Computer Science Review 47 (2023) 100530

Contents lists available at ScienceDirect

Computer Science Review

journal homepage: [Link]/locate/cosrev

Review article

Elliptic Curve Cryptography; Applications, challenges, recent

advances, and future trends: A comprehensive survey
∗
Shamsher Ullah a,b , Zheng Jiangbin a , , Nizamud Din c , Muhammad Tanveer Hussain d ,
Farhan Ullah a , Mahwish Yousaf e
a
School of Software, Northwestern Polytechnical University, Xi’an, Shaanxi, 710072, PR China
b
Knowledge Units of Systems and Technology (KUST), University of Management and Technology (UMT), Sialkot, 51040, Pakistan
c
Department of Computer Science, University of Chitral, Chitral, 17251, Pakistan
d
Department of Mathematics, University of Management and Technology (UMT), Lahore, 54000, Pakistan
e
School of Computer Science and Technology, University of Science and Technology of China (USTC), Hefei, Anhui, 230000, PR China

article info a b s t r a c t

Article history: Elliptic Curve (EC) is the most recent and advanced technique of Elliptic Curve Cryptography (ECC). EC
Received 26 August 2021 is often used to improve the security of open communication networks and to let specific persons with
Received in revised form 14 December 2022 confirmed identities into the Modern Digital Era (MDE). Users of MDE make use of many technologies,
Accepted 18 December 2022
such as social media, the cloud, and the IoT industry, among others. No matter what tool the users
Available online 23 December 2022
are using, the whole environment has to be able to keep their security and privacy preserved.
Keywords: The study of cryptography is required because unsecure networks make data transmission and
Elliptic Curves the transfer of information susceptible to data theft and attack via an open channel. This makes it
Elliptic Curve Cryptography necessary to learn cryptography. The art of encrypting documents and communications using keys in
Elliptic curve digital signature such a way that only the individuals who are intended to receive them are able to decode and process
Diffie–Hellman key exchange protocol
them is referred to as cryptography. A digital signature, cryptographic data integrity, and authentication
Bi-linearity
method all rely on the address of the receiver and the sender in addition to mathematical operations
Identity based encryption
Attribute-based encryption to find the signature. During the process of signature and verification, the solution that was presented
Discrete Logarithm Problem is compared with the technique that is currently being used by ECDSA in order to illustrate the
differences that exist between the two processes.
This comprehensive survey of EC seeks to thoroughly investigate many scientific concepts, state-of-
the-art, and innovative methodologies and implementations. This work will be useful for academics,
who are interested in further analysis. Use and development of EC based schemes for cloud computing,
e-health, and e-voting, is more secure as compared to RSA, and Diffie–Hellman schemes. In this
comprehensive study, we claim that the adoption of EC methods in distributed computing and
asynchronous networking provides significant benefits in distributed computing and interdependent
networking.
© 2022 Elsevier Inc. All rights reserved.

Contents

1. Introduction......................................................................................................................................................................................................................... 3
2. Background study ............................................................................................................................................................................................................... 4
2.1. Digital signature schemes ..................................................................................................................................................................................... 4
2.2. Encryption schemes............................................................................................................................................................................................... 4
2.3. IBE............................................................................................................................................................................................................................ 7
2.4. Attribute-based encryption................................................................................................................................................................................... 7
2.5. Signcryption schemes............................................................................................................................................................................................ 8
2.6. Motivation of this survey...................................................................................................................................................................................... 8
2.7. Comparison with other related surveys.............................................................................................................................................................. 8
2.8. Contributions of this survey ................................................................................................................................................................................. 10

∗ Corresponding author.
E-mail addresses: shamsherullah@[Link] (S. Ullah), zhengjb@[Link] (Zheng J.), nizam@[Link] (N. Din), tanveerhussain@[Link]
(M.T. Hussain), farhan@[Link] (F. Ullah), mahwish@[Link] (M. Yousaf).

[Link]
1574-0137/© 2022 Elsevier Inc. All rights reserved.
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

2.9. Lessons learned: Summary and insights............................................................................................................................................................. 10

2.10. Organization of this survey .................................................................................................................................................................................. 11
3. State of the art.................................................................................................................................................................................................................... 11
3.1. Discrete logarithm problems ................................................................................................................................................................................ 11
3.2. ElGamal encryption scheme ................................................................................................................................................................................. 12
3.3. Elliptic curve discrete logarithm proble.............................................................................................................................................................. 12
3.4. Bilinear pairing....................................................................................................................................................................................................... 12
3.5. Digital signature..................................................................................................................................................................................................... 13
3.6. Threshold signature ............................................................................................................................................................................................... 13
3.7. Blind digital signature ........................................................................................................................................................................................... 13
3.8. Encryption............................................................................................................................................................................................................... 13
3.9. Re-encryption ......................................................................................................................................................................................................... 14
3.10. Proxy Re-encryption .............................................................................................................................................................................................. 14
3.11. Signature-than-Encryption.................................................................................................................................................................................... 14
3.12. Proxy signcryption ................................................................................................................................................................................................. 14
3.13. Blind signcryption.................................................................................................................................................................................................. 14
3.14. Lessons learned: Summary and insights............................................................................................................................................................. 14
4. Taxonomies of elliptic curves ........................................................................................................................................................................................... 15
4.1. ECC-based digital signature .................................................................................................................................................................................. 15
4.2. ECC-based encryption............................................................................................................................................................................................ 15
4.3. Multi-receiver encryption ..................................................................................................................................................................................... 15
4.4. ECC-based threshold signature............................................................................................................................................................................. 15
4.5. ECC-based Blind Digital Signature ....................................................................................................................................................................... 16
4.6. ECC-based IBE......................................................................................................................................................................................................... 16
4.7. ECC based ABE ....................................................................................................................................................................................................... 16
4.8. ECC-based signcryption ......................................................................................................................................................................................... 17
4.9. ECC-based proxy signcryption.............................................................................................................................................................................. 17
4.10. ECC based blind signcryption ............................................................................................................................................................................... 17
4.11. Lessons learned: Summary and insights............................................................................................................................................................. 17
5. Elliptical curves: Case study ............................................................................................................................................................................................ 19
5.1. ECC implications .................................................................................................................................................................................................... 19
5.2. Elliptic curve drawbacks ....................................................................................................................................................................................... 21
5.3. Lessons learned: Summary and insights............................................................................................................................................................. 21
6. Open problems, current challenges and future research directions ............................................................................................................................ 22
6.1. Open problems ....................................................................................................................................................................................................... 22
6.2. Current challenges ................................................................................................................................................................................................. 22
6.3. Future research directions .................................................................................................................................................................................... 22
6.4. Lessons learned: Summary and insights............................................................................................................................................................. 23
7. Conclusion ........................................................................................................................................................................................................................... 24
Declaration of competing interest.................................................................................................................................................................................... 24
Data availability .................................................................................................................................................................................................................. 24
References ........................................................................................................................................................................................................................... 24

Nomenclature CPA Chosen Plaintext Attacks

RSA Rivest, Shamir, Adleman
Zp Finite field {0, 1, . . . , p − 1} of prime p
elements DSA Digital Signature Algorithm
G An abelian group (r , s) Signatures
e Pairing (bilinear map) ECDSA Elliptic Curve Digital Signature Algorithm
pk Public key ACM Arnold-Cat-Map
(c1 , c2 ) Ciphertexts elements LWE Learning With Errors
ECC Elliptic Curve Cryptography S/W Software
G Group DHKE Diffie-Hellman Key Exchange
m Message ACCA Adaptive Chosen Ciphertext Attack
C.T Ciphertexts BSS Blind Signcryption Scheme
HIBE Hierarchical IBE MiMA Man-in-the-Middle Attack
DDH Decisional Diffie-Hellman SS Secret Sharing
CDH Computational Diffie-Hellman PKG Public Key Generator
GF Galois Field EHR Electronic Healthcare Record
HEC Hyper Elliptic Curve M2M Machine to Machine
WTP Weil and Tate pairing SMS Short Message Service
DES Data Encryption Standards DNS Domain Name System
BFA Brute Force Attack ECDH Elliptic Curve Diffie Hellman

2
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

HTTPS Hypertext Transfer Protocol Secure

DDoS Distributed Denial-of-Services
ECA Elliptic Curve Algorithm
Zp∗ Multiplicative sub-group Zp \{0} of Zp
IBE Identity Based Encryption
E Encryption
sk Secret key
k Security parameter
ECDLP Elliptic curve discrete logarithm problem
P.T Plaintext
g Generator
symsk Symmetric Secret Key
FIBE Fuzzy IBE
BDH Bilinear Diffie-Hellman
′
m Matrices Weight Fig. 1. Secure and in-secure users communication.
EC Elliptic Curves
GHS Gaudry, Hess and Smart
PKE Public Key Encryption the users have two communications; one is insecure, and an-
AES Advance Encryption Standards other one is secure. Securely, the users’ privacy is maintained
KPA Known Plaintext Attacks constant because the user’s registration is based on the DLPs. In a
SCA Side Channel Attack whole system, the users follow the registered keys (Users Identity
DLP Discrete Logarithm Problem (UID)), which are based on DLP. The users can securely commu-
nicate with each other on behalf of the UID. The RSA algorithm is
SDL Subgroup Discrete Logarithm
commonly used for digital signatures and envelopes, providing
d Private key
secure confidentiality and authenticity. In order to allow users
v Signature verification to continue using RSA for its purpose, however, protection has
PKI Public Key Infrastructure to be considered. It is preferable to use RSA cryptosystem [1]
ILWE Ideal Learning With Errors for inclusion in many protocols, where a large amount of RSA
H/W Hardware computations can be included efficiently.
IBS Identity Based Signcryption The impact of a different threat models in an open com-
FF Finite Fields munication channel such as RSA encryption, Diffie–Hellman Key
HEC Hyper Elliptic Curve Exchange, and Elliptic curves based schemes are describe one by
CRT Chinese Remainder Theorem one below:
RSA encryption algorithm [1–5], RSA encryption can be per-
PrKG Private Key Generator
formed on a variety of chips. The RSA can help [6]:
KGS Key Generation Server
IoT Internet of Things (1) Message recovery: Users should include the message in
e-Health Electronic Health the signature and recover it at the versifier’s place. More
EC Elliptic Curve specifically, the letter should not have to be hashed or
DNSSE Domain Name System Security Extensions transmitted with the signature, which means the proposed
protocol will use less capacity and bandwidth.
ECDHE ECDH Ephemeral
(2) Encryption: The message can be encrypted by reversing the
DoS Denial-of-Service
private and public transformations.
EAA Enhanced Adaptive Acknowledgment
GPU Graphics Processing Unit Unlike the RSA, the currently mentioned signature schemes based
on the DLP, such as E1-Gamal and the Digital Signature Algorithm
(DSA), have critical faults. These faults are resolved by using
ECDLP.

Theorem 1. Let q be a prime and m ∈ Zq . The existing methods are

1. Introduction
almost identical to DSA [6].
The digital era is used to make communications easy. There-
Proof. Let (r , s) be an ElGamal signature to be appended to the
fore, every user wants to enter the digital world and make its
message m. Let (r mod(q), s) is a DSA signature. Assume that
beneficiary. The increasing rate of digital world has become more −1 −1
(r , s) is a DSA signature, then (yrs g ms mod (p), s) is an ElGamal
popular day by day. In a digital world, the user can connect people
signature.
to people, people to the cloud, businesses to the hospital, etc.
The user connection needs an environment such as electronic The verifier will recover partial message blocks before ob-
voting, distributed communications, heterogeneous networking, taining the entire signature using the authenticated encryption
etc. They must keep the data or information secret and maintain scheme with message linkages for message flows. We will look
the user’s security and privacy. The maintenance of the secu- at potential threats, and our security review will show that none
rity and privacy of users is needed based on some challenging of them can successfully crack any proposed scheme. The digital
problems such as the Discrete Logarithm Problem (DLP), Diffie– signature replaces the RSA (a classical crypto-system) [1] and has
Hellman Problem (DHP), bilinear DHP, Elliptic Curve DLP (ECDLP), become a key technology for information and network security.
and Hyper Elliptic Curve DLP (HECDLP), etc. Fig. 1 shows that The digital signature based on EC [7,8] is one of the keystream
3
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Fig. 2. Elliptic curve key and C.T sizes in bits.

Table 1 systems we will present and the one proposed will also include
RSA & EC key length comparison. three different digital signature techniques.
Security level (bits) RSA (bits) EC low (bits) EC high (bits)
80 1024 160 223 (1) First, it is an authenticated encryption scheme that en-
112 2048 224 255 crypts the message so that it can be recovered and vali-
128 3072 256 283 dated only by a single verifier.
192 7680 384 511 (2) Secondly, the scheme employs a signed and linked data
256 15 360 512 571
expansion, both of previously signed data, to reach the
desired result.
(3) The third is for the flow of messages.
digital signature systems. It is secure in practice and theory, its
operation is convenient, and implementation is more straight- Theorem 2. Let q be a prime and m ∈ Zq . The signing systems are
forward [9]. The comparison of security level, RSA, and EC key very identical to E1Gamal [6].
lengths are shown in Table 1.
Proof. Let (r , s) be an ElGamal signature to be annexed to m.
2. Background study
Miller and Koblitz introduced elliptic curves into cryptography
[11,12]. Since then, ECs have become increasingly significant in
In this Section 2, we study EC-based schemes such as digital various cryptographic applications. The complexity of the ECDLP
signature, encryption, signcryption, proxy signcryption, and blind underpins the security of ECC. Consider using several factors
signcryption. (such as key sizes Fig. 2 and bandwidth) for schemes of relative
security. Compared to integer factorization and discrete loga-
2.1. Digital signature schemes rithm structures, the algorithms established in the papers [13,14]
have shown ECC efficient performance. The EC-based signature
The transmission of data and information over unsecured net- scheme is a convenient signature scheme for decreasing the size
works are vulnerable to data theft and attack, entailing the study of messages with the additional bonus of message recovery.
of cryptography. Cryptography is the practice of using keys to There is currently no EC-based signature scheme that uses
encrypt information and correspondence so that it can only be self-certified public keys for message recovery. In Fig. 3, the signer
interpreted and processed by those who are supposed to receive (user) registers himself or herself to the online environment
it. A digital signature, a cryptographic technique for authenti- (e.g., Banks). They will show their identity (public information)
cation and data integrity, relies on the message being sent and and authenticate this information by using its private informa-
the sender and utilizes mathematical operations to locate the tion. The signer(user) will use his public information (publicly)
signature. It is often referred to as a digital footprint. The digital and apply his private information for further processing. The
signature, unlike manual signatures, changes with each letter. The verification algorithm will check all its information and match it
proposed method is compared to the current EC Digital Signature with the accessing points of the users and the online environ-
Algorithm (ECDSA) to understand the output during the signature ment. If the user information matches, then he/she will access
and verification process. In terms of time taken, the findings are the system; otherwise, it will show the invalid symbol ⊥. The
considered to be comparable. In terms of encryption, the new whole process of the digital signature algorithm is based on the
scheme uses the extended Play-fair cipher to add data confiden- following Algorithms 1, 2, and 3, respectively.
tiality. Tzeng et al. [10] scheme can serve as a helpful building
block cipher and a self-certified pk method to construct a new 2.2. Encryption schemes
signature scheme with expanded notions of ECC. It is possible
to have the public key and the user’s identity simultaneously All those schemes in which security is based on ECDLP. There
validated in recovering the encrypted document. The two new are some encryption schemes Fig. 4 such as Data Encryption
4
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Algorithm 1: Keys generation

Input: Input security parameter (k ∈ (0, 1, 2, . . . , p − 1))
Output: Output private and public keys (d, Q )
1 Select d: as a private key, d ∈ (0, 1, 2, . . . , p − 1);
2 Compute Q : User Public Key, which are compute Q = d.G;
3 Select d as a random number where d ∈ (1, . . . , n − 1) ;
4 Finish ;

Algorithm 2: Signature generation

Input: Security parameter (k ∈ (0, 1, 2, . . . , p − 1))
Output: The message m ∈ (r , s)
1 Select k as a random integer; where k ∈ (1, . . . , n − 1); Fig. 4. Encryption types.
2 Compute x; x = d.G;
3 Compute y; y = d.G;
4 Calculate x mod n;
5 Compute s = (k − 1{h(m) + dr } mod n;
6 Sends (r , s) ;
7 Finish ;

Algorithm 3: Signature verification

Input: The message m ∈ (r , s)
Output: Signature verification v = r
1 Compute ω; ω = s − n mod n;
′ ′
2 Compute hash m ; m = h(m);
′
3 Calculate u1 = m ω mod n;
4 Calculate u2 = r ω mod n;
5 Calculate u1 .G + u2 .Q = (x, y) mod n;
6 Finish ;

Fig. 5. DES & AES algorithms flow.

party (a server) while retaining the right to search over

it selectively. In recent years, this issue has been the sub-
ject of active research. We demonstrate two SSE solutions
in this paper that share the following properties: Both
methods are more effective than all previous schemes.
Concretely, the server’s function per retrieved data is con-
stant instead of linear concerning the recovered data size.
Both systems have a higher level of protection. Indeed,
we demonstrate how to avoid subtle yet severe flaws in
previous notions of protection for SSE by designing con-
structions that stay away from these hazards. Furthermore,
our second strategy ensures innovative SSE security, in
which inquiries to the server can be selected adaptively
(by the opponent) throughout query implementation; this
Fig. 3. Digital signature flow. principle is both important in practice and has not pre-
viously been contemplated. Amazingly, although our SSE
schemes are more stable and effective, they are effort-
Standards (DES) [15] Fig. 5, Triple DES [16], Advance Encryption less. We view both solutions’ simplicity as a critical step
Standards (AES; where AES has the family (such as AES = 128, toward implementing SSE technologies. Additionally, we
192, 256)) [17]. The performance analysis is shown in Table 2, accept multi-user SSE. All previous work on SSE has been
and the encryption flow is shown in Fig. 4. conducted in an environment where only the data holder
is worthy of submitting queries for the data. The authors
(1) Searchable Symmetric Encryption (SSE): SSE enables a consider the natural extension under which unspecified
party to securely outsource its data storage to another different interest groups may send search requests outside
5
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Table 2
Performance and evaluation analysis.
Schemes Encryption Algorithms Parameters Techniques
DES 3DES AES Blow-fish ET T S Effectiveness
√
Nadeem al., [18] ×
√ × × Medium × × × DES
× ×
√ × Low × × × 3DES
× × ×
√ High × × × AES
× × × Excellent × × × Blow-fish
√
Salama al., [19] ×
√ × × × Medium × × DES
× ×
√ × × Low × × 3DES
× × ×
√ × High × × AES
× × × × Excellent × × Blowfish
√
Tingyuan al., [20] × × × High × High ×
× × × × × × × ×
× × × ×
√ × × × × DES/
× × × × × Medium × Blow-fish
√
Akash et al. [21] ×
√ × × Low × Low Low
×
√ ×
√ × × × × ×
× ×
√ Low × High Excellent AES/DES
× × × × × × ×
√
Natassya et al. [22] ×
√ × × Medium × × ×
× ×
√ × Excellent × High Excellent
× × ×
√ × × × × ECC
× × × × × × ×
√ √
Muhammad et al. [23] × × Increase × × × ECC
√
Sheela et al. [24] × × × – × × very CEC
Jiaxu [25] – – – × – – × Efficient ECC/RSA
√
Where × stands for No, for yes, - for not applicable, T stands for Through-put, ET for Execution Time, S for storage and CEC for Cyclic Elliptic Curves.

of the owner. We provide a definition of SSE and an effec- technique based on various chaotic-map with the invariant
tive and correct design in a multi-user environment that matrix. To improve the image’s security, a novel hobbling
outperforms traditional access control mechanisms [26]. To algorithm [34] built on the Arnold Cat Map (ACM) is pro-
close some gaps in the consistency (amount of false posi- posed. Encryption is achieved using a mix of reversible
tives generated) of PKE using keyword search. This paper matrices and a scrambling algorithm regarding image au-
presents numerical and statistical flexibility of the existing thentication. The key, which is longer than 120 bits, is used
definition of the right consistency and demonstrates that to establish the boundary values for all chaotic maps, and
the paradigm of [27] is computationally reliable. the length of the key can be increased if further protection
Additionally, the authors propose a new statistical reli- is required. In order to accomplish an enhanced level of
able framework. Additionally, they present a transforma- security while still retaining a high level of uncertainty in
tion from a transparent IBE scheme used to create a secure breaching the cryptographic image, the matrix sizes can
PEKS framework that, unlike the former, is guaranteed to be made adaptive. Numerous experimental, mathemati-
maintain continuity. Finally, the proposed three extensions cal, differential and key sensitivity analyses demonstrate
to the fundamental concepts discussed here: anonymous that an effective method for dynamic environments and
Hierarchical IBE (HIBE) [28], PKE includes a transitional communication is an asymmetric image encryption [35]
keyword search, while IBE includes a keyword search. Be-
algorithm.
cause in realistic searchable encryption [29,30] methods,
(3) Image encryption: To secure the image contents, most cur-
any time the data has accessed the frequency of results
rent encryption algorithms convert the original image to a
or the lack of security due to that search occurs, there
texture-like or noise-like image, which is an obvious visual
is a danger of information disclosure or theft; no search-
indicator of the existence of an encrypted image, resulting
able encrypted data should be used. A client uses a mask-
in a disproportionately large number of attacks. This article
encrypted probabilistic encryption method with a function
proposes a novel idea for transforming an original image
to deposit the data, which is probabilistically encrypted
into a data server. Afterward, a probiotic base server com- into a visually meaningful encrypted one to address this
putes a mask-encrypted homomorphic function of a hash problem. The simulation results and security analysis show
value. Unregistered data is randomly generated for the that the proposed design and framework have excellent
query and emits the search result [31]. encryption efficiency [36].
(2) Symmetric Image Encryption (SIE): A novel image encryp- (4) Dynamic Searchable Encryption (DSE): It is completed us-
tion method based on a chaotic composite structure. An ex- ing the features of a PEKS scheme and a Bloom filter; a
ternal key and two logistic systems are used for encryption, ciphertext search mechanism is completed in an insecure
which shuffles the locations and substitutes grey values for channel; fuzzy keyword search is enabled using a public
the image’s pixels. It uses a sub key caused by an external key searchable encryption scheme. The invention supports
key to take samples during the grey value substitution multi-keyword searches in Chinese; the keywords in a
process. By incorporating information from the shuffle po- document may be dynamically added or deleted. An inner
sition matrix into the grey value substituting procedure, product operation is carried out according to the inven-
the processes of shuffle positions and replacement grey tion’s method by constructing a search vector and a file
values are combined and efficiently, thus improving the vector to complete a fuzzy search matching function; the
encryption system’s coupling property [32]. Krishnamoor- similarity weight of the keywords in the document and the
thy and Murali [33] proposed an asymmetric encryption keywords in a search trap door. The ciphertext and fuzzy
6
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Table 3
Symmetric encryption.
Algorithms DES Triple-DES AES Blow-fish Hybrid cube
Years 1977 1998 2001 1993 2011
Built by IBM IBM VR JD BSSJ
AS Feistel Feistel SP Feistel SP
BC {0, 1} {0, 1} {0, 1} {0, 1} ∼{0, 1}
Key (size) 56 (bits) 112, 168 (bits) 128, 192, & 256 (bits) 32–448 1-4096 (integers)
Flexibility × 56-168 (bits) 256 key-size (multiple of 64) 64-448 key-size (multiple of 32) ×
R 16 48 10, 12, 14 16 4
BS (bits) 64 64 128 64 64 characters
Through-put <AES <DES <Blow-fish High <AES
Security A A E E H
Speed S VS F F M
Effectiveness S/W and H/W (slow) S/W (slow) S/W and H/W (Effective) S/W (Efficient) S/W (Efficient)
Attacks BFA BFA, KPA, CPA SCA Dictionary attack Not-yet

Where VR stands for Vincent Rijmen, AS for Algorithm Structure, JD for Joan Daeman, BSSJ for Bruce Schneier Sapiee Jamel, SP for Substitution Permutation, BC for
Block cipher, {0, 1} for Binary, ∼{0, 1} for Non-binary, A for Adequate, E for Excellent, H for High, S for Slow, VS for Very Slow, F for Fast, × for No, R for rounds,
Bs for Block size, < for Lower than, and M for Moderate.

keyword search functions are implemented; The ciphertext • Since a key update occurs between the user and KU-CSP, no
keywords can be safely transmitted over a public channel secure channel or authentication is required.
using a server and user double-key pair mode. The scheme
effectively resists keyword selection attacks by utilizing a 2.4. Attribute-based encryption
hash function and a pseudo-random function. The cipher-
text is checked under the condition that the cloud server is In an Attribute-Based Encryption (ABE) scheme, a user’s keys
semi-trusted [37]. and [Link] are each labeled with a set of descriptive attributes,
The comparison of the symmetric encryption is shown in and a key can only decrypt a ciphertext if the attributes of
Table 3. the C.T and the user’s key match. When at least k attributes
overlapped between a C.T and a private key, Sahai and Waters’
cryptosystem provided for decryption. While this primitive has
2.3. IBE
been demonstrated to be useful for error-tolerant encryption
with bio-metrics, its lack of expressibility appears to limit its
Boneh and Franklin [38] first construct the concept of the
use in larger systems [44]. Li et al. proposed a Personal Health
IBE scheme. IBE ‘‘compresses’’ [39] exponentially many pk into
Record (PHR), a new patient-centric paradigm of health infor-
‘‘global’’ parameters for email systems. Alice needs only to spec-
mation sharing that is often outsourced and stored by third
ify an email address and use the public parameters to send
parties, such as cloud providers. Personal Health Information
an encrypted email to Bob. There is no need for Alice to have
(PHI) can be disclosed to unauthorized third-party servers, raising
Bob’s public key in this solution. Since Bob possessed the setup
widespread privacy concerns. Encrypting PHRs prior to outsourc-
authority’s private key, he could have decrypted the text [40].
ing appears to be a promising method of ensuring patients retain
IBE is an innovative alternative to PKE because it does not re-
control of their own PHRs. However, the primary impediments
quire a Public Key Infrastructure (PKI). Any configuration,
to obtaining fine-grained, cryptographically imposed data access
whether PKI, must allow users to be removed from the system. In
control are privacy concerns, key management scalability, univer-
the traditional PKI setting, efficient revocation is a well-studied
sal access, and efficient user revocation. This paper introduces a
problem. However, there has been no research into revocation
processes in the context of IBE. The most realistic approach neces- novel patient-centric structure and a suite of Data Access Control
sitates that senders use time intervals while encrypting and that (DAC) protocols for patient health records stored on semi-trusted
all recipients update their private keys regularly by contacting servers. To fine-grained and scalable DAC for PHRs, the author
a trusted authority. The researchers must emphasize that this used ABE methods to encrypt each patient’s file and made the ci-
strategy does not extend as the number of users increases; the phertexts anonymous to protect the confidentiality of the records.
research on key updates is a constraint. We propose an IBE regime To solve the multiple data owner problems, the authors suggest
that improves the efficiency of key Updates on the trusted party’s a scheme that consists of managing users in a single protect-
side (from linear to logarithmic in user growth). The proposed ing domain and dividing data owners into multiple protection
scheme is based on the Fuzzy IBE (FIBE) primitive and the Binary domains. It dramatically reduces the management complexity
Tree Data Structure (BTDS), and it is provably stable [41]. for both the owners and the users. In order to do this, a sys-
Ryouta Okuhata et al. [42], construct an IBE scheme for the tem of multi-authority ABE has been implemented. With this,
Ideal Learning With Errors (ILWE) problem, a variant of the LWE a high degree of patient privacy is simultaneously assured. It
problem that is algebraic in LWE and improve the efficiency of also makes it possible to dynamically modify the access poli-
an IBE of LWE by incorporating ILWE. Jin Li et al. introduce out- cies and file attributes, as well as the ability to revoke user
sourcing computation into IBE and suggest a revocable system in or attribute access with simple on-demand actions and emer-
which the revocation operations are assigned to Cloud Service gency break-glass access. The proposed scheme’s security, scal-
Providers (CSP) to address the crucial issue of identity revoca- ability, and efficiency are demonstrated via extensive analytical
tion. The proposed scheme is fully functional to Key Update CSP and experimental results [45].
(KU-CSP) [43]: Further, the concept of ABE is used for the circuit [46,47]. Two
types of ABE systems exist:
• It ensures perpetual computation efficiency at PKG and pri-
vate key size on the user side. (1) Ciphertext Policy ABE (CP-ABE) [48–51]: CP-ABE scheme:
• The user does not need to interact with the PKG during the Every C.T has a private key attribute associated with it, and
key update process; in fact, the PKG will remain offline after for each key, hence, all users are assigned their individual
forwarding the withdrawal list to KU-CSP. access policies. For a user to be able to decrypt a C.T, the
7
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

attributes used to produce their private key must comply electronic cash systems. The proposed scheme’s security
with the access policy [52]. properties are examined, and it is discovered that it ful-
(2) Key Policy ABE (KP-ABE) [50,51,53–56]: In a KP-ABE filled all security aspects. Using a warrant enables the
scheme, the roles of an attribute set and an access policy identification of both original and proxy officers.
are flipped from those specified for CP-ABE: attribute sets Additionally, warrants are used to determine the proxy
are used to encode C.T. Whereas access policies on these agent’s signing authority to avoid delegation abuse. Addi-
attributes are compatible with users’ private keys. Further, tionally, the proxy signature is different from the signature
the authors talk about policies of access, or models of of the original signer, which protects against a malicious
access, and protocols about these, as well as models or proxy agent. The proposed scheme is based on the EC vari-
exchange protocols [52]. ant, and it significantly reduces the computational burden,
making it more efficient for supporting the class of applica-
2.5. Signcryption schemes tions. Such as e-commerce through mobile computing and
communication devices that require many individual short
Zheng [57] first proposed the concept of signcryption, com- messages for completion [70].
bining the features of digital signature and PKE in a single logical (3) Blind Signcrytpion: Amit and Sunder [71], proposed blind
step, significantly reducing the costs of signature-than- Signcryption. It is based on DLP and mutually merges
encryption. A signcryption scheme based on EC, applies the blind digital signatures and encryption. It provides the
signcryption scheme to the key management scheme of the Smart security properties such as confidentiality, anonymity, un-
Lock System (SLS) [58]. To reduce costs and maintains security traceability, and un-link-ability. Yu and He [72] proposed
of IoT environment with authentication and confidentiality of a blind signcryption scheme that simultaneously offers
the communication, the authors proposed certificateless EC ag- blind signature and encryption. The proposed [71,72], is
gregate signcryption scheme [59]. The proposed scheme is to unsuitable for low-constrained environments. Therefore,
attain secure fine-grained access control for the multi-recipient Riaz et al. [73] proposed a blind signcryption scheme based
communication between Utility Control Center (UCC) and smart on ECC. Riaz et al. the scheme provides confidentiality,
meters [60]. unforgeability, message integrity, signer non-repudiation,
message un-linkability, forward secrecy, and sender
(1) ID-Based Signcryption: Malone-Lee [61] created an anonymity. Recently, Shamsher and Nizam proposed a
identity-dependent cryptography system based on bilinear blind signcryption scheme based on HEC [74], which is
pairing. Libert and Quisquart showed in [62] that Malone more suitable for low-constrained environments.
Lee’s suggested scheme is weak in that the message’s
signature is clear in the C.T, meaning that the message 2.6. Motivation of this survey
is not semantically secure. Libert and Quisquart proposed
three identity-based signcryption systems, but not satisfy The motivation of this survey is the protection of the commu-
the criteria for forwarding security or public verifiability. nicating parties (users) in the in-secured channel. The user wants
Chow et al. [63] pioneered an identity-based cryptography to communicate with each other securely. For secure communi-
system that allows forward protection and public verifia- cation, the users need to use advanced information technology
bility. Boyen [64] created an IBS scheme that guarantees environments. The information technology environment and the
forward security and public verifiability while maintaining users need to communicate safely and fully and its communi-
the anonymity and un-linkability of the ciphertext. Malone cation activities. However, they need to secure and save these
Lee [65] then modified Boyen’s scheme to build a more environments where they share or send public and private in-
efficient one [66]. formation. The main focus of the users is to securely send, share,
(2) Proxy Signcryption: Gamage et al. [67] pioneered the idea or transfer their private information in open channels. Therefore,
of proxy signcryption. In this scheme, the authors discuss they must encrypt their private data before sharing, transferring,
the advantages of both signcryption and proxy signatures. and sending. To resolve this type of problem, the researchers used
A primary signer may create a proxy credential to dele- the concept of encryption.
gate his/her signing authority to a proxy signer in a proxy
signcryption scheme. The proxy signer will create a sign- 2.7. Comparison with other related surveys
crypted message on the original signer’s behalf. Only the
receiver has the power to decrypt this signcrypted mes- The encryption protocols can be found on the Internet. The
sage’s content and then check its authenticity. In case of researchers have found that the protocol information is fully
a dispute arising from the proxy signer’s or the original exposed in the initial communication and the initiator’s choice
signer’s repudiation, the message recipient may announce of encryption algorithms Table 4, thus helpful in identifying
the proxy signature to a Trusted Third Party (TTP) for public encrypted traffic. After that, the authors identify and define
verification without additional computational costs. Proxy the encrypted payloads (features) using taxonomies and sur-
encryption schemes can be used in various applications, vey encrypted function categories. The specific classification of
including online proxy auctions and contract signing [68]. mentioned algorithms has the additional benefit of identifying
Proxy signcryption is essential security for emerging secure encrypted protocols as well as recognizing the encryption proto-
communication (e-business, e-voting, mobile agents, con- cols. In the end, the authors show the methods of feature-based
tract signing, and e-auction. It combines the functions of a classification in action, discuss their strengths and disadvantages,
proxy signature and encryption to achieve basic protection and more feature-oriented methods [75]. A new standard encryp-
features and reduce the communication & computational tion algorithm improves to describe a multi-core processor that
overheads [69]. It also provides a safe method for users to makes a secured C.T with a high rate of performance [76]. For
assign privileges to their proxy agent to accomplish tasks. certain types of cryptography, cryptographers also use different
This article proposes a scheme for proxy signcryption, in algorithms and keys. Each class presents a different set of chal-
which the original signer assign his signing rights to a lenges to the cryptographer. Some classes enforce a different key
proxy agent. This scheme has a variety of uses, including agreement unrelated to standard correspondence protocols [77].
8
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Table 4 operating system, resulting in improved trust. This approach pro-

Encryption algorithms properties. vided insight into the usage of cryptography, but it had too
Encryption Confidentiality Authenticity Integrity Key man- Secret key many overheads to be included in commercial operating systems.
(Classes) agement agreement
Finally, modern manufacturing technologies also evolved to in-
SKC ✓ × × ✓ ✓
crease the security of particular processes in specific operational
PKC ✓ × × ✓ ×
DS × ✓ ✓ × × environments, perhaps by adding co-processors. On the other
KAA ✓ Optional × ✓ × hand, this technique lacks generality and has a range of flaws.
H × × ✓ × × Memory encryption primitives have recently been incorporated
AC × ✓ ✓ × ✓ into commodity processors such as the Intel i7, AMD bulldozer,
Where ✓stands for yes, × for no, SKA for secret key agreement, SKC for secret and many ARM versions. The way for new operating system
key cryptosystem, PKC for public key cryptosystem, DS for digital signatures, designs that protect data privacy outside the CPU. There has
KAA for key agreement algorithm, H for the hash, and AC for authentication been very little practical experimentation to date, and the im-
codes.
provements in security and associated efficiency loss are still
unknown. This essay discusses the emerging memory encryption
literature [82] from the viewpoint of these main issues.
The encryption method using a symmetric block cipher trans-
Various encryption techniques exist, and it conducts a com-
forms the PT into the CT with the key algorithm [78].
parative analysis of all the techniques as a literature review.
As data is transmitted over the internet for an extended pe-
The aim is to conduct a comprehensive experimental analysis
riod, it loses its secrecy, enabling hackers to steal the information of implementations of various available encryption techniques.
in the database facility. Moreover, when data is sent to a cloud Image encryption [83–87] techniques and knowledge encryption
environment, it loses data confidentiality, resulting in dissatisfac- techniques are also covered. This research enlarges the efficiency
tion among cloud users. This post will look at various encryption parameters used in encryption processes and examines their
strategies for securing cloud storage. This paper gives a quick security [88]. Nowadays, multimedia applications are becoming
summary of some of the most common cryptographic strategies increasingly popular. The security of video communication is
for improving cloud protection [79]. of paramount importance for commercial use, such as video-
In the age of increasing surveillance, ciphers are making it on-demand providers or business meetings. In order to satisfy
possible for users to have a sufficient degree of protection while the unique criteria of video transmission, various video encryp-
maintaining confidentiality to minimize significant output. Since tion algorithms have been suggested. Based on their association
the characteristics of the CPU and the memory cache being in- with video compression, video encryption algorithms are classi-
terconnected make the first-suggested algorithm to route the fied into two categories: joint compression and encryption and
ciphering engine somewhere between the two system layers, independent compression encryption algorithms [89].
doubting the integrated memory size is not an economically Although Digital Rights Management (DRM), more precisely
viable option at this time. Following these lines of inquiry, it was copyright preservation, aims to safeguard content owner profits
concluded that a compression step could be added before the by making videos unshareable for free, the most common use
encryption step to create a less lengthy ciphered record. It could of DRM video encryption [85,90] today is copyright protection,
improve the system’s robustness while reducing performance loss where the content owner seeks to protect their market value
and increasing protection [80]. by excluding others from distributing content that they possess
Explore and describe the range of low-resource cipher designs without receiving monetary compensation. For the same reason
in the cipher design space and correctly identify the proper limits why cable TV operators like to give the free public access to
of low-resource ciphers. The paper’s main problem is how the portions of their programming in an attempt to entice new cus-
literature addresses the widely recorded output metrics when tomers, service companies, such as pay-TV services, often provide
comparing cipher implementations. There are proven checklists public access to various advertising segments in order to acquire
to analyze the origins of inaccuracies and deviations. In order new customers [91].
to make sure all of the metrics of various measurements of the In Wireless Sensor Networks (WSN) [92], the data quality
system are relevant, the authors created a more open method- of the network must be improved. More protection is required
ology for everything. The proposed scheme has determined the to ensure the integrity, authenticity, and confidentiality of data
energy/bit to be the most suitable metric for energy-constrained flowing through the network. Encryption is one of the most
designs with low resource constraints. Next, the software and widely used methods for providing security services to WSNs. The
hardware implementations of the block cipher algorithms are area of encryption algorithms in WSNs has tremendous research
surveyed, examined, and then the impact of the modifications potential [93]. Mobile Ad-hoc NETwork (MANET) is an extensive
is evaluated. The paper evaluates the best-performing ciphers network of moving devices not connected by wires in a con-
across different dimensions and points of functionality and per- tinuous arrangement. The MANET characteristics are dynamical
formance, suggesting the Present cipher as a good starting point topology, which means that mobile devices may join or leave
for hardware implementations. What comes to light from this the network at any time; they will also be able to move freely,
survey is that future research initiatives will have to discuss and every node will communicate. Also included is a router,
(unresolved) problems and facts yet to be uncovered [81]. which makes it easier to relay packets received from neigh-
Memory encryption is yet to be enforced at the core of op- bors. Accessibility, authorization, key management, data privacy,
erating system designs to ensure the integrity of code and files. data purity, and non-disapproval are all security requirements in
As a consequence, the software stack has multiple flaws at any MANETs [94]. In wireless networks and internet protocols, RC4 is
level. Three general methods have arisen to resolve this problem. most deployed [95].
The most commonly used approach entails complicated hardware A certificate-less encryption scheme that offers no outside
modifications that enable encryption and decryption inside a protection should be considered ‘‘incorrect’’. We also analyze the
well-defined, trustworthy boundary. Regrettably, these concepts security models that use to avoid an aggressive adversary at-
have only been prototyped and not integrated into mainstream tempting to mislead a legitimate center into supplying them with
processors. A new approach has been made to complement ex- a false key and an adversary attempting to misappropriate a key
isting hardware with core manipulation enhancements in the by forging his or otherwise providing fake information (to deny
9
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Table 5
A comparison of existing surveys.
References Years Platform Security Performance Key idea Privacy
Velan et al. [75] 2015 Data transport, and Network traffic ✓ ✓ CAET ✓
Thomas and Andreas [91] 2012 Video format (H .264) ✓ ✓ AVC/SVC Encryption ✓
Fuwen and Hartmut [89] 2010 Video communication ✓ ✓ Video Encryption ×
Micheal and Stephen [82] 2014 Intel i7, AMD bulldozer, and multiple ARM variants ✓ ✓ Memory Encryption ✓
Elbaz et al. [80] 2007 Embedded Systems ✓ ✓ Encryption ×
Bassam et al. [81] 2015 Low-resource devices ✓ ✓ Lightweight Ciphers ×
Alexander [96] 2007 Random oracle model ✓ × Certificate-less Encryption ×
Alexander [97] 2008 Random oracle model ✓ × Certificate-less Encryption ×
Haythem et al. [93] 2014 Converge-cast traffic in WSN ✓ ✓ End-to-End Encryption ✓
Manju et al. [35] 2017 Secure data transfer ✓ ✓ Image Encryption ×
Rekha et al. [94] 2014 Secure data retrieval ✓ ✓ DTN ✓
Ramesh and Kumar [76] 2016 Electronic communications ✓ ✓ Conventional encryption ×
Ernest [2] 1990 Programmable Active Memory chips × ✓ RSA ×
Our survey 2021 MDE ✓ ✓ ECC ✓

CAET stands for Classification and Analysis of Encrypted Traffic, WSN for Wireless Sensor Networks, and DTN for Disruption Tolerant Network.

the legitimate receiver that ability to decrypt the ciphertext).

With the current key generation model, there may be cases where
a Center will try to do malicious things that are not covered by it.
This makes it necessary for us to develop a new model [96,97].
Mobile communication is one of the fastest communication
platforms. The sender sends its data (Short Message Service
(SMS)) [98] through Mobile’s [99]. To make SMS secure, it needs
to use compression and encryption techniques. The applied tech-
nique is to revoke eavesdroppers. The encrypted classification is
used to improve the Network service Quality (NSQ) and to assist
in improving the network security [100].
The biometric device that tackles facial identification and the
analysis of DNA is referred to as the Cryptosystem [101]. The
topical aspect of network security is using EC Architectural frame-
works. The primary EC architectural framework is focused on
the arithmetic of ECs and DLPs. In the realm of cryptography,
public-key systems are public-key-oriented processes that use
encryption, digital signatures, and key exchange algorithms [102].
In embedded systems (such as Personal Digital Assistants
(PDA), mobile phones, etc.), the external memory constantly ex-
changes the data between RAM and processor (CPU). The memory Fig. 6. The encryption survey.
contains confidential data (commercial software or private data),
which needs to protect. Therefore, encryption techniques are
used in the memory bus to protect the Memory Communication 2.8. Contributions of this survey
Channel (MCC) [80]. In cloud computing, with the availability
of Mobile Smart Devices (MSD) and Ubiquitous Network Con- In this survey, we review existing encryption schemes (e.g.,
nections (UNC), users upload their data to remote servers more SSE, SIE, Image encryption, DSE, IDE, ABE, Signcryption, Proxy
and more. For significance, security breaches such as integrity, signcryption, Blind signcryption, etc.) in different research do-
confidentiality, and authenticity are constantly threatened. To mains such as data transport, network traffic, video communica-
tions, embedded systems, low resources devices, random oracle
overcome these issues, multimedia data is secured due to en-
model, secure data model and retrieval, electronic communica-
cryption before transmission and storage [103]. In the world,
tions, programmable active memory chip, and MDE, etc. Our
the internet and network application are rapidly growing. These
motivation is to write a comprehensive survey of encryption
applications primarily need security during data communica- techniques and highlight their applications. In summary of this
tion, such as e-commerce or e-government. Encryption ensures paper, the following contributions are made:
that the data exchanged over a network remains confidential.
Encryption algorithms use a colossal amount of computational • We review the existing encryption schemes and their types
energy (e.g., memory, power, time, etc.) [104]. A novel form of and highlight their important features.
Plausible Deniable Encryption (PDE) that ensures data secrecy • We focus on the communications and computations over-
against repressive (i.e., the intruder will compel the end user for heads.
the decryption key) and non-coercive offenders [105]. • We focus on security and privacy holding properties.
The authentication, protection, and methodology in cloud stor- • We provide a comprehensive overview of the uses and
applications of encryption techniques.
age are accompanied by confidentiality, access control, and data
• We sketch certain open problems, current challenges, and
encryption. To protect, encryption methods are explored in this
possible future research directions.
article, as technology advances daily and data security is needed.
Encryption alone is insufficient to protect data; to increase pro- 2.9. Lessons learned: Summary and insights
tection, with anonymity [106]. The comparison of the existing
surveys and the yearswise encryption representation are pre- This Section 1 presents the introduction of the ECC and its
sented in Fig. 6 and Table 5. basic terminologies of communications, security, and privacy. We
10
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

used cryptographic schemes (RSA encryption, DHKE, AES, DES,

ABE, IBE, Signcryption, Proxy Signcryption, and Blind signcryp-
tion schemes) for these terminologies, etc.), which are based on
ECC. RSA encryption can help us to encrypt the message and
recover it. The classical cryptosystem is replaced by a digital
signature, which is more practical, theoretical, and convenient for
implementation. The ECC-based schemes replace RSA encryption,
DKHE, and ElGamal cryptosystems and remove all the existing
schemes’ shortcomings. During the data transmissions, the send-
ing information is un-secure, and it is vulnerable to theft of the
data or eavesdropping take successful attacks. Therefore, cryptog-
raphy makes the sender and receiver send their data securely and
mutually process and receive their data. The term used for that
type of communication is known as a digital signature. A digital
signature is a cryptographic technique that security properties
such as integrity and authenticity. To secure the sending and
receiving information, the sender and receiver used ECDSA. The
encryption schemes, such as AES, DES, and Triple DES, are the best
examples of ECDSA.
SSE security, in which the adversary will choose adaptively
(during the search execution) which queries to send to the server;
this principle is both important in reality and has not been con-
sidered previously. Surprisingly, despite being more stable and
reliable. The versatility of both methods is a crucial step toward
implementing SSE technology. The existing scheme cannot own Fig. 7. The structure of this survey.
the data, but SSE makes the connected users (multi-users) capable
of sending and searching queries.
SIE is a new way of encrypting images built on a chaotic hybrid
scale well as user numbers increase; work on critical upgrades
form. An external key is encrypted; two logistical systems mix
becomes a bottleneck.
places and replace gray values with pixels in the picture. It uses
Every user’s keys and C.T are labeled with a collection of
an external key to take samples during the gray value replace-
ment operation. The shuffle positions and substitution of grey descriptive attributes, and a key will decrypt a ciphertext only
values are combined quickly and efficiently by integrating details if the C.T attributes matched those of the user’s key when a C.T
from the shuffle position matrix in the gray value substitution and a private key had at least k attributes in common. Sahai and
process, which improves the encryption device coupling property. Waters’ cryptosystem allowed for decryption. While it has been
The mixture of invertible matrices and algorithm shuffling in the shown that this primitive is suitable for error-tolerant encryption
picture encryption provides double-layer protection. The 120-bit using biometrics, the unwillingness to be represented precludes
hidden key creates the initial conditions for all volatile maps its usage in larger schemes.
and can extend the duration of the key much more for excellent Signcryption is a scheme that combines the roles of digital
security. The size of the invertible matrices can be adaptable signature and PKE in a single logical stage, significantly lowering
to achieve improved security while ensuring a high degree of the cost of the signature over encryption.
difficulty in breaking the dials. Multiple experimental, statistical,
differential, and key sensitivity tests show an efficient system 2.10. Organization of this survey
of real-time applications and transmission with the asymmetric
image encryption algorithm. Fig. 7 presents the structure of this survey and this paper’s or-
DSE is completed using the features of the PEKS and the Bloom ganization as follows. In Section 2, we described the background
filters; an incompetent channel completes a search process for study. Section 3, presents state of the Art. Section 4 describes
C.T; a public-secured encryption keyword search is allowed. The the taxonomies of EC. Section 5, presents EC case study. Sec-
inventory allows multi-keyword searches in Chinese; keywords tion 6 presents the open problems and future research directions.
in a document can be dynamically inserted or excluded from Finally, in Section 7 we describe conclusion.
the document. In-house product operations are performed in line
with the approach used by the innovation by creating a search 3. State of the art
vector and file vector to complete a striking search matching
feature. C.T. Keywords can be securely sent over a shared channel
3.1. Discrete logarithm problems
using double-key servers and users. It efficiently resists selecting
keywords through a hash function and pseudo-random feature
Definition 1. The Computational Diffie–Hellman Problem
and checks C.T as long as the Cloud service is semi-trustworthy.
(CDHP) [107]. For a given input (g , g x , g y ) ∈ G3 , compute g xy ∈ G.
The C.T. The search functionality is introduced.
IBE is a novel alternative to PKE because it does not involve us-
ing a PKI. All configurations, whether PKI- or identity-based, must Definition 2. The Decisional Diffie–Hellman Problem (DDHP)
allow for user removal. Effective revocation in a standard PKI [107]. For a given input (g , g x , g y , g z ) ∈ G4 , decide whether z =
environment is a well-studied topic. However, no study has been xy ∈ Zp .
conducted on IBE revocation procedures. A realistic approach to
this issue involves users configuring the transmission of their data Definition 3. The l-weak Diffie–Hellman Problem (l-wDHP). For
l 1
such that any message has a pre-determined period. Each user’s a given input (g , g x , . . . g x ) ∈ Gl+1 , compute g x ∈ G. This problem
private key must be changed often by contact with a security au- was introduced for a traitor tracing scheme [108]. It is called also
thority. The authors should emphasize that this strategy does not the l-Diffie–Hellman Inversion (l-DHI) problem [109].
11
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Definition 4. l-strong Diffie–Hellman Problem (l-sDHP). For a • WTP attacks: This attack constructs an isomorphism from
given input (g , g x , . . . g x ) ∈ Gl+1 , compute a pair (c , g 1/(x+c) ) ∈
l
⟨P ⟩ to G when the additional constraint n ∤ (q−1) is satisfied,
Zp × G for a freely selected value c ∈ Zp \{−x}. Boneh and Boyen while the WTP attack constructs an isomorphism between
proposed this issue in order to develop a short signature scheme ⟨P ⟩ and G as long as it does not make use of this extra
that is provably stable in the standard model (without random constraint. In this context, the integer k is the embedding
oracles) [109], and it was subsequently used to develop a short degree.
community signature scheme [110].
Definition 9. To find the multiplicative order of q modulo n,
3.2. ElGamal encryption scheme search for the smallest positive integer k so the qk = 1(modn).
That integer is k, and because q is evenly divisible by n, it must be
The Elgamal scheme is define as [107]: Let G be an Abelian a multiple of n. Since n divides qk − 1, the multiplicative category
group of prime order p and g a generator of G. Suppose that the F ∗ qk of the extension area F qk has a special sub-group G of form
sk and pk of the recipient are x ∈ Zp and g x , respectively. In order
n.
to encrypts m ∈ G, a sender selects a random k ∈ Zp and sends
[Link] (c1 , c2 ) = (gk , m(g x )k ) to the recipient. The receiver recovers
m by computing c2 /c1x . 3.4. Bilinear pairing

Definition 5. ElGamal public key [111]: Given g and p, a sk

Let P is a generator of a cyclic additive group G1 , its cyclic
is randomly selected to be a non-negative integer x with a bit
multiplicative group G2 , of order q of G1 and G2 . A bilinear pairing
length.
defines as a map e : G1 · G1 → G2 . Its properties are [114]:
Definition 6. ElGamal Encryption [111]: Let M is a message and (1) Bilinearity: e(aP , bQ ) = e(P , Q )ab .
belong to Zp∗ , and generate a new number r ∈ Zm , for m = 2|x| , is (2) Nondegeneracy: There exists P , Q ∈ G1 , let e(P , Q ) ̸ = 1,
chosen at random; the resulting C.T (g r , X r · M). (identity element 1 ∈ G2 ).
(3) Computability: ∀(P , Q ) ∈ G2 , computing e(P , Q ) is easy.
Definition 7. ElGamal Decryption [111]: Let C.T (R, Y ) is per-
formed by computing Rx modp, inverting it modulo p, and then Definition 10. Bilinear Diffie–Hellman (BDH) Problem [114]: Let
multiplying Y by the result modulo p. G1 and G2 be cyclic groups, the prime order q, P is a generator
of G1 and e : G1 × G1 → G2 is a bilinear pairing map. Defini-
3.3. Elliptic curve discrete logarithm proble tion 10 BDH problem in ⟨G1 , G2 , e⟩ is to compute e(P , P)abc when
(P , aP , bP , cP).
ECC is applicable to data encryption and decryption, key ex-
change procedure, and digital signatures. The Weierstrass (E : Definition 11. q-Diffie–Hellman (q-DH) Problem [114]: Let G1
E1 , E2 ), known as an EC E over the Galois Field (GF) defines an
and G2 be cyclic groups, the prime order q, P is a generator of G1
EC as a set of points [112] described by the following equations:
and e : G1 × G1 → G2 is a bilinear pairing map. Definition 11
E1 : y2 + a1 xy + a3 y = x3 + a2 x3 + a4 x + a6 (1) q-DH problem in G1 , is to compute ⟨P , α P , α 2 P , . . . , α q P ⟩ when
q = 1.
E2 : y2 + a1 xy + a3 y = x3 + a2 x3 + a4 x + a6 (2)
Definition 12. q-BDH Inversion Problem. Let G1 be a cyclic group
The relation between isomorphism and the elliptical curve is whose order is the prime number q, P is a generator of G1 and
an equivalence relation defined over K . If two ECs (E1 and E2 ), e : G1 × G1 → G2 is a bilinear pairing map. By Definition 12, G1
then their groups E1 (K ) and E2 (K ) of K -rational points are also 1
is to compute (P , P) α , when ⟨P , α P , α 2 P , . . . , α q P ⟩, when q = 1.
isomorphic [113].
Definition 13. q-BDH Inversion Problem. Let G1 be a cyclic
Definition 8. Two EC E1 and E2 defined over K and given by
group whose order is the prime number q, P is a generator of
Eqs. (1) and (2), are called isomorphic over K .
G1 and e : G1 × G1 → G2 is a bilinear pairing map. Defining the
• Isomorphism attacks: In groups G for which sub- Computational DHP (CDHP) in ⟨P , G1 , G2 , e⟩, is to compute abP,
exponential-time (faster) algorithms are known, isomor- when given (P , aP , bP)(a, b ∈ Zq∗ ).
phism attacks reduce the ECDLP to the DLP. These attacks
are unique in that they produce ECDLP solvers that outper- Definition 14. The l-Bilinear Diffie–Hellman Inversion Prob-
l
form Pollard’s rho algorithm only for certain types of ECs. lem (l-BDHIP). For a given input (g , g x , . . . g x ) ∈ Gl+1 compute
The attacks on isomorphism conceived are as follows [113]: e(g , g)1/x ∈ GT . In the basic model, [115], the development of
(1) Prime-field-anomalous attack: The ECDLP in an EC a stable IBE. It is often used to make verifiable random func-
of order p specified over Fp is reduced DLP in Fp+ tions [116] and a hierarchical IBE scheme [117] with a constant
(additive group) of Ip (integers mod p) by this attack C.T.
on the curves.
(2) WTP attacks: The isomorphism ⟨P ⟩ and a subgroup Definition 15. The l-Bilinear Diffie–Hellman Exponent Problem
l l+1 2l
of order n of the multiplicative group Fq∗k of some (l-BDHEP). For a given input (g , g x , . . . g x ) ∈ (Gl−1 , g x , . . . , g x )
xl
extension field F qk . ∈ G 2l+1
compute e(g , g) ∈ G . The proposed IBE scheme [115]
′

(3) Gaudry, Hess and Smart Weil descent attack: Is used is used for a pk-broadcast encryption scheme [118] with con-
to reduce the ECDLP in an EC defined over a binary stant size transmission overheads. T. Okamoto used l-BDHIP and
field F2m to the DLP in the Jacobian of an HEC defined l-BDHEP Definitions 14 and 15, for blind and partially blind sig-
over a proper sub-field of F2m . nature [119].
12
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

3.5. Digital signature

Digital signatures are a critical component of information and

network security. The EC Digital Signature (ECDS) scheme is one
of the most widely used digital signature schemes, and it is widely
regarded as the best replacement for the RSA cryptosystem. It
is safe in principle and practice, and it is simple to use and en-
force [9]. The system initialization procedures, signature process,
and validation process are the three parts of a digital signature
scheme. The initialize process generates software parameters; the
signer performs signature operations on the information received
signature. The verification process validates specific signatures
on the certification information to ensure its accuracy [120]. The
effect of reverse-mode activity on the efficiency of digital signa-
tures is one of the most significant factors in ECC. The analysis
of the restricted domain of the ECDS method to prove the algo-
rithm’s correctness, a non-mode based on the inverse operation
of the ECDSA, does not reduce protection based on improved
algorithms efficiency [121]. Digital Signatures are the bedrock
Fig. 8. The security levels (Level I-V).
of the computerized world’s online transactions. They ensure
that the sender’s actions are not rescinded and that protection
is maintained. Digital signatures have evolved for an unknown
period, and scientists have made several improvements to the using the same much shorter key, so it has a wide range of
standard plans. The authors present a scheme that overcomes applications [126]. The proposed scheme improved the digital
the shortcomings of its predecessor, Jhong’s digital signature, signature scheme. The authors analyzed its security according to
implements the solution, and shows that it is robust in terms the high computational complexity of ECDSA [127]. One of the
of computational costs compared to other approaches and at- key factors influencing the efficiency of digital signatures in ECC is
tacks. The results show that the proposed scheme is suitable for the modular inverse process. Considering the impact of modular
signature generation, signature verification, and attack resistance inverse operations on digital signature performance, this paper
regarding computational costs. Overall, the proposed scheme is proposes two new EC-based digital signature schemes that do not
superior in every way [122]. ECC is based on ECs over FFs, which require modular inversion. It has significantly improved the latest
is one such technique. EC Integrated Encryption (ECIE), ECDH, signature in terms of security and performance [128].
ECDSA, and other ECC variants are available. The ECDSA and its
implementation specifics are examined in this document. Be- 3.6. Threshold signature
cause of its ability to provide reasonable protection and smaller
key size, ECDSA has recently gained much traction. The authors Wang and Lu [129,130], to optimize these strategies for net-
suggested many enhancements that can be integrated into the work execution, the proposed system offers an efficient recog-
current algorithm to boost its security performance. The proposed nition Threshold Signature Scheme (TSS) centered on the ECC.
work and the current algorithm are both implemented in Java, The proposed threshold signature scheme needs less criteria than
and results are obtained [123]. The use of ECs to realize software existing TSS schemes based on the RSA and El-Gamal but offers
registration and fight piracy [124]. superior efficiency and security. In addition, it is based on two
It is also difficult to apply in the real world: many eval- points, while most threshold signature systems are based on only
uators look at the same person. After a thorough review, the one. The threshold value, which denotes the minimum number
evaluators will turn in their reports to a reputable organiza- of participants required to produce a legitimate group signature,
tion, which will tally and monitor all the findings. In order to distinguishes the proposed scheme. Both message receivers will
be effective, an optimal evaluation process should have these then verify the signature.
characteristics [125]:
3.7. Blind digital signature
(1) Legitimacy: Only a legal evaluator can assess the legitimacy
processes.
A Blind Digital Signature (BDS) scheme based on the ECDSA
(2) Anonymity: The evaluator’s test reports are confidential
greatly improves performance. The proposed scheme’s protection
and cannot be accessed illegally during the evaluation pro-
is dependent on the ECDLA problem. As a result, it has much
cess.
shorter key lengths for the desired security levels (Fig. 8) and
(3) Non-repeatability: No legal evaluator will test the same
much faster cryptographic methods, requiring less hardware and
case twice.
software. Compared to previously proposed schemes, the pro-
(4) Verifiability: Assuming they cannot sacrifice their personal
posed BDS scheme improves relative efficiency by up to 96%,
secret information, the evaluators may verify if their as-
according to simulation results [131]. Fang proposed scheme
sessment information is included in the results and pub-
examined whether the person signing the message can be sure
lished or not.
of its characteristics and how trustworthy they believe the signer
A digital signature is a password-based electronic document sig- to be. The algorithm is more robust than those of its kind [132].
nature technique; a digital image is not a written signature. It
resembles a handwritten signature or seal and can also be called 3.8. Encryption
an electronic seal—the proposed ECC-based digital signature de-
sign. To ensure the security of the RSA cryptosystem, the key RSA encryption schemes [1–5] are used to recover the orig-
length must be increased repeatedly, increasing the computa- inality of the original message (P.T) by using encryption. The
tional burden. On the other hand, ECC security can be accessed message is recovered in the verifier place and does not need to
13
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

be hashed or signed (by the signer signature, etc.). The P.T can be 3.13. Blind signcryption
encrypted by using the signer’s private and public information,
such as private and public keys. Riaz et al. [73], proposed the concept of a Blind Signcryption
Scheme (BSS) based on EC. Due to the small key size, the proposed
3.9. Re-encryption scheme is efficient for low-constrained devices. It provides se-
curity properties (e.g., confidentiality, integrity, non-repudiation,
A cryptographic protocol focused on data re-encryption has unforgeability, forward secrecy, unlink-ability, anonymity). Re-
been applied to a cloud computing model to determine its viabil- cently, Shamsher and Nizam have suggested a BSS based on
ity in improving communication protection and supporting highly HEC, which significantly reduces the computational overheads
scalable and secure cloud computing systems serving an inclu- due to HEC’s small key size [74]. Without knowing the original
sive mobile device consumer community. The suggested scheme contents, the signer creates signcrypted text from blindly signs
leverages the cloud provider’s scalability to perform the necessary of the message contents and forward to the polling server. For
re-encryption activities inside the cloud rather than inside the acceptance and rejection, the polling server checks its validity or
manager; this would occur without allowing the cloud to access
authenticity [142].
adequate key content to decrypt the user data. Although the
manager is liable for organizational re-generation in his or her
3.14. Lessons learned: Summary and insights
capacity as a trustworthy authority, the evolving key content used
to build iterations of secret keys may be safely shared by the
This Section 2, presents background study. We described the
cloud provider, resulting in a more efficient and flexible authen-
State of the art digital signature, threshold signature, blind digital
tication protocol [133]. In order to generate a re-encryption key,
signature, encryption, re-encryption, proxy re-encryption, sign-
a code that uses the RKG method would re-encrypt data collected
by encrypting the P.T data on a first user device with a first pk of cryption, proxy signcryption, and blind signcryption.
the first user device in the absence of decrypting the encrypted State of the art contains the basics Definitions 1–15 of the dis-
data on the first user device. This re-encryption key is then used crete logarithm problems. Digital signatures are an integral part
to decrypt the re-encrypted data that can be accessed with a of data and encryption. The ECDS scheme is a commonly used dig-
second sk of a second user device. The first storage ensures that ital signature scheme widely accepted as the best alternative for
a first secret key, which corresponds to the first pk, is processed. the RSA cryptosystem. It is secure in theory and reality and easy
The second storage mechanism implies that a second public key to implement and execute. The three components of a digital sig-
associated with the second sk is kept. A new re-encryption key nature scheme are the device initialization process, the signature
is provided, which ensures that the new re-encryption key is process, and the authentication process. The initialize process
generated using the first sk, the second pk, and the first random produces program parameters; the signer process conducts sig-
number [134]. nature operations on the received information. The verification
process verifies those signatures on the received data to enable its
3.10. Proxy Re-encryption authenticity. One of the most critical considerations in ECC is the
impact of the reverse-mode operation on the efficiency of digital
In a Proxy Re-encryption Scheme (PRE), a proxy provides signatures. The study of the ECDS method’s restricted domain
certain information that enables it to convert a C.T encrypted with demonstrates the algorithm’s correctness. A non-mode depen-
one key into a C.T encrypted with a different key [135]. dent on the ECDSA’s inverse operation, the algorithm does not
decrease security due to its increased efficiency. Digital signatures
3.11. Signature-than-Encryption are widely recognized as the foundation for online purchases in
the information era. They ensure that the sender’s decisions are
Zheng [57], first proposed the concept of Signature-than- not reversed and that the recipient receives a defense. Digital
Encryption known as signcryption. The signcryption scheme is signatures have developed over time, and scientists have made
a publicly verifiable scheme that a third party can verify af- numerous changes to the standard plans. The authors propose a
ter the individual recipient has removed his key information. scheme that overcomes the shortcomings of its ancestor, Jhong’s
The proposed scheme is safe against the ACCA [136]. In 1998 digital signature. It incorporates it and demonstrates that it is
Zheng and Imai’s [137] said that signcryption is a modern PKC
stable in computing costs and attack resistance compared to other
paradigm and is notable for performing all the roles of PKE and
methods.
digital signature at a considerably lower cost than signature-then-
A BDS scheme built on the ECDSA with significant efficiency
encryption. The goals of the proposed scheme are to show how
improvements. The proposed scheme’s security is conditional on
to specify signcryption schemes on EC over FFs and to evaluate
resolving the ECDLA problem. As a result, it requires significantly
their performance [137].
small key lengths to achieve the required degree of reliability and
3.12. Proxy signcryption significantly faster cryptographic methods requiring less hard-
ware and software. According to simulation performance, the
Gamage et al. [138], the authors first proposed the concept of proposed BDS scheme increases relative efficiency by up to 96% as
a proxy signcryption scheme, in which the authors extend the compared to previously proposed schemes. The proposed scheme
proxy signature. The proposed scheme is based on DLP in the tested whether the individual signing the letter is confident of
traditional PKI. A valuable cryptographic method is the proxy its contents and how trustworthy they think the signer. The
signcryption scheme. Consider the following scenario: a manager algorithm is more efficient than similar algorithms.
in an organization will delegate his or her right to sign a message The use of a data re-encryption-based cryptographic protocol
to an agency in the event of a time crunch. The standard proxy has been applied to a cloud computing framework to examine the
signature will not suffice if the message contains confidential suitability of this approach for improving secure communication
information. A proxy signcryption scheme, on the other hand, and continuing to support highly scalable and secure cloud com-
solves the problem. The proposed scheme [70] is based on the puting systems which serve a massive mobile device market. The
EC. variant, solving the message sensitivity and proxy signa- proposal takes advantage of cloud scalability by implementing
ture problems. Many studies on proxy signcryption have been the required re-encryption operations inside the cloud rather
published [139–141]. than on-premises. However, this occurs without giving the cloud
14
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

service provider access to adequate key content to decrypt the (2) Discrete Logarithm Problem (DLP) Schemes: Its security is
user data. To manage and control the technical re-generation, based on insolvable of DLP in FF, such signature schemes
the manager holds only a position of trust. Since that trust lies are Elgamal [145], Schnorr [146], DSA [147], and Nyberg
solely with the manager, this elevates the cloud provider’s role, [148,149].
which benefits efficiency and flexibility because they do not (3) Elliptic Curves (ECC) Schemes: Its security is based on the
have to worry about managing the key content that is evolving insolvable ECDLP.
and changing. An RKG scheme re-encrypts encrypted text data
collected by encrypting P.T data with a first pk of a first user 4.2. ECC-based encryption
computer without decrypting the encrypted text data to generate
a re-encryption key for accessing re-encrypted text data that can ECC is a form of cryptography that employs pk, which is
be decrypted with a second pk of a second user device. The first computationally more difficult to implement but faster and pro-
storage indicates the storage of a first secret key corresponding to vides superior security compared to the commonly used RSA and
the first pk. The second storage refers to storing a second public AES [150]. ECC encryption is better than AES or RSA due to its
key equivalent to the second sk. The term ‘‘re-encryption key small key size. The ECC encryption saves computing time and en-
generation’’ refers to generating the re-encryption key using the sures the system is secure and efficient. The encrypted data is sent
first sk, the second pk, and the first random number. In PRE, a from the sender and downloaded from the receiver in decrypted
proxy is given certain information that allows it to transform a form. Cryptography can be considered a toolbox, with potential
C.T encoded with one key into a C.T encoded with a different key. attackers accessing various computational tools and techniques
Signcryption is a signature-than-encryption technique. After to measure key values. The strength of a cryptographic algorithm
the actual user has deleted his key documents, the signcryption in modern cryptography is determined solely by the key size. As
process is a publicly verifiable scheme that a third party will a result, the author aims to generate strong key values with a
check. It is a new PKC model that performs all of the functions of minimum bit length that will be useful in light-weighted cryp-
PKE and digital signature at a much cheaper cost than signature- tography. We are determining the hidden key value using ECC
then-encryption. The suggested scheme aims to demonstrate how and an algebraic graph. ECC is a powerful algorithm that produces
to define signcryption schemes on EC over FF. The proxy sign- keys pair (public and private). The secret key value is created
cryption scheme is a beneficial cryptographic technique. Consider using the above pair of keys. The secret main parameters cannot
the following scenario: in the case of a time rush, a boss in a be shared/exchanged in the network, in contrast to Man-in-the-
company will delegate his right to sign a letter to an entity. The Middle Attacks (MiMA) [151]. The encryption classifications are
regular proxy signature will not suffice if the message contains described below:
confidential information. On the other hand, a proxy encryption (1) Re-encryption: Re-encryption is used to evaluate its feasi-
system resolves the issue directly. The proposed scheme is an bility in enhancing communication security and enabling
EC. version that addresses the issues of message sensitivity and super scalable and secure cloud computing technology that
proxy signatures. In this design, the cost is more affordable for serve a massive user base of mobile devices; a data re-
low-constrained devices because of the smaller key size, result- encryption-based cryptographic protocol has been adapted
ing in more economical use for devices with low constraints. to a cloud computing model. The proposed scheme takes
In addition, this design offers integrity, personal privacy, non- advantage of the cloud provider’s scalability by allowing
repudiation, unforgeability, forward secrecy, un-linkability, and the requisite re-encryption tasks to be performed within
anonymity. the cloud rather than within the manager; however, this
must be done without giving the cloud provider access to
4. Taxonomies of elliptic curves enough key material to decrypt the user data. The man-
ager is only responsible for operational re-generation as
4.1. ECC-based digital signature a trusted authority. However, the cloud provider will se-
curely share the evolving key material used to generate
To achieve the same goal as handwritten signatures, digital secret key incarnations, resulting in a more efficient and
signature schemes have been designed to mimic the behavior of scalable security [133].
handwritten signatures. A digital signature is a number based on (2) Proxy encryption: A proxy is given unique details in a PRE
the signer’s private key, a collection of secret keys. Furthermore, scheme that allows it to transform a C.T encrypted with one
the contents of the note that is being signed. Signatures should be key into a C.T encrypted with a different key [135].
verifiable, if there is a disagreement on whether or not a person
signed a contract, an impartial third party should be able to settle 4.3. Multi-receiver encryption
the conflict fairly without having access to the signer’s private
key. Disputes can occur when a signer attempts to repudiate a It is the extended form of the Ramsdell [152] proposed Se-
signature it did produce or when a forger makes a ridiculous cure/Multipurpose Internet Mail Extensions (S/MIME) scheme,
claim [143]. which generates the random key and encrypts the message. In the
Applications: In cryptographic services, the application of the Multi Receiver Encryption (MRE) system, a sender is authorized
Digital Signature Schemes (DSS) provides data integrity, authen- to create the identical ciphertext for a defined set of recipients.
ticity, non-repudiation, etc. In data integrity, unknown/ However, the true identity of the receiver cannot be revealed to
unauthorized users cannot alter the data. In authentication, the other receivers. For the reason above, the MRE privacy method
source of the data is claimable. In non-repudiation, the users may be utilized [153].
cannot deny its action or commitments.
Classification: The DSS is categorized into the following THREE 4.4. ECC-based threshold signature
mathematical hard problems, such as:
Threshold signature is a form of the signature system de-
(1) Integer Factorization (IF) Schemes: Its security is based rived from the combination of secret sharing and digital sig-
on the insolvable IF Problem, such signature schemes are nature. It effectively addresses the issues of key compromise
RSA [1] and Robin [144]. and management loss to improve system security. The proposed
15
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

anti-deception threshold signature scheme is based on the ECC

and Shamir threshold mechanisms. No trusted party is required
to generate and distribute keys in this scheme, and no hidden
communication is required when participants publish effective
signatures against internal and external attackers. The scheme’s
validity and protection were established, and analysis revealed
that the scheme’s security is based on the inflexibility of the
ECDLP, and it does not require a TTP [154]. The threshold sig-
nature allows a group of t or more t members to produce a
group signature; however, a group of less than t members cannot
generate a group signature. The linear polynomial is used in the
majority of current threshold signature schemes. The Chinese
Remainder Theorem (CRT) is the foundation of the proposed
scheme. The CRT-based SS can be used to build a threshold signa-
ture scheme by correctly choosing parameters. Our architecture,
we claim, points in a new direction for integrating CRT-based SS
into other cryptographic functions [155].

4.5. ECC-based Blind Digital Signature

Chaum suggested the idea of blind signatures in 1982 [156].

The scheme aims to protect digital payment and electronic voting
systems (e-voting). When the signer signs the requester note,
no one is aware of the correspondence; however, no one knows
the pair of a letter and address signatures except the one being
signed. The suggested method is considered more reliable and
less expensive to operate using ECC. In contrast to other blind
signature schemes based on one of the other two public-key cryp-
tosystems, our scheme achieves the same degree of protection,
requiring considerably smaller key sizes. As a result, our scheme
has lower computational overheads. Additionally, our scheme Fig. 9. IBE encryption and decryption.
meets the criteria for a blind signature scheme. As a result, it
is well-suited for use with electronic cash payment systems and
anonymous voting systems [157]. The certain properties of the substitutes, which undoubtedly led to the technology’s acceler-
blind signature scheme are [158–160]: ated proliferation rather than any other benefit. IBE’s accelerated
adoption has resulted in nearly as many users as Traditional PKI
(1) Correctness: Correctness leads to verifying the signature’s (TPKI) technologies. At the current pace of adoption, IBE users
validity using the signer’s public key. would quickly outnumber those using TPKI technologies cite154.
(2) Authenticity: A legitimate signature verifies that the mes- The primary advantage of IBE is that public keys are not sent
sage came from the intended recipient. across the network; instead, they are easily computed from the
(3) Un-forgeability: A legitimate signer is capable of producing receivers’ identity documents, eliminating the need for the sys-
a valid signature for the associated message. tem to have a certificate. The authors demonstrate how to build
(4) Non-reusability: A signature used on one document cannot a complete IBE architecture for secure email correspondence. The
be used on another. first open-source attempt we are aware of includes an entirely
(5) Non-repudiation: Since the message bears the signer’s au- functional and user-friendly IBE platform and a stable PrKG [161].
thentic signature, the signer cannot dispute that he or she Fig. 9 shows the IBE process between the sender and receiver.
signed it.
(6) Integrity: Integrity guarantees that the message’s content 4.7. ECC based ABE
is preserved.
(7) Blindness: It claims that the signer is unaware of the mes- Sahai and Waters first proposed the principle of Attribute-
sage he is signing when producing a legitimate signature. Based Encryption (ABE) in 2005, which they extended and ex-
(8) Untraceability: After the message signature pair is made panded to Fuzzy Based Identity Encryption (FBIE) in
public, even the signer cannot establish a connection be- 2007 [38,39]. ABE provides an expressive approach to control
tween the messages and their signature pair. access to private data by using a policy access process that
establishes relationships between a list of attributes used to
4.6. ECC-based IBE encrypt data. In the ABE system, the Key Generation Server (KGS)
generates a private key for each legitimate user depending on
Shamir recommends that the email system’s credential ad- their characteristics and a public key for encrypting data accord-
ministration be simplified [61]. To avoid requiring the receiver ing to a predefined policy. A legitimate user can decrypt data
to have a public key certificate, the received encrypted message only if it possesses the necessary attributes. ABE is a promising
using his own identity. What drew you to the field of pairing- scheme for many uses, including cloud computing, multi-cast net-
based cryptography in the modern era? Depending on your point working, and machine-to-machine (M2M) connectivity. For IoT
of view. It undoubtedly enables the construction of IBE, one of applications, in particular, we often need efficient protocols that
the most important of these previously unknown cryptographic provide fine-grained access control to IoT data based on the users’
primitives. IBE is also interesting because it enables the im- positions in the IoT systems. Consider healthcare applications in
plementation of more straightforward and accessible use than which Electronic Health Records (EHRs) relating to patients are
16
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

available only to doctors and nurses with appropriate roles within 4.10. ECC based blind signcryption
the hospital organization. The scalability, efficiency, and fine-
grained capability of ABE enable this. ABE systems, on the other Riaz et al. proposed a blind signcryption scheme based on
hand, are highly challenging to execute on resource-constrained ECC; it provides the security properties (e.g., confidentiality, un-
networks due to the complexity and high overhead associated forgeability, message integrity, signer non-repudiation, message
with cryptographic operations. These drawbacks are significant un-link-ability, forward secrecy, and sender anonymity) [73].
impediments to adapting ABE for IoT applications [162].
4.11. Lessons learned: Summary and insights
4.8. ECC-based signcryption
This Section 3, presents taxonomy of EC. Digital signature sys-
ECC is a well-known technique for encrypting and digitally- tems have been developed to replicate the action of hand-written
signing Entitlement Management Messages (EMM) and Entitle- signatures to accomplish the same purpose as hand-written sig-
ment Control Messages (ECM) messages. An elliptic curve cryp- natures. A digital signature is a numerical representation of the
tosystem that employs the ECC technique performs arithmetic signer’s private key, a set of secret keys. Additionally, the con-
operations on an EC over a FF specified by predefined EC domain tents of the written document. Signatures should be verifiable;
parameters. The EC domain parameters are encrypted and signed if a disagreement exists over whether or not a person signed
in the head-end system, decrypted, and signed on the smart card. a contract, a neutral third party should be able to settle the
The broadcasting stream also includes EMMs, also known as Key conflict impartially via recourse to the signer’s private key. A
Management Messages (KMMs), and ECMs, which are required disagreement can occur when a signer attempts to repudiate a
by the smart card to decrypt the service. The control word is the signature that it produced or when a forger makes a nonsensi-
primary protection method for protecting service data and varies cal claim. DSS is used in cryptographic services to include data
regularly. ECMs are used to hold the control word in encoded confidentiality, authenticity, and non-repudiation, among other
form and are thus sent regularly. EMMs are used to transmit things. Data integrity means unidentified or unauthorized users
the secret keys used to decrypt the ECMs to retrieve the control cannot change the data. The root of the data is claimable in the
phrase, decode other data related to the addition or removal of authentication. The users cannot dispute the users’ actions or
viewing/usage privileges, and decode other user-specific data. As
obligations in non-repudiation.
a result, various EMMs are sent at varying frequencies [163].
ECC is a form of cryptography that uses pk, which is computa-
Toorani and Beheshti proposed an EC-based Signcryption scheme
tionally more challenging to implement but quicker and provides
with forwarding secrecy [164]. The proposed scheme provides
better security than the widely used RSA and AES. Because of
the security attributes of message confidentiality, authentication,
its limited key size, ECC encryption is superior to AES or RSA.
integrity, unforgeability, and non-repudiation simultaneously. It
ECC encryption saves time on the computer and ensures the
also has the property of public verifiability, which means that
system is safe and effective. The encrypted data is sent from the
every third party can check the signature without requiring the
sender to the recipient, who then downloads it in decrypted form.
participants’ private keys. Additionally, it has forward secrecy,
Potential adversaries can access different statistical methods and
which ensures that even though the sender’s private key is re-
techniques to calculate key values, so cryptography should be
vealed, no one else will decipher the PT of previously signed
considered a toolbox. The key size determines the power of a
encrypted messages. Since it is based on ECC and uses symmetric
cryptographic algorithm in modern cryptography. As a result, the
ciphering to encrypt messages, it is well-suited for implementa-
developers want to create solid key values with a small bit length
tion in resource-constrained applications such as mobile phones.
that can be used in light-weighted cryptography. We use ECC
Additionally, it is very attractive as a single-pass scheme for
and an algebraic graph to determine the secret key value. ECC
establishing protection in store-and-forward applications such as
Short Message Service (SMS) and E-mail. ECC is often used in a is an efficient algorithm that generates public and private keys
variety of applications. EC-based devices can achieve the desired in a pair. The above pair of keys are used to generate the hidden
level of protection with far fewer keys than their predecessors. key value. The key hidden parameters cannot be transmitted or
Power, bandwidth, and capacity usage are the key constraints in traded in the network, protecting MiMA.
resource-constrained environments to increase efficiency. Table 6 A threshold signature is a form of the signature framework
demonstrates the lower bounds that ECs have established for the that combines secret sharing and digital signature. It efficiently
computationally equivalent key size. solves key compromise and management failure issues
to strengthen device stability. The proposed anti-deception
4.9. ECC-based proxy signcryption threshold signature system uses the ECC and Shamir thresh-
old mechanisms. No responsible party is needed to produce
A proxy signcryption [138,165] scheme allows an originator and transmit keys in this scheme. Participants are not required
to delegate his signing authority to a proxy, who can then en- to communicate secretly as they publish successful signatures
crypt a letter on the originator’s behalf. The proposed scheme is against internal and external attackers. The validity and defense
built on DLP and DHP and needs far less computing power than of the scheme were developed, and research showed that the
current schemes. CT authentication is accomplished by asking the scheme’s security is dependent on the ECDLP’s inflexibility and
recipient to validate the signature before accepting the encrypted does not require the use of TTP.
letter. This is a handy property since it allows the receiver to In a blind digital signature, the sender signs the requester
filter incorrect ciphertext before decrypting it, resulting in more letter, and no one else is aware of the correspondence; however,
effective unsigncryption. The scheme based on EC would be con- no one else knows the pair of a message signature and address
sidered, as it has been shown to have superior protection with signature except the one being signed. The suggested method
shorter keys and fewer storage needs, making it more suited for is seen as more efficient and less expensive to operate using
resource-constrained applications such as pagers and cell phones. ECC. Our scheme offers the same level of protection as other
The authentication properties of the proxy signcryption scheme blind signature schemes built on one of the other two public-
include correctness, anonymity, distinguishability, unforgeability, key cryptosystems though requiring much smaller key sizes. As a
identifiability, verifiability, non-repudiation of the proxy signer, consequence, our scheme needs less computing power. Further-
non-repudiation, and proxy key misuse prevention [70]. more, our scheme satisfies the requirements for a blind signature
17
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Table 6
Elliptic curves lower bounds for computationally equivalent key sizes [166].
Years Symmetric key size SDL key size Lower bounds PC (II-450 MHz) C.T keys size
c1 c2
1982 56 102 3.98 ∗ 107 1.11 ∗ 103 105 85
1984 58 105 4.57 ∗ 107 3.22 ∗ 103 108 89
1986 60 107 5.25 ∗ 107 9.31 ∗ 103 111 96
1988 61 109 6.04 ∗ 107 2.69 ∗ 104 114 101
1990 63 112 6.93 ∗ 107 7.80 ∗ 104 117 106
1991 63 113 7.43 ∗ 107 1.33 ∗ 105 119 109
1992 64 114 7.96 ∗ 107 2.26 ∗ 105 120 112
1993 65 116 8.54 ∗ 107 3.84 ∗ 105 121 114
1994 66 117 9.15 ∗ 107 6.53 ∗ 105 123 117
1995 66 118 9.81 ∗ 107 1.11 ∗ 106 124 121
1996 67 120 1.05 ∗ 108 1.89 ∗ 106 126 122
1997 68 121 1.13 ∗ 108 3.22 ∗ 106 127 125
1998 69 122 1.21 ∗ 108 5.48 ∗ 106 129 129
1999 70 123 1.29 ∗ 108 9.31 ∗ 106 130 130
2000 70 125 1.39 ∗ 108 1.58 ∗ 107 132 132
2001 71 126 1.49 ∗ 108 2.70 ∗ 107 133 135
2002 72 127 1.59 ∗ 108 4.59 ∗ 107 135 139
2003 73 129 1.71 ∗ 108 7.80 ∗ 107 136 140
2004 73 130 1.83 ∗ 108 1.33 ∗ 108 138 143
2005 74 131 1.96 ∗ 108 2.25 ∗ 108 139 147
2006 75 133 2.10 ∗ 108 3.84 ∗ 108 141 148
2007 76 134 2.25 ∗ 108 6.54 ∗ 108 142 152
2008 76 135 2.41 ∗ 108 1.11 ∗ 109 144 155
2009 77 137 2.59 ∗ 108 1.89 ∗ 109 145 157
2010 78 138 2.77 ∗ 108 3.22 ∗ 109 146 160
2011 79 139 2.97 ∗ 108 5.48 ∗ 109 148 163
2012 80 141 3.19 ∗ 108 9.32 ∗ 109 149 165
2013 80 142 3.41 ∗ 108 1.59 ∗ 1010 151 168
2014 81 143 3.66 ∗ 108 2.70 ∗ 1010 152 172
2015 82 145 3.92 ∗ 108 4.59 ∗ 1010 154 173
2016 83 146 4.20 ∗ 108 7.81 ∗ 1010 155 177
2017 83 147 4.51 ∗ 108 1.33 ∗ 1011 157 180
2018 84 149 4.83 ∗ 108 2.26 ∗ 1011 158 181
2019 85 150 5.18 ∗ 108 3.85 ∗ 1011 160 185
2020 86 151 5.55 ∗ 108 6.54 ∗ 1011 161 188
2021 86 153 5.94 ∗ 108 1.11 ∗ 1012 163 190
2022 87 154 6.37 ∗ 108 1.89 ∗ 1012 164 193
2023 88 156 6.83 ∗ 108 3.22 ∗ 1012 166 197
2024 89 157 7.32 ∗ 108 5.48 ∗ 1012 167 198
2025 89 158 7.84 ∗ 108 9.33 ∗ 1012 169 202
2026 90 160 8.41 ∗ 108 1.59 ∗ 1013 170 205
2027 91 161 9.01 ∗ 108 2.70 ∗ 1013 172 207
2028 92 162 9.66 ∗ 108 4.59 ∗ 1013 173 210
2029 93 164 1.04 ∗ 109 7.81 ∗ 1013 175 213
2030 93 165 1.11 ∗ 109 1.33 ∗ 1014 176 215
2032 95 168 1.27 ∗ 109 3.85 ∗ 1014 179 222
2034 96 171 1.46 ∗ 109 1.11 ∗ 1015 182 227
2036 98 173 1.68 ∗ 109 3.22 ∗ 1015 185 232
2038 99 176 1.93 ∗ 109 9.33 ∗ 1015 188 239
2040 101 179 2.22 ∗ 109 2.70 ∗ 1016 191 244
2042 103 182 2.55 ∗ 109 7.82 ∗ 1016 194 248
2044 104 185 2.93 ∗ 109 2.26 ∗ 1017 197 255
2046 106 187 3.36 ∗ 109 6.55 ∗ 1017 200 260
2048 107 190 3.86 ∗ 109 1.90 ∗ 1018 203 265
2050 109 193 4.44 ∗ 109 5.49 ∗ 1018 206 272

Where SDL stands for subgroup discrete logarithm, c1 = 0, c2 = 18, r = 18, m = 18, t = 1, b = 10, and v = 1.

scheme. As a result, it is a good match for electronic cash payment demonstrate how to set up a comprehensive IBE architecture for
and anonymous voting systems. secure email correspondence.
IBE is also notable because it allows the introduction of tech- The KGS generates a private key for each legitimate user de-
nologies that are faster and easier to use than alternatives, which pending on their characteristics and a public key used to encrypt
could have helped in the technology’s rapid adoption rather than data according to predefined policy in the ABE scheme. A legal
user may only decrypt data if it has the required characteristics
any other advantage. Because of the fast adoption of IBE, there
to comply with the law. ABE is a promising scheme for various
are almost as many users as there are of TPKI technologies. At the
uses, such as cloud computing, multi-cast networking, and M2M
current pace of adoption, IBE users will quickly outnumber those connectivity. In particular, we need efficient frameworks for IoT
using TPKI technologies. The most significant advantage of IBE is implementations to ensure fine-grained access control to IoT data
that public keys are not transmitted across the network; instead, depending on the users’ positions in the IoT environments.
they are efficiently computed from the receivers’ unique identity ECC is a well-known method for digitally signing and en-
data, eliminating the need for a system certificate. The authors crypting EMM and ECM messages. The ECC technique is used in
18
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

an elliptic curve cryptosystem to perform arithmetic operations if any. We found that 26 of the top hundred web-
on an EC over an FF specified by predefined EC range param- sites did not have a validated HTTPS link, although
eters. In the head-end scheme, the EC domain parameters are two other blogs used an un-certified HTTPS connec-
encrypted and registered, then decrypted and signed on the smart tion. Seventy-two websites provide an HTTPS link
card. EMMs, also known as Key KMMs and ECMs, are used in secured by a certificate. Sixty-nine of these seventy-
the broadcasting stream and are required by the smart card to two websites used an ECC-based key exchange mech-
decode the service. The control word is the main form of data anism. Fifty-three websites used ECDHE-RSA for key
security for service data, which changes frequently. ECMs store exchange, and sixteen websites used ECDHE-ECDSA.
the control word in encoded form and are sent daily. The hidden Ephemeral keys are momentary ones engendered on
keys are used to decrypt the ECMs to recover the control expres- the fly and do not require authentication. This leaves
sion, decode other data relating to the addition or elimination only three websites out of the top hundred that used
of viewing/usage rights, and/or decode EMMs transmitting other no ECC, and all used RSA. For both sites that were pro-
user-specific data. As a result, different types of EMMs exist, each vided without a certificate, HTTPS connections used
of which is transmitted at a different frequency but is either much ECDHE-RSA.
slower or much slower than the rate at which the ECMs are being • DNSSE Validation: DNS, the mechanism that trans-
sent. lates site requests to computer-friendly IP addresses,
A proxy signcryption system allows an original signer to del- is another area of concern for data security and pro-
egate his or her signing authority to a proxy, who can then tection. DNSSE was designed to protect DNS servers
encrypt messages on the original signer’s behalf. The proposed and transactions from denial-of-service (DDoS) at-
scheme is built on DLP and DHP and is computationally less tacks. According to researchers, these attacks result
expensive than current schemes. The recipient must validate the from DNSSE’s use of the RSA signature algorithm.
signature before receiving the encrypted letter, which achieves While ECC is slower at validating, it is assumed that
public CT authentication. This property is very useful because it it could also be used to boost the security of the DNS
allows the receiver to filter incorrect ciphertext before decrypting server. By simulating DNS resolution and comparing
it, resulting in faster decryption. A version of the main scheme ECCDS benchmarks, it was demonstrated that even
based on EC will also be considered, as it has been shown to the most computationally intensive ECC schemes do
have superior protection with shorter keys and hence lower not surpass the capability of a modern CPU core. With
storage needs, making it more suited for resource-constrained ECC, DNSSE can protect against both amplification and
devices like pagers and cell phones. Correctness, confidential- packet fragmentation, thereby increasing the security
ity, distinguishability, unforgeability, identifiability, verifiability, and reliability of DNS servers [169].
non-repudiation of the proxy signer, non-repudiation of signa- • Signature: Due to the small size of the mathematical
ture delegation, and proxy key abuse prevention are all security calculations or equations used by ECC, GPUs with a
smaller instruction set often outperform CPUs due to
features of the proxy signcryption system.
the extra overhead associated with a broader instruc-
Blind ECC-based signcryption scheme offers security proper-
tion set. One team capitalized on this by creating a
ties such as confidentiality, unforgeability, document honesty,
GPU-based cryptographic accelerator. Pan et al. [170],
signer non-repudiation, message un-linkability, forward privacy,
illustrated how GPUs can accelerate ECDSA and create
and sender anonymity.
a functional universal signature server capable of key
agreement and ECC encryption. They refer to their
5. Elliptical curves: Case study
server as a universal EC signature system with GPU
acceleration. They increased throughput using sev-
5.1. ECC implications eral GPU threads, significantly outperforming current
designs and goods. In the future, the team plans to
ECC is a more modern version of PKC that provides more continue developing and refining the GPU-accelerated
protection per bit than other variants of cryptography currently universal EC signature server and extend its curve
in use. The mathematical structure and operations of ECs and catalog.
how these properties allow using curves in cryptography. After a
historical background, a discussion of the protection of output use (2) Mobile Applications: Due to the rapid development of the
is presented since not all curves are entirely secure. We equate handheld smartphone industry over the past decade, more
the stability and performance of ECC to those of other widely individuals possess the mobile device. Additionally, with
used cryptographic techniques for key exchange and digital sig- the variety of features that these handheld devices are
natures. Technically and functionally, the traditional uses of ECC capable of, it is almost inevitable that private details would
are explored in depth, including the usage of key exchange for be present. Most of these machines will have networking
web browsers and DNS Security Extensions (DNSSE) [167]. There features, and criminals can try to hack security vulnerabil-
are THREE main categories of the ECC applications: ities anywhere there is Internet connectivity. Along with
smartphones and tablets, the Internet of Things is acceler-
(1) Traditional Applications: ECC has become increasingly pop- ating development. Intelligent households have networked
ular on the web over the last decade. ECC is supported their lighting, air conditioners, door controls, and secu-
in some form by all major mainstream Operating Systems rity devices. Protection is crucial when the IoT blurs the
(OS) and web browsers. Additionally, major server S/W distinction between the digital and physical realms [167].
and security libraries support ECC. Widespread support
inevitably results in widespread adoption. • MANET: MANET is a network of mobile nodes that
can communicate wirelessly using radio waves and
• Key Exchange: The top hundred most attended inter- through each other. MANETs are vulnerable to various
net sites [168], the major website ranking service, as attacks, including wormholes, black holes, and rush-
of this writing, have been sampled to decide the type ing attacks. Nikam and Raut [171] used ECC and En-
of cryptography used on each website’s landing page, hanced Adaptive Acknowledgment (EAA) to improve
19
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

MANET security and prevent unauthorized access. The • Cloud Computing: Computing technologies and data
researchers developed an intrusion detection method are growing at a breakneck pace, necessitating the
specifically for MANETs that is highly accurate at de- need for exponentially bigger servers and data centers
tecting malicious activity while having a negligible to handle them quickly and efficiently. Cloud com-
effect on network security. The method is named puting is the product of a paradigm change in how
EAA with Elliptic Curve Algorithm (ECA). According Information Technology (IT) and computing resources
to the standard, which employs lightweight ECCDS, are distributed and purchased. The spiraling cost of
all recognition packets must be signed before being power in terms of generation, staff hardware, and
submitted and checked upon acceptance. They could data center capacity has prompted many companies
avoid potential attacks using ECC to prevent attackers to consolidate their infrastructures into a third-party-
from forging acknowledgment packets [167]. provided cloud. However, cloud infrastructure allows
• Authentication: Initially, a research team created a enterprises to have confidence in the security and
2-Factor Authentication (2FA) system for mobile de- legitimacy of the service provider’s platforms. ECC is
vices, specifically for Location Based Services (LBS). A a PKE technique based on EC theory that can generate
different group of researchers, however, Reddy et al. cryptographic keys quicker, smaller, and more effec-
[172] examined the proposed method and discovered tive. A critical aspect is key power, which refers to
numerous flaws and limitations, including a flawed the complexity of cracking the key and recovering the
authentication process and susceptibility to insider PT [175].
attacks. The proposed scheme is based on ECC, replac- • Smart grid: The smart grid can facilitate the trans-
ing the existing schemes for the same application. The mission of electrical resources by including status de-
proposed scheme with ECC also employs 2FA and is tails alongside the electricity being transmitted. When
suitable for practical application due to its lightweight the communication mechanism is set up in this so-
operations. This latest hypothesis was tested against phisticated manner, the system can choose power
the configuration being substituted using the auto- routing based on logic. This has a significant impact
matic validation of internet protection protocols and on the grid’s performance. Safe and dependable data
application tools. It was determined to clear the secu- transmission through a smart grid is needed. Numer-
rity risks of the protocol being replaced. The proposed ous key delivery techniques have been suggested to
scheme ensures confidentiality and un-traceability, guarantee the confidentiality of communication, but
smart-card exposure and resistance, privileged ses- many do not offer anonymity or work inadequately.
sion exposure, external user impersonation and in- He et al. [176] suggested a system for Anonymous
ternal impersonation, immunity from replay assaults, Key Delivery (AKD) in the smart grid that utilizes
initialization credential uncertainty, and forward de- identity-based ECC. The grid will provide smart meter
fense. anonymity and shared authentication without relying
• IoT: IoT is another new development facilitated by the on a trustworthy third party via their AKD scheme.
proliferation of cellular networks accessible world- The latest scheme outperforms previous AKD propos-
wide. Numerous IoT computers, like any novel tech- als in terms of results. Additionally, the computing
nology, are susceptible to cyberattacks. One group costs associated with this new smart grid AKD sys-
of researchers addressed a portion of the IoT pro- tem are much lower than those associated with prior
tection issue by adding a Time Password (OTP) au- systems.
thentication scheme for IoT devices utilizing ECC. ECC • Vehicular Communication: Autonomous, self-driving
was selected due to its compact size, lightweight, vehicles have made significant strides in recent years.
and specific IoT computers lack the computing ca- Now, provided that sensors are correctly installed,
pacity necessary to operate something larger. Shivraj and all machinery is operating properly, automo-
et al. evaluated OTP’s suitability for IoT devices be-
biles can reliably calculate stopping distances and
fore developing a scheme that merged identity-based
safe driving speeds even more effectively and quickly
ECC and Lamport’s OTP algorithm. They proposed a
than a person could. This vehicle thinks much faster
plan that uses fewer resources than trying to com-
than humans and can quickly respond to continuously
pete schemes for related tasks. The proposed scheme
fed data. Apart from sensors, another significant data
scaled up for use in Smart Cities (SC), Smart Homes
point may be a network of other automobiles. When
(SH), and Smart Infrastructure (SI) [173]. A research
a car is driving at seventy-five miles per hour down
group researched the construction of an IoT device-
a highway, it would be tragic if a malicious hacker
based ECDH algorithm. Goyal and Sahula lowered en-
might disrupt contact. This mode of contact is used to
ergy consumption by using ECC’s smaller key size
communicate in emergencies and maintain location
while maintaining the same level of protection and
privacy. Insecure wireless networking allows for the
performance, which is critical for IoT devices with
transmission of false signals, which can lead vehicles
minimal power. Additionally, the algorithm is mem-
astray. Dua et al. [177] also suggested a system for
ory and bandwidth efficient. Additionally, the team
the safe exchange of smart city vehicle messages. Pre-
performed comprehensive power and efficiency as-
viously, massive key sizes made implementing safe
sessments and comparisons to DH and RSA. They dis-
connectivity impossible. The team created a solution
covered that ECDH outperforms the other algorithms
that uses smaller key sizes than previously proposed
in terms of power and region [174].
cryptographic methods for vehicle communication by
(3) Modern Applications: In addition to classical/traditional using ECC. The solution is mathematically straightfor-
and mobile applications, the scientists extend the range of ward and computationally effective. Additionally, the
the new EC tailored for applications beyond the conven- scheme includes shared authentication, anonymity,
tional setting. In unconventional environments, there are and forward protection. The proposed scheme is com-
many papers by researchers who implement ECC. patible with the smart city environment. Due to the
20
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

ECDLP, MiMA and BFA attacks are not feasible in poly- curves from an infinite number of available curves.
nomial time with their scheme, making it a reliable By selecting these more secure curves, protection is
communication capable of saving lives [167]. increased. Additionally, the approach improves the
• RFID: RFID has been around for an extended period. performance of ECC by using a parallel genetic al-
It is a radio-frequency recognition technology that is gorithm. Numerous case studies conducted by the
used in a wide range of applications. RFID has recently team demonstrated that the proposed parallel genetic
been used for authentication. Due to RFID’s wire- algorithm was more accurate and faster than previ-
less existence, many security issues must be resolved. ous approaches for selecting secure curves in an area
Benssalah et al. [178] validated RFID messages for ECC where data protection and privacy are critical [182].
authentication using a Field Programmable Gate Array • E-Voting and Blockchain technology: E-voting is also
(FPGA). This time, ECC ElGamal is used to perform commonly used in many countries worldwide, in-
the actual encryption. The team demonstrated the cluding Estonia. Since 2005, the country has used
feasibility of the deployment with car key systems an e-voting scheme and, in 2007, held online vot-
in particular. The paper details the encryption and ing, making it the first country in the world to do
decryption process as it applies to every form of ac- so [183]. Since then, several other organizations and
cess control, not just car key systems. ECC eliminates nations, including the Austrian Federation of Stu-
the need for plaintext communication of access codes, dents, Switzerland, the Netherlands, and Norway,
thwarting numerous attack attempts. have adopted a legally binding online voting scheme
• Iris recognition: Vishnubhatla developed an ECC- [184]. However, it continues to have significant se-
based hashing algorithm for iris pattern recognition. curity challenges, and the collection is often can-
The machine fed images from the UBIRIS database celed [185]. While it has garnered considerable inter-
as input. Python’s Open-CV library was used to hash est, online voting is still not commonly used in many
gray-scale photos. After analyzing the data, it was de- countries worldwide. When controlled by an orga-
termined that the EC hashing algorithm outperformed nization with complete control over the system and
the mainstream MD5 and SHA-1 hashing algorithms database, the conventional voting system presents
and is 99.5% accurate [179]. The hash is a sponge many issues. Since the company has the full power
hash that has been cleared for commercial use by of the framework and database, it may abuse the
National Institute of Standard Technology (NIST) spec- database because the symptoms can be quickly
ifications [180]. A sponge-hash is a multi-step hash deleted when it improves. The alternative is to make
with an input (single) array of numbers created by the database available so that it can be compared to
the iris, the vibrant eye core containing the pupil. see whether there are any anomalies. The e-voting
While other algorithms are more computationally method solution is consistent with the use of
intensive, the elliptic curve hash’s mathematics are blockchain technologies. Blockchain technology en-
more straightforward. The final results indicate that ables the implementation of e-voting applications.
the hashing algorithm’s entropy is statistically higher Each voter’s vote acts as a transaction on the
than the other evaluated ones, implying that the EC blockchain, which can be used to track voice counting.
hash has a lower probability of colliding. As a result of the transparent blockchain audit trail,
• E-payment: The use of electronic payment systems for anyone will approve the final estimate. However, the
electronic commerce is on its way to simplifying and vote count can be checked to ensure that no data is
configuring everyday life. On the other hand, a host corrupted or lost and that no illegal data is inserted
of security questions must be addressed; user privacy
into the blockchain [186].
and equal sharing, as well as verification, secrecy,
transparency, and non-repudiation, have become crit-
5.2. Elliptic curve drawbacks
ical concerns. The user pays for the goods prior to
purchasing them in a variety of existing e-payment
systems. Additionally, all of these schemes have very The novel research area compared to EC is Hyper Elliptic Curve
high computing and coordination costs. Existing au- (HEC) [74]. The EC’s key length is high compared to HEC’s key
thenticated encryption and e-payment schemes lack size. Therefore, the implementation of EC lacks low-constrained
authenticated encryption. Furthermore, they men- environments. To avoid this limitation, Shamsher and Nizam pro-
tion the need for digital signatures for authentication. posed a blind signcryption scheme based on HEC. Due to its small
Furthermore, they claimed that their schemes could key size, it is more suitable for low-constrained devices [74].
withstand replay, MiMA, impersonation, and identity
theft attacks while maintaining confidentiality, au- 5.3. Lessons learned: Summary and insights
thenticity, integrity, and privacy. However, according
to our findings, Yang et al. authenticated encryp- This Section 4, presents the case study of ECC. In the impli-
tion schemes, and electronic payment mechanisms cations of the ECC, in which we define the modernity of ECC. It
are vulnerable to impersonation attacks. An adver- is a more modern version of PKC that provides more protection
sary can easily pass as a legitimate user with only per bit than other variants of cryptography currently in use.
knowledge of public criteria. The proposed scheme The mathematical form and operations of ECs and how these
revokes all types of attacks and provides security and properties lend curves to use in cryptography. Following a brief
performance due to ECC [181]. historical background, there is a discussion of the protection of
• E-health: Sahebi et al. proposed a platform for E- manufacturing use since not all curves are free of security flaws.
health applications (e.g., sensors and wearables) that For key exchange and digital signatures, we compare ECC security
leverages ECC’s high performance, compact key size, and speed to that of other standard modes of cryptography.
and increased security. The Secure and Efficient ECC Orthodox ECC implementations, such as key exchange for web
(SEECC) is their proposal for selecting secure, efficient browser usage and DNSSE, are addressed in depth, technically and
21
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

functionally. The implications categories are traditional, Mobile, • Quantum attacks: The proposed Shor’s algorithm has
as well as modern applications. the potential to break the ECC in its current form.
The ECC’s limitations are not suitable for low-constrained en- Even though quantum computers operate only in the-
vironments. For low-constrained environments, it needs to use ory, several companies are considering ways to avoid
HEC. The usage of the HEC is better than ECC because it has a accidental attacks by developing quantum-resistant
small key size than ECC. schemes. Even though the standard ECC’s existence
may end, a newly created DHKE based on isogenies
6. Open problems, current challenges and future research di- of Super Singular Elliptic Curves (SSEC) may prove
rections to be quantum-resistant. This could propel ECC to
a new post-quantum level. The belief in the algo-
rithm’s effectiveness stems from the fact that the set
This Section 6 presents open problems, current challenges,
of isogenies forms a non-abelian group. As a result,
and future research directions based on ECC on different research
it is immune to Shor’s attack, which targets abelian
domains.
group-based algorithms. The isogeny-based exchange
provides a small key, which is very effective, but it
6.1. Open problems requires additional research to prove its security [190]
completely ultimately.
In to-days communication channels, apply the concept of ECC,
(2) Genus 1 (Mordell-Weil Theorem): It is an open problem
but for the open problem, we define the following:
(in the sense of simplest non-trivial algebraic curves); the
(1) Attacks on ECDLP: An attack is a technique used in cryp- level of this abelian group can be arbitrarily large; however,
tography for resolving a query. Specifically, an attack’s there are algorithms for determining it for a given curve.
objective is to discover a fast method for solving a problem Mazur recently demonstrated that there could never be
that an encryption algorithm relies on. Since known attack more than 16 rational points of finite order in the torsion
methods on the ECDLP are sluggish and applicable to all sub-group, and there is a straightforward algorithm to seek
curves, encryption based on this problem is not practical. them all [191].
There are, however, some effective methods for solving the (3) Low Constrained Environment Implementations: EC’s key
ECDLP for particular forms of ECs. This ensures that one size is greater than the HEC key size. Therefore, EC is
can ensure that the curve chosen for encoding does not not suitable for low-constrained environments. Power and
belong to one of the many groups of tractable curves. There energy use are critical aspects of the public key algorithm.
are three main types of attacks; Baby-Giant Step Method This is particularly difficult in ubiquitous systems that op-
(BGSM), Menezes, Okamoto, Vanstone (MOV) attack, Sin- erate on their energy storage and are left in the field for
gular Curve Point Decompression (SCPD) attack [187], and extended periods with no repair or physical access. RFID
quantum attacks. allows programs to draw the power needed to operate their
applications from the reader’s electromagnetic field. Such
• BGSM: This is one of the most efficient general so- devices must therefore be highly energy-consuming. Con-
lutions √
to the ECDLP. The algorithm completes in sequently, accurate measurements of the power require-
around N (times, and space), where N = #E(Fq ). ments for cryptographic processes are essential. This in-
This is neither fast nor feasible. volves devices that operate PKC on extension-enabled pro-
• MOV: MOV reduces the ECDLP E(Fq ) to the discrete cessors. The underlying arithmetic algorithms could then
log problem in Fq×m for some m. As long as m is mini- be chosen and fine-tuned for a low-power ECC design with
mal, the problem can be solved easily using an Index greater ease [192].
Calculus Attack (ICA). For such curves, a small m may
still be obtained. 6.2. Current challenges
• SCPD Attack: Johannes and Peter [188] discovered the
SCPD attack. The base point of EC with j-invariant 0. The challenge’s goal is to create ECC private keys from a list
A single instruction skipping error may be used to of ECC public keys and system parameters. This is the type of
completely bypass the ECDLP and recover the hid- difficulty that an opponent encounters while attempting to defeat
den scalar if the secret scalar is calculated from the an EC crypto-system [193] fully. There are two major categories
compressed type before being used in scalar mul- of difficulty, which are labeled as level I and level II:
tiplication. The recovery technique is motivated by
• Level I: The challenge of level I contains 109 and 131 (bits).
the assumption that, since losing a key suspect dur-
• Level II: The challenge of level II contains 163, 191, 239, and
ing point depressurization, the alumna decompressed
359 (bits).
base point will lie on a singular cubic curve of additive
type; in other words, when done on that singular In 2004, all 109-bit challenges were solved; while the 131-bit
curve, the group operations correspond to a group challenges would take considerably more resources, they could
structure isomorphic to the singular curve Fp+ . The be within reach soon. Computationally, all Level II challenges are
Johannes and Peter cite181 system was effectively thought to be impossible [193].
retrieved sk using the Boneh signature scheme [38]
instantiated with Barreto curves [189]. To eliminate 6.3. Future research directions
the SCPD threat, the writers had to inject an external
flaw, which implies a mighty adversary and will be (1) ECC-based Blockchain: In the past few years, the blockchain
far more challenging to achieve against more com- has evolved as a peer-to-peer distributed ledger technology
plex targets such as Linux-based embedded systems. for recording transactions that several peers operate with-
Consequently, the attack’s real impact seemed to be out the need for a central, trusted regulatory body using
minimal [187]. decentralized public-key cryptography and a consensus
22
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

mechanism. The project was not just influential throughout for many key candidates. This step uses a sort algorithm,
the history of cryptocurrencies, but it also successfully which looks for a particular base. The nucleotide groups
tackled a multitude of security, anonymity, and trans- are then allocated, and the DNA sequence is expanded.
parency issues surrounding decentralized systems. This The individual bytes of these two-folded into the binary
post discussed the key concepts of blockchain fundamen- sequence, and then ENC is applied; hence, this results in
tals, design, and protection measures for blockchain sys- quadruple-fessional security. This paper aims to see how to
tems. In addition to the fundamental concept of blockchain, demonstrate how a complete system can be implemented
it examines ECC’s position in the blockchain. ECC-powered on IoT devices is shown using many real-life examples. To
blockchain technologies can be used instead of RSA to determine if the device performs as promised, we run the
make the IoT system decentralized and stable. ECC al- entire data system on a Raspberry Pi 3 board with active
lows blockchain to offer encryption and anonymity while sensor input. We use a sensor that measures time and
also ensuring IoT system high speed, storage, and battery energy for different data input sizes. However, DNA protec-
problems [194]. tion strategies have a much greater chance of succeeding
(2) ECC-based Crypto-currency: The greater the competition when network and client security connectivity are used.
for increasing desire Miners Trader and the greater the DNA is more resilient and effective than applied alone.
value of the cryptocurrency itself. Crypto is identical to It is as viable as it can soon as its security framework
digital data such as music and movies in that it can be con- will support future technology that requires smaller yet
cealed and lost. Of some current algorithms for cryptocur- more robust hardware and software platforms. The DNA
rency transactions, especially bitcoin, elliptic curve cryp- sequences are filtered, and characters are allocated to non-
tography, which has processed ECDSA, is very suitable to repeated sub-sets. In the case of an expansion, the mapped
be used for safe transactions for bitcoin decentralized since characters are used for encryption and decryption. The
the transaction does not go through a third party, allowing feasibility study proved that the elliptical cryptosystems
the two parties to depend on cryptographic proof rather are well equipped to handle timing and Simple Power
than confidence. As a result, ECDSA, an elliptic curve-based Analysis (SPA) attacks because of the implemented DNA
digital signature scheme, is used to prove ownership and mapping proposal. The implementation of the proposed
obtain access to bitcoin transactions. ECDSA key that is method was flourishing and carried out on real-time IoT
used to create a bitcoin address and sign transactions orig- devices successfully. The linear amount of time for propos-
inating from a specific parameter [195], ECDSA is capable ing data encryption and DNA decryption scheme and for
of proving bitcoin ownership and transaction performance all that to follow is needed to accomplish it is proportional
while preserving transaction data protection. This analysis to the amount of data. Plans for this project will compare
will simulate double spending, a common occurrence in the mapping of the genes against current DNA or protein
cryptocurrency transaction security. Let us consider these expression to remap specific genes. The proposed method
as the results of process research. We will expand on of double helix map predates cryptanalysis, allowing the
the use of data mining time (by introducing additional intensity of elliptical cryptosystems to be significantly im-
parameters) to provide functions such as generating even proved without adding additional time or energy to the
more insights or scenarios for securing crypto-currency process. There is the ability to increase the energy effi-
transactions [196]. ciency of an IoT while still increasing power output as
(3) ECC Based IoT: It is just a part of the infrastructure that re- verified in real-world settings [198].
lies on the internet; hence, IoT is a significant technological (5) RSA utilization: To do research on the entire utilization
advancement. The IoT and the future, such as smart homes of RSA and its applications in contrast to elliptic curve
and universities, are concepts, in addition to many others, cryptography (see Table 7).
which are now well-known. The modernization problem is
severe regarding finding ways to expand our society into
the intelligent world. An attacker can breach a lock that 6.4. Lessons learned: Summary and insights
has been armed several times because the locks do not
know to expect any new lock attempts for a period; for This Section 5 presents open problems, current challenges,
example, one is most often used by those with a tradi- and future research directions. ECC is a term that is used in
tional lock system. Several additional protection methods today’s networking networks. In cryptography, an attack is a
have been suggested to better-sometimes as a side-to-side technique for addressing a query. An attack aims to find a quick
benefit due to the use of the PKI (that is not entirely safe way to solve a problem that an encryption algorithm depends on.
or has complexity). The lightweight design of IoT devices Since recognized ECDLP attack methods are slow and applicable
motivates us to increase their protection when contrasted to all curves, encryption based on this problem is impractical.
with traditional web-grade security, making us believe that However, several valuable approaches exist for solving the ECDLP
we must go through various routes, such as static and for specific types of ECs. This means that the curve selected for
dynamic (individual) encryption, to achieve IoT security encoding does not belong to one of the many classes of tractable
ECC. For example, using ECC and not depend on any pre- curves. The key attacks are the BGSM attack, the MOV attack, the
existing technique as the data load, distance, size of a key, SCPD attack, and the quantum attack.
and cipher strength in IoT are closer together than with Genus 1, in the context of most straightforward non-trivial
each other [197]. algebraic curves, is thoroughly defined only when it has a well-
(4) DNA Mapping-based ECC: Using a short key length (e.g., defined numeric value. So if it has a defined value, it has a method
about 16 bytes) is ideal for IoT applications. ECC’s ex- to determine its degree. Mazur recently showed that the torsion
panded encryption capability makes it possible to perform subgroup can never contain more than 16 rational points of finite
better authentication. Deoxyribo-Nucleic Acid (DNA) based order and that there is a simple algorithm for finding them all.
encryption into computer data storage devices has been EC is incompatible with low-constrained environments since
demonstrated to be successful. We describe a new hybrid power and energy consumption are vital elements of the public
DNA-encoded ECC to boost multilateral stability, allowing key algorithm. It is especially challenging in pervasive devices
23
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

Table 7 cloud, people to the business, people to the hospital, etc. For
A constructive dialogue on open problems and best outcomes. all these platforms, the people (users) need a concrete structure
Challenge Causes Recommended Outcomes to maintain privacy and security. In maintaining privacy and
Cryptography for • Attack on ECDLP are • The usage of HEC for the security, the eavesdropper is to become fail in any eavesdropping
resolving query sluggish and applicable. best solutions.
activity.
• BGSM, MOV, and SCPD • Usage of EC encryption
attacks are accessible. without super-singular The transfer of data and information over unsecured networks
• Quantum and Genus 1 curves classes. are vulnerable to data manipulation and attack in an open chan-
attacks are applicable. • Need to use Genus 2 and nel, necessitating the study of cryptography. Cryptography is the
Quantum cryptography. art of encrypting documents and communications with keys such
Low constrained • EC key length is high. • Recommended HEC, due that only people who are expected to obtain them may deci-
environments • Power and energy to small key size.
pher and process them. A digital signature, cryptographic data
consumption occurred. • The usage of HEC is
• Difficult for ubiquitous removed the power and integrity, and authentication technique is based on the address
systems. energy consumption’s. and the sender and uses mathematical operations to find the
• No physical access or • HEC implementation signature. The proposed approach contrasts with the existing
repair. makes low-constrained ECDSA to better explain the performance during the signature
environments fast.
• Replace EC
and verification process.
implementation by HEC. In this survey, we examined the theoretical concepts, state-of-
ECC public keys • To generate private key • Make independent the-art of EC, disadvantages, applications, and specialized tools
from the public key lists. private and public keys. in the field of EC in-depth. This study serves as a resource for
• Eavesdropper attempting • Separate usage of private researchers and practitioners interested in better understand-
are capable. and public keys. ing, implementing, and extending the proposed EC schemes to
• Effects on a whole • It should be incorporated
infrastructure of low into a small key size
cloud computing, e-health, and e-voting contexts, among other
constrained environments. technique. things. We contend in this survey paper that using EC schemes in
Device • A challenging task, due to • HEC is used to balance distributed computing and heterogeneous networking has valu-
parameters high key size. the small devices. able strengths in distributed computation and interdependent
• Non-availability of • HEC facilitating the networking.
standards implementations. coordination among services
• Lack of coordination and devices.
among high key size and • HEC is used to provide Declaration of competing interest
small devices. virtualization built-in
• Resource provisioning functionality. The authors declare that they have no known competing finan-
issues and high • Inventing a low-cost cial interests or personal relationships that could have appeared
computational overheads. model of borrowing
computational services.
to influence the work reported in this paper.
HEC algorithms • Lack of resources needs • HEC algorithms to
to handle algorithms and perform data Data availability
libraries. communication fast.
• Processing larger • HEC algorithms No data was used for the research described in the article.
amounts of data causes performance takes low
more overheads. computations cost.
• The conventional • The data delivery and References
algorithms require more classification can be
computing resources. performed fast. [1] R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital
signatures and public-key cryptosystems, Commun. ACM 21 (2) (1978)
120–126.
[2] E.F. Brickell, A survey of hardware implementations of RSA, in: Conference
on the Theory and Application of Cryptology, 1989, pp. 368–370.
that run on their energy storage and are left in the field for long [3] F.B. Ernest, A fast modular multiplication algorithm with application to
two key cryptography, in: CRYPTO, 1983, pp. 51–60.
periods without recourse to repair or maintenance. RFID enables
[4] F. Hoornaert, M. Decroos, J. Vandewalle, R. Govaerts, Fast RSA-hardware:
programs to derive the power required to run their applications dream or reality, in: Lecture Notes in Computer Science on Advances in
from the reader’s electromagnetic field. As a result, those instru- Cryptology-EUROCRYPT’88, 1988, pp. 257–264.
ments must be highly energy intensive. Consequently, accurate [5] M. Kochanski, Developing an RSA chip, in: Lecture Notes in Computer
estimations of the power consumption of cryptographic processes Sciences; 218 on Advances in Cryptology—CRYPTO 85, 1985, pp. 350–357.
[6] K. Nyberg, R.A. Rueppel, Message recovery for signature schemes based on
are essential. This includes devices that run PKC on extension-
the discrete logarithm problem, in: A. De Santis (Ed.), Advances in Cryp-
enabled processors. Therefore, the fundamental arithmetic algo- tology — EUROCRYPT’94, Springer Berlin Heidelberg, Berlin, Heidelberg,
rithms could be more conveniently chosen and fine-tuned for a 1995, pp. 182–193.
low-power ECC architecture. [7] P. Qing-jun, A digital signature scheme based on the elliptic curve, J.
Hunan Inst. Sci. Technol. (2006).
These present difficulties were meant to help generate ECC
[8] F. Chun-chang, The digital signature based on elliptic curve crypt system,
private keys from a list of ECC public keys and system parameters. J. Southwest Univ. Natl. (2007).
The adversary faces a conundrum in this situation: trying to pene- [9] W. Ke-gui, Digital signature based on elliptic curve, J. Pingdingshan Inst.
trate an elliptic curve cryptosystem without using any underlying Technol. (2005).
ideas. [10] S.-F. Tzeng, M.-S. Hwang, Digital signature with message recovery and
its variants based on elliptic curve discrete logarithm problem, Comput.
Stand. Interfaces 26 (2) (2004) 61–71.
7. Conclusion [11] V.S. Miller, Use of elliptic curves in cryptography, in: Lecture Notes in
Computer Sciences; 218 on Advances in Cryptology—CRYPTO 85, 1985,
EC is the advanced technique of Elliptic curve cryptography. pp. 417–426.
[12] N. Koblitz, Elliptic curve cryptosystems, Math. Comp. 48 (177) (1987)
EC is used to secure open communications channels and make 203–209.
the digital era accessible to authenticated users. In the modern [13] W.J. Caelli, E.P. Dawson, S.A. Rea, PKI, elliptic curve cryptography, and
digital era, people communicate to the people, people to the digital signatures, Comput. Secur. 18 (1) (1999) 47–66.

24
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

[14] A. Menezes, F.A. Menezes, M. Qu, S. Vanstone, K.J. Sutherland, Elliptic [43] J. Li, J. Li, X. Chen, C. Jia, W. Lou, Identity-based encryption with
curve systems, in: IEEE P1363, Part 4: Elliptic Curve Systems, Citeseer, outsourced revocation in cloud computing, IEEE Trans. Comput. 64 (2)
1995. (2015) 425–437.
[15] R. Howard, Data encryption standard, Inf. Age Arch. 9 (4) (1987) 204–210. [44] A. Sahai, B. Waters, Fuzzy identity-based encryption, in: EUROCRYPT’05
[16] E. Biham, Cryptanalysis of multiple modes of operation, J. Cryptol. 11 (1) Proceedings of the 24th Annual International Conference on Theory and
(1998) 45–58. Applications of Cryptographic Techniques, Vol. 3494, 2005, pp. 457–473.
[17] J.R. Nechvatal, E.B. Barker, L.E. Bassham, W.E. Burr, M.J. Dworkin, J. Foti, E. [45] M. Li, S. Yu, Y. Zheng, K. Ren, W. Lou, Scalable and secure sharing
Roback, Report on the development of the advanced encryption standard of personal health records in cloud computing using attribute-based
(AES), J. Res. Natl. Inst. Stand. Technol. 106 (3) (2001) 511–577. encryption, IEEE Trans. Parallel Distrib. Syst. 24 (1) (2013) 131–143.
[18] A. Nadeem, M. Javed, A performance comparison of data encryp- [46] G. S, V. Vinod, W. H, Attribute-based encryption for circuits, in: Proceed-
tion algorithms, in: 2005 International Conference on Information and ings of the Forty-Fifth Annual ACM Symposium on Theory of Computing,
Communication Technologies, 2005, pp. 84–89. 2013, pp. 545–554.
[19] D. Salama, H.M.A. Kader, M.M. Hadhoud, Performance evaluation of [47] G. Sergey, V. Vinod, W. Hoeteck, Attribute-based encryption for circuits,
symmetric encryption algorithms, IJCSNS Int. J. Comput. Sci. Netw. Secur. J. ACM 62 (6) (2015) 45.
(2008). [48] L. Cheung, C. Newport, Provably secure ciphertext policy ABE, in: Pro-
[20] T. Nie, T. Zhang, A study of DES and blowfish encryption algorithm, in: ceedings of the 14th ACM Conference on Computer and Communications
TENCON 2009 - 2009 IEEE Region 10 Conference, 2009, pp. 1–4. Security, 2007, pp. 456–465.
[21] A.K. Mandal, C. Parakash, A. Tiwari, Performance evaluation of crypto- [49] J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based
graphic algorithms: DES and AES, in: 2012 IEEE Students’ Conference on encryption, in: 2007 IEEE Symposium on Security and Privacy (SP ’07),
Electrical, Electronics and Computer Science, 2012, pp. 1–5. 2007, pp. 321–334.
[22] N.B. Silva, D.F. Pigatto, P.S. Martins, K.R. Branco, Case studies of perfor- [50] A. Lewko, T. Okamoto, A. Sahai, K. Takashima, B. Waters, Fully secure
mance evaluation of cryptographic algorithms for an embedded system functional encryption: attribute-based encryption and (hierarchical) inner
and a general purpose computer, J. Netw. Comput. Appl. 60 (2016) product encryption, in: EUROCRYPT’10 Proceedings of the 29th Annual
130–143. International Conference on Theory and Applications of Cryptographic
[23] M. Usman, R. Amin, H. Aldabbas, B. Alouffi, Lightweight challenge- Techniques, 2010, pp. 62–91.
response authentication in SDN-based UAVs using elliptic curve cryptog- [51] T. Okamoto, K. Takashima, Fully secure functional encryption with general
raphy, Electronics 11 (7) (2022) [Online]. Available: [Link] relations from the decisional linear assumption, in: CRYPTO’10 Proceed-
com/2079-9292/11/7/1026. ings of the 30th Annual Conference on Advances in Cryptology, Vol. 2010,
[24] S. Siddaramanna, S. Sarapady Venkatramanayya, Key sequences based on 2010, pp. 191–208.
cyclic elliptic curves over GF(28) with logistic map for cryptographic ap- [52] J. Lai, R.H. Deng, C. Guan, J. Weng, Attribute-based encryption with
plications, Concurr. Comput.: Pract. Exper. 34 (11) (2022) e6849, [Online]. verifiable outsourced decryption, IEEE Trans. Inf. Forensics Secur. 8 (8)
Available: [Link] (2013) 1343–1354.
[25] J. Bao, Research on the security of elliptic curve cryptography, in: [53] V. Goyal, O. Pandey, A. Sahai, B. Waters, Attribute-based encryption
Proceedings of the 2022 7th International Conference on Social Sciences for fine-grained access control of encrypted data, in: Proc. ACM Conf.
and Economic Development (ICSSED 2022), Atlantis Press, 2022, pp. Computer and Communications Security, Vol. 2006, 2006, pp. 1–28.
984–988, [Online]. Available: [Link] [54] R. Ostrovsky, A. Sahai, B. Waters, Attribute-based encryption with non-
[26] R. Curtmola, J. Garay, S. Kamara, R. Ostrovsky, Searchable symmetric en- monotonic access structures, in: Proceedings of the 14th ACM Conference
cryption: improved definitions and efficient constructions, in: Proceedings on Computer and Communications Security, Vol. 2007, 2007, pp. 195–203.
of the 13th ACM Conference on Computer and Communications Security, [55] B. Waters, Ciphertext-policy attribute-based encryption: an expressive,
2006, pp. 79–88. efficient, and provably secure realization, in: PKC’11 Proceedings of the
[27] D. Boneh, G.D. Crescenzo, R. Ostrovsky, G. Persiano, Public key encryption 14th International Conference on Practice and Theory in Public Key
with keyword search, in: International Conference on the Theory and Cryptography Conference on Public Key Cryptography, 2011, pp. 53–70.
Applications of Cryptographic Techniques, Vol. 3027, 2004, pp. 506–522. [56] A. Lewko, B. Waters, Unbounded HIBE and attribute-based encryption, in:
[28] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. EUROCRYPT’11 Proceedings of the 30th Annual International Conference
Malone-Lee, G. Neven, P. Paillier, H. Shi, Searchable encryption revisited: on Theory and Applications of Cryptographic Techniques: Advances in
Consistency properties, relation to anonymous IBE, and extensions, J. Cryptology, 2011, pp. 547–567.
Cryptol. 21 (3) (2008) 350–391. [57] Y. Zheng, Digital signcryption or how to achieve cost(signature & encryp-
[29] R. Zhang, R. Xue, L. Liu, Searchable encryption for healthcare clouds: A tion) << cost(signature) + cost(encryption), in: CRYPTO ’97 Proceedings
survey, IEEE Trans. Serv. Comput. 11 (6) (2018) 978–996. of the 17th Annual International Cryptology Conference on Advances in
[30] D.X. Song, D. Wagner, A. Perrig, Practical techniques for searches on Cryptology, 1997, pp. 165–179.
encrypted data, in: Proceeding 2000 IEEE Symposium on Security and [58] P. Zhang, Y. Li, H. Chi, An elliptic curve signcryption scheme and its
Privacy. S&P 2000, 2000, pp. 44–55. application, Wirel. Commun. Mob. Comput. 2022 (2022).
[31] M. Yoshino, H. Sato, K. Naganuma, Searchable encryption processing [59] H. Yu, R. Ren, Certificateless elliptic curve aggregate signcryption scheme,
system, 2011. IEEE Syst. J. (2021).
[32] L. Zhi-bin, Symmetric image encryption scheme based on chaotic system, [60] S. Khasawneh, M. Kadoch, ECS-CP-ABE: A lightweight elliptic curve sign-
Comput. Eng. (2008). cryption scheme based on ciphertext-policy attribute-based encryption to
[33] R. Krishnamoorthy, P. Murali, Symmetric image encryption scheme based secure downlink multicast communication in edge envisioned advanced
on multiple chaotic maps, in: 2012 International Conference on Emerging metering infrastructure networks, Trans. Emerg. Telecommun. Technol.
Trends in Science, Engineering and Technology, INCOSET, 2012, pp. 32 (8) (2021) e4102.
280–286. [61] A. Shamir, Identity-based cryptosystems and signature schemes, in: Pro-
[34] T. Gao, Z. Chen, A new image encryption algorithm based on hyper-chaos, ceedings of CRYPTO 84 on Advances in Cryptology, Vol. 196, 1985, pp.
Phys. Lett. A 372 (4) (2008) 394–400. 47–53.
[35] M. Kumari, S. Gupta, P. Sardana, A survey of image encryption algorithms, [62] P.S.L.M. Barreto, B. Libert, N. McCullagh, J.-J. Quisquater, Efficient and
3d Res. 8 (4) (2017) 37. provably-secure identity-based signatures and signcryption from bilinear
[36] L. Bao, Y. Zhou, Image encryption, Inform. Sci. 324 (2015) 197–207. maps, in: ASIACRYPT’05 Proceedings of the 11th International Conference
[37] F. Kai, L. Shuyang, G. Nan, L. Hui, Searchable encryption method based on Theory and Application of Cryptology and Information Security, Vol.
on Chinese in cloud environment, 2016. 3788, 2005, pp. 515–532.
[38] D. Boneh, M.K. Franklin, Identity-based encryption from the weil pairing, [63] S.S.M. Chow, S.-M. Yiu, L.C.K. Hui, K.P. Chow, Efficient forward and
in: CRYPTO ’01 Proceedings of the 21st Annual International Cryptology provably secure ID-based signcryption scheme with public verifiabil-
Conference on Advances in Cryptology, 2001, pp. 213–229. ity and public ciphertext authenticity, in: International Conference on
[39] C. Cocks, An identity based encryption scheme based on quadratic Information Security and Cryptology, 2003, pp. 352–369.
residues, in: Proceedings of the 8th IMA International Conference on [64] X. Boyen, Multipurpose identity-based signcryption, in: Annual Interna-
Cryptography and Coding, 2001, pp. 360–363. tional Cryptology Conference, 2003, pp. 383–399.
[40] N. Döttling, S. Garg, Identity-based encryption from the diffie-hellman [65] L. Chen, J. Malone-Lee, Improved identity-based signcryption, in: PKC’05
assumption, in: Annual International Cryptology Conference, 2017, pp. Proceedings of the 8th International Conference on Theory and Practice
537–569. in Public Key Cryptography, 2005, pp. 362–379.
[41] A. Boldyreva, V. Goyal, V. Kumar, Identity-based encryption with efficient [66] B. Nayak, Signcryption Schemes Based on Elliptic Curve Cryptography,
revocation., IACR Cryptol. ePrint Arch. 2012 (2012) 52. National Institute of Technology Rourkela, Rourkela, 2014.
[42] R. Okuhata, Y. Manabe, T. Okamoto, An identity based encryption scheme [67] C. Gamage, Y. Zheng, J. Leiwo, An efficient scheme for secure message
from ideal lattices, in: The 2011 Symposium on Cryptography and transmission using proxy-signcryption, in: Australasian Computer Science
Information Security, Kokura, Japan, 2011. Conference 1999, 1999, pp. 420–431.

25
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

[68] N.-W. Lo, J.-L. Tsai, A provably secure proxy signcryption scheme using [100] Z. Cao, G. Xiong, Y. Zhao, Z. Li, L. Guo, A survey on encrypted traffic clas-
bilinear pairings, J. Appl. Math. 2014 (2014) (2014) 1–10. sification, in: International Conference on Applications and Techniques in
[69] A. Waheed, A.I. Umar, M. Zareei, N. Din, N.U. Amin, J. Iqbal, Y. Saeed, Information Security, 2014, pp. 73–81.
E.M. Mohamed, Cryptanalysis and improvement of a proxy signcryption [101] R. Kavya, A. George, Survey on encryption approaches for secure face
scheme in the standard computational model, IEEE Access 8 (2020) biometrics, IOP Conf. Ser.: Mater. Sci. Eng. 396 (1) (2018) 12028.
131188–131201. [102] R. Markan, G. Kaur, Literature survey on elliptic curve encryption
[70] R.I. Abdelfatah, A novel proxy signcryption scheme and its elliptic curve techniques, Int. J. Adv. Res. Comput. Sci. Softw. Eng. (2013).
variant, Int. J. Comput. Appl. 165 (2) (2017) 36–43. [103] P. Puteaux, S. Ong, K. Wong, W. Puech, A survey of reversible data hiding
[71] A.K. Awasthi, S. Lal, An efficient scheme for sensitive message in encrypted images - the first 12 years, J. Vis. Commun. Image Represent.
transmission using blind signcryption, 2005, arXiv preprint arXiv:cs/ 77 (2021) 103085.
0504095. [104] A. Patil, R. Goudar, A comparative survey of symmetric encryption
[72] X. Yu, D. He, A new efficient blind signcryption, Wuhan Univ. J. Nat. Sci. techniques for wireless devices, Int. J. Sci. Technol. Res. 2 (8) (2013)
13 (6) (2008) 662–664. 61–65.
[73] R. Ullah, Nizamuddin, A.I. Umar, N. ul Amin, Blind signcryption scheme [105] Q. Zhang, S. Jia, B. Chang, B. Chen, Ensuring data confidentiality via plau-
based on elliptic curves, in: Information Assurance and Cyber Security sibly deniable encryption and secure deletion – a survey, Cybersecurity
(CIACS), 2014 Conference on, 2014, pp. 51–54. 1 (1) (2018) 1–20.
[74] S. Ullah, N. Din, Blind signcryption scheme based on hyper elliptic curves [106] T. Mahboob, M. Zahid, G. Ahmad, Adopting information security
cryptosystem, Peer-to-Peer Netw. Appl. 14 (2) (2021) 1–16. techniques for cloud computing—A survey, in: 2016 1st International Con-
[75] P. Velan, M. Čermák, P. Čeleda, M. Drašar, A survey of methods for ference on Information Technology, Information Systems and Electrical
encrypted traffic classification and analysis, Networks 25 (5) (2015) Engineering, ICITISEE, 2016, pp. 7–11.
355–374. [107] J.H. Cheon, Discrete logarithm problems with auxiliary inputs, J. Cryptol.
[76] R. Yegireddi, R.K. Kumar, A survey on conventional encryption algorithms 23 (3) (2010) 457–476.
of cryptography, in: 2016 International Conference on ICT in Business [108] S. Mitsunari, R. Sakai, M. Kasahara, A new traitor tracing, IEICE Trans.
Industry & Government, ICTBIG, 2016, pp. 1–4. Fundam. Electron. Commun. Comput. Sci. 85 (2) (2002) 481–484.
[77] B. Kaliski, A survey of encryption standards, IEEE Micro 13 (6) (1993) [109] D. Boneh, X. Boyen, Short signatures without random oracles, in: In-
74–81. ternational Conference on the Theory and Applications of Cryptographic
[78] M.F. Mushtaq, S. Jamel, A.H. Disina, Z.A. Pindar, N.S.A. Shakir, M.M. Deris, Techniques, 2004, pp. 56–73.
A survey on the cryptographic encryption algorithms, Int. J. Adv. Comput. [110] D. Boneh, X. Boyen, H. Shacham, Short group signatures, IACR Cryptol.
Sci. Appl. 8 (11) (2017). ePrint Arch. 2004 (2004) 174.
[79] R. Kirubakaramoorthi, D. Arivazhagan, D. Helen, Survey on encryption [111] Y. Zhang, A. Juels, M.K. Reiter, T. Ristenpart, Cross-VM side channels
techniques used to secure cloud storage system, Indian J. Sci. Technol. 8 and their use to extract private keys, in: Proceedings of the 2012
(36) (2015) 1–7. ACM Conference on Computer and Communications Security, 2012, pp.
[80] R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, C. Anguille, M. Bardouillet, 305–316.
C. Buatois, J.B. Rigaud, Hardware engines for bus encryption: A survey of [112] V.G. Martínez, L.H. Encinas, C.S. Ávila, A survey of the elliptic curve
existing techniques, 2007, arXiv preprint arXiv:0710.4803. integrated encryption scheme, J. Comput. Sci. Eng. (2010).
[81] B.J. Mohd, T. Hayajneh, A.V. Vasilakos, A survey on lightweight block [113] D. Hankerson, A.J. Menezes, S. Vanstone, Guide to Elliptic Curve Cryptog-
ciphers for low-resource devices, J. Netw. Comput. Appl. 58 (58) (2015) raphy, I Springer-VL-rlag New York, Inc., 175 I-’ifth Avenue, New York,
73–93. NY 10010, USA, 2004, pp. 1–311.
[82] M. Henson, S. Taylor, Memory encryption: A survey of existing [114] C. Wang, C. Liu, Y. Li, H. Qiao, L. Chen, Multi-message and multi-receiver
techniques, ACM Comput. Surv. 46 (4) (2014) 53. heterogeneous signcryption scheme for ad-hoc networks, Inf. Secur. J.:
[83] P. Mishra, B. Thankachan, A survey on various encryption and key Glob. Perspect. 26 (3) (2017) 136–152.
selection techniques, Int. J. Eng. Innov. Technol. (2013). [115] D. Boneh, X. Boyen, Efficient selective-ID secure identity-based encryption
[84] P.R. Sankpal, P.A. Vijaya, Image encryption using chaotic maps: A survey, without random oracles, Lecture Notes in Comput. Sci. (2004) 223–238.
in: 2014 Fifth International Conference on Signal and Image Processing, [116] Y. Dodis, A. Yampolskiy, A verifiable random function with short proofs
2014, pp. 102–107. and keys, in: PKC’05 Proceedings of the 8th International Conference on
[85] D. Engel, T. Stütz, A. Uhl, A survey on JPEG2000 encryption, Multimedia Theory and Practice in Public Key Cryptography, 2005, pp. 416–431.
Syst. 15 (4) (2009) 243–270. [117] D. Boneh, X. Boyen, E.-J. Goh, Hierarchical identity based encryption with
[86] A. Jolfaei, A. Mirghadri, Survey: image encryption using Salsa20, Int. J. constant size ciphertext, Lecture Notes in Comput. Sci. (2005) 440–456.
Comput. Sci. Issues 7 (5) (2010) 213–220. [118] D. Boneh, C. Gentry, B. Waters, Collusion resistant broadcast encryption
[87] L. Chang, Image encryption techniques: A survey, J. Comput. Res. Dev. with short ciphertexts and private keys, IACR Cryptol. ePrint Arch. 2005
(2002). (2005) 18.
[88] E. Thambiraja, G. Ramesh, R. Umarani, S. Sarada, A survey on various [119] T. Okamoto, Efficient blind and partially blind signatures without random
most common encryption techniques, Int. J. Adv. Res. Comput. Sci. Softw. oracles, IACR Cryptol. ePrint Arch. 2006 (2006) 102.
Eng. (2012). [120] Q. Zhang, Z. Li, C. Song, The improvement of digital signature algo-
[89] F. Liu, H. Koenig, A survey of video encryption algorithms, Comput. Secur. rithm based on elliptic curve cryptography, in: 2011 2nd International
29 (1) (2010) 3–15. Conference on Artificial Intelligence, Management Science and Electronic
[90] J. Shah, V. Saxena, Video encryption: A survey, 2011, arXiv preprint Commerce, AIMSEC, 2011, pp. 1689–1691.
arXiv:1104.0800. [121] A.W. Fan, S.X. Lu, An improved elliptic curve digital signature algorithm,
[91] T. Stutz, A. Uhl, A survey of H.264 AVC/SVC encryption, IEEE Trans. Appl. Mech. Mater. (2010) 1024–1027.
Circuits Syst. Video Technol. 22 (3) (2012) 325–339. [122] D. Toradmalle, J. M, S. B, Implementation of provablysecure digital
[92] S. Peter, D. Westhoff, C. Castelluccia, A survey on the encryption of signature scheme based on elliptic curve, Indian J. Comput. Sci. Eng. 11
convergecast traffic with in-network processing, IEEE Trans. Dependable (4) (2020) 405–411.
Secure Comput. 7 (1) (2010) 20–34. [123] S. Chauhan, N. Gulati, Secure elliptic curve digital signature algorithm,
[93] H. Hayouni, M. Hamdi, T.-H. Kim, A survey on encryption schemes Int. Res. J. Sci. Eng. Technol. (2016).
in wireless sensor networks, in: 2014 7th International Conference on [124] L. Yong, Application of elliptic curve cryptosystem in digital signature, J.
Advanced Software Engineering and Its Applications, 2014, pp. 39–43. Chongqing Univ. Posts Telecommun. (2006).
[94] A. Rekha, P. Anitha, A.S. Subaira, C. Vinothini, A survey on encryption [125] C. Xia, S. Yang, Application of elliptic curve digital signature in the
algorithms for data security, Int. J. Res. Eng. Technol. 3 (12) (2014) performation evaluation, in: 2012 International Conference on Computer
131–134. Science and Service System, 2012, pp. 1678–1681.
[95] P. Jindal, B. Singh, RC4 encryption-A literature survey, Procedia Comput. [126] S.G. Jin, G.J. Wang, Design of digital signature scheme based on elliptic
Sci. 46 (2015) 697–705. curve cryptosystem, Appl. Mech. Mater. 685 (2014) 579–582.
[96] A.W. Dent, A survey of certificateless encryption schemes and security [127] X. Yun-jiang, Research on the digital signature technology on the basis
models, IACR Cryptol. ePrint Arch. 2006 (2006) 211. of improved elliptic curve, Microcomput. Inf. (2010).
[97] W.D. Alexander, A survey of certificateless encryption schemes and [128] C. Lei, Two kinds of digital signature based on elliptic curve and its
security models, Int. J. Inf. Secur. 7 (5) (2008) 349–377. performance analysis, J. Chongqing Univ. Sci. Technol. (2013).
[98] S.N. Karale, K. Pendke, P. Dahiwale, The survey of various techniques [129] W. Yun, L. Dianjun, An efficient threshold signature scheme based on
& algorithms for SMS security, in: 2015 International Conference on the elliptic curve cryptosystem, in: 2012 International Conference on
Innovations in Information, Embedded and Communication Systems, Computer Science and Electronics Engineering, Vol. 1, 2012, pp. 349–352.
ICIIECS, 2015, pp. 1–6. [130] Y. Wang, D. Lu, An efficient threshold signature scheme based on the
[99] M. Patil, V. Sahu, A survey of compression and encryption techniques for elliptic curve cryptosystem, in: 2010 2nd IEEE International Conference
SMS, Int. J. Adv. Res. Technol. (2013). on Information Management and Engineering, 2010, pp. 455–458.

26
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

[131] I. Bütün, M. Demirer, A blind digital signature scheme using elliptic curve [162] D.E. Kouicem, A. Bouabdallah, H. Lakhlef, Internet of things security: A
digital signature algorithm, Turk. J. Electr. Eng. Comput. Sci. 21 (4) (2013) top-down survey, Comput. Netw. 141 (2018) 199–221.
945–956. [163] S.-B. Xu, Signcryption scheme based on elliptic curve cryptography, 2009.
[132] F. Dan-yu, Blind digital signature design based on elliptic curve public-key [164] M. Toorani, A.A. Beheshti, An elliptic curve-based signcryption scheme
cryptosystem, J. Chongqing Univ. Posts Telecommun. (2006). with forward secrecy, 2010, arXiv preprint arXiv:1005.1856.
[133] P.K. Tysowski, M.A. Hasan, Re-encryption-based key management towards [165] H. Elkamchouchi, M. Nasr, R. Ismail, A new efficient strong proxy
secure and scalable mobile applications in clouds, IACR Cryptol. ePrint signcryption scheme based on a combination of hard problems, in: 2009
Arch. 2011 (2011) 668. IEEE International Conference on Systems, Man and Cybernetics, 2009,
[134] H. Ryotaro, M. Tatsuyuki, F. Yoshihiro, Y. Takuya, O. Koji, Re-encryption pp. 5123–5127.
key generation device, re-encryption device and program, 2014. [166] A.K. Lenstra, E.R. Verheul, Selecting cryptographic key sizes, J. Cryptol. 14
[135] R. Canetti, S. Hohenberger, Chosen-ciphertext secure proxy re-encryption, (4) (2001) 255–293.
in: Proceedings of the 14th ACM Conference on Computer and [167] R. Harkanson, Y. Kim, Applications of elliptic curve cryptography: a light
Communications Security, 2007, pp. 185–194. introduction to elliptic curves and a survey of their applications, in:
[136] Y. Han, X. Yang, Y. Hu, Signcryption based on elliptic curve and its multi- Proceedings of the 12th Annual Conference on Cyber and Information
party schemes, in: Proceedings of the 3rd International Conference on Security Research, 2017, p. 6.
Information Security, 2004, pp. 216–217. [168] A. Alexa, Alexa top 500 global sites, 2016, [Link]
[137] Y. Zheng, H. Imai, How to construct efficient signcryption schemes on topsites.
elliptic curves, Inform. Process. Lett. 68 (5) (1998) 227–233. [169] R. van Rijswijk-Deij, K. Hageman, A. Sperotto, A. Pras, The performance
[138] C. Gamage, Y. Zheng, J. Leiwo, An efficient scheme for secure message impact of elliptic curve cryptography on DNSSEC validation, IEEE/ACM
transmission using proxy-signcryption, in: Computer Science Proceedings Trans. Netw. 25 (2) (2016) 738–750.
of the 22nd Australasian Computer Science Conference, Springer-Verlag [170] W. Pan, F. Zheng, Y. Zhao, W.-T. Zhu, J. Jing, An efficient elliptic curve
London Ltd., Germany, 1999, pp. 420–431, Australasian Computer Science cryptography signature server with GPU acceleration, IEEE Trans. Inf.
Conference 1999, ACSC 1999 ; Conference date: 18-01-1999 Through Forensics Secur. 12 (1) (2016) 111–122.
21-01-1999.
[171] P.D. Nikam, V. Raut, Improoved MANET security using elliptic curve
[139] H.M. Elkamchouchi, Y. Abouelseoud, W.S. Shouaib, A new proxy sign- cryptography and EAACK, in: 2015 International Conference on Compu-
cryption scheme using warrants, Int. J. Intell. Eng. Inform. 1 (3) (2011) tational Intelligence and Communication Networks, CICN, IEEE, 2015, pp.
309–327. 1125–1129.
[140] H.M. Elkamchouchi, E.F.A. Elkhair, Y. Abouelseoud, An efficient proxy
[172] A.G. Reddy, A.K. Das, E.-J. Yoon, K.-Y. Yoo, A secure anonymous authen-
signcryption scheme based on the discrete logarithm problem, Int. J. Inf.
tication protocol for mobile services on elliptic curve cryptography, IEEE
Technol. Model. Comput. 1 (2) (2013) 7–19.
Access 4 (2016) 4394–4407.
[141] Y. Ming, Y. Wang, Proxy signcryption scheme in the standard model,
[173] V. Shivraj, M. Rajan, M. Singh, P. Balamuralidhar, One time password
Secur. Commun. Netw. 8 (8) (2015) 1431–1446.
authentication scheme based on elliptic curves for Internet of Things
[142] A. Waheed, N. Din, A.I. Umar, R. Ullah, U. Amin, Novel blind signcryption
(IoT), in: 2015 5th National Symposium on Information Technology:
scheme for E-voting system based on elliptic curves, Mehran Univ. Res.
Towards New Smart World, NSITNSW, IEEE, 2015, pp. 1–6.
J. Eng. Technol. 40 (2) (2021) 314–322.
[174] T.K. Goyal, V. Sahula, Lightweight security algorithm for low power IoT
[143] D. Johnson, A. Menezes, S. Vanstone, The elliptic curve digital signature
devices, in: 2016 International Conference on Advances in Computing,
algorithm (ECDSA), Int. J. Inf. Secur. 1 (1) (2001) 36–63.
Communications and Informatics, ICACCI, IEEE, 2016, pp. 1725–1729.
[144] M.O. Rabin, Digitalized Signatures and Public-Key Functions as Intractable
[175] O. Alowolodu, B. Alese, A. Adetunmbi, O. Adewale, O. Ogundele, Elliptic
as Factorization, MIT Laboratory for Computer Science, 1979.
curve cryptography for securing cloud computing applications, Int. J.
[145] T. Elgamal, A public key cryptosystem and a signature scheme based on
Comput. Appl. 66 (23) (2013).
discrete logarithms, Int. Cryptol. Conf. 31 (4) (1985) 10–18.
[176] D. He, H. Wang, M.K. Khan, L. Wang, Lightweight anonymous key
[146] C.P. Schnorr, Efficient signature generation by smart cards, J. Cryptol. 4
distribution scheme for smart grid using elliptic curve cryptography, IET
(3) (1991) 161–174.
Commun. 10 (14) (2016) 1795–1802.
[147] J.H. Burrows, et al., Digital signature standard (dss), Federal Inf. Process.
[177] A. Dua, N. Kumar, M. Singh, M.S. Obaidat, K.-F. Hsiao, Secure message
Stand. Publ. 186 (1994) 1–5.
communication among vehicles using elliptic curve cryptography in smart
[148] K. Nyberg, R.A. Rueppel, A new signature scheme based on the DSA
cities, in: 2016 International Conference on Computer, Information and
giving message recovery, in: Proceedings of the 1st ACM Conference on
Telecommunication Systems, CITS, IEEE, 2016, pp. 1–6.
Computer and Communications Security, 1993, pp. 58–61.
[149] K. Nyberg, A. Rueppel, Message recovery for signature schemes based on [178] M. Benssalah, M. Djeddou, K. Drouiche, Design and implementation
the discrete logarithm problem, Des. Codes Cryptogr. 7 (1) (1996) 61–81. of a new active RFID authentication protocol based on elliptic curve
encryption, in: 2016 SAI Computing Conference, SAI, IEEE, 2016, pp.
[150] K.K. Naidu, A. Krishnan, ECC based encryption and decryption using cloud,
1076–1081.
TEST Eng. Manag. 83 (2020) 7295–7298.
[151] S. Banerjee, A. Patil, ECC based encryption algorithm for lightweight [179] S.V. Vishnubhatla, An elliptic curve algorithm for iris pattern recognition,
cryptography, in: International Conference on Intelligent Systems Design in: 2015 Annual Global Online Conference on Information and Computer
and Applications, 2018, pp. 600–609. Technology, GOCICT, IEEE, 2015, pp. 51–59.
[152] S. Turner, B.C. Ramsdell, Secure/Multipurpose Internet Mail Extensions [180] B. Preneel, Analysis and Design of Cryptographic Hash Functions (Ph.D.
(S/MIME) Version 3.2 Message Specification, RFC 5751, RFC Editor, 2010, dissertation), Katholieke Universiteit te Leuven, 1993.
[Online]. Available: [Link] [181] S.A. Chaudhry, M.S. Farash, H. Naqvi, M. Sher, A secure and efficient
[153] D. He, H. Wang, L. Wang, J. Shen, X. Yang, Efficient certificateless authenticated encryption for electronic payment systems using elliptic
anonymous multi-receiver encryption scheme for mobile devices, Soft curve cryptography, Electron. Commer. Res. 16 (1) (2016) 113–139.
Comput. 21 (22) (2017) 6801–6810. [182] G. Sahebi, A. Majd, M. Ebrahimi, J. Plosila, J. Karimpour, H. Tenhunen,
[154] L. Fang-wei, Anti-deception threshold signature scheme based on ECC, J. SEECC: A secure and efficient elliptic curve cryptosystem for E-health
Chongqing Univ. Posts Telecommun. (2008). applications, in: 2016 International Conference on High Performance
[155] L. Harn, F. Wang, Threshold signature scheme without using polynomial Computing & Simulation, HPCS, IEEE, 2016, pp. 492–500.
interpolation, Int. J. Netw. Secur. 18 (2016) 710–717. [183] A. Barnes, C. Brake, T. Perry, Digital Voting with the use of Blockchain
[156] D.L. Chaum, Blind signatures for untraceable payments, in: Advances in Technology Team Plymouth Pioneers-Plymouth University, 2016, 2016.
Cryphotology-Proceedings of CRYPTO’82, 1983, pp. 199–203. [184] S. Heiberg, J. Willemson, Verifiable internet voting in Estonia, in: 2014 6th
[157] F.-G. Jeng, T.-L. Chen, T.-S. Chen, A blind signature scheme based on International Conference on Electronic Voting: Verifying the Vote, EVOTE,
elliptic curve cryptosystem, in: 2009 Fifth International Joint Conference IEEE, 2014, pp. 1–8.
on INC, IMS and IDC, 2009, pp. 2044–2049. [185] C. Meter, Design of distributed voting systems, 2017, arXiv preprint
[158] S.K. Nayak, B. Majhi, S. Mohanty, An ECDLP based untraceable blind arXiv:1702.02566.
signature scheme, in: 2013 International Conference on Circuits, Power [186] R. Hanifatunnisa, B. Rahardjo, Blockchain based e-voting recording system
and Computing Technologies, ICCPCT, 2013, pp. 829–834. design, in: 2017 11th International Conference on Telecommunication
[159] C.-I. Fan, W.-K. Chen, Y.-S. Yeh, Randomization enhanced Chaum’s blind Systems Services and Applications, TSSA, IEEE, 2017, pp. 1–6.
signature scheme, Comput. Commun. 23 (17) (2000) 1677–1680. [187] Elliptic Curve Cryptography, MIT, 2004, pp. 1–13, [Link]
[160] Z. Shao, Improved user efficient blind signatures, Electron. Lett. 36 (16) courses/mathematics/18-704-seminar-in-algebra-and-number-theory-
(2000) 1372–1374. rational-points-on-elliptic-curves-fall-2004/projects/[Link].
[161] A. Kihidis, K. Chalkias, G. Stephanides, Practical implementation of iden- [188] J. Blömer, P. Günther, Singular curve point decompression attack, in: 2015
tity based encryption for secure E-mail communication, in: 2010 14th Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC, IEEE,
Panhellenic Conference on Informatics, 2010, pp. 101–106. 2015, pp. 71–84.

27
S. Ullah, Zheng J., N. Din et al. Computer Science Review 47 (2023) 100530

[189] P.S. Barreto, M. Naehrig, Pairing-friendly elliptic curves of prime order, over 100 peer-reviewed journal/conference papers covering a wide range of
in: International Workshop on Selected Areas in Cryptography, Springer, topics in image/video analytics, pattern recognition, machine learning, and big
2005, pp. 319–331. data analytics.
[190] O. Shevchuk, Introduction to Elliptic Curve Cryptography, 2020.
[191] D. Loeffler, Definitions and weierstrass equations, in: Notes for the 2004-
5 Part III Course, 2004/5, pp. 1–73, [Link] Nizamud Din received his Master Degree from Uni-
~masiao/maths/lecturenotes/[Link]. versity of Peshawar in 2007, MSCS from International
[192] M.W. Paryasto, S. Sutikno, A. Sasongko, et al., Issues in elliptic curve Islamic University Islamabad in 2012 and Ph.D. from
cryptography implementation, Internetw. Indones. J. 1 (1) (2009) 29–33. Hazara University Mansehra in 2016. He served IQRA
[193] D.V. Bailey, B. Baldwin, L. Batina, D.J. Bernstein, P. Birkner, J.W. Bos, National University Peshawar as an Assistant professor
G.D. Meulenaer, J. Fan, T. Guneysu, F. Gurkaynak, et al., The certicom from March 2016 to October 2017. Currently, he is
challenges ECC2-X, 2009. working as an Assistant professor and Head Depart-
[194] A.K. Yadav, Significance of elliptic curve cryptography in blockchain IoT ment of Computer Science, University of Chitral. His
with comparative analysis of RSA algorithm, in: 2021 International Con- research interests include Smart Cryptography, Multi-
ference on Computing, Communication, and Intelligent Systems, ICCCIS, cast Communication and Internet of Things Security. He
IEEE, 2021, pp. 256–262. has published more than 40 research papers in Journals
[195] D. Wang, Secure implementation of ECDSA signatures in bitcoin, MSc Inf. and Conferences of International reputes.
Secur. (2014) 1–78.
[196] R.A. Deyani, Y. Ichsani, R. Bahaweres, Simulation of cryptocurrency using
Muhammad Tanveer Hussain is with the Department
elliptic curve cryptography algorithm in normal, failed, and fake bitcoin
of Mathematics, University of Management and Tech-
transactions, in: The 7th International Conference on Cyber and IT Service
nology (UMT), Lahore, Pakistan. Dr. Hussain received
Management (CITSM 2019), 2019.
his Ph.D. from the School of Mathematics at the Uni-
[197] A. Zahan, M.S. Hossain, Z. Rahman, S. Shezan, Smart home IoT use case
versity of Science and Technology of China (USTC),
with elliptic curve based digital signature: an evaluation on security and
Hefei, Anhui, P.R. China, in 2019. He received his Master
performance analysis, Int. J. Adv. Technol. Eng. Explor. 7 (62) (2020)
Degree at the Department of Mathematics University
11–19.
of Engineering and Technology, Lahore, Pakistan, in
[198] H.D. Tiwari, J.H. Kim, Novel method for DNA-based elliptic curve
2012. His research work has been published in reputed
cryptography for IoT devices, ETRI J. 40 (3) (2018) 396–409.
journals. His research interest includes Finite Group
Theory, Cryptography and Fuzzy Graph Theory.

Shamsher Ullah is with the Knowledge Units of Farhan Ullah is with the School of Software,
Systems and Technology (KUST), University of Manage- Northwestern Polytechnical University, Xi’an, Shaanxi,
ment and Technology (UMT), Sialkot, 51040, Pakistan. 710072, P.R. China. He received an M.S. degree in Com-
Dr. Shamsher received his post-doctorate certificate puter Science in 2012 from CECOS University Peshawar,
from the School of Software, Northwestern Polytech- Pakistan, and Ph.D. Computer Science degree in 2020
nical University, Xi’an, Shaanxi, 710072, P.R. China. from College of Computer Science, Sichuan University
Dr. Shamsher received his Ph.D from the School of Chengdu, P.R. China. He received Research Productivity
Computer Science and Technology at the University of Award from COMSATS Institute of Information Tech-
Science and Technology of China (USTC), Hefei, Anhui, nology (CIIT), Sahiwal, Pakistan, in 2016. His research
P.R. China. He received his Master Degree at the De- work has been published in various renowned journals
partment of Information Technology, Hazara University of IEEE, Springer, Elsevier, Wiley, MDPI, and Hindawi.
Mansehra, KPK, Pakistan, in 2015. His research work has been published in sev- His research interests include Software Similarity, Information Security, and Data
eral prestigious journals and top-tier conferences. His research interest includes Science.
Cryptography, Information Security, Privacy, Data Trading, and E-commerce.

Mahwish Yousaf is a postdoctoral research fellow

at the School of Computer Science and Technology,
Jiangbin Zheng received the BS, MS, and Ph.D. degrees University of Science and Technology of China (USTC),
in Computer Science from Northwestern Polytechnical Hefei, Anhui, P.R China. She received her Ph.D. at
University, in 1993, 1996, and 2002, respectively. From the School of Computer Science and Technology, Uni-
2000 to 2001 and 2002, he was a Research Assistant versity of Science and Technology of China (USTC),
at The Hong Kong Polytechnic University, Hong Kong. Hefei, Anhui, P.R. China, in 2021. She received her M.S.
From 2004 to 2005, he was a Research Assistant at degree in Information Technology from University of
The University of Sydney, Sydney, Australia. Since 2009, Gujrat, Pakistan, in 2016. She received her B.S. degree
he has been a professor and Ph.D. supervisor in the in Computer Science from University of the Punjab,
School of Computer Science, Northwestern Polytech- Lahore, Pakistan, in 2012. Her research works have
nical University. His research interests focus mainly appeared in several prestigious international journals. Her research interests
on intelligent information processing, visual computing, include machine learning, dimension reduction, image processing, data mining,
multimedia signal processing, big data, and soft engineering. He has published artificial intelligence, and deep learning.

28