Design of Identity-Based Blind Signature Scheme Upon Chaotic Maps

Jordan Abstract —Cryptosystems relying on chaotic maps have been presented lately. As a result of inferred and convenient connections amongst the attributes of conventional cryptosystems and chaotic frameworks, the concept of chaotic systems with applications to cryptography has earned much consideration from scientists working in the various domains. Hence, we suggest a novel IDentity-based Blind Signature (ID-BS) based technique in this paper that relies on a pair of hard number theoretic problems, namely, the Chaotic Maps (CM) and FACtoring (FAC) problems. The technique is immune to attacks, in addition to its efficiency in application. Relative to other related schemes, it requires fewer module operations. In summary, our proposed technique is superior to similar schemes within the cryptosystems


Introduction
As a consequence of the wide spread and fast expansion of computer and communications networks and their numerous applications, it has become imperative to employ authentication and key agreement protocols for remote users [1]- [3]. These protocols should be able to generate secure session key in addition to being immune known-key attacks and insure secure communications [1]- [3].
The blind signature notion was first introduced by Chaum [4], which entails that it is not necessary for signers to have knowledge of the content of the message, to consequently sign the message. The Blind Signature method relies on the principle that a user can take away the signature of a signer on a desired document without revealing internal information contained with it [5]. The fundamental aim of the Blind Signature scheme is obtaining the signature from an individual without exposing concealed content retained within that document. The virtue of blind signature is that it may be allowed for the requester to acquire the signature, although the signing party may not be able to draw an association to the document from a signature. If a requester issues a signature pair, an association between both of the pairs of requester and signer cannot be established. Also, unforgeability and untraceability are fulfilled by the blind signature scheme in addition to authentication [5][6][7][8][9][10][11][12][13][14][15]. The IDentity-based Blind Signature (IDBS) method is considered of high value due to the fact that an individual's identity is casually represented by his Public Key (PK). As a practical illustration, in the event that an electronic case disseminated by the bank may be effectively confirmed with the assistance of personal credentials; where this is simply achieved with the assistance of any possible assortment of strings such as bank's name, city, country, and year of the client or business. It is not necessary to communicate with or obtain a bank's key from the PK center. It is still an unresolved issue for approaches based on Integer Factorization Problem (IFP) of RivestShamirAdleman (RSA) techniques to insure security against generic parallel attacks.
The ID-BS approach eliminated the demand for a requester to pursue the public key of the recipient ahead of dispatching an encrypted message. Identity-based cryptography offers a viable helpful substitute technique to traditional Public-Key Infrastructure (PKI) [5,9]. Several ID-BS approaches have been suggested subsequent to the year 1984 [4], [14][15][16][17], nevertheless, ones arose in 2001, in particular, were able to achieve identity-based encryption [18]. The superiority of the ID-BS approach dwells in simplifying the procedure of key management. In the preceding two years, a few bilinear parings were adapted to different use cases and scenarios in cryptography [19,20].
A chaotic map-based image encryption algorithm was originally suggested in 1989 [18]. Lately, there has been an expanding activity in this field as a few methods were presented within the research art [22][23][24][25][26]. The chaotic map-based public cryptosystems require least computational complexity in comparison with that is needed by public cryptosystems that rely on modular exponential computing, or scalar multiplication on elliptic curves. Therefore, we will present in this paper a novel ID-BS technique relying on chaotic map and factoring problems. Our proposed scheme is much more efficient than previous ID-BS schemes as a result of the decreased number of operations.
We organize the rest of this paper as follows: we concisely lay-out the ground-work in Section 2. In Section 3, we construe the ID-BS scheme. Section 4 incorporates investigation of the security and computational cost of the presented technique as compared with current schemes. In Section 5, we depict a numerical illustration on our presented ID-BS technique. We finally draw conclusions in Section 6. Chebyshev polynomial map : ℛ → ℛ of degree is defined by the recurrent relation as follows: Where ≥ 2, 0 ( ) = 1, 1 ( ) = . In addition, a few other Chebyshev polynomials are given as: 2 ( ) = 2 2 − 1 , 3 ( ) = 4 3 − 3 , 4 ( ) = 8 4 − 8 2 + 1, Two intriguing features of a Chebyshev polynomial are the following [19,24], [33]: • The semi-group property [30]: So that to enhance this property, it was shown by Zhang [29] that the semi-group property is fulfilled for Chebyshev polynomials established on the interval (−∞, ∞) as follows [30]: Where ≥ 2, ∈ (−∞, ∞), and is a large prime number. Therefore, the property Also, the semi group property is fulfilled. The extended Chebyshev polynomials retain the characteristic that they commute under composition.
Definition 2. If one is given two elements and , the role of the discrete logarithm problem is to identify integer , such that ( ) = .
Definition 3. If one is given three elements, ( ), and ( ), the role of the Diffie-Hellman problem is to find element ( ).

Chaotic map problems
Given the integers and , and the prime number , then, the general second-order linear recurrence relation is of the form: Where ( ) ∈ ( ) for all The chaotic maps recurrence relation function [30] is define by Eq.(2.4), accompanied by the initial conditions 0 ( ) = 1 and 1 ( ) = . It can simply be seen that the chaotic maps functions are a particular kind of second-order linear recurrence relation in Eq.
Theorem 4. If it is possible to employ an algorithm to unravel the chaotic maps problem over ( ), thus an algorithm may be utilized to solve the discrete logarithm problem over ( ) in polynomial time [33]. Lemma 1. For any ∈ ( ) and = , given an integer, we are able to find an integer ∈ ( ), where hence create a chaotic maps sequence { ( )} corresponding to 1 2 ( + −1 ) = ( ) ∈ ( ) in polynomial time.

Lemma 2.
If we define , , and as they were previously defined atop, with be the group generated by . In order to identify w according to = 2 ( )mod , where is provided, with ∈ . One has to find solution for both of the chaotic maps problem in and the factorization of n.

Computational problems and random oracle models
In order to illustrate the security of our presented technique, we outline in the following a few essential mathematical characteristics of Chebyshev chaotic map: 1. If we are provided with a couple of elements and , the discrete logarithm problem role is to identify an integer , that satisfies ( ) = . 2. If provided with three elements , ( ), and ( ), the role of the Diffie-Hellman problem is to calculate elements ( ).
3. Random Oracle Model (ROM), where ROM is a security hypothesis, that affords a general framework for the security verification of information. The ROM has a totally a random hash function. If it is assumed that the hash function is able to furnish a wholly random oracle, the model may be treated as the excessive model among the ideal model and instantiation model [30].

The Proposed ID-BS Scheme
In the presented ID-based chaotic blind signature technique, ahead of signing of the message m by its signer, the message is blinded. When the sign procedure is completed, blind reduction procedure of the signed message is executed by provider of the message. Concurrently, we offer identity parameters via the hash combination of ID and private key x. The chaotic signature is computed by utilizing the new hash value. The utilization of chaotic type blind signature is able to successfully avert the difficult procedure of bilinear pairing, and therefore may boost the algorithm effectiveness.

Requirements
The blind signature normally encompasses measures stated as follows [30]: 1. (Blind Transformation) the message is transformed into message ′ by the Message Provider and is then commissioned to the Message Signer.

Initialization phase
We outline the following parameterssee Table 1 to illustrate our work.

Generating keys
The private key will be chosen as the result of randomly selecting an integer ∈ ℤ * by the signer. Chose the ID to be used as the user identity. Pick a cryptographic hash function °( ) to compute °( , ). Then the public key is calculated as :

Signing and extraction
The Signing and extraction steps are as follows: 1. Message signer selects ∈ ℤ , calculates then sends it, 2. (Blind transformation) randomly chosen by the Message Provider, the blind factor λ ∈Zn is used in calculating, Then the signature is, ( , , )

Signature verification
To authenticate the signature, the verifier inspects equitability of the following identity: The subsequent theorem may be employed to prove that if a signature ( , , ) of a message m is indeed formed by the presented partially blind signature technique. Which means ( , , ) is a legitimate signature of m. Therefore, our presented method yields a partially blind signature scheme.

4
Analysis of Our Proposed Scheme

Security analysis
We examine in this section a few security characteristics of our proposed ID-BS scheme. In order for an ID-BS scheme to be secure, it must fulfil the subsequent conditions.
Blindness: The property of blindness shared by all signatures composed by the signer embody an unambiguous shared information, which the message provider and the message signer consented upon. Although, the message provider is incapable of changing or eliminating the enclosed information, whereas retaining the feature of successful signature verification possible. Within our suggested scheme, a message provider is obligated to surrender to the signer the blinded data m, where in-turn the signer calculates and communicates ′ = (°( , ) 2 4 + 3 4 ) to the designated target. If the message provider is capable of victoriously changing or eliminating the v from the associated signature ( , , ) , thus s/he calculates w through ′ = (°( , ) 2 4 + 3 4 ). Nevertheless, it is burdensome to deduce the secret key x. Accordingly, in the presented technique, the message provider incapable of changing or removing the v out of the associated signature ( , , ) of message m to imitate the unblinded signature portion.
Randomization: Ahead of signing in the signing step in the presented technique, the blinded data is randomized by the signer via the random element k. The signer picks an integer k, then communicates it to the recipient. Then, the recipient forwards ′ = 2 −2 ( ) to the signer, where the signer remits 4 ≡ ( ′ −°( , ) 2 4 ) −3 ( ) to the message provider. If the message provider tries to remove from 4 ≡ ( ′ −°( , ) 2 4 ) −3 (mod ), thereupon s/he must infer through =°( , ) 2 ( ) mod . Nevertheless, it is burdensome to resolve due to the fact that deriving it is CM and FAC problems. Thus, within the presented scheme, it is not possible for the message provider to eliminate the random out of the associated signature ( , , ).
Untraceability: Within this technique, it is inconceivable for Message Signer to figure out the connection among ( , ) and ( , ) by computing, where to unravel this problem corresponds to CM and FAC problems [30].
Unforgability: The complexity of unfolding the CM and FAC problems is the basis for the security of our technique. The adversary Adv could attempt to deduce a forged signature employing assorted plans, as depicted subsequently.
Attack 1: For a particular message m, Adv contends to unfold the signature ( , , ) through allowing a single integer to be fixed, or fixing two integers, and determining the other. In this scenario, Adv will in random fashion fix either ( , ), ( , ) or ( , ) accordingly to fulfil,  iJOE -Vol. 16, No. 5, 2020 Case 1: Assuming that Adv will fix the elements ( , ) and attempts to resolve the value , consequently Adv is required to unravel the ensuing equations that may be obtained by simplifying the equation, Thus, ψ may be retrieved by the subsequent equation: Although, it is impractical to determine using = 2 ( ) despite if s/he is able to find ψ from Eq. (4.2).
Lemma (2) indicates that this is slightly as burdensome as unraveling the chaotic maps problems and factorization of n.
Case 2: Say Assuming that Adv will fix the elements ( , ) and attempts to resolve the value . At that point, her/his duty is more burdensome than Case1 due to the fact that s/he should find through = 2 ( ) , wherein: Lemma (2) indicates that this is slightly as burdensome as unraveling the chaotic maps problems and factorization of n.
Case 3: Assuming that Adv will fix the elements ( , ) and attempts to resolve the value . Hence, her/his duty is more burdensome than Case 1, since s/he has to find = 2 ( ) relying on the equation: Lemma (2) indicates that this is slightly as burdensome as unraveling the chaotic maps problems and factorization of n.
Attack 3: If we t is assumed that Ad is able to solve factoring problem, which means he knows the prime factorization of n i.e. p and q: However, he cannot compute since no information on °2 ( , ) is available, hence he cannot compute and = The above set of s equations contains a number of variables equals to (4s + 1) i.e, , , , , and x, in which = 1,2,3, … , , that are all unknown to the Adv. Hence, remains hard to be obtained as Adv will generate an infinite number of solutions to the system of equations depicted atop and is incapable of identifying which is factual choice.

Performance comparison
The Chebyshev polynomial computation problem provides a reduced size key when compared to other public key cryptosystems, in addition to rapid computing, along with bandwidth, memory and energy conservation. The Elliptic-Curve Cryptography (ECC) has large complexity in terms of computations. When assimilated with the encryption algorithm of the ECC method, the encryption algorithm of chaotic maps evades scalar multiplication and modular exponentiation calculations, dramatically enhancing the efficiency. For the sake of facilitating the cost evaluation process of computational requirements, Table 2 defines the notations and Execution time(s) [21,32]. Table 3 depicts the computational cost comparison of between the proposed scheme and the scheme in [30,31]. It is apparent that the proposed scheme has better efficiency when assimilated with the techniques proposed in [30,31]. Our scheme requires only 0.33249s, while their schemes needs 37.6456s, and 48.44278s, accordingly.

Numerical Simulation of the ID-BS
Suppose that a signer desires to sign an original message m = 322. A signer sets up the scheme with p = 47, q = 59, n = 2773, p = 11093, α = 100 is an element in GF(p) whose order modulo p is n.

Signing and extraction
The results of signing and extraction are as follows: 1. Message signer select = 2551 ∈ ℤ calculates then sends it Then the signature is (322, 1422, 1883)

Signature verification
To examine the authentic of the signature, the verifier performs a check of fulfilment of the equality of,

Conclusion
This paper suggested a secure ID-BS technique that relies on the chaotic map and factoring problems. The presented approach utilizes a smaller number of bits and lower computation cost due to the inherence of CM as compared to its ID-BS scheme counterparts presented in the relevant literature. In order to enhance the security of the algorithm under the random oracle model, a hash function was brought-out and employed.