CGST: Provably Secure Lightweight Certificateless Group Signcryption Technique based on Fractional Chaotic Maps

In recent years, there has been a lot of research interest in analysing chaotic constructions and their associated cryptographic structures. Compared with the essential combination of encryption and signature, the signcryption scheme has a more realistic solution for achieving message confidentiality and authentication simultaneously. However, the security of such schemes is questionable when deployed in modern safety-critical systems, especially as billions of sensitive user information is transmitted over open communication channels. To address this limitation, a lightweight, provably secure certificateless technique that uses Fractional Chaotic Maps (FCM) for group-oriented signcryption (CGST) is presented. The main feature of the CGST-FCM technique is that any group signcrypter may encrypt data/information with the group manager (GM) and have it sent to the verifier. They can verify the legitimacy of the signcrypted information/data using the public conditions of the group, but they cannot link it to the conforming signcrypter. In this scenario, valid signcrypted information/data cannot be produced by the GM or any signcrypter in that category alone. The GM is allowed to reveal the identity of the signcrypter when there is a legal conflict to restrict repudiation of the signature. The CGST-FCM technique is found to be protected from the indistinguishably chosen ciphertext attack (IND-CCA). The computationally difficult problem has been used to build unlinkability, traceability, robust security, and unforgeability. The security investigation of the presented CGST-FCM technique shows commendable consistency and very high efficiency when used in real-time security applications.


I. INTRODUCTION
The study of chaotic structures and their potential cryptographic designs has sparked much research interest in recent years [1]- [3]. The behaviours of certain cryptographic primitives are fundamentally similar to that of chaotic frameworks, which are represented by their sensitive reliance on random operations and initial situations in the vicinity [4]- [6]. Information security is essential in modern wireless communication systems to protect critical information/data since most people communicate over a public network [7], [8]. In order to secure sensitive information/data, it must be secreted from unauthorized access, know who sent the message, protect the message from alteration, and be available to a legitimate user whenever they need the message [9]. Correspondingly, encryption techniques can guarantee secrecy, while digital signature-based approaches can guarantee honesty and authenticity [3]. In the traditional approach, the sender always had to sign the text first and then encrypt it before sending the documents to the appropriate destination. The signature then the encryption procedure is a common name for this subject. However, this approach has some inherent disadvantages, such as requiring more machine sequences and computational resources, which decreases the performance of the framework ultimately [10]. To address the flaws inherent in the traditional schemes, Zheng [11] proposed signcryption, which combines encryption and signature in a single stage. The scheme is built on the public key infrastructure (PKI) [2]. However, the procedure has certain drawbacks, such as certificate distribution, storage, and production issues. To address these shortcomings inherent in the scheme proposed by Zheng [11], Lee [12] came up with the identity-based signcryption (IBS), which combines the capabilities of identity-based encryption and identity-based signature into a single scheme. Several IBS techniques were implemented in [13]- [16] after the first IBS technique in the emerging literature. However, key escrow has been identified as a key challenge for several identity-based signcryption techniques. In the emerging works of literature, Barbosa and Farshim [17] projected a certificateless signcryption to avoid the key escrow issue, which instantaneously satisfies the properties of certificateless encryption and signature in a single phase. Following the technique in [17], another certificateless signcryption scheme (CLSC) [18] was proposed. However, the CLSC technique was used in the random oracle model. Additionally, a robust CL-PKC signcryption technique was reported by Aranha et al. [19] to support signatures that can be checked publicly. This scheme, which adapts the Discrete Logarithm (DL) and Computational Diffie-Hellman (CDH) principles, is quite similar to the certificateless signcryption scheme proposed by Wu and Chen [20]. In 2018, Luo and Wan [21] presented a practical and implementable CLSC scheme. In the standard model, the technique is deemed provably secure and stable. Furthermore, the technique also met indistinguishability against adaptive selective ciphertext attack and existential unforgeability. The proposed scheme achieved the known session-specific temporary information security with more robust protection and shorter ciphertext duration. Remarkably, the authors pointed out that most existing signcryption techniques in the standard model could not provide this level of security. Rastegari et al. [22] examined the certificateless signcryption technique projected by Luo and Wan [21] and discovered a fundamental flaw in the construction of the scheme. In order to fill the gap in Luo and Wan, a CLSC scheme with KSSTIS was suggested in [21]. In order to secure communication over wireless body area networks (WBANs), a similar certificateless signcryption scheme was recently created by Guo [23]. Furthermore, Gao et al. [24] suggested another scheme suitable for use in WBANs. Based on the hardness of the DL and CDH problems, mathematical calculations were performed to prove the correctness of the scheme, and the results show that the technique achieves unforgeability and confidentiality in the random oracle model.
Mandal et al. [25] developed a three-factor certificateless signcryption-based user access control technique appropriate for internet (IoT) deployment. The scheme uses three authentication factors: a user's password, a mobile device and biometrics. Under the real-or-random (ROR) model, the AVISPA tool was used to test the security of the technique. Interestingly, the scheme outperforms the preliminary methods by a large margin. Wu et al. [26] present a Type I adversary attack to test the security of the scheme proposed by Shim [27]. It was discovered that the adversary could forge a legal certificateless signature on any message by replacing the public key of the signer. It is worth mentioning that the CLSC technique proposed by Wu et al. [26] shows an improvement over the scheme reported in [27]. The scheme was found to resist adversarial attacks in several scenarios consistently.
Previous literature works demonstrate that current certificateless signcryption schemes have varying security features and lower computational overheads. However, when exposed to several high-level adversarial attacks, most existing schemes show limited existential unforgeability. Additionally, the applications of the schemes in group signcryption have received inadequate treatment in the existing works of literature. Furthermore, we have not found any literature that uses Fractional Chaotic Maps (FCM) to build certificateless group signcryption schemes, which is critical to overcoming the vast limitations of current certificateless signcryption schemes. Toward this end, the current paper introduces an FCM-based certificateless group signcryption technique (FCM-CGST) to address the shortcomings of the preliminary schemes.

A. CONTRIBUTIONS
The major contributions of the paper are the following: a) Using FCM, we demonstrated an effective certificateless group signcryption technique. b) In contrast to other techniques, the proposed Certificateless Group Signcryption Technique (CGST-FCM) has the lowest storage expense. c) The key innovation in our proposed work is that, while maintaining high performance, the proposed CGST-FCM also provides high-level security. d) Comprehensive security testing has shown that our new CGST-FCM is secure against Type-I and Type-II attacks from the indistinguishably chosen ciphertext attack (IND-CCA) under the Fractional Chaotic Maps-Diffie-Hellmann problem (FCM-DHP). e) The proposed CGST-FCM can be easily implemented in various low-power, low-processing-power devices, such as smart cards, etc.

B. ORGANIZATION
The remaining part of this article is structured as follows: The background and material are discussed in Section II. The implementation of the proposed FCM-CGST is covered in Section III. In Section IV, we demonstrated the security inquiry of the proposed FCM-CGST technique. The efficiency of the projected FCM-CGST scheme is compared in Section V. The application of the proposed technique is described in Section VI. Finally, Section VII concludes the proposed work and offers predictions for the future.

II. BACKGROUND AND MATERIAL
Before going into the existing inquiry on the certificateless group signcryption approach employing fractional chaotic maps (FCM-CGST), the basic principles [28], [29] pertaining to the work are discussed in this section. This is done to describe the research gap properly. First, a Chebyshev chaotic map implementation with a short lifespan is described. A fractal Chebyshev polynomial, fractal chaotic maps utilizing the minimum approach, and other techniques employed in this work follow. The symbolization used in the paper is listed in Table 1.

A. CHEBYSHEV CHAOTIC MAPS
Two fundamental prerequisites in the evolution of cryptographic systems are ambiguity and dispersion. Chaotic frameworks are suitable for accomplishing uncertainty and diffusion possessions in cryptography because of their sensitivity to primary conditions, pseudo-randomness, and ergodicity. As a result, chaotic maps have created several symmetric and asymmetric key cryptosystems [30]- [32].

Chaotic map:
In the variation , the CSP Ʈ ( ) is andegree polynomial. Assume that ∈ [−1, 1] is the edition and that is a large integer. The following is what CSP entails in general [4], [33], [34]: By definition, the recurrence relation of the Chebyshev polynomial assumes In this case, the functional Semi-group characteristics: The semi-group property of the Chebyshev polynomial Ʈ ( ) is defined as follows: , where ƪ and ℓ are positive integers and ∈ [− , ].
Public-key cryptography (PKC) based on the Chebyshev polynomial map semigroup property is not stable, according to Bergamo et al. [5]. Additionally, Zhang [35] demonstrated that the semigroup property holds an interval (−∞, +∞), which can enhance the property as broached: where ∈ (−∞, +∞) and 1 is a big prime. As a result, the property is: , and additionally, the semi-group characteristic is kept. Here, it is worth highlighting that extended Chebyshev polynomials commute in conformation.

B. FRACTAL CHAOTIC MAPS (FCM)
Historically, the Fractal Calculus (FC) was called a local fractional calculus [38], [39]. However, fractional calculus clinched possessions and takes precedence over the related preparation: Assume that the formal expression for a random fractionalorder [0, 1] defines the fractional difference operator. It can be approximated using the formula.
Using the FC definition to generalise the polynomial Ʈ ( ), the following construction is achieved: FCP represents the Fractal Chebyshev polynomial (see Fig.1).

Characteristics of Fractal Chaotic Maps:
Two of the soothing properties of FCP are described as follows: Chaotic characteristic of FCM: The Fractal Chaotic Maps [39] fulfil the recurrent relations under the chaotic characteristic, i.e., When → 0 is employed, the usual significant effect found in Yang et al. [40] is elaborated clearly.

III. THE PROPOSED FRACTIONAL CHAOTIC MAPS BASED CERTIFICATELESS GROUP SIGNCRYPTION TECHNIQUE (CGST-FCM)
Currently, e-commerce technology is rapidly growing, and billions of online transactions are possible worldwide. As a result, employing open wireless channels for onlinebased commercial transactions raises several security concerns. Sophisticated security techniques are primarily desired to protect user-information over these safety-critical channels. As a result, we require an efficient certificateless group signcryption mechanism to enhance the security of ecommerce technologies. Therefore the requirement for the proposed CGST-FCM becomes critical.
The proposed CGST-FCM includes a group of clients ( Ǥ ∶ 1 … ), where everyone can signcrypt a message with the GM as a representative of the group and KGC. Figure 2 depicts the proposed CGST-FCM system model. The proposed CGST-FCM has six phases, which are described as follows:

A. SETUP
The KCG picks an integer = 1 * 1 where 1 , 1 , are big primes consuming the secure prime techniques [41], [42]. Then, they pick as a GF( 1 ) generator. The GM is then given and .

B. PARTIAL PRIVATE KEY GENERATION
The KGC carries out this operation. At this point, the KGC picks a as its secrete factor and their identity . Then, they evaluate a whose safety is ensured by solving extended chaotic maps. Figure 3 shows the architecture of the client key generation, verification, key generation, and signcryption framework.

Private Key Generation (PKG):
The following are the PKG metrics: The GM chooses three private exponents Ƴ , ɗ and , and then determines the private and public keys of the group elucidated in the following equations. The GM then makes public ( , ,  , , , Ǥ ) while keeping secret (Ƴ, ɗ, Ǥ ) as their secret key.

C. CLIENTS KEY CREATION (CKC)
The GM and the signcrypter are in this stage. The following are the stages of this level. VOLUME XX, 2021 1 Stage 1. Any signcrypter, after finding the public factor, chooses a private parameter Ⱳ ∈ * on behalf of the group and determines as follows: = Ʈ Ⱳ ( )( ) Then they send the to the GM over a secure channel. Stage 2. After determining the estimate of , the GM picks a secrete factor ɑ ∈ * and estimates 1 , 2 , 3 as follows:

D. SIGNCRYPTION
The client will encrypt the information/text on behalf of the group at this argument. A client first selects a ɳ ∈ * the secret factor then determines the following: Cipher (ɕ) and key ( ).

E. VERIFICATION
After discovering the signcrypted information, the verifier checks the legitimacy of the signcrypted information; they must first find the message. To locate a message, the verifier assesses the subsequent stages: Otherwise, they would deny the message as being invalid. The verifier checks the validity of the message as soon as it is identified.
The verifier will construct the signcrypted information/text of the message if this happens.

F. OPENING
If the sender has a legal dispute, the GM will identify the sender.

IV. SECURITY INVESTIGATIONS OF THE PROPOSED CGST-FCM TECHNIQUE
This section provides a formal security framework for the projected CGST-FCM. Consequently, two kinds of adversaries are considered, and the security examination of the projected technique is described as follows. Theorem 1. This theorem states that the signcrypted text/information/ created by the presented CGST-FCM is correct. Proof. This theorem exhibits the exactness characteristic of the presented CGST-FCM technique.
As a consequence of Eq. (3), we can see that The proposed CGST-FCM scheme is seen to be correctly implemented. Theorem 2. The projected CGST-FCM also has traceability features, such that the GM can only open the client identifier that has to sign up the signcrypted text. Proof. We understand that the identity of a client can be obtained as = / 1 as a result of eq, (5). Let Consequently, the traceability assets of the presented CGST-FCM technique are fulfilled. Theorem 3. The presented CGST-FCM can withstand Type-I and II attacks using the FCM-CDHP, as described below. Definition 1 (Type I Attack). A foe cannot obtain the master secret key ( 1 ) with access to the device. However, ( 1 ) may substitute public keys, remove private key and PPK, and create a signcrypted text. Proof. The game is played among the ( 1 ) foe and the (ß) challenger in the Type-I attack. The communication among them is comprised of the steps mentioned as follows. PPKG: At this point, the challenger runs the setup process to produce a KGC's ( ) and a ( ) public factor corresponding to the KGC's identity ( ), then, when he asks for it, the challenger (ß) sends ( ) to the foe ( 1 ).

Key generation (KG):
The challenger (ß) calculates a (Ƴ) secret value following the GM's identity ( ), in the KG phase, then estimates the Ǥ using the secret key and PPK and sending it to the foe. Demand public key: The foe will now appeal to the public key for any . After getting the appeal, the challenger computes the assessment of the Ǥ and sends it to the foe. VOLUME XX, 2021 1 Replace public key: After acquiring the challenger's public key, the foe generates a new Ƴ 1 hidden assessment and replaces the challenger's public key with their own (Ǥ 1 ). Signcryption: The client chooses some private values for signcrypt, while a challenger message requires GM's public key and the novel text. Then, the challenger submits the signed text = (Ʋ, ɕ, , 1 , 2 ) on message 1 consistent with a public key for the of the sender to the foe compatible with the GM's public key. If the designcrypt inquiries show that Designcrypt ( 1 , 1 , Ƴ 1 , 1 , 1 ) is equal to 1, the attacker wins the game, but the foe does not break the security because the foe cannot inquire about the signcryption on the message 1, and the foe also cannot inquire about the private key for an 1 . Definition 2. (Type II Attack). In a Type-II attack, the foe ( 2 ) has retrieved the master key but cannot substitute any client's public key. Proof. The game is played among the challenger (ß) and the foe ( 2 ). PPKG: At this point, the challenger runs the setup process to produce KGC's ( ) and a ( ) public factor using the of KGC and then sends the public key and the secrete keys to a foe. The attacker would then be able to guess the PPK. KG: The challenger (ß) then estimates a (Ƴ ) hidden assessment following the GM's identity ( ), determines the Ǥ with the use of private key and PPK, and sends it to the foe ( 2 ). Demand public key: Following that, the challenger fixes the public key of GM and delivers it to the foe upon request. Signcryption: Following a public key for the GM's public key and the sender's identity, the challenger can now assess a signcrypted text 1 = (Ʋ, ɕ, , 1 , 2 ) on 1 message and provide it to the foe ( 2 ). If the designcrypt inquiries show that Designcrypt ( 1 , 1 , 1 , 1 , 1 ) is equal to 1, the attacker wins the game, but the foe does not break the security because the foe cannot inquire about the signcryption on 1 message and cannot inquire about the secret key for a 1 . It has also been shown that the presented system is resistant to Types-I and II attacks. Theorem 4. The projected CGST-FCM fulfils the property of unlinkability. Proof: After finding the group signcrypted info (Ʋ, ɕ, , 1 , 2 ) for , the verifier approves the signcrypted info by utilizing the group's Ǥ public information and as shown in Eq. (4). If the verifier takes substitute signcrypted info (Ʋ′, ɕ′, ′, 1 ′ , 2 ′ ) for the message ′. There are no similar variables in the two signcrypted info/texts (Ʋ, ɕ, , 1 , 2 ). The verifier must check the GM to know the of the signcrypter.
Additionally, the projected CGST-FCM has five variables, namely (ɑ, ɳ, Ʋ, , Ⱳ), to conceal the accurate assessment of the group's signcrypted text/information. Consequently, decipher the estimates of (ɑ,ɳ, Ʋ) from the signcrypted information. As a result, a foe would never connect a signcrypted information to the conforming signcrypter.

V. PERFORMANCE COMPARISON
Concerning the computational cost, we compare our approach to lately existing certificateless signcryption techniques such as that of Yu and Yang [43], Zhou [44], Lin et al. [45], Cao and Ge [46], and Luo and Ma [47]. Based on the communication expense, the efficiency of the presented CGST-FCM technique is assessed. Based on the output, the costs of the signcryption and verification stages are compared. It has been noted that, in comparison to the installation and extraction stages, the signcryption and verification phases require more computational resources. As a result, the comparison analysis focuses on the computational cost of the signcryption and verification stages.
Here, we used six notations of time complexity in this comparisons study, which are represented as follows: , ℎ , , ℎ , , , and described performance time for modular exponentiation in the modular multiplication, Chebyshev chaotic map operation, elliptic curve scale multiplication, a one-way hash function, modular inverse operation, and bilinear pairing operation, respectively. The relations between ℎ , , , , , and with respect to ℎ ( ℎ = 0. 32 ) have been established in [39], [48]- [50]. In addition, we provide the findings of our evaluation in this section. On a four-core 3.2 GHz computer with 8 GB of RAM, the results averaged 300 randomized simulation runs [51]. The studies were carried out using our MATLABcreated simulator. The following relationship exists, and the order of computational complexity of the contending metrics are given as follows: ℎ ≈ ℎ , ≈ 2.5 ℎ , ≈ 7.5 ℎ , ≈ 72.5 ℎ , ≈ 600 ℎ , ≈ 1550 ℎ and ℎ ≈ ℎ < < < < < . Table 2 shows the key consuming operations of the projected CGST-FCM technique and the standing techniques. There are also assessments of computational costs defined in milliseconds, as provided in Fig. 4.
The overall communication expense of the proposed certificateless group signcryption technique is the lowest, as the estimation results in Table 2 and Fig. 5 indicate. The proposed certificateless community signcryption technique outperforms the rest of the existing methods in terms of running time. Table 2. Assessments with reference to major operations.

VI. APPLICATION OF THE PROPOSED CGST-FCM TECHNIQUE
The proposed CGST-FCM technique will find useful applications in e-commerce, which is fast-growing globally.
Nowadays, billions of online transactions are conducted in real-time seamlessly. Consequently, there are growing concerns for transmitting sensitive user information across open wireless channels. Therefore, the security of critical user information via online transactions becomes imperative. The projected CGST-FCM scheme is well-equipped with sophisticated security features to guarantee user data authentication, security, and unforgeability over these open wireless channels. Last, the proposed CGST-FCM scheme is ready-to-use and applicable in electronic commerce and other emerging platforms.

VII. CONCLUSION
This paper projected a lightweight, provably secure certificateless group signcryption technique using FCM. The proposed CGST scheme has robust security against an IND-CCA attack in the FCM. The projected CGST-FCM preserves all anticipated features of a certificateless signcryption procedure with a group signature technique. This technique tests the validity of the signcrypted text, anonymity of the client, and non-repudiation of the signcryption method. The complexity of solving two challenging computational problems comprising the Fractional Chaotic Maps-Discrete Logarithm Problem (FCM-DLP) and the Fractional Chaotic Maps-Diffie-Helmann Problem (FCM-DHP), guarantees the security of this technique. The proposed CGST-FCM technique can be used in various low-power devices with minimal processing power resources, such as smart cards. However, the only limitation of the fractional chaotic maps-based technique is sample selection. Future work would focus on an efficient ecash system leveraging the proposed CGST-FCM scheme to address sample selection issues. Additionally, an experimental implementation of the proposed lightweight security scheme will be carried out in our future work.