OOS-SSS: An Efficient Online/Offline Subtree-Based Short Signature Scheme Using Chebyshev Chaotic Maps for Wireless Sensor Network

Wireless sensor network (WSN) is a network system that involves spatially distributed devices such as wireless sensor nodes. As the data collected by the sensor nodes and transmitted through WSNs are mostly sensitive, confidential, or personal data, secure information transmission is a critical challenge, and one of the most significant security requirements is authentication. The digital signature plays a key role in ensuring data integrity, authentication and non-repudiation. In this article, we shall present an efficient, high security level online/offline subtree-based short signature scheme (OOS-SSS) using Chebyshev chaotic maps for WSN fuzzy user data sharing over a Galois field. The proposed scheme is secure in an environment of random oracle unforgeability under chosen message attack (UF-SBSS-CMA). Notably, our new design has made multiple-time usage of offline storage possible, enabling the signer to reuse offline pre-info in polynomial time instead of having only one single attempt as in the currently available online/offline signing schemes. In addition, based on our OOS-SSS design, we can build up an aggregation scheme for wireless sensor network settings. Also, the proposed scheme can be extended with some applications attached to it to allow users to register messages and implement them on WSN. Lastly, our performance comparison reveals that the proposed scheme has the lowest computational cost among six competing schemes.


I. INTRODUCTION
Wireless Sensor Networks (WSNs) have made rapid progress in recent years and have been widely applied by various kinds of businesses, healthcare centers, institutes of ecological and environmental research, as well as government and military organizations. [1]- [5]. A WSN is a network system of spatially distributed devices such as wireless sensor nodes that can be used to monitor and record physical or environmental The associate editor coordinating the review of this manuscript and approving it for publication was Kai Li . conditions such as temperature, sound, and motion. In WSNs, the sensor nodes can collect their own raw data, process the data locally, and jointly send information to one or more collection points (base stations). As the data collected by the sensor nodes and transmitted through WSNs are mostly sensitive, confidential, or personal data, secure information transmission is a critical challenge, and one of the most significant security requirements is authentication. The digital signature plays a key role in ensuring data integrity, authentication and non-repudiation. A WSN domain generally includes a large number of sensor nodes and base stations [6]. Compared with VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ mobile ad hoc networks [7], [8], WSNs are fragile against a comprehensive range of attacks due to the open manner of wireless communication. In WSN apps, therefore, confirming sensor data is essential [9]- [12]. In recent years, the inquiry into chaotic constructions and their conceivable cryptographic systems has been the focus of tremendous research interest. Chaotic systems are truly defined by their sensitive dependence on the initial conditions and their random operations in the vicinity, both of which are fundamentally similar to the behavior of some cryptographic primitives [13].
In 1989, Even et al. [14] introduced the concept of online/offline signatures. In an online/offline signature scheme, the signing of a message is broken into two phases with the first, more computation-demanding and timeconsuming phase executed offline beforehand and the second, much faster phase carried out online at the point of signing the message. Even et al. created a general construction that was able to transform any digital signature scheme into an online/offline signature scheme ( [14]); however, the method is not very practical as it lengthens each signature by a quadratic factor. Then, in 2001, as a response to the impracticality of Even et al. 's 1989 scheme, Shamir and Tauman [15] introduced a new conceptual idea called ''hash-sign-switch'' to more efficiently convert any signature scheme into an online/offline signature scheme. As a generalized method, this hash-sign-switch mechanism does transform signature schemes to online/offline signature schemes regardless of the types. To address certain types of signature schemes specialized for some particular applications, some researchers have proposed their own designs [16]- [20], among which [19] is the most efficient [18], while Kurosawa and Schmidt-Samoa's work featured the possibility of constructing online/offline signature schemes without random oracles [16]. All the above schemes focused, however, on the standard public-key-based setting without engaging in identity-based settings. Since about a decade ago, some identity-based signature techniques based on pairing have been released in [21]- [24]. On the other hand, Galindo and Garcia [25] adapted Schnorr's signature to create an identitybased signature scheme for a discrete log environment that does not require pairing.
In 2006, Xu et al. [26] first raised the concept of identitybased online/offline signatures and multisignatures. Xu et al. offered an identity-based online/offline signature scheme and then converted it to an identity-based online/offline multisignature scheme. Using the pairing technique, Xu et al.'s scheme can be applied to different routing protocols. However, later on Li et al. [27] demonstrated that Xu et al.'s 2006 scheme was actually weak against the forgery attack and so was flawed in security. In fact, to date a truly secure online/offline identity-based short signature (IBSS) technique is yet to be found in the literature concerned. On the other hand, chaotic cryptography has been applied in the creation of secure communication techniques since 1990s [13], [28], [29]. Chaotic maps are now essential to various symmetric encryption methods [30]- [33], hash functions [34], [35], and S-boxes [36]. Lately, many chaotic schemes have been released concerning key agreement methods [37]- [40], authentication techniques [41], [42] and telecare medicine information systems [43]- [45].
In 2013, Chain and Kuo [46] offered a digital signature scheme based on chaotic maps. Since then, quite some new methods based on chaotic cryptography such as authentication schemes [47], identity-based encryption schemes [48]- [55] and signature schemes [56]- [58] have been proposed. Recently, Meshram et al. proposed an online/offline IBSS technique using partial discrete logarithm in [56] that allows the signer to reapply the offline information that has already been processed in polynomial time as opposed to the single-time implementations in all the online/offline signature schemes prior to it. In addition, Meshram et al. also proposed an aggregation scheme for WSNs in [58].
The online/offline signature scheme is the best choice for WSNs when it comes to computational economy in the process of signature generation. According to Even et al. [14], the major advantage of an online/offline signature scheme is that the process of generating a signature is broken into two phases. The offline phase, which happens before the real action and therefore can be performed leisurely, deals with all the resource-demanding computations, while the online phase, which takes place right when the signature is being generated, is actually the most lightweight part of the scheme as far as computation is concerned. In a WSN, the offline stage can be implemented at the base station, and the online stage is to be implemented in the sensor nodes. The online phase is usually fast and can be performed by low power devices such as the sensor nodes in a WSN. This will result in increased overheads for communication. By using bilinear pairing, Gao et al. [12] introduced a modified online/offline identity-based signature operation for WSNs. Ling et al. [59] also presented a one-time password authentication scheme for WSN applications. WSNs have been widely accepted and put in use for a vast variety of purposes such as military sensing, wild animal tracking, environmental surveillance, as well as health monitoring etc. [60]- [64]. In WSNs [65], data security is vital. Recently Kumar et al. [66] proposed an efficient certificateless signature scheme and certificateless aggregate signature scheme for Vehicular Ad hoc Network and demonstrate that the presented certificateless aggregate signature scheme preserves the conditional privacy, in which message generated by a vehicle is mapped to a distinct pseudo-identity. Kumar et al. [67] introduced an efficient certificateless public key cryptography and, it removed the complexity of certificate management from public key cryptography as well as the key escrow problem inherited from identity-based cryptography. The aggregate signature scheme also featured is a map of many to one that maps multiple signatures to a single signature on various messages. Meshram et al. [68] proposed a subtree-based transformation model for cryptosystem based on chaotic maps for fuzzy user data sharing under cloud computing environment.
Our contribution: The main contribution of this study can be stated in the following aspects: We propose a secure and efficient online/offline subtree-based short signature scheme (OOS-SSS) using Chebyshev chaotic maps for WSN under fuzzy user data sharing over a Galois field. The proposed scheme is secure in an environment of the random oracle model with unforgeability under chosen message attack (UF-SBSS-CMA). The design of the proposed scheme allows the signer to enter the offline storage multiple times to reuse the offline pre-info in polynomial time as opposed to the one time only limit in the prior online/offline signature schemes. We developed an efficient subtree-based aggregation scheme which is an extension of OOS-SSS for wireless sensor network settings. We show how to extend the system to allow an individual user to register various messages and implement them on WSN.
The proposed scheme has the lowest computational cost among six competing schemes.
Article structure: The rest of this paper is organized as follows. The basic pre-requisites are given in Section II. Then, our new secure, efficient online/offline subtree-based short signature scheme (OOS-SSS) using Chebyshev chaotic maps under fuzzy user data sharing for WSN over Galois field will be detailed in Section III, followed by the security examinations and discussions in Section IV and the performance analysis in Section V. Then, in Section VI, our aggregation scheme extended from OOS-SSS for WSN will be presented. After that, Section VII will deal with the fundamental setting of the proposed scheme for WSNs. Finally, the conclusion will be given in Section VIII.

II. BACKGROUND AND RELATED INFORMATION
In this section, we shall first lay out the notations we use in our new scheme, namely OOS-SSS using Chebyshev chaotic maps under fuzzy user data sharing for WSN over Galois field. Then, we shall briefly introduce the mathematical definitions and theorems the design of our new scheme is based on, including some basic concepts of trigonometry in Galois fields as well as Chebyshev polynomials over Galois fields.

A. NOTATIONS
Our OOS-SSS using Chebyshev chaotic maps under fuzzy user data sharing for WSN is a novel attempt. The notations we will utilize in our scheme are as follows.
If there is no uncertainty, we use [y, z] for the shorthand of {y, y + 1, . . . , z}, and [y] for [1, y]. For every where is an identity vector, let S = { 1 , . . . , } be a set of identities ( ) that includes all identities performing in . We define as the location records of in the tree structure of the model. The predicted receivers form a subtree in a tree-structured identity-based encryption technique [69]. The identity vectors and the locations of their receivers are integrated into T in the tree structure. The root node must be covered by any legitimate T. This represents the fact that the PKG is managing the structure. Similarly All through this article, we expect that calculations over GF( ), where = p , being a positive integer and p being an odd prime, are completed modulo an irreducible polynomial f (z) with degree whose coefficients are in GF( ).
The accompanying lemma 1 of [73] is likewise critical to the description of the -cosine function. The proofs of lemmas, propositions and theorems are discussed in [73].
As outlined in Example 1, despite the fact that ξ 1 ∈ GI( ) is a unimodular component by extreme multiplicative order ( + 1), the function arccos ξ 1 ( ) is not characterized for each ∈ GF( ). To calculate the inverse -cosine function of the components included in GF( ) but not in I ξ 1 , we need to choose a component ξ 2 ( = ξ 1 ) that satisfies I ξ 1 ∪ I ξ 2 = GF( ). Such a component is indicated by the following theorem.

C. CHEBYSHEV POLYNOMIALS OVER GALOIS FIELDS
In the same way the discussions go in [74], the definition of Chebyshev polynomials over Galois fields can be given using the -cosine function [73] that is in immaculate relationship with the well-established common definition of Chebyshev polynomials over the field of real numbers [75].
Definition 4: The Chebyshev polynomials related to those that are already established over GF( ) are characterized in the following way: Eq. (3) compares to the -cosines of the products of an arc. It produces the polynomials of degree n to as far as -cosines of the respective arc [75]. When we consider the example of a Galois field, it can be achieved by combining Definition 4 with the arcs formula in [72] as follows: where ∈ GF( ), n ∈ N , T 0 ( ) = 1 and T 1 ( ) = . Chebyshev polynomials modulo = f ( ) have the following periodicity: Proof: From Definition 4, we have: Using the expansion of arcs formula, we can rephrase the statement as: T tN ±n ( ) = cos ξ (tN × arccos ξ ( ))cos ξ (n ×arccos ξ ( )) ∓ sin ξ (tN ×arccos ξ ( ))sin ξ (n × arccos ξ ( )) As ord(ξ ) = N , using Definition 2 of [46], we come to cos ξ (tN × arccos ξ ( )) = 1 and sin ξ (tN × arccos ξ ( )) = 0. Subsequently, the last condition is reduced to: T tN ±n ( ) = cos ξ (n × arccos ξ ( )) = T n ( ) The limitation that Definition 4 requires ∈ I ξ can be lifted if we want to estimate T n ( ) for individual values of n, with a prime power . In this sense, Eq. (4) can be utilized not depending upon the estimation of -trigonometric functions.
Chebyshev polynomials have two significant properties [76]: the chaotic property and the semi-group property.

III. THE PROPOSED ONLINE/OFFLINE SUBTREE-BASED SHORT SIGNATURE SCHEME
In this section, we shall detail the new efficient OOS-SSS using Chebyshev chaotic maps under fuzzy user data sharing over Galois field that we have designed. The scheme is composed of five procedures.
A. SETUP a. Let ∈ GF be a global parameter such that = 0, 1 and Galois fields generated from the primitive polynomial . b. Select an arbitrary ← GI such that = 0, 1. c. Calculate ← T ( ) (mod ). d. Choose chaotic hash functions such that : Sup(T) → GF( ). The master public key (mpk) and master private key (msk) are given by { , , , } and .

Given a client's identity
∈ Sup (T), the private key is generated by executing the following steps: a. Select at random (mod ). The pair ( , ) is the client's private key.

D. ONLINE SIGNING
In the online phase, the signer performs the following steps to register a message m ∈ [−1, 1] using ( , ): a. Select ← GI( ) arbitrarily so that is the th bit of The signature of m is χ ← (D, , x).

E. VERIFICATION
To verify a signature χ ← (D, , x) on m and , the verifier performs the two steps below: a. Calculate γ ← DT c ( ) T c ( ) (mod ). b. If γ = γ then signature is accepted, or else this is not.

F. CONSTANCY OF THE ALGORITHM
The accurately produced private key should fulfil the equality below: For constancy of algorithm, note that D = T ( ) (mod ).
We have:

IV. SECURITY EXAMINATIONS AND DISCUSSIONS
To demonstrate the security of our new OOS-SSS using Chebyshev chaotic maps over Galois field under fuzzy user data sharing, we apply the security proofs contributed by Bellare et al. [77].
And Q − hashing queries, Q − signing queries and Q E − extraction queries are the quantity of chaos. Here τ is the time for an operation of exponentiation.
Proof: Assume that ∃ a foe F. We develop an algorithm that depends on the utilization of F to solve Chebyshev chaotic maps over Galois field. The algorithm is provided with a GF( ) that comes with a global parameter and a variable λ ∈ GF( ). Algorithm is tested to find ϑ ∈ GI in such a way that T ϑ ( ) (mod ) = λ. We apply [77]'s approach.
Setup: takes a chaotic hash function , which is similar to a random oracle behavior. is liable for the simulation of this reformation process. assigns a variable ← λ and yields the public parameter (x, , , ) to F. Extraction Oracle inquiries: F is allowed to inquire for ∈Sup (T) in the extraction oracle. re-creates the oracle. It requires random , t ∈ GI and sets: yields ( , ) as a private key for ∈Sup (T) and stores the consistency evaluation ( , ( , ), , ) in list.
Signing Oracle inquiries: The foe F makes an inquiry for ∈Sup (T) and signs a message. Algorithm checks whether ∈Sup (T) has been inquired for in oracle or the extraction oracle in the past. If yes, it will only improve the list ( , , ( , )) as indicated in the table. Then algorithm uses these estimates to sign the message by performing the signing procedures. It generates the signature (D, , x) on the message and maintains the list of (D, , m) for reliability in the chaotic hash table. If ∈ Sup (T) is not requested to extract the oracle, then starts the extraction oracle simulation procedure by exhausting the private key to sign the message.
Output Computation: Eventually, foe F produces a fake signature χ * 1 = D * , * , x * 1 on * ∈ T * and m * , where T * is the challenge subtree. The algorithm reverses F to the view that it makes an inquiry (D * , * , m * ) and provides another value to the justified. Foe F produces a few other signatures χ * 2 = D * , * , x * 2 . Algorithm rehashes again and obtains χ * 3 = D * , * , x * 3 . Note that D * and * must inevitably be the same. We let n 1 , n 2 , n 3 be created three times in a row from the random oracle inquiries (D * , * , m * ).
For each , , ∈ GI( ), we now project Chebyshev chaotic maps of , and D over the Galois field respectively, i.e., = T ( ) (mod ), = T ( ) (mod ) and D = T ( ) (mod ) . From Eq. (2), we have: Only , and are unfamiliar to in these mathematical examinations. For the estimates of the overhead linear autonomous mathematical proclamations, the algorithm estimates for = 1, 2, 3 and generates as resolution over Galois field concerning Chebyshev chaotic maps.
Reduction Cost Examination: The simulation process with extraction oracle failures presupposes that the consignment ( , ) of the random oracle is irregular, suggesting a combined probability of no less than . Accordingly, the simulation procedure is effective (Q +Q E ) times (ensued from the consideration that ( , ) also can furthermore be requested in the signing oracle, if is not requested in the extraction oracle) with the probability being: Because of the rewind, at least at a probability of 1 Q . The overall probability of success is: The time complexity of algorithm determined by the exponentiations performed in signing and extracting procedures is equivalent to: In this section, we analyze the performance of our new scheme OOS-SSS by comparing it with some competing online/offline techniques and non-online/offline techniques.   [56], and our new scheme OOS-SSS in terms of computational cost. Please note that, among the schemes, Xu et al.'s work [26] has no multi-time adaptation to it, so the multi-time evaluation for it was done by linking the same type of technique together. However, it is not possible to apply Shamir and Tauman's technique [15] for a multi-time performance test.
The execution cost C(ζ ) of operation ζ is estimated by the bits of |ξ |. Besides that, ρ, µ, m and η, which stand for the pairing operation, the multiplication operation (similar to point addition in ECC) in group, the modular multiplication operation in GI(q) (i.e. Gaussian integers over GF( )) and exponentiation operation (similar to scalar multiplication in ECC) in group, respectively, are all included in the evaluations. Other operations such as addition in GI(q) and representative hashing are negligible and are therefore ignored. Table 3 shows the results of performance evaluations in the form of execution cost. For example, H is a Chameleon hash operation, which requires the minimum of one η computation; stands for a chaotic hash operation σ V and σ G represent usual verification and signature creation, respectively, and each requires no less than one η computation. Similarly, C V is the operation of one certificate verification, which requires no less than one η computation.

B. PERFORMANCE COMPARISON AMONG NON-ONLINE/OFFLINE SCHEMES
As with online/offline identity-based signature schemes, we also compare the proposed scheme with some well-established non-online/offline identity-based signature schemes recognized by ISO/IEC including Cha and Cheon's scheme [79], Guillou and Quisquater's scheme [80], Hess's scheme [21] and Meshram et al.'s scheme [55]. The full results are shown in Table 4 with the same notations used as in Table 3.
Notably, non-online/offline schemes may not run very smoothly in WSNs since the lightweight wireless sensors probably will be overwhelmed by the operation demand. For example, both Hess's scheme [21] and Cha and Cheon's scheme [79] inevitably require operation ρ (pairing) in the verification phase and operation η in the signing phase, which amounts to too much a burden for lightweight gadgets.

VI. SUBTREE-BASED AGGREGATION (EXTENSION) FOR THE PROPOSED SCHEME
It would be very useful if at a time a sensor node can sign not just one message but i different messages with the length of the aggregate signature being the same as the length of a signature on a single message, in other words significantly shorter than i times the length of a single signature. Such an aggregate signature is of incredible significance in WSNs, as it can sharply decrease the communication overheads on the side of the sensor nodes. In this section, we present the new subtree-based aggregation scheme for the proposed OOS-SSS. It is composed of the following five segments. The master public key (mpk) and master private key (msk) are given by { , , , } and .

B. EXTRACT
Given clients with identities ∈Sup(T), the private key generation procedure is as follows: a. Select at random The pair ( , ) is the client's private key.

C. OFFLINE SIGNING
The signer performs the following calculation: a. Calculate D ← T The aggregate signature is given by χ ← (D i , , x).

E. VERIFICATION
To verify a signature χ ← (D i , , x) on m i and for i = 1, . . . ., n, the verifier proceeds as follows: If δ = δ then signature is accepted; otherwise it is rejected.

F. CONSISTENCY OF THE ALGORITHM
The accurately produced private key should fulfil the equality below: As shown in Fig.2, when the recommended subtree-based aggregation method is used, the signature size is decreased almost by half compared to the subtree-based non-aggregate variant.

VII. BASIC SETTING ON WIRELESS SENSOR NETWORKS
In this section, we show the fundamental setting of our suggested aggregation scheme so the system is UF-S-SS-CMA secure in ROM on WSN. This is an extension of our new online/offline subtree-based short signature scheme using Chebyshev chaotic maps under fuzzy user data sharing over Galois field presented in Section 3. In the single-hop scenario, we know the objective of the online/offline subtree-based short signature scheme (see the execution system in Fig.3) is for each sensor hub to be able to sign messages using its private key so the messages are under proper security protection.
We expect the base station to produce the parameters for the scheme to be embedded in each sensor node. Also, we assume that either the base station or the sensor nodes themselves can check the signatures generated by the sensor nodes. As in the general WSN scenario, it is assumed that the base station is efficient enough to perform computationally exhaustive cryptographic operations. The sensor nodes, on the other hand, will have restricted computational power, memory, and electricity backup. We also expect the base station's secret key to be securely installed.

VIII. CONCLUSION
In this article, we have proposed an efficient, secure online/offline subtree-based short signature scheme using Chebyshev chaotic maps for WSN under fuzzy user data sharing over Galois field. Our new design does not require a certificate attached to the signature for confirmation, and there is no pairing operation involved either in the signature generation phase or in the verification phase. It is secure in the random oracle model with unforgeability under chosen message attack (UF-SSS-CMA-secure). Our new scheme provides multi-time use of offline storage, enabling the signer to reuse the offline pre-info in polynomial time as opposed to the single attempt inconvenience in most other online/offline signature schemes. In our new scheme, a pre-registration procedure can be done with a private key, and then no private key is required in the offline phase. In such a design, we only need the least operations in each procedure. This is a notably desirable feature for wireless sensor network applications, for this way the offline information in the setup or configuration stage can be hard-coded to the sensor hub. Our performance analysis reveals that the proposed scheme has the lowest computational cost among competing schemes. Also, we have developed an aggregation system based on the proposed OOS-SSS for wireless sensor network settings. Similarly, in the offline phase the signer does not need to provide any private data. It can be implemented by PKG. Also we have shown how to extend the proposed system to allow a single user to register various messages and implement them on WSN. This is especially suitable for applications over large-scale networks. Clustering is an efficient, feasible way of improving WSN device efficiency. For future research, we may propose secure and efficient data transmission protocols for clustered wireless sensor networks using proposed online/offline subtree-based short signature scheme using Chebyshev chaotic maps. Department of Library and Information Science, Fu Jen Catholic University. His current research interests include data security, cryptography, network security, mobile communications and computing, and wireless communications. He has published more than 200 scientific articles on the above research fields in international journals and conferences. He is a member of the Chinese Cryptology and Information Security Association She is also associated as a Research Faculty with the Department for Management of Science and Technology Development, Ton Duc Thang University, Ho Chi Minh City, Vietnam, where she is also with the Faculty of Environment and Labour Safety. Her current research interests include geographical information systems, rainfall-runoff sediment yield modeling, and SCS-CN. She is also carrying out her research work in the field of rainfall-runoff, sediment yield, water quality, application of RS and GIS water networks, and cryptographic protocol. She has published more than 80 research articles in refereed journals, conference and workshop proceedings, and books. She is a member of some international society and a Reviewer of the reputed journal. She received the Gold Medal, for her M.Tech. degree.
AKSHAYKUMAR MESHRAM is currently an Assistant Professor with the Department of Applied Mathematics, Yeshwantrao Chavan College of Engineering, India. His current research interests include cryptography, network security, soft computing, and wireless communications. He has published more than ten scientific articles on the above research fields in international journals and conferences. VOLUME 8, 2020