to be of vital importance towards the fulfilment of smart towns as they support numerous benefits to gas utilities and end clients. In comparison with conventional hand operated metering devices smart gas meters provides precise data acquisition during low pressures, moisture contents in gas which can indicates the problems in system and are more resistive to corrosions from grains in the system. The data gathered from subsequent infrastructure supports the analysis of gas demands that supports better understanding of gas utilization, this encourages the designing of urban gas distribution network [6].

The accessibility of instantaneous data at elevated temporal frequency supports the gas services detecting leakages and fixtures malfunctioning, timely scheduled repair or upgrade of the infrastructure and eventually supports them to take on desired goals for natural gas utilization. Such expertise derived from acquired data also helps in connection with gas utilization demand models to recognize the parameters adding to peak demand. Furthermore, innovative optimization methods can be applied to enhance the gas saving through the urban gas life cycle means improving in operational effectiveness for the proprietor of gas delivery network. Looking ahead the use of data recent improvements in smart network actuators help to develop self-sufficient smart grids, where metering and actuators coordinate to manage the delivery network more effectively than any manual service.

From IOT point of view, one major challenge is the vast amount of data created by smart gas meters and the way it communicates effectively through all elements of system [7]. The multi-modal frameworks of town-based utilization and requirement of data access between various groups introduces additional technical difficulties on transferring enormous database acquired across various infrastructures.

The latest advancements of the upcoming 5th generation communication networks (5G) are likely to enhance the implementation of fog computing with lots of benefits with respect to response time, delays in transmission, cost of energy management in time dependent applications.

Hierarchical arrangement of cloud-fog computing supports various forms of computing services that enhances the resource managing in smart grids [8, 9]. The real-world testimonial in deployments reflects the gains of middleware technologies. Furthermore, fog computing permits application designers to support analytics and instantaneous data that is actionable intuitions direct from IoT end terminal devices with least data exchange (on sites) and low latency, using client-based resources. Assume that the simplest gas usage meter counter as actual, direct feedback system can sufficiently impact client behaviour with regard to gas usage, resulting more modified and sustainable behaviour.

It’s obvious that the personal usage of gas consumption data has crucial significance in smart metering applications. In present smart grid applications where meter communicates all measured data to cloud-based services, giving secondary importance to privacy requirement of data.

Due to this, naturally the personal data can be retrieved from well known measurements. Clients’ lifestyle can be retrieved easily from detailed information acquired of gas utilization, revels information about home stay timings, meal and working schedules or even religious practices. Only solution to this is to provide strict data security [9] system for smart grids that go along with the fog computing protocols to secure the privacy of data collected.

Analysis indicates that slow end devices contributing to fog computing architecture can implement advanced cryptographic mechanism in an energy effective way. Adopting such mechanisms will support in securing the clients data privacy along with minimizing the communication and storage overheads [10]. The hierarchical structure of the fog computing architecture in addition with supportive Hyper elliptic curve identity based proxy signcryption scheme for Smart Gas Distribution Grid in fog computing environment (HYEC-IBPSC-SGDG-FC) scheme safeguards client’s privacy from third partners. Then again differential privacy methods [11] can be utilized to implement effective secrecy preserving techniques for load management.

Modern consumption patterns have been built recently considering fog computing components of the architecture to merge noise to the data acquired at particular points, so supporting a best trade off between usefulness of the data and secrecy assessed with other popular techniques.

The significant contributions of this paper are as follows:

  • A new secure Hyper elliptic curve identity based proxy signcryption scheme for Smart Gas Distribution Grid in fog computing environment (HYEC-IBPSC-SGDG-FC) scheme is proposed for smart gas grid network.

  • Security analysis of proposed HYEC-IBPSC-SGDG-FC proves that the proposed scheme withstands HYEC-DLP and HYEC-DHP.

  • The performance analysis of the proposed HYEC-IBPSC-SGDG-FC scheme is done by using the well-known AVISPA tool shows that the proposed scheme has resilience against replay and man-in-the-middle attacks.

  • Finally the comparison with existing scheme shows that, HYEC-IBPSC-SGDG-FC is more efficient in terms of computation and communication costs.

The rest of the paper is organized as follows. Section 2 contains a discussion of the existing schemes that are related to this topic. In Sect. 3, the proposed scheme's characteristics and security assumptions are discussed. All phases of the proposed scheme are described in detail, and the proposed HYEC-IBPSC-SGDG-FC scheme is also discussed in detail. The meticulous security analysis and correctness of the proposed scheme is discussed in Sect. 4. Section 5 deals with the formal verification of HYEC-IBPSC-SGDG-FC using Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also discusses the assessment of performance. Finally, in Sect. 6, we wrap up our investigation.

2 Related work

In 1996, the authors of Ref. [12] proposed the conception of a proxy signature for the first time. The Original signer delegates the signing authority to proxy signer, and proxy signer issued a valid signature on behalf of original signer in accordance with that delegated authority The signcryption algorithm and the proxy signature concept come together to form proxy signcryption. Using an ID-based proxy encryption scheme was proposed by the authors of Ref. [13] in 2004. We found that this scheme did not meet the necessities of unforgeability and forward security. An improved IDPS system without a secure channel was developed by authors of Ref. [14] a year later, in 2005. An identity-based proxy signature was created by authors of Ref. [14] using bilinear pairing in the same year. In the proposed scheme, bilinear pairing was also used, which is a computationally demanding process. There is an ID-PSC (ID-PSC) scheme proposed by the authors of Ref. [15]. This is a public-verifiable, forward secure and computationally efficient scheme. By employing the universally composable (UC) paradigm, the authors of Ref. [16] developed an identity-based proxy sign encryption scheme (IBPSP). The authors of this scheme have provided a proof of semantic security of proposed scheme. To further protect the cloud delegation process, an identity-based signcryption mechanism is described in Ref. [17]. Encrypted messages are generated by the proxy agent and sent to the CSP, where they can be decrypted and checked. Due to the use of bilinear pairing in Ref. [18], the proposed solution was not suitable for drones [19]. Proposes a novel ECC-based IBPS approach to reduce the computational burden of the bilinear pairing approach. This was followed by the authors of Ref. [20] who proposed the use of IBPS scheme for drones, which they claimed to be simpler and more consistent than preceding approaches. a light weight and secure proxy blind signcryption for multi-digital messages based on a hyperelliptic curve (HEC) is proposed by authors of Ref. [21]. Our research essentially adds to that of scheme proposed in Ref. [20]. The use of HECC, which only needs a key size of 80 bits, is a big advantage of our scheme. ECC and bilinear pairing require a lot more keys [22].

3 Proposed HYEC-IBPSC-SGDG-FC scheme

The system model for the proposed HYEC-IBPSC-SGDG-FC is described in Fig. 2.

Fig. 2
figure 2

The system model for the proposed HYEC-IBPSC-SGDG-FC scheme

Full size image

3.1 Preliminaries

The foundation and fundamental principles of hyper elliptic curve [23, 24], assumption of complexity, nomenclature, and the mathematical formulation of the proposed HYEC-IBPSC-SGDG-FC will be discussed in this segment. Table 1 lists the notations that were utilized in this work.

Table 1 Notations used in this work
Full size table

Definition 1

The hyperelliptic curve discrete logarithm problem (HYEC-DLP)

Given a ℌƴℇ of genus G, the element \(\mathcal{D}\) of order ℕ of Jacobian, the other element \(\mathcal{D}\)1 from the subgroup of \(\mathcal{D}\). The HYEC-DLP is to extract the value of ℕ.

Definition 2

The hyperelliptic curve Diffie-Hellman problem (HYEC-DHP)

Given a ℌƴℇ of genus G, the element \(\mathcal{D}\) of order ℕ of Jacobian, the other elements \({\mathbb{N}}*\mathcal{D}\)1 and P*\(\mathcal{D}\)2 from the subgroup of \(\mathcal{D}\). The HYEC-DHP is to extract the value of ℕ and P.

3.2 Formal model

The HYEC-IBPSC-SGDG-FC Scheme is divided into seven phases as follows. The sequence diagram in Fig. 3 describes the flow and phases of HYEC-IBPSC-SGDG-FC Scheme.

  1. 1.

    Phase 1: System Initialization—This algorithm is accountable for generating public parameters which are openly accessible to all the participating entities and master secret which is a secret of the trusted third party.

  2. 2.

    Phase 2: Key Extraction—Every individual user sends his/her unique identity IDi to the trusted third party. The secret key for the user o with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) is \({S}_{{\mathcal{D}}_{\mathrm{o}}}\) and public key is \({P}_{{\mathcal{D}}_{\mathrm{o}}}\).

  3. 3.

    Phase 3: Warrant generation and Delegation -The original signer shall make a warrant w which contains the information about the type of delegation and time of delegation; it also defines the type of documents to be signcrypted by proxy signcryptor. This algorithm is accountable for generating the signing warrant Sw and delegating it to proxy signer.

  4. 4.

    Phase 4: Warrant Verification-This phase is accountable for the verification of signing warrant received from original signer. If the warrant is verified correctly then the proxy signer executes the next algorithm.

  5. 5.

    Phase 5: Proxy Signcryption-This phase takes the message to be sent M, proxy signers identity IDp, proxy Signers private key \({S}_{\mathrm{Ps}}\) identity of receiver \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}} }\) and public parameters as input and generates the signcrypted message and send to the receiver via a secure channel.

  6. 6.

    Phase 6: Unsigncryption—This algorithm takes received signcrypted message, receivers private key \({S}_{{\mathcal{D}}_{\mathrm{R}}}\) and the identity of both sender and receiver \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\), \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\) and generates the original message M if the signcrypted message has not tampered else it returns \(\perp .\).

Fig. 3
figure 3

Sequence diagram representing flow and phases of HYEC-IBPSC-SGDG-FC Scheme

Full size image

3.3 Proposed scheme

3.3.1 Phase 1: system initialization

Input:-ℌƴℇ Security parameters λ

Output:-public system parameters

  1. 1.

    Select \(\vartheta {\in }_{R}{\mathbb{Z}}_{n}\), where \(\vartheta\) is a master secret

  2. 2.

    Compute Master Public key \({M}_{Pub}\) =\(\vartheta *\mathcal{D}\), where \(\mathcal{D}\) is devisor of ℌƴℇ

  3. 3.

    Select irreversible cryptographic hash functions ℋ1,2,3,4

  4. 4.

    The PKG publish the public system parameters as  = {\({M}_{Pub}\), \(\mathcal{D},\) ℌƴℇ, ℋ1,2,3,4, n\(\ge {2}^{80}\)}

3.3.2 Phase 2: key extraction

Input:-Identity of Participating entities IDi

Output:-Public and secret keys for IDi

  1. 1.

    For the data owner o with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) PKG Selects \({\varphi }_{{\mathcal{D}}_{o}}{\in }_{R}{\mathbb{Z}}_{n}\)

  2. 2.

    The Public key of data owner o is \({P}_{{\mathcal{D}}_{\mathrm{o}}}\)=\({\varphi }_{{\mathcal{D}}_{o}}*\mathcal{D}\)

  3. 3.

    Compute \({\sigma }_{{\mathcal{D}}_{\mathrm{o}}}\)= ℋ1 \(\left({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathcal{D}}_{\mathrm{o}}}\right)\)

  4. 4.

    The Secret key of data owner o with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) is \({S}_{{\mathcal{D}}_{\mathrm{o}}}\) = \({\varphi }_{{\mathcal{D}}_{o}}+{\sigma }_{{\mathcal{D}}_{\mathrm{o}}}* \vartheta\)

  5. 5.

    The Secret key of proxy signer PS with identity \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) is \({S}_{\mathrm{Ps}}\) = \({\varphi }_{\mathrm{Ps}}+{\sigma }_{\mathrm{Ps}}* \vartheta\)

  6. 6.

    The Secret key of data requester R with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\) is \({S}_{{\mathcal{D}}_{\mathrm{R}}}\) = \({\varphi }_{{\mathcal{D}}_{\mathrm{R}} }+{\sigma }_{{\mathcal{D}}_{\mathrm{R}} }* \vartheta\)

3.3.3 Phase 3: warrant generation and delegation

Input:-public system parameters, \({S}_{{\mathcal{D}}_{\mathrm{o}}}\),w

Output:-Signcrypting warrant Sw

The original signer shall make a warrant w which contains the information about the type of delegation and time of delegation; it also defines the type of documents to be signcrypted by proxy signcryptor.

By using warrant w the original signer generates signcrypting warrant Sw by using original signer’s private key \({S}_{{\mathcal{D}}_{\mathrm{o}}}\)

  1. 1.

    Select \(\alpha {\in }_{R}{\mathbb{Z}}_{n}\)

  2. 2.

    Compute ѵ  = \(\alpha\)\(\mathcal{D}\)

  3. 3.

    \(\mathrm{Compute }\partial =\)2 (\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},\) w, ѵ)

  4. 4.

    Compute Sw = \(\alpha\)  + \(\partial\)\({S}_{{\mathcal{D}}_{\mathrm{o}}}\)

  5. 5.

    The original signer sends W = (Sw, ѵ, w) to proxy signcryptor

3.3.4 Phase 4: warrant verification

Input:-W = (Sw, ѵ, w).

Output:-Accept or reject the signing warrant.

  1. 1.

    Compute \({\delta }^{`}=\)2 (\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},\) w, ѵ)

  2. 2.

    The proxy signer verifies the received delegation by computing

    • $${\text{S}}_{{\text{w}}} *{\mathcal{D}\ominus } = \nu + \partial *\left( {\sigma_{{{\mathcal{D}}_{{\text{o}}} }} *M_{Pub} + P_{{{\mathcal{D}}_{{\text{o}}} }} } \right)$$
      (1)

    • Verification of Eq (1)

    • Consider LHS, Substitute Sw = \(\alpha\)  + \(\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)

    • Sw * \(\mathcal{D}\) = \(\mathcal{D}*\left(\alpha +\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\right)\)

    • Sw * \(\mathcal{D}\) = \(\mathcal{D}*\alpha +\mathcal{D}*\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)

    • Substitute ѵ =\(\alpha *\mathcal{D}\) and \({S}_{{\mathcal{D}}_{\mathrm{o}}}\) = \({\varphi }_{{\mathcal{D}}_{o}}+{\sigma }_{{\mathcal{D}}_{\mathrm{o}}}* \vartheta\)

    • Sw * \(\mathcal{D}\) = ѵ\(+\mathcal{D}*\partial *({\varphi }_{{\mathcal{D}}_{o}}+{\sigma }_{{\mathcal{D}}_{\mathrm{o}}}* \vartheta )\)

    • Sw * \(\mathcal{D}\) = ѵ\(+\partial *({\mathcal{D}*\varphi }_{{\mathcal{D}}_{o}}+{\mathcal{D}*\sigma }_{{\mathcal{D}}_{\mathrm{o}}}* \vartheta )\)

    • Substitute \({M}_{Pub}\) =\(\vartheta *\mathcal{D}\) and \({P}_{{\mathcal{D}}_{\mathrm{o}}}\)=\({\varphi }_{{\mathcal{D}}_{o}}*\mathcal{D}\)

    • Sw * \(\mathcal{D}\) = ѵ\(+ \partial * ({\sigma }_{{\mathcal{D}}_{\mathrm{o}}}*{M}_{Pub}+{P}_{{\mathcal{D}}_{\mathrm{o}}})\)

    • Hence proved Eq. 1

3.3.5 Phase 5: proxy signcryption

If warrant is verified in previous step, the proxy signcryptor then signcrypts the message.

Input:-Public system parameters, m,\(\mathrm{W}, {\sigma }_{{\mathcal{D}}_{\mathrm{R}}}\),\({P}_{{\mathcal{D}}_{\mathrm{R}}}\)

Output:-Signcrypted message \(\Psi\)

  1. 1.

    Select \(\rho {\in }_{R}{\mathbb{Z}}_{{p}^{*}}\)

  2. 2.

    \({\Psi }_{1}=\rho * \mathcal{D}\)

  3. 3.

    \(Compute \mathcal{Q}= \rho *({\sigma }_{{\mathcal{D}}_{\mathrm{R}}}\) *\({M}_{Pub}\) +\({P}_{{\mathcal{D}}_{\mathrm{R}}}\))

  4. 4.

    \(Compute\) ƙ = ℋ3 (\({\Psi }_{1}, \mathcal{Q}\), \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}},}{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{R}}}\))

  5. 5.

    \({\Psi }_{2}\)= m ⊕ ƙ

  6. 6.

    \(Compute \mu\) = ℋ4 (\({\mathrm{m},\mathrm{W}, \mathcal{Q},\Psi }_{1},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}},}{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{R}}}\))

  7. 7.

    \({\Psi }_{3}\) = \(\rho + \mu * {S}_{\mathrm{Ps}}\)

  8. 8.

    \(\Psi =\left({\Psi }_{1},{\Psi }_{2},{\Psi }_{3},W\right)\)

The proxy signcryptor uploads the signcrypted ciphertext \(\Psi\) on cloud.

3.3.6 Phase 6: unsigncryption

Input:-Public system parameters, \({S}_{{\mathcal{D}}_{\mathrm{R}}}\), \(\Psi\)

Output:-Original message m or \(\perp\)

The receiver with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\) will download the signcrypted ciphertext \(\Psi\) from cloud and perform the following operations to compute the original message m.

  1. 1.

    Compute ѵ = \({S}_{{\mathcal{D}}_{\mathrm{R}} }*{\Psi }_{1}\)

  2. 2.

    Compute ƙ = ℋ3 (ѵ, \({\Psi }_{1}\), \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}},}{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{R}}}\))

  3. 3.

    Compute m = \({\Psi }_{2}\)⊕ƙ

  4. 4.

    Compute \(\mu\) = ℋ4 (m, W, ѵ, \({\Psi }_{1},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}},}{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{R}}}\))

  5. 5.

    Verify whether

$${\Psi }_{3} * { \mathcal{D}} = {\Psi }_{1} + \mu \left( {\sigma_{{{\text{Ps}}}} * M_{Pub} + P_{{{\text{P}}_{{\text{s}}} }} } \right)$$
(2)

Verification of Eq. (2)

Consider LHS, substitute \({\Psi }_{3}\)= \(\rho + \mu * {S}_{\mathrm{Ps}}\)

\({\Psi }_{3}* \mathcal{D}\) = (\(\rho + \mu * {S}_{\mathrm{Ps}}) * \mathcal{D}\)

\({\Psi }_{3}* \mathcal{D}\) = (\(\rho * \mathcal{D}+ \mu * {S}_{\mathrm{Ps}}* \mathcal{D})\)

Substitute \({\Psi }_{1}=\rho * \mathcal{D}\) and \({S}_{\mathrm{Ps}}\) = \({\varphi }_{\mathrm{Ps}}+{\sigma }_{\mathrm{Ps}}* \vartheta\)

\({\Psi }_{3}* \mathcal{D}\)= \(\left({\Psi }_{1}+ \mu * \left({\varphi }_{\mathrm{Ps}}+{\sigma }_{\mathrm{Ps}}* \vartheta \right)* \mathcal{D}\right)\)

\({\Psi }_{3}* \mathcal{D}\)= \(\left({\Psi }_{1}+ \mu * \left({\varphi }_{\mathrm{Ps}}* \mathcal{D}+{\sigma }_{\mathrm{Ps}}* \vartheta * \mathcal{D}\right)\right)\)

\({\mathrm{Substitute }P}_{{\mathrm{P}}_{\mathrm{s}}}\)=\({\varphi }_{{P}_{s}}*\mathcal{D}\) and \({M}_{Pub}\) =\(\vartheta *\mathcal{D}\)

$${\Psi }_{3}* \mathcal{D}={\Psi }_{1}+ \mu ({\sigma }_{\mathrm{Ps}}*{M}_{Pub}+{P}_{{\mathrm{P}}_{\mathrm{s}}})$$

Hence proved.

4 Security model

The proposed HYEC-IBPSC-SGDG-FC scheme should assure confidentiality and unforgeability of original message. Let us consider that there exist an adversary \({\mathcal{A}}_{d}\) for the proposed scheme and \({\mathbb{C}}_{{\text{h}}}\) is a challenger.

Game-1

The following game is played between adversary \({\mathcal{A}}_{d}\) and challenger \({\mathbb{C}}_{{\text{h}}}\) to solve the problem of HYEC-DHP.

Initialization

The challenger \({\mathbb{C}}_{{\text{h}}}\) runs the setup phase to generate the public parameters and a master secret \(\vartheta\).Then \({\mathbb{C}}_{{\text{h}}}\) forward the public parameters to adversary \({\mathcal{A}}_{d}\) and keeps \(\vartheta\) with itself.

Phase 1: Adversary \({\mathcal{A}}_{d}\) executes the following queries which are interdependent.

  1. 1.

    Hash Function query:- Adversary \({\mathcal{A}}_{d}\) can request for any hash function value.

  2. 2.

    Key Extraction query:-Adversary \({\mathcal{A}}_{d}\) selects the unique identity as ID and requests for public and secret key. The challenger \({\mathbb{C}}_{{\text{h}}}\) runs key extraction algorithm and returns the public and secret key to Adversary \({\mathcal{A}}_{d}\).

  3. 3.

    Warrant generation and Delegation query:-The adversary \({\mathcal{A}}_{d}\) sends the request for signing warrant. The challenger \({\mathbb{C}}_{{\text{h}}}\) returns the warrant w and signing warrant Sw

  4. 4.

    Warrant Verification query:-The adversary \({\mathcal{A}}_{d}\) verifies the signing warrant received from challenger \({\mathbb{C}}_{{\text{h}}}\)

  5. 5.

    Proxy Signcryption query:-The adversary \({\mathcal{A}}_{d}\) selects message m and the identities \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) , \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\). The challenger \({\mathbb{C}}_{{\text{h}}}\) executes Proxy Signcryption and sends the signcrypted ciphertext \(\Psi\) to\({\mathcal{A}}_{d}\).

  6. 7.

    Unsigncryption query:-The adversary \({\mathcal{A}}_{d}\) selects the signcrypted ciphertext \(\Psi\) and the identities \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) , \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\). The challenger \({\mathbb{C}}_{{\text{h}}}\) then executes Unsigncryption algorithm and sends result to\({\mathcal{A}}_{d}\).

Challenge: The adversary \({\mathcal{A}}_{d}\) wishes to be challenged on the two messages M0, M1 and identities \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\). The challenger \({\mathbb{C}}_{{\text{h}}}\) produces the random bit Ь \({\in }_{\mathrm{R}}\) {0,1} for which the \(\Psi =\left({\Psi }_{1},{\Psi }_{2},{\Psi }_{3},W\right)\) and sends to\({\mathcal{A}}_{d}\). The adversary \({\mathcal{A}}_{d}\) executes the queries like ℋ queries, Key Extraction query, Warrant generation and Delegation query Proxy Signcryption query and Unsigncryption query.

Guess:-The adversary \({\mathcal{A}}_{d}\) produces he random bit Ь\({\in }_{\mathrm{R}}\) {0,1}. If Ь = Ь the adversary \({\mathcal{A}}_{d}\) wins the game. We have following advantage of \({\mathcal{A}}_{d}\)

Game-2

The following game is played between adversary \({\mathcal{A}}_{d}\) and challenger \({\mathbb{C}}_{{\text{h}}}\) to solve the problem of HYEC-DLP.

Setup

The challenger \({\mathbb{C}}_{{\text{h}}}\) executes the setup algorithm in order to obtain the public parameters and a master secret \(\vartheta\). Then \({\mathbb{C}}_{{\text{h}}}\) sends adversary \({\mathcal{A}}_{d}\) the public parameters .

Queries

Then \({\mathcal{A}}_{d}\) performs polynomial limited number of queries like in HYEC-DHP.

Forgery

Finally, adversary \({\mathcal{A}}_{d}\) generates (\(\Psi\),\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\),\({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\)), In phase 2 the private key for \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) was not asked and the adversary \({\mathcal{A}}_{d}\) wins the game if the output of Unsigncryption (\(\Psi , {S}_{{\mathcal{D}}_{\mathrm{o}}}\),\({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\)) is not\(\perp\).

4.1 Security analysis

In this section the proof of above two games is described. The subsequent Games describes that when the game is played between adversary \({\mathcal{A}}_{d}\) and challenger \({\mathbb{C}}_{{\text{h}}}\) how it provides confidentiality and unforgeability.

Game-1

If the adversary \({\mathcal{A}}_{d}\) possesses the ability to create two genuine jumbled texts in this game and having acceptable advantage \(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\) and execute maximum \({\mathcal{Q}}_{\mathcal{H}\mathrm{i}}\) queries, \({\mathcal{Q}}_{ke}\) key extraction queries includes (\({\mathcal{Q}}_{pk}\), \({\mathcal{Q}}_{sk}\)) Public key and secret key queries respectively. Warrant generation and Delegation query \({\mathcal{Q}}_{gd}\) and proxy signcryption queries \({\mathcal{Q}}_{psc}\). Then challenger \({\mathbb{C}}_{{\text{h}}}\) can solve HYEC-DHP with the advantage of

\({\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)}^{*}\)\(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\) \(\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\left(1-\frac{1}{{2}^{\uplambda }}\right)\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\)

Proof

If the challenger \({\mathbb{C}}_{{\text{h}}}\) selects the two random numbers 1, 2 then the \({\mathbb{C}}_{{\text{h}}}\) has to solve the 1*\(\mathcal{D}\) = 2*\(\mathcal{D}\) = 1* 2*\(\mathcal{D}\) for adversary \({\mathcal{A}}_{d}.\)\(\square\)

Setup: the challenger \({\mathbb{C}}_{{\text{h}}}\) sets  = {\({M}_{Pub}\), \(\mathcal{D},\) ℌƴℇ, ℋ1,2,3,4, n\(\ge {2}^{80}\)} as a public system parameters and sends to adversary \({\mathcal{A}}_{d}.\)

Queries: The adversary \({\mathcal{A}}_{d}\) asks for the subsequent queries.

1 queries: The adversary \({\mathcal{A}}_{d}\) asks for the \(\left({\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},{\sigma }_{\mathrm{i}}\right)\), the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with \({\sigma }_{\mathrm{i}}\) if it exists in the list (ℒℋ1), or else reply with a randomly selected value and add \(\left({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathcal{D}}_{\mathrm{o}}},{\sigma }_{{\mathcal{D}}_{\mathrm{o}}}\right)\) to ℒℋ1.

2 queries: The adversary \({\mathcal{A}}_{d}\) asks for the (\({\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\mathrm{w}\), ѵ, \(\partial\)), the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with \(\partial\) if it exists in the list (ℒℋ2), or else reply with a randomly selected value and add (\({\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\mathrm{w}\), ѵ, \(\partial\)) to ℒℋ2.

3 queries: The adversary \({\mathcal{A}}_{d}\) asks for the (\({\Psi }_{1}, \mathcal{Q}, {\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\) ƙ), the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with ƙ if it exists in the list (ℒℋ3), or else reply with a randomly selected value and add (\({\Psi }_{1}, \mathcal{Q}, {\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\) ƙ) to ℒℋ3.

4 queries: The adversary \({\mathcal{A}}_{d}\) asks for the (\({\mathrm{m},\mathrm{W}, \mathcal{Q},\Psi }_{1},{\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\mu\)), the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with \(\mu\) if it exists in the list (ℒℋ4), or else reply with a randomly selected value and add (\({\mathrm{m},\mathrm{W}, \mathcal{Q},\Psi }_{1},{\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\mu\)) to ℒℋ4.

Key extraction queries: key extraction queries includes (\({\mathcal{Q}}_{pk}\),\({\mathcal{Q}}_{sk}\)) Public key and secret key queries respectively. When adversary \({\mathcal{A}}_{d}\) asks for \({\mathcal{Q}}_{pk}\) if \({\mathrm{ID}}_{\mathrm{i}}\) =\({\mathrm{ID}}_{\mathrm{j}}\), the challenger \({\mathbb{C}}_{{\text{h}}}\) sets \({P}_{\mathrm{i}}\)=\({\mathcal{n}}_{1}*\mathcal{D}\), or else it will execute \({P}_{\mathrm{i}}\)=\({\varphi }_{i}*\mathcal{D}\), where\({\varphi }_{i}\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\). Then update\({\mathcal{L}}_{pk}\). When adversary \({\mathcal{A}}_{d}\) asks for \({\mathcal{Q}}_{sk}\), if \({\mathrm{ID}}_{\mathrm{i}}\) =\({\mathrm{ID}}_{*},\) the challenger \({\mathbb{C}}_{{\text{h}}}\) terminates the execution, or else sets \({S}_{\mathrm{i}=}\) \({\varphi }_{i}+{\sigma }_{\mathrm{i}}* \vartheta\) and reply the adversary\({\mathcal{A}}_{d}\). Then update\({\mathcal{L}}_{sk}\).

Warrant generation and delegation query: The adversary \({\mathcal{A}}_{d}\) asks for the \({\mathcal{Q}}_{gd}\), if \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\)=\({\mathrm{ID}}_{*}\), the the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with W using Warrant generation and Delegation algorithm to the adversary \({\mathcal{A}}_{d}\), or else it calculates ѵ = w+\(\delta \left({\sigma }_{{\mathcal{D}}_{\mathrm{o}}}*{M}_{Pub}+{P}_{{\mathcal{D}}_{\mathrm{o}}}\right)\) where \(\delta ,\) w \(\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\), then set W = (Sw, ѵ, w) and reply to adversary \({\mathcal{A}}_{d}.\)

Proxy signcryption query: If the adversary \({\mathcal{A}}_{d}\) asks and provides Message M with \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\),\({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\), if \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) =\({\mathrm{ID}}_{*}\), then the challenger \({\mathbb{C}}_{{\text{h}}}\) reply as it computes \({\Psi }_{1}=\rho * \mathcal{D}\) and \(\mathcal{Q}= \rho *({\sigma }_{{\mathcal{D}}_{\mathrm{R}}}\) *\({M}_{Pub}\) +\({P}_{{\mathcal{D}}_{\mathrm{R}}}\)) where \(\rho\) \(\in {Z}_{n}\), compute \({\Psi }_{2}\)= m ⊕  ƙ, where ƙ \(\in {Z}_{n}\), compute \({\Psi }_{3}\)= \(\rho + \mu * {S}_{\mathrm{Ps}}\), where \(\mu\) \(\in {Z}_{n}\), and forward \({\Psi }^{*}=\left({\Psi }_{1},{\Psi }_{2},{\Psi }_{3},W\right)\) to adversary \({\mathcal{A}}_{d}\). Or else it replies by calling signcryption algorithm.

Unsigncryption query: If the adversary \({\mathcal{A}}_{d}\) asked, if \({\mathrm{ID}}_{{\mathrm{D}}_{\mathrm{R}}}\) \(\ne {\mathrm{ ID}}_{*}\), then the challenger \({\mathbb{C}}_{{\text{h}}}\) replied by calling unsigncryption algorithm.

Challenge: An adversary \({\mathcal{A}}_{d}\) may outputs two messages M0 and M1, and two identities \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\), if \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) =\({\mathrm{ID}}_{*}\), the challenger \({\mathbb{C}}_{{\text{h}}}\) selects b \(\epsilon\) 0,1 responds as, it calculates \({\Psi }_{1}=\rho * \mathcal{D}\) and \(\mathcal{Q}= \rho *({\sigma }_{{\mathcal{D}}_{\mathrm{R}}}\) *\({M}_{Pub}\) +\({P}_{{\mathcal{D}}_{\mathrm{R}}}\)) where \(\rho\) \(\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\), compute \({\Psi }_{2}\)= m ⊕ ƙ, where ƙ \(\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\), compute \({\Psi }_{3}\)= \(\rho + \mu * {S}_{\mathrm{Ps}}\), where \(\mu\) \(\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\), and send \({\Psi }^{*}=\left({\Psi }_{1},{\Psi }_{2},{\Psi }_{3},W\right)\) to adversary \({\mathcal{A}}_{d}\). Then the adversary \({\mathcal{A}}_{d}\) continue with ℋ queries, Key Extraction query \({(\mathcal{Q}}_{ke}\)), Warrant generation and Delegation query (\({\mathcal{Q}}_{gd}\)), proxy signcryption queries \({(\mathcal{Q}}_{psc}\)) and Un-signcryption query \(({\mathcal{Q}}_{usc}\)).

Guess: An adversary \({\mathcal{A}}_{d}\) may output Ь/ = Ь, then adversary \({\mathcal{A}}_{d}\) is successful and identify the solution for HYEC-DHP instance, or else an adversary \({\mathcal{A}}_{d}\) terminate.

Then challenger \({\mathbb{C}}_{{\text{h}}}\) can solve HYEC-DHP and be successful in challange phase and its probability as \(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\) so we have the probability as.

\({\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)}^{*}\)\(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\) \(\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\left(1-\frac{1}{{2}^{\uplambda }}\right)\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\).

Game 2: The proposed HYEC-IBPSC-SGDG-FC scheme is unforgeable. If an adversary \({\mathcal{A}}_{d}\) has the capability of existential forgery for (EUF- HYEC-IBPSC-SGDG-FC- SPA) selected plaintext attack with acceptable advantage of \(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\). Then the challenger \({\mathbb{C}}_{{\text{h}}}\) can solve HYEC-CDH with the advantage of \({\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)}^{*}\)\(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\left(1-\frac{1}{{2}^{\uplambda }}\right)\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\).

Proof

If the challenger \({\mathbb{C}}_{{\text{h}}}\) gets an instance of HYEC-CDH (\(\mathcal{D}, \mathcal{D}\).\({S}_{{\mathcal{D}}_{\mathrm{o}}}\),\(\mathcal{D}\).\({S}_{\mathrm{Ps}}\)), then the challenger \({\mathbb{C}}_{{\text{h}}}\) has to extract the values of\({S}_{{\mathcal{D}}_{\mathrm{o}}} and {S}_{\mathrm{Ps}}\).\(\square\)

Setup: the challenger \({\mathbb{C}}_{{\text{h}}}\) sets  = {\({M}_{Pub}\), \(\mathcal{D},\) ℌƴℇ, ℋ1,2,3,4, n\(\ge {2}^{80}\)} as a public system parameters and sends to adversary \({\mathcal{A}}_{d}.\)

Queries: The adversary \({\mathcal{A}}_{d}\) asks for \({\mathcal{Q}}_{\mathcal{H}\mathrm{i}}\) queries, \({\mathcal{Q}}_{ke}\) key extraction queries includes (\({\mathcal{Q}}_{pk}\), \({\mathcal{Q}}_{sk}\)) Public key and secret key queries respectively. Warrant generation and Delegation query \({\mathcal{Q}}_{gd}\) and \({\mathcal{Q}}_{psc}\) similar as Game 1.

Forgery: The adversary \({\mathcal{A}}_{d}\) generates the tuple {\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},\) W} or {W, Mw,\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}},}{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\)}. The adversary \({\mathcal{A}}_{d}\) wins the game if the following cases hold.

Case-1: The challenger \({\mathbb{C}}_{{\text{h}}}\) gets two delegation signatures Sw = \(\alpha\) +\(\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\) and \({S}_{w}^{*}\) = \(\alpha\)  + \({\partial }^{*}*{S}_{{\mathcal{D}}_{\mathrm{o}}}\), so we have.

Sw\(\alpha\)\(\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)− (\({S}_{w}^{*}\)\(\alpha\)\({\partial }^{*}*{S}_{{\mathcal{D}}_{\mathrm{o}}}\)) = Sw\(\alpha\)\(\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)- \({S}_{w}^{*}\) + \(\alpha\) + \({\partial }^{*}*{S}_{{\mathcal{D}}_{\mathrm{o}}}\)  = Sw + \({S}_{w}^{*}\) =\({\partial }^{*}*{S}_{{\mathcal{D}}_{\mathrm{o}}}- \partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)  = Sw + \({S}_{w}^{*}\)  = \({(\partial }^{*}- \partial )*{S}_{{\mathcal{D}}_{\mathrm{o}}}\), So the private key can be extracted as \({S}_{{\mathcal{D}}_{\mathrm{o}}}=\frac{{\mathrm{S}}_{\mathrm{w}}+ {S}_{w}^{*}}{{(\partial }^{*}- \partial )}\)

Case-2: The challenger \({\mathbb{C}}_{{\text{h}}}\) gets two delegation signatures \({\Psi }_{3}\)= \(\rho + \mu * {S}_{\mathrm{Ps}}\) and \({{\Psi }_{3}}^{*}\)= \(\rho + {\mu }^{*}* {S}_{\mathrm{Ps}}\), so we have.

\({\Psi }_{3}-\) \(\rho - \mu * {S}_{\mathrm{Ps}}-\)(\({{\Psi }_{3}}^{*}-\) \(\rho - {\mu }^{*}* {S}_{\mathrm{Ps}}\)) = \({\Psi }_{3}-\) \(\rho - \mu * {S}_{\mathrm{Ps}}-{{\Psi }_{3}}^{*}+\) \(\rho +{\mu }^{*}* {S}_{\mathrm{Ps}}\)  = \({\Psi }_{3}+{{\Psi }_{3}}^{*}\)=\({\mu }^{*}* {S}_{\mathrm{Ps}}\)\(\mu * {S}_{\mathrm{Ps}}\) = (\({\mu }^{*}- \mu\))\({S}_{\mathrm{Ps}}\). So the private key can be extracted as \({S}_{\mathrm{Ps}}=\frac{{\Psi }_{3}+{{\Psi }_{3}}^{*}}{{\mu }^{*}- \mu }\)

From the process, we can define 3 events as

E1: The challenger \({\mathbb{C}}_{{\text{h}}}\) is successful in executing queries with the probability of \(\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\)

E2: The challenger \({\mathbb{C}}_{{\text{h}}}\) is successful in proxy signcryption queries \({\mathcal{Q}}_{psc}\) with the probability of \(\left(1-\frac{1}{{2}^{\uplambda }}\right)\)

E3: The \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}={ID}^{*}\) with the probability of \(\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\)

So the collective probability is

\({\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)}^{*}\)\(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\) \(\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\left(1-\frac{1}{{2}^{\uplambda }}\right)\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\)

5 Performance analysis

In this section, the performance analysis of the proposed HYEC-IBPSC-SGDG-FC scheme is discussed. We use the well-known AVISPA tool [25, 26] to discuss the security proof and demonstrate that the proposed scheme is not susceptible to replay and man-in-the-middle attack. It should be noted that for any security protocol, AVISPA only handles replay and man-in-the-middle threats against an attacker.

The HLPSL [18] code is written for the proposed scheme with the different roles like original signer, proxy signer and trusted third party. This code is then executed using SPAN and AVISPA with the backends OFMC and CL-AtSe. We can see that no attacks were discovered by OFMC. In other words, for a limited number of sessions as specified in the role of the environment, the stated security goals were achieved. The proposed protocol is also executed with CL-AtSe backend for bounded number of sessions. The output shows that the protocol is safe under CL-AtSe also. The software resources such as Oracle VM Virtual Box and Security protocol animator (SPAN) are used. The output of AVISPA is shown in Figs. 4 and 5.

Fig. 4
figure 4

OFMC output

Full size image
Fig. 5
figure 5

CL-AtSe output

Full size image

We have done the comparison of our proposed HYEC-IBPSC-SGDG-FC scheme with the existing proxy signcryption schemes [17, 19, 27,28,29,30]. The comparison outcomes are listed in Table 2. We define some notations as follows:

Table 2 Computational cost comparison
Full size table

BPM:-Bilinear Pairing multiplications.

P:-Bilinear Pairing operation.

E:-exponentiation operation.

EPM:- elliptic curve point multiplication.

HDM:- hyperelliptic curve divisor multiplication.

The time required to perform the cryptographic operations are 14.90 ms for pairing operation, 4.31 ms for multiplication operation,1.25 ms for each exponentiation operation, 0.97 ms for elliptic curve point multiplication and 0.48 ms for hyperelliptic curve divisor multiplication.

To assess the computing efficiency of the various systems, we employ a simple technique. For example the scheme proposed by Ming [26] requires 11, 1ℇ and 7 operations. Therefore the total time required for this scheme is 213.41 ms. In similar way the operation time required for each scheme is calculated and listed in Table 2.Hence it can be observed from Table 3, that HYEC-IBPSC-SGDG-FC significantly outperformed the alternative schemes describe in Refs. [18, 19, 26,27,28,29]. The comparison of computational costs in terms of time in milliseconds (ms) for each phase of the IDPSC schemes is shown graphically in Fig. 6

Table 3 Computational cost (millisecond)
Full size table
Fig. 6
figure 6

Comparison of computation cost of alternative schemes with proposed HYEC-IBPSC-SGDG-FC Scheme

Full size image

The comparison of communication cost is described in Tables 4 and 5. To calculate the communication cost we have considered that a single hash value (ℋ) is communicated it takes 512 bits, a message () is considered to be of 2048 bits and a pairing operation (₢) is considered to be of 1024 bits, is considered to be of 160bits and N is considered to be of 80bits.Fig. 7 shows the details of communication cost comparison of various schemes with proposed scheme in bits. Hence it can be seen that the proposed approach outperforms the alternative schemes.

Table 4 Communication cost comparison
Full size table
Table 5 Communication cost (bits)
Full size table
Fig. 7
figure 7

Comparison of communication cost of alternative schemes with proposed HYEC-IBPSC-SGDG-FC Scheme

Full size image

6 Conclusion

For the natural gas distribution environment, we proposed the HYEC-IBPSC-SGDG-FC approach, which is both secure and efficient. In fog computing based SGDG approach, we showed that the proposed technique is able to be utilized to control data access. The privacy, authentication, integrity, and non-repudiation in our system is carried out logically in one step by using the technique of identity based proxy signcryption. As part of our formal security analysis, we proved that the proposed system is exposed to be selected plaintext attack (SPA) sheltered, assuming that the DDH assumption is hard. It is also demonstrated that the projected scheme is existential unforgeable. We also showed that the proposed technique beats the alternative schemes in terms of computing costs in milliseconds (ms) and communication cost in bits for each step of the HYEC-IBPSC-SGDG-FC scheme. The simulation study performed by utilizing AVISPA tool illustrates that HYEC-IBPSC-SGDG-FC is safe under OFMC and CL-Atse backend. The development of an attribute-based signcryption method with PRE for fine-grained access control will be the focus of our future study.