A Provably Secure Lightweight Subtree-Based Short Signature Scheme With Fuzzy User Data Sharing for Human-Centered IoT

Internet of Things (IoT) is made up of various smart devices for the exchange of sensed data through online services. Direct contact with people through smart devices to define parameters for healthcare and send them to a centralized repository. At the time of data exchange, messages need to be secure between a source (sender) and target (receiver) in order to confront human malicious attacks. Various signature-based schemes are presented in the literature to provide secure communication. Smart apps, however, require lightweight activities by maintaining critical security strengths. The key challenge in signature-based methods is more incurred computational expense for signing and checking process involving large numbers. In this article, a new lightweight provably secure partial discrete logarithm (DL) based subtree-based short signature with fuzzy user data sharing for human-centered IoT systems is introduced and it’s security analysis is demonstrated on random oracle (RO) model. The presented scheme provides assurance of better security than other standing short-signature schemes. For low-storage, low-computation environments and low-bandwidth communication, the presented new provably secure and lightweight subtree-based short-signature scheme is needed. The results demonstrate the strength of proposed scheme, as opposed to existing works.


I. INTRODUCTION
In the past, we had witnessed so much development in the security aspects related to numerous domains such as e-commerce, healthcare, IoT, industrial IoT, and cloud computing, etc. Variety of cryptographic algorithms are presented The associate editor coordinating the review of this manuscript and approving it for publication was Constantinos Marios Angelopoulos .
in various domains to satisfy the essential security needs by the users or organizations. Initially, public-key cryptography (PKC) was adopted to offer the security wherein publickey is shared amongst all the users. The message exchange is stared after the generation of key pairs (encryption, signature), the certificate request is submitted with identity proof to CA (certificate authority), and hence receive certificates signed by CA for authentication to exchange messages in VOLUME 9, 2021 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ encrypted form. In these process lots of time is consumed and is vulnerable to attacks, also prohibiting the users to communicate. Due to this, new technique is invented to overcome the drawbacks of PKC by ID-based cryptography (IBC) [1]. In IBC, the user's unique identity serves the purpose of public-key without managing the certificates for authentication. Eventually, it was observed that the technique was not able to handle identity-based encryption (IBE). In [2] and [3] the realization and applicability of IBC is investigated and all the problems in [1] were resolved. However, this attracted the researchers to investigate and apply the IBC to provide security in wide range of domains. Subsequently, IBC is employed for the technique of key distribution, digital signature, and identification of a user by using the DL [4]. The modular p (i.e. large prime) operations are utilized in aforementioned technique. User identification technique is applied for authenticating the user, the authenticity of a message is verified by digital signature, and to achieve secure communication amongst the users, key distribution scheme is applied. To realize the applicability of IBC, basically in key agreement, signature, and encryption schemes towards to provide the security and efficiency is systematically presented in [5]. However, identity of the user (e.g. email or MAC address) as a public-key is utilized, no public-key repository is maintained, and verification of signature and encryption of a message is performed by the sender, and receiver identity is offered by the IBC. Hence, ID-based cryptography is significantly efficient over the primitive PKC wherein key distribution is not seamless. Nevertheless, to provide security to grid, ID-based cryptography is used to address the problem of grid authentication [6] which is currently based on traditional PKI (public-key infrastructure). Private Key is generated using ID-based signature (IBS) at the time of grid authentication to avoid proxy key generation. However, the security scheme suffers from escrow problem of private key and heavy computation by private key generators (PKGs), and associations of PKGs. Furthermore, ID-based cryptosystem is presented [7] which utilizes integer factorization (IF) and generalized DL to offer more security in the implemented system. The system is strictly fulfilling an original concept of Shamir and no communication before the data exchange. Also, system requires fewer operations for encryption/decryption which proves the efficiency and the strength of system is lies in unsolvability of DL and IF.
Nevertheless, focus is shifting from IoT devices to human centered IoT (HC-IoT) devices where social and technical methods are applied to IoT [8]. The problems in HC-IoT is to design, deploy, and support various IoT components in the context of human interpretation and suitability to adapt the IoT ecosystem. Due to humanize IoT [9], [10] the challenge exist to provide security and privacy of data exchange amongst the IoT devices, specifically HC-IoT. Moreover, popularity of IoT is increasing over the period and hence to provide all essential IoT security measures such as confidentiality, security, privacy, and data protection need to be carefully handle [11], [12]. This motivates to investigate and present the security method in human centered IoT using the combination of best security techniques.

A. OUR CONTRIBUTION
From the literature, we identified that the current identity-based signature schemes built by using DL are not secure. In this paper, we recommend a provably secure IBSS protocol to resolve the problem of partial DL, where an improvement uses the variation in [13]. Specifically, we exhibit that in our protocol, it is difficult to solve partial DL problem. This paper presents a provably secure lightweight subtree-based short signature scheme (SSSS) utilizing partial DL with fuzzy user data sharing in HC-IoT targeting smart devices. It utilizes less comprehensive operations built on partial discrete logarithm to produce the credentials for security during verification and signing phase. The scheme is demonstrated with exemplary simple values obtained in the various steps to display proof of notion.
Also, we discussed security validation for SSS under EUF-ST-CMA i.e. existential unforgeability on adaptive chosen message/subtree attacks utilizing Forking Lemma [14] proposed in [15] in RO, which we suggest that our SSS protocol enhanced the security guarantees related to existing partial discrete logarithm-based signature sachems. The presented SSS is not utilizing pairings operations for achieving higher efficiency and direct execution. Also, it does not rely on the hardness of pairing-based cryptosystem. So, all the pairing operations are not needed in the protocol. This reduces an overheads of computation and communication, and coordination along with increased flexibility compared to current comprehensive operations based on real number in DSA-based schemes.

B. ROAD MAP OF THIS PAPER
The rest of this article is composed as takes after: Related work is discussed in Section 2. Section 3 highlights the related background and mathematical formulation for the proposal of security protocol. The proposed IBSS protocol is presented in Section 4 which utilizes partial DL. Security investigation and validations are presented in Section 5 related to proposed protocol. Section 6 illustrates the analysis of comparison of other similar recent schemes with the proposed schemes. Lastly, Section 7 concludes the article.

II. RELATED WORKS
Numerous method has been proposed on IBC to provide the probable security in various domains. In cryptography scheme, disclosure of private key leads to security threat and whole system will collapse. This is the major challenge to cryptography. So, key insulation with aggregate signature using IBC is introduced in [18] for mobile devices where bilinear pairing is utilized over elliptic curve environment. The exposure of a private key is easily handle without compromising the security over the time. Also, the scheme offers constant size signature verification efficiently for different 3650 VOLUME 9, 2021 signers with fixed pairing operations. Nevertheless, the usage of mobile devices is increasing day-by-day which leads to the problem of key exposure. To resolve this issue, integrated forward security in ID-based cryptography is presented in [17]. The integration of IF and DL is adopted to show the creation of new IBE scheme, and security verification is demonstrated on RO model. The key benefits of the scheme is to provide more security compare to existing schemes, small size public key, and less cost for computations. In [18], the problems of security in cloud storage is addressed where security is provided under PKI, and more computation cost incurred due to verification of certificates. The authors proposed identity-based auditing method based on IBC for data integrity in cloud storage and extended to support multi-user environment for batch auditing. The suitability of method allows to use in cloud storage with huge data as compared to [19]. Further, the security of e-health cloud environment is investigated to provide security over patient's health data. Different identity-based cryptography methods has been proposed by Wang et al. [20] to secure e-health system which uses IBE and ID-based proxy re-encryption techniques under the assumption of the bilinear group for cost-effective utilization of cloud. In [21], handover authentication method for mobile devices is described to offer secure and seamless mobility amongst different networks. The various privacy and security challenges are analyzed related to IBC and comparative study presented to list associated cost required for computation and communication. The authors claimed that the ID-based cryptography satisfy relevant privacy and security requirements.
Subsequently, breaking of security in [17] is investigated on the applicability of IBE and found that it is not using bilinear pairing [22]. Due to this, the scheme [17] is insecure and the secrete key can be retrieve by querying the system in polynomial time. Furthermore, revocable IBC is employed to resolve the problem of key revocation is reviewed systematically in [23] related to [24]- [28]. This study highlights the framework, assumption, mathematical modeling for the proposal of revocable IBC system, moreover in depth security analysis is presented to understand revocable IBC system.
Nevertheless, ID-based short signature is proposed [29] for wireless sensor network (WSN) for constrained resources which is the extension of [30]. The proposed offline/online signing method not required signer's private data, and generates required data using PKG as a trustworthy resource i.e. WSN's base node. To relax the burden on WSN, aggregate signing method for generation/verification of signature not utilizing bilinear pairing hence offline data can be reused. In [31], authors designed the secure IBE and ID-based signature methods over Cyclotomic Field. The ID-based signature is protective against existentially unforgeable attack and IBE is secure over chosen plaintext/identity attacks wherein the used key size was very short. This makes it is suitable to apply in IoT ecosystem.
Due to the popularity of IBC, the security scheme is introduced to overcome privacy and security threats in VANET (Vehicular Ad Hoc Network) while exchanging messages related to traffic [32]. This scheme avoids the possibility of malicious users to temper the message in the conversation between two vehicles. To ease the verification of messages in VANET, ID-based signature using elliptic curve and hash functions are adopted in communication in VANET. Additionally, verification of batch signature is supported for the authentication of numerous messages at a time. The security analysis of the scheme is validated on RO model. Eventually, IBC also investigated for key revocation as a prominent feature for cryptography approaches. A hierarchical IBE is proposed [33] to handle the functionality of key delegation which offers organization of cryptographic techniques in large scale. To diminish the lack of bilinear maps, lattice is adopted to avoid the use of property called as key rerandomization. In addition, hierarchical features are extracted by using level conversion keys which is independent of key re-randomization.
Recently, another ID-based signature for key revocation is discussed to support the revocation mechanism belongs to untrustworthy and conflicting users in IBC environment [34]. As per other revocable ID-based signature the security assumption are not robust which fails under quantum computing setting. Hence, more and more emphasis is given on lattice-based cryptosystem because it is prevalent against attacks under quantum computing setting. The lattice-based revocable ID-based signature structured in the binary tree is adopted to provide scalability and offload the work of PKG, which is the drawback in [35]. The system is protective against existentially unforgeable and proof of verification is shown on standard model.
The literature motivates to apply IBC for the proposal of new IBE and ID-based signature techniques. In this article, we target to propose new protocol for Human-Centered IoT systems using IBC environment.

III. BACKGROUD AND MATERIALS
Firstly, we will establish the notations to use in the presented protocol, specifically SSSS, utilizing partial DL for human-centered IoT systems for sharing data under fuzzy client environment. The security of the presented scheme in the community in which the signature is established will be reduction in complexity of partial DL problem. We quickly examine the definition.

A. NOTATIONS
A novel attempt is our SSSS that uses PDL under fuzzy client data sharing for Human-Centered IoT systems. The notations used for proposed SSSS are listed as follows.
To avoid ambiguity, [c, d] correspond to {c, c + 1, . . . , d}, and [c] for [1, c]. For every id = (id 1 , id 2 , . . . , id k ), where id is an identity vector, let S id = {id 1 , . . . , id k } denotes identities set (id). We describe I id = {i : id i ∈ S id } as the id position records in the model's tree structure. In tree-structured, ID-based cryptographic strategy, the probable receivers construct a VOLUME 9, 2021 subtree [36]- [39]. In the tree structure id and their receiver positions are inserted in to T. Any authorize T necessarily cover the root (node) of the tree. Here, we observe the system is regulated via PKG. Similarly, S id of T, position indices of T are defined by S T = ∪ id∈T S id , I id = {i : id i ∈ S T }. By the similar token, it is possible to use the expression Now, let's understand how the symbolization fits with our current SSSS architecture using PDL for HC-IoT systems. The proposed SSSS promises applicants to ensure the sharing of data by a fuzzy entity while meeting the security measures, but experiences difficulties with efficiency in multiple receivers.

Pr
A ( , g, z) = a(mod )|q, ← SP 2 ; In this subsection, firstly we reproduce the algorithm of multiple forking [15] and then announce multiple forking lemma.

1) MULTIPLE-FORKING ALGORITHM
Considering fixed υ Z + and set S with |S| ≥ 2. Let randomized algorithm (Y) to return a triple (i, j, ) contains two integers 0 ≤ j < i ≤ δ and string on string x and exponents s 1 , . . . , s δ S Let ≥ 1 be an odd integer. Similar to Y and , the multiple-forking algorithm M Y , is defined as:   [41]): Let, randomized algorithm ( 1 ), does not contribution and returns any number. Let:

IV. PROPOSED SSS FOR HUMAN-CENTERED IoT
Here, we proposed efficient subtree-based short signature scheme. In our presented SSS, the signing process at the signer and verification process at the verifier likes Alexa and John respectively is shown in Fig. 2. In order to sign the message, signer has to receive the private key from the PKG by sending its own public identity, this phase is called as Extract. Using the received private key and public identity, the signer generate signature of id on message m. The signed message is then transmitted through the secured channel to the verifier. Given a signature , a message m, an identity id and PKG public parameters, verifier outputs accept if is a valid signature on m for identity id, and outputs reject otherwise.

2) SSS SCHEME -SETUP, EXTRACT, SIGNATURE AND VERIFICATION PROCESSES
In this subsection, we will demonstrate the detailed working of the proposed scheme. This scheme consist of four major processes namely Setup, Extract, Signing, and Verification.
In the Setup process, Public Key Generator (PKG) on input various security parameter, public parameters are generated for the scheme, master public key (mpk) and master private key (msk). The PKG announces public parameters and retains the master key.

Pseudo Code I: Extract
For given entities identity id ∈ Sup (T), the PKG do the subsequent

Picks at an arbitrary number
The private key is given by d id ← ( , s) (mod 2 ).

Pseudo Code III: Verification
For the verification of = (X, v, Y) mod 2 signs on m: 1. Computes t ← X −u y −uw mod 2 . 2. If t = t then it accepts signature; otherwise it is refused.
Given an identity id ∈ Sup (T) by the signer, PKG generates the private key d id of id Initially PKG generate random number during the Extract process, and then computes in the function F1 using g and , as shown in step-2 of pseudo code-I. Hash function h 2 is applied over the identity id and to generate w. Next calculate s using w, x and in function F2. Using and s it derives the private key d id as shown in Fig. 3 and corresponding steps-3, 4, and 5 in pseudo code-I respectively.
In Signing process, to sign a message m using the private key d id the signer picks the arbitrary number k and calculate X in function F3 using g and k as shown in step-1 of pseudo code-II. Then apply hash h 2 over id, m and X to generate u. Then, compute v in function F4 using k, u and s as well as t in function F5 using v and g according to the steps-2, and 3 in of pseudo code-II. Now, Alexa produces the digital signature. The signature on m is the triple = (X, v, ) mod 2 as illustrated in Fig. 3 and then forwarded the signed message to John.
During verification at receiver, John as verifier, verify a signature = (X, v, ) mod 2 on a message m for an identity id, the verifier computes t in function F6 using signature σ , and compare it with t as shown in Fig. 3. If the value of t is equal to t then acceptance of signature is confirmed; else signature is rejected.

V. SECURITY EXAMINATION AND DISCUSSION
We examine the security of the intended SSS scheme in this section using [42]. Proof: We utilize RO to investigate the proposed SSS scheme's security. We defined that an EUF-ST-CMA foe Υ that (t, h 1 , h 2 , ε , s , )-breaks the SSS scheme, where Υ is a PPT program, equipped with a large public sequence consisting arbitrary bits, and requesting polynomial quantity of ROs, ε, s, 1 and 2 . So, we need a ''simulator'' method which utilizes ''partition approach''. The partition approach which was first used in FDH's security dispute [43]. The main logic is to divide the i (identity-space) into i E and i s as a disjoint sets, depending on a one-sided coin's effect. The simulator is set up to respond to both signing and extracting inquiries about i E identities. In any circumstance, it fails, if the challenger carries out a focus inquiry on i s ; it can respond only to i s signing identity inquiry. To conclude, the simulator is sure about the challenger can transmit a fake identity from i s . So, the correct proportions of the sets are decided upon review. Randomizer , depending on the after effect of a one-sided coin, is set in the concern case. As a novel holds up for individual identity, 's organization chooses that an identity matches with i E or i s . We are concerned with the situation that no signature inquiry by Υ on id or should not respond by the simulator when signature inquiry on id and the event that Υ marks 1 ( , id) i.e. oracle inquiry corresponds to 2 ( id, X, m).
Security Reduction (R): Let PDL illustration be specified by π := ( g, , , g, g α ). The reduction comprises conjuring the algorithm M Y ,n i.e. multiple-forking on C as a cover which is shown in the Algorithm 2. Subsequently, it secures a game plan of two congruence's in two questions and responds in due order regarding α. It may be affirmed that R in fact return the correct response for the partial discrete logarithm occurrence. The blueprint of C proceeds after.
Algorithm 2 Multiple-forking lemma on C.
The Cover (C): Expect that := h 1 + h 2 and S := Z * 2 . The C continues as input the mpk and {s 1 , . . . , s δ }. It return a triple (i, j, ) where j relating to i is the goal 1 -record with respect to 2 -record and side-yield, . Remembering the exact purpose of tracking the record of this RO inquiry, C maintains a counter, initially set to . It also maintains a table L with respect to L 2 , dealing with the RO, 1 with respect to other 2 . The game started by C of the EUF-ST-CMA by passing mpk i.e. challenge mpk to Υ (challenger). Due to the following determinations, the inquiries made by Υ easily handle under EUF-ST-CMA.
RO inquiry, 1 ( , id): L 1 covers tuples of the game plan , id, w, , δ ∈ g, × {0, 1} * × Z * 2 × Z + ×Z * 2 ∪ {⊥} Here, the inquiry, ( , id) into the 1 -oracle, the resulting yield is w. The survey record is maintained in the -domain. In order to complete, either (a part of) secret key for id, or a '⊥', the domain is unacceptable in the event.
In the event, when tuple occurs, the oracle is formerly expected to return the yield to some degree w i . A crisp, write, inquiry 1 -oracle is managed as plans: i) return w ← s mod 2 as the yield, and ii) growth , id, w, , ⊥ to L 1 and boost by 1. RO inquiry, 2 (id, X, m): L h 2 covers structure tuples Usually, (id, X, m) is the 2 -oracle inquiry with the resulting yield being u. In the -domain the inquiry record is put away. In this way, a RO investigation 2 is not available. In the event, when tuple occurs, then u i is given back by the oracle. A fresh, unequivocal, inquiry 2 -oracle is managed as: i) the yield return as ← s mod 2 , and ii) growth id, X, m, u, to L 2 and is increase by 1.
Extract inquiry E (id): Consequently the msk α is unclear to C, in order to generate the client secret key usk it requires to sensibly record 1 -oracle in the direction.

In the incident that there occurs a tuple
as the secrete key. 2. Otherwise, C preferences δ ∈ R Z * 2 , sets w ← s mod 2 and = (g α ) −w g δ mod 2 . It then adds , id, w, , δ to L 1 as well as increments by one (a verifiable import 1 -oracle inquiry). Finally, as the secrete key it returns usk = (δ, ). Signature inquiry s (id, m): Inquiries for signature are answered by generating usk first (by inquiring with E on id), which is trailed by trickery S.
secrete key. At this point, C utilized the facts of usk to run S and return the signature. 2. Otherwise, C produces usk similar to step (2) of Extract investigation and runs S to return the signature. At the end of simulation, a profitable opponent yields a valid fiddling = ( X, v, ) on a ( id, m). Let i , id i , w i , i , δ i be the tuple in L 1 that relays to the 1 -inquiry objective. In essence, let m i , X i , w i , u i , i , be in L 2 which relays to 2 -inquiry objective. C proceeds, ( i j , ( v, w j , u i )) as particular yield of its own. The contains ( v, w j , u i ), side-yield we notice.
Arrangement of the Forgery: Assessment, signature inquiries are answered by performing an identity extract inquiry taken after learning S. So, the resultant private keys are from the construction usk = (δ, ), where = (g α ) −w g γ mod 2 and we are taking k ← ( − uw) mod 2 . If a fake is provided using the same as defined as signature enquiry function (R) on id, then v will represents as v ← (k − u (−αw + δ + αw)) mod 2 = (k − δu) mod 2 . No answer comprise to PDL challenge α in this manner, and these fakes are not important to R. In any circumstance, the occurrence that Υ not able to establish an enquiry for signature on id or was not fixed once by a simulator i.e. yield function on an enquiry for signature on id. The event confirms that Υ not able to forge using , which is the component of id signature enquiry, and thus, fake generated towards valid v, construction v = (k − u( − uw)) mod 2 would be essential.

A. CORRECTNESS OF THE PARTIAL DISCRETE LOGARITHM
Now, R usages Algorithm 1 (M Y ,n ) to resolve partial DL challenge. Algorithm 1 runs on mpk that includes oracles 1 and 2 as a part of reply attacks. When failure to Algorithm 1 occurs, R must abort somewhere (abort 3,1 ). In an event of forking, R achieves 4-(related) side-yield sets { 0 , 1 , 2 , 3 }, where i (for i = 0 to 3) is takes the form ( v i , w i , u i ). Let r 0 indicate log g X 1 = log g X 0 , similarly r 2 indicate log g X 2 = log g X 3 ; let k indicate log g 0 = log g 1 = log g 2 = log g 3 . As the multiple-forking has been successful, we have: It is a four-congruence structure in the four (successful) unknowns { , k 0 , k 2 , α}. Using the expression given below, α can be answered.
By (2) we observe that R yields correctly as per the Algorithm 2.

B. PROBABILITY ANALYSIS
We observe and accomplish that if Algorithm 1 is successful (probability of n ), the incident abort 3,1 does not occur. In this way we comprehensive with the statement that if the multiple forking calculation is successful, the event abort 3,1 not occur (allowed this probability to be part of ξ ). Similarly, The We specify probability that M Y ,3 will be successful in run 3 rd as ξ . Since no abort is included in the mid-stage of the question, M Y ,3 is successful in the mid-stage of 3 rd run if there Υ is a true fake, i.e. ξ = ε. Put (1) from Lemma 1 with = 3, δ = h 1 + h 2 and |S| = 2 , we've got it.
Time Examination: Time performance (τ ) for an exponentiation in g, at that stage the time performance by: It continues for the notation of the extract inquiry and signature inquiry respectively at most four and six exponentiation. This contributes in the running time to the part τ (12 s + 8 ε ). The double aspect originates from the algorithm of several generalized forkings, later it includes the double running the challenger. Which concludes Theorem 5.1 argument.
Formal security can validate using AVISPA software. The experimentation is performed on Intel Core i5-8365U CPU @1.90 GHz with 8GB RAM and 1 TB HDD using 64-bit Windows 10 operating system. Automated Validation of Internet Security Protocols and Applications (AVISPA) [51] [52] is utilized for checking the authenticity and security properties. Moreover, verification of proposed protocol using AVISPA v.1.1 is modelled in High-Level Protocol Specification Language (HLPSL).

VI. COMPARISON ANAYSIS
We evaluated the performance of our SSS scheme over the existing schemes presented in Shen et al. [44] scheme, He et al. [45] scheme, Ramadan et al. [46] scheme, and Zhang et al. [47] scheme. The comparison has been done based on the computational cost of these methods. The comparative study has used the notations mentioned in the Table 1. For simplicity, the relationships among these notations in terms of hash have been used. The relationship among these notations with respect to hash is shown in Table 2 [48]- [51]. The computational complexity order among the metrics is shown in below. hash < mul < inv < exp < pair It has seen that the cost for signing stage and the cost for the verification stage dominates the cost for the other stages, the computational cost for the signing as well as verification stage have been used for the comparative analysis. The computational cost for hash is considered as 0.503 ms [52]. In this paper, the proposed scheme has been compared to [44]- [47]. Table 3 show the comparison based on the computational cost for signing stage and the verification stage. It has seen from Table 3 that the proposed scheme is efficient in signing stage in comparison with He et al. [45], and Zhang et al. [47]. It has also seen from Table 3 that the schemes Shen et al. [44], and Ramadan et al. [46] performing better than the proposed scheme in signing stage. Fig. 4 shows the graphical representation of computational cost for signing stage. Fig. 5 show the computational cost requirement by the existing schemes and the proposed scheme for verification stage. It is seen from Table 3 and from Fig. 5 that, the proposed scheme for verification stage is efficient than the schemes Shen et al. [44], and Ramadan et al. [46]. It is also seen from Table 3 that the schemes He et al. [45], and Zhang et al. [47] are more efficient than the proposed SSS in this paper for verification stage. Fig. 6 show the comparison based on the total cost including signing stage and verification stage. Fig. 6 show that the proposed SSS in this paper is efficient than [44]- [47]. The total computational cost required for the proposed SSS is 1515.7905 ms. The comparative analysis based on the   computational cost show the effectiveness of the proposed SSS over the existing schemes in the literature.

VII. CONCLUSION
HC-IoT is very much connected to the life of peoples, particularly in business, smart cards, online banking transactions, online messaging, healthcare and sensitive data exchange, etc. Safety of sensitive data is crucial in HC-IoT to provide secure solution to forgery attacks. In asymmetric public key cryptography, authenticity and ownership is managed by digital signatures as a reliable option. We implemented new construction in this article to obtain provably secure partial discrete logarithm-based SSS scheme in RO model. Such a system is decidedly without a doubt comprehended and utilized for quite a while under different settings. The framework is protected against the existential unforgeability of EUF-ST-CMA that exhaust a Forking Lemma variation. The security is demonstrated in the RO model based on partial discrete logarithm supposition. The presented framework does not use pairings, resulting in achieving proficiency and execution simplicity, does not rely on the hardness of pairing-based cryptosystem. This found suitable to use in resource-binding circumstances where main focus is to save communication, computation and code of implementation.