An efficient ID-based cryptographic transformation model for extended chaotic-map-based cryptosystem

Abstract

Recently, the chaos theory has been dealt with as a decent approach to reducing the computational complexity of a cryptographic technique while fulfilling the security necessities. In an ID-based cryptographic system where public keys are distributed to individual users, the application of chaotic maps allows users to set their network addresses or names as their individual public keys. This makes the public key cryptographic technique very user-friendly in that the public key confirmation process can be very informal and direct. In such a design, no huge public key database is required, and therefore, those security issues arising as a result of the existence of a public key database can be avoided. The aim of this article is to go deep into the possibility of transforming a chaotic-map-based cryptosystem into an ID-based technique without having to build a new framework from scratch or to do adjustment to the chaotic maps.

1 Introduction

The research into the world of chaotic maps as well as their applications in the field of cryptography has gained extensive attention in recent years, taking up a mainstream course in the realm of cryptosystems. Chaotic frameworks are mostly characterized by delicate reliance on beginning conditions and closeness to arbitrary behavior, properties which appear to be essentially similar to some required by a few cryptographic primitives (Kocarev 2001; Wei et al. 2017).

In 1976, Diffie and Hellman proposed one of the world’s first public key cryptographic systems in their well-known paper “New Directions in Cryptography” (Diffie and Hellman 1976). Shortly after, Rivest, Shamir and Adlemann proposed the notable RSA cryptosystem (Rivest et al. 1978) and confirmed the practicality of public key cryptosystems. Since then, numerous new cryptosystems have been developed and publicly presented (see Menezes et al. 1997; Stinson 2002 for some related examples). In general, public key cryptography has been recognized as a well-established domain of research and study in the field of information transmission/communication security.

In 1993, in his doctoral dissertation, Hwu (1993) introduced the chaos theory to public key cryptography and presented his chaotic public key cryptosystem design with a one-dimensional difference equation (1DDE) as well as a quadratic difference equation. In addition, Hwu’s framework makes use of ElGamal’s technique (ElGmal 1995) to accomplish the encryption process. Basically, a 1DDE (i.e., reiteration map) is well qualified as a one-way function. The security of this framework relies upon the infeasibility of resolving discrete logarithm (DL) defined over finite fields. Here, a trapdoor, however, can be worked out by letting the real possessor know the reiteration times of the distinction condition.

Kocarev and Tasev (2003) developed a public key cryptographic technique using Chebyshev polynomials defined over real numbers by supplanting the multiplications in traditional procedures with the reiteration of Chebyshev polynomials characterized on real numbers. This work was distinguished both for giving new directions of research to the world of public key cryptography and for bringing in the fundamental mathematical problem of RSA. This solid mathematical problem here is that given an underlying point x and its rth iteration esteem \( {\mathcal{T}}_{r} \left( x \right) \), to locate a huge integer is challenging and just as hard as integer factorization (IF), which is what RSA depends on. Kocarev and Tasev’s work can be applied to do authentication (Mason and Handscomb 2003; Lee et al. 2013a, 2014a; Lee and Hsu 2013), as in Telecare Medicine Information System (Li et al. 2014) as well as Mobile Emergency Medical Care System (Lee et al. 2013b) in addition, Chebyshev polynomials can also be utilized in some key agreement techniques (Lee et al. 2012, 2014b).

ID-based cryptography, on the other hand, is an augmentation of the public key cryptography paradigm, which was first suggested by Shamir (1984) at CRYPTO’84. In order to better understand ID-based cryptography, we start by reviewing how traditional public key systems are usually put to use in real-life applications. First, for the system to run at a reasonable speed, public key cryptographic techniques are usually used in conjunction with a private key cryptographic technique. More precisely, the public key technique is utilized in order to produce a shared encryption key for the secret key scheme, where the encryption key is known to the receiver and the sender in communication. Once this is done, they simply use this common secret key for encrypting the rest of the messages exchanged. This initial stage is usually called a key exchange technique. It can be devised in several ways.

Cocks (2001) utilized a variation of IF to build an ID-based encryption technique. Unfortunately, the technique is ineffective in that a plaintext is encrypted bit-by-bit and thus the length of the ciphertext produced is way too long. After some time Boneh and Boyen (2004) provided an effective ID-based cryptographic technique without ROM that was safe in the selective identity model, and Waters (2005) also proposed a proficient and secure ID-based cryptographic technique without ROM. Meanwhile, Heng and Kurosawa (2006) utilized a polynomial-based model to build an ID-based cryptographic technique. Their technique does not require random oracles and is semantically secure under the DL supposition. Also, Lee and Liao (2004) offered a transformation procedure that can translate DL-based cryptosystems into ID-based cryptographic techniques without having to build up a new framework from scratch. Meshram et al. (2012a, b, c) presented some new efficient ID-based cryptographic techniques and ID-based mechanisms using DL, GDL and IF. The security of these techniques relies on the difficulty of solving DL, GDL and IF simultaneously. Meshram and Meshram (2011, 2013, 2017) proposed new variants of the ID-based beta cryptographic technique and offered a transformation method to transfer a public key cryptographic technique into an ID-based cryptographic technique without having to develop a new ID-based framework. In addition, Meshram (2015a, b, c) presented a new provably secure ID-based cryptographic protocol, a new variant of ID-based beta cryptographic technique and an efficient technique based on IF and DL. The efficiency of Meshram’s works can be compared to that of ElGamal’s cryptosystem (ElGmal 1995). Besides, Meshram and Obaidat (2015) also offered a new ID-based system that was a quadratic-exponentiation randomized cryptographic scheme. Most recently, Meshram et al. (2016) proposed a new ID-based cryptographic technique based on partial discrete logarithm. Liu et al. (2017) purposed efficient encryption using subtree for fuzzy-entity data sharing under cloud computing environment, and Meshram et al. (2017a, b) presented a new secure key authentication technique for public key cryptography and efficient ID-based cryptographic technique using GDL and IF.

Our contribution: This article offers an efficient transformation model that can translate a chaotic-map-based cryptosystem into a secure ID-based cryptographic scheme without having to build up a new framework from scratch. In particular, our new model comes with a key generation stage that operates at extremely low computation complexity. In addition, with our new model, no adjustment needs to be done to the original chaotic maps in the cryptosystem. By transforming a chaotic-map-based cryptosystem into an ID-based cryptographic scheme, our new model offers the secure ID-based scheme the same kind of convenience and user-friendliness the original chaotic-map-based cryptosystem provides, as now individual users get to pick their own names or network addresses as their public keys. This makes public key confirmation extremely natural and direct. In such a model, no huge public key database is needed. Besides, we also provide an efficient reductionist security proof against the selective identity adaptive chosen ciphertext attack (IND-sID-CCA) by Canetti et al. (2003) in the ROM.

Structure of the article: The rest of this article is organized as follows: Firstly, some background materials will be given in Sect. 2. Then, our efficient ID-based cryptographic transformation model will be presented in Sect. 3. Then, an example of how the proposed model works will be shown in Sect. 4 to help confirm the practicality of the model. After that, the security properties of the new model will be analyzed in Sect. 5. Then, in Sect. 6, we will see how the proposed model compares with some other protocols in terms of efficiency performance. Finally, the conclusion will be given in Sect. 7.

2 Background materials

In this section, we review the Chebyshev polynomial and extended chaotic maps, both of which we will utilize as parts of the proposed scheme. After that, we shall specify some required security notions, respectively.

2.1 Chebyshev chaotic maps

In this subsection, we take a look at Chebyshev polynomials (Mason and Handscomb 2003) and see how they work as illustrated in Fig. 1. Chebyshev polynomial \( {\mathcal{T}}_{r} \left( x \right) \) is a polynomial in the variant of x with degree n. Let \( x \)\( \in \left[ { - 1, 1} \right] \) be the variant and \( n \) be an integer. The Chebyshev polynomial is specified by

$$ {\mathcal{T}}_{n} \left( x \right) = \cos \left( {n \times \arccos \left( x \right)} \right), $$

$$ {\mathcal{T}}_{0} \left( x \right) = 1 $$

$$ {\mathcal{T}}_{1} \left( x \right) = x $$

$$ {\mathcal{T}}_{n} \left( x \right) = 2x{\mathcal{T}}_{n - 1} \left( x \right) - {\mathcal{T}}_{n - 2} \left( x \right); \quad n \ge 2 $$

Here, \( \arccos \left( x \right) \) and \( \cos \left( x \right) \) are trigonometric functions (Bergamo et al. 2005) characterized as \( \text{arcos}: \left[ { - 1, 1\left] { \to } \right[0,\pi } \right] \) and \( \cos : R \to \left[ { - 1, 1} \right]. \) A few cases of Chebyshev polynomials for n =1, 2, 3, 4, 5 are illustrated in Fig. 1.

Fig. 1

Chebyshev polynomials

Chebyshev polynomials have two significant properties (Han and Chang 2009; Li et al. 2017): the chaotic property and the semigroup property.

1. (1)

   The chaotic property:

The Chebyshev polynomial map, defined as \( {\mathcal{T}}_{r} : \left[ { - 1, 1\left] { \to } \right[ - 1, 1} \right] \) with degree \( n > 1 \), is a chaotic map with its invariant density function being \( f^{*} \left( x \right) = \frac{1}{{\left( {\pi \sqrt {1 - x^{2} } } \right)}} \) for some positive Lyapunov exponent \( \lambda = {\text{In }}n > 0 \).

1. (2)

   The semigroup property:

\( {\mathcal{T}}_{w} \left( {{\mathcal{T}}_{l} \left( x \right)} \right) = \cos \left( {w \cos^{ - 1} \left( {\cos \left( {l \cos^{ - 1} \left( x \right)} \right)} \right)} \right) = \cos \left( {wl \cos^{ - 1} \left( x \right)} \right) = {\mathcal{T}}_{lw} \left( x \right) = {\mathcal{T}}_{l} \left( {{\mathcal{T}}_{w} \left( x \right)} \right) \), where \( w \) and \( l \) are positive integers and \( x \in \left[ { - 1, 1} \right]. \)

Chebyshev polynomials come with two challenges, which are considered to be hard to handle within polynomial time:

1. (1)

   Given two components \( x \) and \( y \), the assignment of the DL is to find the integer \( w \) with the end goal \( {\mathcal{T}}_{w} \left( x \right) = y \).

2. (2)

   Given three components \( x \), \( {\mathcal{T}}_{w} \left( x \right) \), and \( {\mathcal{T}}_{l} \left( x \right) \), the assignment of the Diffie–Hellman problem (DHP) is to calculate the component \( {\mathcal{T}}_{wl} \left( x \right) \).

2.2 Extended chaotic maps

Zhang (2008) demonstrated that the above semigroup property holds for Chebyshev polynomials within the interval \( \left( { - \infty , + \infty } \right) \), which can be enhanced by:

$$ {\mathcal{T}}_{n} \left( x \right) = \left( { 2x{\mathcal{T}}_{n - 1} \left( x \right) - {\mathcal{T}}_{n - 2} \left( x \right)} \right) \left( {\bmod \,q} \right) $$

where \( n \ge 2 \), \( x \in \left( { - \infty , + \infty } \right) \), and \( q \) is a prime number. Now we consider recurrence equation \( {\mathcal{T}}_{n} \left( x \right) = 12{\mathcal{T}}_{n - 1} \left( x \right) - {\mathcal{T}}_{n - 2} \left( x \right)) \left( {\bmod \,13} \right) \) with \( {\mathcal{T}}_{0} \left( x \right) = 1 \) and \( {\mathcal{T}}_{1} \left( x \right) = 6 \), where \( q = 13. \) Then \( {\mathcal{T}}_{n} \left( x \right) \) generated by this recurrence is 1, 6, 6, 1, 6, 6,… Its period is \( {\mathcal{T}} \) = 3 (Chen et al. 2012; Meshram et al. 2018). Obviously,

$$ {\mathcal{T}}_{w} \left( {{\mathcal{T}}_{l} \left( x \right)} \right) \equiv {\mathcal{T}}_{lw} \left( x \right) \equiv {\mathcal{T}}_{l} \left( {{\mathcal{T}}_{w} \left( x \right)} \right) \left( {\bmod \,q} \right), $$

so the semigroup property still holds, and the enhanced Chebyshev polynomials also commute under composition. Now we consider recurrence equation \( {\mathcal{T}}_{n} \left( x \right) = \left( {2^{131} {\mathcal{T}}_{n - 1} \left( x \right) - {\mathcal{T}}_{n - 2} \left( x \right)} \right) \left( {\bmod \,(2^{130} + 7)} \right) \) with \( {\mathcal{T}}_{0} \left( x \right) = 1 \) and \( {\mathcal{T}}_{1} \left( x \right) = 2^{130} \), where \( q = 2^{130} + 7. \) Then \( {\mathcal{T}}_{n} \left( x \right) \) generated by this recurrence as below table (Chen et al. 2012; Meshram et al. 2018).

\( n \)	\( {\mathcal{T}}_{n} \left( x \right) \)
2	276350163825134130984024071869462216704
3	1039683198921322055717709420856678023168
4	1152244783873809830411690210056778809344
5	1164071919187354590884341147753577971712
6	1254725722161536169166953951337782444032
7	939844861111050535260748695617199407104
8	45559776274841150240913805300992049152
9	767388050443263617908949049536120094720
10	765975301349993996335937120326362595328
11	765975301349993996335937120326362595328
12	765975301349993996335937120326362595328
13	765975301349993996335937120326362595328

2.3 Security notions

The chosen ciphertext attack (IND-CCA) (Hwan et al. 2004; Kiltz and Vahlis 2008) is the standard security challenge a public key cryptographic technique has to be tried out against. Boneh and Franklin (2003) reinforced chosen ciphertext security for ID-based cryptographic technique by presenting IND-ID-CCA, where a foe \( \mathfrak{F} \) gets to adaptively pick an objective public key to attack even if it is not the general identity pre-chosen by the challenger. Indeed, IND-ID-CCA is the most demanding security requirement imposed on an ID-based cryptographic technique, for it gives the foe the greatest possible convenience and power to attack. Canetti et al. (2003) then characterized another security notion for ID-based cryptographic techniques where the foe must submit an early signal to notify it will attack. We refer to this kind of attack as IND-sID-CCA. Now we specify IND-CCA and IND-sID-CCA as follows:

Definition 2.2.1

A public key cryptographic technique is said to be IND-CCA secure if \( \exists \) no probabilistic polynomial time (PPT) foe \( \mathfrak{F} \) has a non-negligible advantage (Hwan et al. 2004; Kiltz and Vahlis 2008), as illustrated in Fig. 2.

Fig. 2

Diagrammatic depiction of IND-CCA

Definition 2.2.2

An ID-based cryptographic technique \( {\mathcal{I}} \) is said to be IND-sID-CCA secure if \( \exists \) no PPT foe \( \mathfrak{F} \) has a non-negligible advantage (Canetti et al. 2003), as illustrated in Fig. 3.

Fig. 3

Diagrammatic depiction of IND-sID-CCA

3 Proposed transformation model

In this section, we shall present our new model that can transfer a chaotic-map-based cryptosystem into an ID-based cryptographic scheme. Please pay special attention to our key generation stage, as it is what really makes a difference. By effectively formulating private keys, chaotic-map-based cryptosystems can be transformed into ID-based cryptographic schemes in a straightforward way.

3.1 Setup phase

1. 1.

   PKG picks any \( k \) users that will not collaborate together. The security limitation \( k \) then decides the minimum bit size of the user’s identity.

2. 2.

   Let \( q \) be a huge safe prime, s.t. \( p|\left( {q - 1} \right) \)(Shao 2007) and \( \log_{2} p > k \) (Lee and Liao 2004), and also let \( G_{y,q} = \left\{ {y^{0} ,y^{1} , \ldots ,y^{p - 1} } \right\} \) be a subgroup of multiplicative group \( Z_{q}^{*} \) with prime order \( p \), where \( y \) is a generator with prime order \( p \) (Shao 2007). Assume that \( v \) and \( u = {\mathcal{T}}_{v} \left( y \right)\left( { \bmod \, q} \right) \) are the secret key and public key of PKG.

3. 3.

   PKG randomly selects secret information \( \left\{ {s_{1} ,s_{2} , \ldots , s_{k} } \right\} \), where \( \mathop \sum \nolimits_{i = 1}^{k} s_{i} < p \), and the corresponding public information is given by \( \left\{ {{\mathcal{P}}_{1} , {\mathcal{P}}_{2} , \ldots ,{\mathcal{P}}_{k} } \right\} \), where \( {\mathcal{P}}_{i} = {\mathcal{T}}_{{s_{i} }} \left( y \right)\left( { \bmod \,q} \right), \forall i \in \left( {1,k} \right) \).

4. 4.

   Each user \( U \) has a unique \( k \)-bit identity \( id_{U} = \left( {id_{U1} ,id_{U2} , \ldots , id_{Uk} } \right) \), where \( id_{Ui} \)\( \in \left\{ {0, 1} \right\} \), \( \forall i \in \left( {1,k} \right) \).

5. 5.

   Define the hash function \( : \left\{ {0, 1} \right\} \to Z_{q}^{*} . \)

Since \( \log_{2} p > k \); if \( p \) and \( q \) are 160 and 512 bits prime number, respectively, the maximal bit length of \( k \) is therefore 159 bits. Instead, the maximum threshold value we can characterize is 159. This obviously impacts the applications for the model. Hence, the choice of a suitable parameter depends not just on the quality of the chaotic maps but also on the number of members that will not plot together.

3.2 Key generation phase

Without loss of generality, suppose some user \( U \) wishes to start the procedure. Then, PKG and \( U \) go through the key generation phase to produce the private key. Figure 4 illustrates how the private key is generated.

Fig. 4

Private key generation (PKG)

1. 1.

   An user \( U \) sends PKG his/her hashed identity \( \left( {id_{U} } \right) = \left( {\hbar_{U1} ,\hbar_{U2} , \ldots , \hbar_{Uk} } \right) \), where \( \hbar_{Ui} \)\( \in Z_{q}^{*} \), \( \forall i \in \left( {1,k} \right) \).

2. 2.

   PKG checks whether an identity \( \left( {id_{U} } \right) \) conforms to a specific arrangement. In the event that the identity checks out, then PKG utilizes its secret info to calculate \( s_{U} = \mathop \sum \nolimits_{i = 1}^{k} s_{i} \hbar_{Ui} \left( {\bmod \,p} \right) \) and

$$ \kappa_{U} = v*s_{U} {\mathcal{P}}_{U} \left( {\bmod \, p} \right) , $$

(3.2.1)

where \( {\mathcal{P}}_{U} = \mathop \prod \nolimits_{i = 1}^{k} {\mathcal{T}}_{{\hbar_{Uk} }} \left( {{\mathcal{P}}_{i} } \right)\left( { \bmod \,q} \right) \).

1. 3.

   PKG secretly sends \( \kappa_{U} \) to \( U \) as \( U \)’s private key.

2. 4.

   \( U \) checks whether the condition \( {\mathcal{T}}_{{\kappa_{U} }} \left( y \right) = u{\mathcal{T}}_{{{\mathcal{P}}_{U} }} \left( {{\mathcal{P}}_{U} } \right)\left( { \bmod \, q} \right) \) holds, where \( {\mathcal{P}}_{U} = \prod\nolimits_{i = 1}^{k} {{\mathcal{T}}_{{\hbar_{Uk} }} \left( {{\mathcal{P}}_{i} } \right)\left( { \bmod \, q} \right)} \) can be derived from public info with no dispute.

The correctness of above equation can be proven as follows.

$$ \begin{aligned} & {\mathcal{T}}_{{\kappa_{U} }} \left( y \right)\left( { \bmod \,q} \right) = {\mathcal{T}}_{{\left( {v* s_{U} {\mathcal{P}}_{U} } \right)}} \left( y \right)\left( { \bmod \,q} \right) \\ & \quad = {\mathcal{T}}_{v } \left( y \right)*({\mathcal{T}}_{{{\mathcal{P}}_{U} }} \left( {{\mathcal{T}}_{{s_{U} }} \left( y \right)} \right)\left( { \bmod \,q} \right) = u {\mathcal{T}}_{{{\mathcal{P}}_{U} }} \left( {{\mathcal{P}}_{U} } \right)\left( { \bmod \,q} \right) \\ \end{aligned} $$

Note: \( {\mathcal{P}}_{i} = {\mathcal{T}}_{{s_{i} }} \left( y \right)\left( { \bmod \, q} \right), \forall i \in \left( {1,k} \right) \). (Setup phase 3.1 point 3)

3.3 An ID-based transformation model

Through the key generation process, a chaotic-map-based cryptographic system can be straightforwardly transferred into an ID-based cryptographic system. Given a huge safe prime \( q \) such that \( p|\left( {q - 1} \right) \) accompanied by a global parameter \( y \in Z_{q}^{*} \), the chaotic-map-based system (CMS) can be defined as \( {\text{CMS}} = \left\{ {\left( {q,y,v, u} \right):u = {\mathcal{T}}_{v} \left( y \right)} \right\} \), where \( q \), \( y \), \( u \) and \( v \) are public and secrete keys, respectively. The proposed ID-based cryptographic transformation technique goes as follows:

1. a.

   Describe the configuration of the identity

As the biggest feature of an ID-based cryptographic technique, users simply utilize their identities as their public keys. Therefore, the first step is to check whether the identity matches a specific predetermined configuration.

1. b.

   Compute the private key as indicated by the key generation process

A user \( U \), for instance, will obtain her/his \( \kappa_{U} \) as is produced through the key generation phase. As a result, both \( \left\{ {s_{1} ,s_{2} , \ldots , s_{k} } \right\} \) and \( u \) will go public in the proposed scheme. In such a design, everybody can simply calculate the analogous public assessment of \( U \) by computing: \( {\mathcal{U}}_{U} = {\mathcal{T}}_{{\kappa_{U} }} \left( y \right) = u{\mathcal{T}}_{{{\mathcal{P}}_{U} }} \left( {{\mathcal{P}}_{U} } \right)\left( { \bmod \,q} \right), \) where

$$ {\mathcal{P}}_{U} = \mathop \prod \limits_{i = 1}^{k} {\mathcal{T}}_{{\hbar_{Uk} }} \left( {{\mathcal{P}}_{i} } \right)\left( { \bmod \, q} \right) $$

(3.2.2)

In view of that, the proposed transformation procedure translates chaotic-map-based cryptosystems into ID-based cryptographic schemes using chaotic maps, where \( \kappa_{U} \) is kept as a private key and \( {\mathcal{U}}_{U} \) is the corresponding public key.

As the user’s identity is the only key included in the transformation procedure, our new model is indeed capable of transforming any chaotic-map-based cryptosystem into an ID-based cryptographic scheme.

4 Example

In this section, we give an example of how our new model actually works. Suppose we have a signature scheme based on chaotic maps. Let \( m \) be a text that \( U \) desires to sign, \( v_{U} \) is \( U \)’s private key, and \( u_{U} = {\mathcal{T}}_{{v_{U} }} \left( y \right)\left( {\bmod q} \right) \) is the analogous public key. With the key pair (KP) \( \left\{ {\left( {q, y, v_{U} , u_{U} } \right) : u_{U} = {\mathcal{T}}_{{v_{U} }} \left( y \right)\left( {\bmod q} \right)} \right\} \) along with a private arbitrary number \( r \in Z_{p}^{*} \), the signature scheme based on chaotic maps can be formulated as:

\( {\text{Sig}}_{KP} \left( {m,r} \right) = \left( {w, b} \right) \), where \( w = {\mathcal{T}}_{r} \left( y \right)\left( {\bmod q} \right) \) and \( b = \left( {\frac{m}{{rv_{U} w}}} \right) \left( {\bmod p} \right) \)

For \( m, w \in Z_{q}^{*} \) and \( b \in Z_{p}^{*} \), the verification is formulated as follows:

$$ {\text{Ver}}_{KP} \left( {m,w, b} \right) = {\text{true}} \Leftrightarrow {\mathcal{T}}_{m} \left( y \right) = {\mathcal{T}}_{b} \left( w \right) {\mathcal{T}}_{w} \left( {u_{U} } \right) \left( {\bmod \,q} \right) $$

The correctness of the above equation can be confirmed as follows:

$$ \begin{aligned} & {\mathcal{T}}_{b} \left( w \right) {\mathcal{T}}_{w} \left( {u_{U} } \right) \left( {\bmod \,q} \right) = {\mathcal{T}}_{b} \left( {{\mathcal{T}}_{r} \left( y \right)} \right){\mathcal{T}}_{w} \left( {{\mathcal{T}}_{{v_{U} }} \left( y \right)} \right)\left( {\bmod \,q} \right) \\ &\quad = {\mathcal{T}}_{br} \left( y \right){\mathcal{T}}_{{wv_{U} }} \left( y \right)\left( {\bmod \, q} \right)\\ &\quad = {\mathcal{T}}_{{m* (v_{U} w)^{ - 1} }} \left( y \right){\mathcal{T}}_{{wv_{U} }} \left( y \right)\left( {\bmod \, q} \right) = {\mathcal{T}}_{m} \left( y \right) \\ \end{aligned} $$

To outline our concept, the novel ID-based signature scheme using chaotic maps will go as follows:

1. 1.

   Describe the identity arrangement for \( U \) as \( \left( {id_{U} } \right) \).

2. 2.

   Through the key generation phase, \( U \), for instance, will obtain her/his secrete value \( \kappa_{U} \). Now \( KP = \left\{ {\left( {q, y, v_{U} , u_{U} } \right) : u_{U} = {\mathcal{T}}_{{v_{U} }} \left( y \right)\left( {\bmod q} \right)} \right\} \) is transformed into an ID-based cryptographic model as \( {\text{IDKP}} = \left\{ {\left( {q, y,\kappa_{U} , {\mathcal{U}}_{U} } \right): {\mathcal{U}}_{U} = {\mathcal{T}}_{{\kappa_{U} }} \left( y \right)\left( {\bmod q} \right) } \right\} \), where \( \kappa_{U} \) can be found as Eq. (3.2.1), and \( {\mathcal{U}}_{U} \) can be figured out by Eq. (3.2.2). Along these lines, the original signature scheme using chaotic maps can be transformed as \( {\text{Sig}}_{KP} \left( {m,r} \right) = \left( {w, b} \right) \), where \( w = {\mathcal{T}}_{r} \left( y \right)\left( {\bmod q} \right) \) and \( b = \left( {\frac{m}{{rv_{U} w}}} \right) \left( {\bmod p} \right) \)

For given \( m, w \in Z_{q}^{*} \) and \( b \in Z_{p}^{*} \), the verification is characterized as:

$$ {\text{Ver}}_{KP} \left( {m,w, b} \right) = {\text{true}} \Leftrightarrow {\mathcal{T}}_{m} \left( y \right) = {\mathcal{T}}_{b} \left( w \right) {\mathcal{T}}_{w} \left( {{\mathcal{U}}_{U} } \right) \left( {\bmod q} \right) $$

By the same token, we can undoubtedly implant the idea of ID-based cryptography into new signature techniques, such as the ElGamal signature (ElGmal 1995) and DL-based signature techniques (Tsujii and Itoh 1989), by using chaotic maps.

5 Security investigation

In this section, we shall analyze the security of our new model. To confirm that our transformation model is capable of translating a well-designed, secure chaotic-map-based scheme into an equally strong and robust ID-based cryptosystem, we used a reductionist method to try the ID-based system out against IND-sID-CCA in the ROM. The results demonstrated that our proposed technique is IND-sID-CCA secure on the condition that the inputted cryptosystem using chaotic maps is IND-CCA secure.

Theorem 1

Let be a random oracle. The proposed ID-based cryptosystem using chaotic maps is IND-sID-CCA secure if the original cryptosystem using chaotic maps is IND-CCA secure. To be more specific, assume that\( \exists \)an IND-sID-CCA foe\( \mathfrak{F} \)that has advantage\( \epsilon\left( k \right) \)in contradiction to the ID-based cryptosystem using chaotic maps. Then\( \exists \)an IND-CCA foe with an advantage of at least\( \epsilon\left( k \right) \)in contradiction to the cryptosystem using chaotic map. Its running time is\( O( \)time\( \left( {\mathfrak{F}} \right)). \)

Proof

The primary concept of the confirmation here is to develop an IND-CCA foe to pick up the advantage in contradiction to the cryptosystem using chaotic maps in an IND-CCA game.

Toward the start of the game, the IND-CCA challenger creates \( PK = \langle q,y, u\rangle \) and a \( SK \)\( v \) that fulfills \( u = {\mathcal{T}}_{v} \left( y \right)\left( {\bmod q} \right) \). The challenger offers \( PK \) to foe F, then F stands an IND-CCA attack utilizing the assistance of procedure \( \mathfrak{F} \) as follows:

Initialization stage: The foe yields an identity \( id_{\text{ch}} \) which it wants to be challenged.

Setup stage: The challenger enters the setup procedure. The foe is now provided with the scheme parameters. It preserves the master key to itself.

h-Inquiries: To react to a h-inquiry, F keeps up a list of tuples \( \langle id_{{{\mathfrak{F}}i}} , {\mathcal{U}}_{{{\mathfrak{F}}i}} , \kappa_{{{\mathfrak{F}}i}} \rangle \) which we allude to as list \( {\mathcal{L}} \). The list is first unfilled. When \( \mathfrak{F} \) requests for at a point \( id_{{{\mathfrak{F}}i}} \), F reacts as follows:

1. 1.

   On the off chance that the inquiry shows up on list \( {\mathcal{L}} \) in a tuple \( \langle id_{{{\mathfrak{F}}i}} , {\mathcal{U}}_{{{\mathfrak{F}}i}} , \kappa_{{{\mathfrak{F}}i}} \rangle \), then reacts with \( \left( {id_{{{\mathfrak{F}}i}} } \right) = u_{{{\mathfrak{F}}i}} . \)

2. 2.

   Otherwise, if \( \langle id_{{{\mathfrak{F}}i}} \ne id_{\text{ch}} \rangle \), F produces an arbitrary \( \kappa_{{{\mathfrak{F}}i}} \in Z_{q}^{*} \) and processes \( {\mathcal{U}}_{{{\mathfrak{F}}i}} = {\mathcal{T}}_{{\kappa_{{{\mathfrak{F}}i}} }} \left( y \right)\left( {\bmod q} \right) \), else F sets \( \kappa_{{{\mathfrak{F}}i}} = \mu \) and \( {\mathcal{U}}_{{{\mathfrak{F}}i}} = u \). Here \( \mu \) is a special symbol.

3. 3.

   F adds the tuple \( \langle id_{{{\mathfrak{F}}i}} , {\mathcal{U}}_{{{\mathfrak{F}}i}} , \kappa_{{{\mathfrak{F}}i}} \rangle \) to \( {\mathcal{L}} \) and gives \( {\mathcal{U}}_{{{\mathfrak{F}}i}} \) back to \( \mathfrak{F} \).

Stage 1-Extraction inquiries: At the point when \( \mathfrak{F} \) requests for the private key related to \( id_{{{\mathfrak{F}}i}} \), F runs the above procedure and gets \( \left( {id_{{{\mathfrak{F}}i}} } \right) = u_{{{\mathfrak{F}}i}} \), where \( \langle id_{{{\mathfrak{F}}i}} , {\mathcal{U}}_{{{\mathfrak{F}}i}} , \kappa_{{{\mathfrak{F}}i}} \rangle \)is the corresponding entry in \( {\mathcal{L}} \). As \( {\mathcal{U}}_{{{\mathfrak{F}}i}} = {\mathcal{T}}_{{\kappa_{{{\mathfrak{F}}i}} }} \left( y \right)\left( {\bmod q} \right) \), F can recover the real private key \( \kappa_{{{\mathfrak{F}}i}} \) for \( id_{{{\mathfrak{F}}i}} \). The extraction inquiry on \( id_{\text{ch}} \) will be repudiated.

Stage 1-Decryption inquiries: Let \( \langle id_{{{\mathfrak{F}}i}} , {\mathcal{C}}_{i} \rangle \) be a decryption inquiry delivered by \( \mathfrak{F} \), where \( {\mathcal{C}} \) is the ciphertext of the chaotic-map-based cryptosystem. F reacts to the inquiry as follows:

1. 1.

   In the event that \( \langle id_{{{\mathfrak{F}}i}} \ne id_{\text{ch}} \rangle , \rangle \), then F runs the h-inquiry procedure with the end goal that \( \langle id_{{{\mathfrak{F}}i}} , {\mathcal{U}}_{{{\mathfrak{F}}i}} , \kappa_{{{\mathfrak{F}}i}} \rangle \) be the relating tuple on \( {\mathcal{L}} \). Then it utilizes \( \kappa_{{{\mathfrak{F}}i}} \) to react to the decryption inquiry.

2. 2.

   In the event that \( \langle id_{{{\mathfrak{F}}i}} = id_{\text{ch}} \rangle \), then F runs the decryption inquiry with \( \langle {\mathcal{C}}_{i} \rangle \) and after that transfers the challenger’s reply back to \( \mathfrak{F} \).

Challenge: Once \( \mathfrak{F} \) decides that Stage 1 is finished, it yields \( {\mathcal{M}}_{0} \),\( {\mathcal{M}}_{1} \in \left( { - \infty , + \infty } \right) \), which it wants to be challenged on. F then reacts as follows:

1. 1.

   F provides the challenger with \( {\mathcal{M}}_{0} \) and \( {\mathcal{M}}_{1} \). The challenger reacts with the cryptosystem’s chaotic maps \( {\mathcal{C}} \) s.t. \( {\mathcal{C}} \) is the encryption of \( {\mathcal{M}}_{a} \) for an arbitrary coin \( a \in \left\{ {0, 1} \right\}. \)

2. 2.

   F runs the h-inquiry procedure to get \( u \in Z_{q}^{*} \) with the end goal that \( \left( {id_{\text{ch}} } \right) = u \) and replies \( {\mathcal{C}} \) to \( \mathfrak{F} \).

Stage 2-Extraction inquiries: F reacts the same way as in Stage 1, with the exception of the extraction inquiry on \( id_{\text{ch}} \), which will be rejected.

Stage 2-Decryption inquiries: F reacts similarly as in Stage 1 with the exception of the decryption inquiry \( \langle id_{{{\mathfrak{F}}i}} ,{\mathcal{C}}\rangle \), which will be denied.

Guess: \( \mathfrak{F} \) ultimately yields a guess \( a^{\prime } \) for \( a \). Foe F yields \( a^{\prime } \) as its guess for \( a \).

The reactions to h-inquiries are just the same as what will happen in real attacks. Meanwhile, every reaction is consistently and freely dispersed in \( Z_{q}^{*} \). The entire reactions to \( SK \) extraction inquiries and decryption inquiries are legitimate, so F will not abort throughout the duration of the simulation; namely the probability of immaculate simulation is 1. After these, we can presume that foe \( \mathfrak{F} \) has successfully played the role of the adversary and has launched a real attack. Through the explanation of procedure \( \mathfrak{F} \), we have come to the result \( \left| {\Pr \left[ {a = a^{\prime } } \right] - 1/2} \right| \ge \epsilon\left( k \right) \), along these lines F has at least advantage \( \epsilon\left( k \right) \) against the cryptosystem using chaotic maps. This confirms hypothesis 1 and terminates the proof.

6 Comparison to other schemes

In this section, we will compare a competing model such as Lee and Liao (2004) and Meshram and Meshram (2013) transformation model, and our proposed model. Notations utilized as a part of this analysis are as shown below: \( {\mathbb{T}}_{\text{mul}} \), \( {\mathbb{T}}_{ \exp } \),\( {\mathbb{T}}_{\text{hash}} \), and \( {\mathbb{T}}_{\text{chaotic}} \) denoted the time executing for a modular multiplication; a modular exponentiation in group; a one-way hash function and a Chebyshev chaotic map operation, respectively. It is to be noted that encryption and decryption procedures are the dominating processes in terms of computation cost than setup and extract phases as they are executed only once. Thus, we consider only the encryption and decryption phase as whole process of model and accordingly compare the proposed transformation model with Lee and Liao’s transformation model (Lee and Liao 2004) and Meshram and Meshram transformation model (Meshram and Meshram 2013). The comparative results are shown in Table 1. Utilizing the experimental outcomes obtained in (Algehawi and Samsudin 2010; Ibrahim et al. 2016), we have the accompanying computation time, which are mapped to the hashing time as the time unit:\( {\mathbb{T}}_{\text{hash}} = \)\( {\mathbb{T}}_{\text{chaotic}} , \)\( {\mathbb{T}}_{\text{mul}} = 2.5{\mathbb{T}}_{\text{hash}} \) and \( {\mathbb{T}}_{\exp } = 600{\mathbb{T}}_{\text{hash}} \). Therefore, in terms of computational complexity, we have the accompanying relationship: \( {\mathbb{T}}_{\text{hash}} \approx {\mathbb{T}}_{\text{chaotic}} < {\mathbb{T}}_{\text{mul}} < {\mathbb{T}}_{ \exp } \). The executing time for \( {\mathbb{T}}_{\text{hash}} \) is 0.503 ms (Ibrahim et al. 2016). It may be noticed that the displayed transformation model using extended Chebyshev chaotic map devised in this paper exhibits lower computational cost than (Lee and Liao 2004; Meshram and Meshram 2013) and provably secure in random oracle than (Lee and Liao 2004).

Table 1 Comparisons between our proposed transformation model and other models

7 Conclusion

In this article, we have shown how to develop an efficient ID-based cryptographic transformation technique that is built on the foundation of a chaotic-map-based cryptosystem without changing the original public key cryptosystem configuration. To avoid the trouble and possible threats of designing a new ID-based cryptographic technique over from the very beginning, we decided to use chaotic maps to help with ID-based cryptographic transformation. We have proved that our new model is secure under IND-sID-CCA in the ROM. This arrangement can be straightforwardly conveyed to an existing system at a very low computation cost. Combining the strengths and advantages of both chaotic maps and ID-based cryptography, our new model is vastly applicable and offers high level security.