Provable Lightweight Hybrid Proxy Re-Encryption

Scheme without Pairings for Internet of Things

Eman Abouelkeir  (  [email protected] )
Qassim University https://orcid.org/0000-0002-9204-7193

Research Article

Keywords: Hybrid Proxy Re-encryption, Security proof, Fog computing, Internet-of -things

Posted Date: August 3rd, 2022

DOI: https://doi.org/10.21203/rs.3.rs-1763553/v1

License:   This work is licensed under a Creative Commons Attribution 4.0 International License.  
Read Full License
Provable Lightweight Hybrid Proxy Re-Encryption Scheme without Pairings for Internet of
Things

Eman Abouelkheir1 and Shamia El-sherbiny2

1,2
Department of Electrical Engineering, College of Engineering Kafrelsheikh University, Kafrelsheikh
33516, Egypt
1
Department of Computer Science, College of Sciences and Arts, Qassim University, AlRass 51452,
Saudi Arabia

Corresponding author: Eman Abouelkheir

Corresponding author e-mail: [email protected]

Abstract

Cisco originated a term fog computing which decentralized computing process on the cloud central to
be closer to IOT data. Fog computing provides an efficient data storage and processing. Fog computing
still suffer from some security and privacy. Security problems solved by proxy re-encryption schemes
but it suffers from heavy computational operations because of using so many paring operations in
delegation and delegated sides. Parings operations causes heavy computations. This paper suggests a
new hybrid proxy re-encryption scheme without parings using both the symmetric and asymmetric
cryptography schemes. The security proof of the proposed scheme has been done under
Indistinguishability-Chosen Plaintext Attack. The suggested scheme is highly computationally efficient
when compared with other schemes in literature.

Index term

Hybrid Proxy Re-encryption, Security proof, Fog computing, Internet-of -things

1. Introduction

The internet of things (IOT) technology has attracted both academics and industries because of its
capabilities of changing the lifestyle through offering innovative and fascinating applications,
such as smart cities, smart vehicles, smart homes, health care systems, etc... IOT comprises several
technologies to achieve its broad vision of connecting all objects to the internet. IOT, by definition,
allows anything and anyone to be connected any place and any time using any service and any network
[1,2]. It is expected that IOT will have a significant growth in the near future which in turn will result
in exchanging enormous amounts of data between IOT smart devices. The massive increase in the
objects connected to IOT and their corresponding big data directly affect the processing time which is
the most important term in real time applications [3-5]. Fog computing which is a modified structure of
cloud computing is used in IOT networks to achieve low latency and decrease the congestion [6,7].

Fog computing architecture is shown in figure 1. It is based on inserting some intermediate nodes,
called fog nodes, between the cloud and the IOT objects. Fog nodes are closer to the IOT devices and
can perform various operations such as data analysis, data computing, transient data storage and
network connectivity. Fog computing can be considered as a complementary technology of cloud
computing [8-10].
 Figure 1. The infrastructure of fog computing [7]

The operation of the fog nodes depends on the type of data they receive. Data is classified according
time sensitivity into high time sensitive data, less time sensitive data and data which are not time
sensitive. The work flow of the fog network is as follow; the IOT devices directly sends the non-time
sensitive data to the cloud for analysis and storage, whereas, the time sensitive data is sent to the
nearest fog node which in turn takes immediate action and sends a summary to the cloud for future
processing and storage. If the data is less time sensitive, it will be aggregated in a fog node, which
performs the analysis and then sends the decision to the IOT device through the nearest node. The
aggregate node sends the summary to the cloud for future processing and storage [11].

Fog computing is a promising technology in many applications such as; manufacturing processes,
metallurgy industry, chemical industry, mining industry, smart vehicle networks and many other
applications [12-15] but it suffers from security challenges. Despite of the prolonged researches of fog
computing, one can find that most of them focus on the applications and the architecture and a fewer
number deals with the security and privacy problems [16-18]. Implementing security and privacy
operations to the IOT devices limits their lifetimes and increases the processing time [16]. To improve
the performance, the security operations can be offloaded to the fog nodes [17]. Proxy re-encryption is
an effective cryptographic technique in cloud computing [19,20] and hence it can be used in fog
computing where, in this case, the fog nodes can be treated as proxy nodes [18]. Proxy re-encryption is
based on adding a proxy to the conventional cryptographic system. The proxy converts the cipher text
of the source user into the cipher text of the destination user without obtaining the plain text of the
source user [20]. Most of PRE schemes used asymmetric cryptography for encryption/decryption.
Symmetric Encryption is the good choice for large amount of IoT data as it is relatively faster than
asymmetric encryption [21], [22]. Also, the majority of proxy re-encryption schemes proposed have
based on pairings. The pairings operations suffer from high computational cost than traditional public
key schemes [23]. Therefore, designing new lightweight proxy encryption schemes without pairings is
desirable for lower computational cost and security analysis [24]. Our proposed scheme, in this work,
treats the problem of latency by developing a pairing free hybrid lightweight PRE scheme for fog
computing nodes. The proposed scheme is the modified version of PRE scheme found in [18]. Our
proposed scheme uses the elliptic curve cryptography (ECC). It is without any pairing-operations, so it
saves time in all phases; set up, key generation, encryption, re-encryption and decryption phases. The
proposed hybrid scheme is based on using both lightweight symmetric and asymmetric cryptographic
schemes. We use NTSA as symmetric encryption scheme and ElGamal public key encryption as the
asymmetric encryption scheme. The security proof of our suggested scheme is introduced. Also, a
comparative study is conducted with other schemes in literature to show its efficiency.

The remaining sections of this paper are as follow. Section two presents a survey on some recent PRE
schemes. Section three discusses the security model. Section four discusses the proposed hybrid
scheme phases. The security proof under chosen plaintext attack is given in section five. The
performance analysis and a comparative study are found in section six. Finally, section seven gives the
conclusion.
 2. Methods/Experimental

This paper suggests a new hybrid proxy re-encryption scheme without parings using both the
symmetric and asymmetric cryptography schemes. The security proof of the proposed scheme has
been done under Indistinguishability-Chosen Plaintext Attack. The suggested scheme is highly
computationally efficient when compared with other schemes in literature.

3. Related work

This paragraph presents a summery for some recent PRE schemes. PRE pledges several properties
including non-transitivity, collision resistance, unidirectionality, proxy invisibility, non-transferability,
original access, non- interactivity and key optimality [25]. Many recent PRE variants are based on the
combination of these properties. A conditional PRE (C-PRE) with provable chosen-ciphertext security
was presented in [26], in this scheme, only ciphertexts that fulfill a specific condition can be changed
by the proxy. Researchers in [27] introduced a secure certificate-based PRE scheme. Another kind of
C-PRE called sender specified PRE (SS-PRE) was introduced in [28], this scheme enables only
ciphertexts from a specified sender to be transformed by a proxy. A secure broadcast PRE in which the
delegator provides the decryption privilege to a group of users was presented in [29]. Some authors in
other works combined the advantages of different PRE variants to provide more efficient PRE schemes
[30,31]. Fog computing solves the issues that the cloud computing suffers such as delay between users
and the heavy computations, and hence, many researchers are interested in studying its requirements,
security weakness and threats [32,33]. PRE variants have been adopted for cloud computing as well as
for fog computing to enhance the security [18, 25-31]. Attribute based encryption (ABE) and identity
based encryption (ID-BE) schemes have been used in literature to secure the data access control in fog
computing. ABE and ID-BE schemes in fog computing suffer from the heavy computations that results
from using many paring-operations [34-36]. Also, conventional key management and public key
cryptography cannot support the real time operation of IoT in fog computing [32]. Lightweight
cryptography provides a solution for the above issues. The authors in [32] presented lightweight proxy
re-encryption scheme that suffers from high risk of key exposure because of using symmetric
encryption. Another lightweight proxy re-encryption scheme for fog computing was introduced in [5],
this scheme enhances outsourcing security but suffer from heavy computations because of using ECC
based public key. The authors in [18] proposed a secure hybrid PRE scheme for fog computing based
on both symmetric and asymmetric key cryptography. This scheme has pairing operations in the fog re-
encryption and set up phase that increases the computational cost.

Lightweight cryptographic schemes are considered to be the good choice for IoT devices. They can
offer good security and performance for fog computing. Also, they require fewer resources such as
memory size and power resources. They are based on either symmetric encryption that uses the same
key for encryption and decryption process or asymmetric encryption that uses two different keys for
encryption and decryption; one remains secrete and the other is public.

Several lightweight encryption algorithms have been introduced in literature. Tiny Encryption
Algorithm (TEA) proposed by Roger Needham and David Wheeler [37] is based on Feistel structure
that has 32 cycles and each cycle consists of two rounds. XTEA is the first variant of TEA, it is a block
symmetric cryptography scheme that uses the Feistel structure [38]. XXTEA, is the second variants of
TEA. XXTEA also called block cipher. It has a same round function as XTEA. XXTEA applies its
round functions many iterations for the same message [39,40]. Although (TEA) and its variants (XTEA
, XXTEA) provided good features which enables secure and high rate transfer of data between IoT
devices, they suffer from high encryption/decryption time which in turn reduces the efficiency of IoT
devices. Also, (TEA) and its variants (XTEA, XXTEA) have the challenge of using the same keys
during all rounds of encryption that reduce the security. The authors in [41] added new features to TEA
to enhance the security of text files transfer through the IoT devices. Tiny Symmetric Encryption
Algorithm (NTSA) can offer a dynamically key ambiguity for each round of encryption. NTSA used a
key of size 128 bits and 64-bit plaintext. It provides dynamically keys confusion in each round. It
provides a lower latency compared to other existing security encryption schemes (TEA and its variants
XTEA, XXTEA). NTSA can offer higher security than (TEA and its variants XTEA, XXTEA) based
on the avalanche effect study. The authors found that more statistical changes in cipher text can be
created upon changing a bit in the key using NTSA algorithm [41].

Public key cryptography based on the elliptic curve cryptography ECC proposed by Miller [42] in
1985. Later ElGamal proposed ElGamal's public key cryptosystem which is described well in [43,
44]. ECC provides high security and faster implementation with smaller key size. Its challenge is
discrete logarithm problem of elliptic curve.

Because of the above issues, we propose a pairing free hybrid lightweight PRE scheme for fog
computing. Our proposed scheme is based on elliptic curve cryptography (ECC). It uses ElGamal
public key encryption as the asymmetric encryption scheme and NTSA as symmetric encryption
scheme. The proposed scheme is compatible for IOT devices communications.

4. Preliminaries

This section provides some computational problems that related to our scheme [45]. The elliptic
curve problems are:

4.1. Definition I

Suppose that p and q two prime numbers where p|q − 1. Let P be a group generator point over Fp∗ .
Given the tuple (P, aP) for unknown a ∈ Fp∗ , the Elliptic Curve Discrete Logarithm Problem (ECDLP)
in Fp∗ to compute a with negligible advantage for any polynomial time algorithm AECDL .
Adv(AECDL ) = Pr[AECDL (Fp∗ , p, P, aP) = a|a ∈ Fp∗ ]

4.2. Definition II

Suppose that p and q two prime numbers where p|q − 1. Let P be a group generator point over
Fp∗ .For a, b ∈ Fp∗ where (P, aP , bP) the CDH problem is how to compute abP. Solving the CDH
problem of any polynomial time algorithm is defined with the advantage Adv(ACDH ) which is trivial
for any polynomial time algorithm ACDH .

Adv(ACDH ) = Pr[ACDH (Fp∗ , p, P, aP, bP) = abP|a, b ∈ Fp∗ ]

5. The proposed hybrid scheme security model:

5.1. Definition III.

Our proposed scheme consists of five algorithms:

1- param ← set up(k): Given the security parameter k, this phase outputs the system parameters that
will be included in all the following phase.

2- {(𝑠𝑒𝑐𝑖 , 𝑃𝑖 ), (𝑠𝑒𝑐𝑗 , 𝑃𝑗 ), 𝑟𝑘𝑖𝑗 , 𝑆} ← 𝐾𝑒𝑦 𝐺𝑒𝑛𝑒𝑟𝑎𝑡𝑖𝑜𝑛(𝑖, 𝑗): this algorithm outputs the secret ad public
keys for users delegator (i) and delegate (j). Also, it outputs the re-encryption key 𝑟𝑘𝑖𝑗 , and a random
point S on the elliptic curve.

3- (𝑆𝐸𝑀𝑖 , 𝐸𝑘𝑖 ) ← 𝐸𝑛𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛(𝑃𝑖 , 𝑆): Given the public key for user 𝑖, 𝑃𝑖 , a point 𝑆 as an input, and a
message 𝑚 the algorithm outputs the encrypted message 𝑆𝐸𝑀𝑖 and the encrypted secrete key 𝐸𝑘𝑖 for
user i.

4- RK gen
4- 𝑟𝑘(𝑃𝑖, 𝑃𝑗 ) ← Re − encryption key , 𝑖 ≠ 𝑗: Given the secrete keys 𝑎𝑖 . 𝑏𝑗 for users A, and B the PKG
can generate the re-encryption key 𝑟𝑘𝑖𝑗 = r. 𝑎𝑖−1 . 𝑏𝑗 modp , r is a random number.

5- Ek𝑗 ← 𝐹𝑜𝑔 𝑅𝑒 − 𝑒𝑛𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛( 𝐸𝑘𝑖 , 𝑟𝑘𝑖𝑗 ): Given the ciphertext 𝐸𝑘𝑖 , and re-encryption key 𝑟𝑘𝑖𝑗 , the
algorithm outputs the cipher Ek𝑗 for user j

6-𝑚 ← 𝐷𝑒𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛(Ek𝑗 , 𝑠𝑒𝑐𝑗 ):Given the cipher Ek𝑗 and the secrete key of user j, this algorithm
decrypts Ek𝑗 and return the message m.

5.2. Definition IV.

The proposed scheme achieves the correctness for a message m, delegator i and delegate j if the
following equation holds:

𝐷𝑒𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛(𝐹𝑜𝑔 𝑅𝑒 − 𝑒𝑛𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛( 𝐸𝑘𝑖 , 𝑟𝑘𝑖𝑗 ), 𝑠𝑒𝑐𝑗 ) = message

𝐷𝑒𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛(𝐹𝑜𝑔 𝑅𝑒 − 𝑒𝑛𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛( 𝐸𝑛𝑐𝑟𝑦𝑝𝑡𝑖𝑜𝑛(𝑃𝑖 , 𝑆), 𝐾𝑒𝑦 𝐺𝑒𝑛𝑒𝑟𝑎𝑡𝑖𝑜𝑛(𝑖, 𝑗): ), 𝑠𝑒𝑐𝑗 ) = message

5.3. Definition V

A proposed hybrid re-encryption scheme HPRE is semantically confident against chosen plaintext
attack is no polynomial bounded adversary has a non-trivial advantage in the following game.
Suppose that A and B challengers. A has the non-negligible advantage ε in breaking the proposed
scheme. B plays the game with A to solve the ECDH problem in 𝔾 with the non- trivial advantage. B
run the following queries.

1-Set up: 𝔹 runs this random oracle to generate the system parameters param. 𝔹 delivers the param to
𝔸.

2- Key generation: in this phase 𝔹 answers 𝔸 queries as follow:

i) Public key query 𝑞_𝑃(𝑖, 𝑗): 𝔹 randomly choose the users (𝑖, 𝑗) secrete keys 𝑎, 𝑏 ∈ Zp∗ respectively.

ii) Secrete key query 𝑞_𝑠𝑒𝑐(𝑃𝑖 , 𝑃𝑗 ): 𝔹 visit 𝐿𝑃 .f 𝑛𝑖 = 1 𝔹 returns 𝑠𝑒𝑐𝑖 = 𝑎𝑖 to 𝔸. Otherwise 𝔹

randomly choose a number in Zp∗ and exist.

3- Encryption query 𝑞_𝐸(𝑃𝑖, 𝑆′): depending on the results in 𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ) with an input public keys of
users I,j: 𝑃𝑖, 𝑃𝑗 . If {𝑛𝑖 , 𝑛𝑗 } = 1: 𝔹 computes 𝐸𝑘′𝑖 = (μ∗𝑖 , λ𝑖∗ ) and stores {μ𝑖∗ , λ𝑖∗ , 𝑧, 𝑃𝑘′ } in 𝐿𝐸 Otherwise 𝔹
aborts.

4- Re-encryption key query q_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ) , 𝑖 ≠ 𝑗: 𝔹 visit 𝐿𝑃 . 𝔹 returns {𝑎𝑖 , 𝑃𝑖 , 𝑛𝑖 }, and {𝑏𝑗 , 𝑃𝑗 , 𝑛𝑗 } to 𝔸.

𝔹 computes the re-encryption key 𝑟𝑘𝑖𝑗 and stores {𝑟, 𝑟𝑘′𝑖𝑗 , 𝑆′} in the list 𝐿𝑟𝑘′ . If {𝑛𝑖 , 𝑛𝑗 } = 1, otherwise
B exist.

5- Re-encryption query 𝑞_𝑅𝑒(𝐸𝑘𝑖 , 𝑟𝑘𝑖𝑗 , 𝑆′): the output of this query depends on the results of
𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ), and 𝑞_𝐸(𝑃𝑖, 𝑆′). If {𝑛𝑖 , 𝑛𝑗 } = 1. 𝔹 computes the ciphertext as; Ek𝑗 ∗ = (𝜇𝑗′∗ , 𝜆𝑗′∗ ). 𝔹 stores
{𝜇𝑗′∗ , 𝜆𝑗′∗ , 𝑧′} in 𝐿𝑅𝐸 list.

5- Decryption: this oracle is denied to A.

5.4. 𝑮𝒂𝒎𝒆𝑪𝑷𝑨−𝑯𝑷𝑹𝑬
𝜺,𝑨

The game will follow six steps as follow:

 param ← 𝑠𝑒𝑡 𝑢𝑝(𝑘)

 {(𝑠𝑒𝑐𝑖 ∗ , 𝑃𝑖 ∗ ), (𝑠𝑒𝑐𝑗 ∗ , 𝑃𝑗 ∗ ), 𝑟𝑘𝑖𝑗 ∗ , 𝑆 ∗ } ← 𝐴𝑞𝑠𝑒𝑐,𝑞_𝑃,𝑞_𝑟𝑘
 𝑧 ← {0,1};
 𝑐ℎ𝑎𝑙𝑙𝑒𝑛𝑔𝑒: 𝐸𝑘′𝑖 = (μ∗𝑖 , λ∗𝑖 ) = (𝑐 ′ 𝑖 . 𝑃𝑖 , 𝑐 ′ 𝑖 . S′ + 𝑃𝑘′ ) and 𝑆𝐸𝑀′𝑖 = 𝐸𝑛𝑐𝑘 ′ (𝑚𝑧 ).
 𝐺𝑢𝑒𝑠𝑠 𝑃ℎ𝑎𝑠𝑒: 𝑧′ ← 𝐴𝑞𝑠𝑒𝑐,𝑞_𝑃,𝑞_𝐸
 𝑟𝑒𝑡𝑢𝑟𝑛 𝑧′
 The game has some restrictions for A including: A cannot make any secrete queries 𝑞𝑠𝑒𝑐 for the
users 𝑖 and 𝑗. So, A cannot launch collision attacks. Also, A cannot launch the decryption query
𝑞𝑑𝑒𝑐 .

The probability advantage of 𝑮𝒂𝒎𝒆𝑪𝑷𝑨−𝑯𝑷𝑹𝑬

𝜺,𝑨 will be
𝐶𝑃𝐴−𝐻𝑃𝑅𝐸
𝐴𝑑𝑣𝜀,𝐴 = |2 Pr[𝑮𝒂𝒎𝒆𝑪𝑷𝑨−𝑯𝑷𝑹𝑬
𝜺,𝑨 (𝑘) = 𝑧] − 1|

6. Our proposed hybrid scheme

6.1. set up

Given a security parameter k, (usually 160), the PKG adopts a group 𝔾 of a large prime number p
with p > 2k , (a, b) is a pair of integers which are smaller than q and satisfy (4a3 + 27b2 )modp ≠ 0.
E is the selected elliptic curve over the finite field 𝔽∗p : y = (x 3 + ax + b)modp. 𝑃 is the generator point
of a group of points on E of 𝔾. Also, O is the point at infinity and n is the order of the point 𝐺, with n
being a prime number, n. G = O and n > 2k . The PKG adopts a random number s ∈ 𝔽∗p as the master
key and then computes the master public key PT = s. P. The PKG retains s secret and releases the
system parameters:param = (p, 𝔾, G, n , PT ).

6.2. Key generation

The PKG takes the param as an input for the key generation phase then:

1- choose random 𝑟 ∈ Zp∗

2- choose A's secrete key 𝑠𝑒𝑐𝑖 = 𝑎𝑖 ∈ Zp∗ and computes A's public key 𝑃𝑖 = 𝑎𝑖 . 𝑃
3- choose B's secrete key 𝑠𝑒𝑐𝑗 = 𝑏𝑗 ∈ Zp∗ and computes B's public key 𝑃𝑗 = 𝑏𝑗 . 𝑃
4- computes a fog re-encryption key: 𝑟𝑘𝑖𝑗 = r. 𝑎𝑖−1 . 𝑏𝑗 modp and the elliptic curve point S=r. PT
5- Return (𝑠𝑒𝑐𝑖 , 𝑃𝑖 ), (𝑠𝑒𝑐𝑗 , 𝑃𝑗 ), 𝑟𝑘𝑖𝑗 , 𝑆.

6.3. Encryption
1- randomly choose a one-time symmetric key 𝑘 ∈ Zp∗
2- Computes 𝑓(𝑘) → 𝑃𝑘 , 𝑃𝑘 is a point on the elliptic curve E.
3- split the message into blocks, then encrypt the blocks of message m using the number of
rounds n with the symmetric key k by using XXTEA algorithm, called 𝑆𝐸𝑀𝑖 = 𝐸𝑛𝑐𝑘 (𝑚)
4- Choose a secret, random 𝑐𝑖 ∈ Zp∗
5- Use A's public key 𝑃𝑖 to encrypt the 𝑃𝑘 , 𝐸𝑘𝑖 = (μ𝑖 , λ𝑖 ) = (𝑐𝑖 . 𝑃𝑖 , 𝑐𝑖 . S + 𝑃𝑘 )
6- Return (𝑆𝐸𝑀𝑖 , 𝐸𝑘𝑖 )

6.4. Fog Re-encryption

When the target fog node gets 𝐸𝑘𝑖 , 𝑟𝑘𝑖𝑗 . Then it encrypts 𝐸𝑘𝑖 again so that only user j can decrypt 𝐸𝑘𝑗

Ek𝑗 = (𝜇𝑗′ , 𝜆𝑗′ ) = (μ𝑖 . 𝑟𝑘𝑖𝑗 , λ𝑖 ), Finally, Ek𝑗 extracted.

6.5. User decryption

Upon receiving the 𝑆𝐸𝑀𝑖 and Ek𝑗 , B uses its secret key 𝑠𝑒𝑐𝐵 to decrypt Ek 𝐵 to get the symmetric key k
and decrypt 𝑆𝐸𝑀𝑖 to get the message m as follows:

1- Computes: P𝑘𝑖 = 𝜆𝑗′ − 𝑏𝑗−1 . 𝜇𝑗′ = P𝑘

−1
2- 𝑓 P𝑘 = 𝑘
3- 𝑆𝐷𝑘 (𝑆𝐸𝑀𝑖 ) = 𝑚
4- Return message.
Key Generation
Assfg
A B
𝑠𝑒𝑐𝑖 = 𝑎𝑖 ∈ Zp∗ 𝑠𝑒𝑐𝑗 = 𝑏𝑗 ∈ Zp∗

computes public key 𝑃𝑖 = 𝑎𝑖 . 𝑃 computes public key 𝑃𝑗 = 𝑏𝑗 . 𝑃

computes 𝑟𝑘𝑖𝑗 = r. 𝑎𝑖−1 . 𝑏𝑗 modp , S=r. PT

Return (𝑠𝑒𝑐𝑖 , 𝑃𝑖 ), (𝑠𝑒𝑐𝑗 , 𝑃𝑗 ), 𝑟𝑘𝑖𝑗 , 𝑆.

Encryption

randomly choose 𝑘 ∈ Zp∗ , 𝑐𝑖 ∈ Zp∗

Computes

1- 𝑓(𝑘) → 𝑃𝑘 , 𝑃𝑘 is a point on the elliptic curve E.

2- 𝑆𝐸𝑀𝑖 = 𝐸𝑛𝑐𝑘 (𝑚)
3- 𝐸𝑘𝑖 = (μ𝑖 , λ𝑖 ) = (𝑐𝑖 . 𝑃𝑖 , 𝑐𝑖 . S + 𝑃𝑘 )

Return (𝑆𝐸𝑀𝑖 , 𝐸𝑘𝑖 )

Fog Re-Encryption
Ek𝑗 = (𝜇𝑗′ , 𝜆𝑗′ ) = (μ𝑖 . 𝑟𝑘𝑖𝑗 , λ𝑖 )

Decryption

Computes:

 P𝑘𝑖 = 𝜆𝑗′ − 𝑏𝑗−1 . 𝜇𝑗′ = P𝑘

𝑓 −1 P𝑘 = 𝑘
𝑆𝐷𝑘 (𝑆𝐸𝑀𝑖 ) = 𝑚

Return message.

Figure 2: The proposed scheme

5.6 scheme correctness

- The correctness of the equation Ek𝑗 = (𝜇𝑗′ , 𝜆𝑗′ ) = (μ𝑖 . 𝑟𝑘𝑖𝑗 , λ𝑖 )

Ek𝑗 = (𝜇𝑗′ , 𝜆𝑗′ ) = (μ𝑖 . 𝑟𝑘𝑖𝑗 , λ𝑖 ) = ( r. 𝑎𝑖−1 . 𝑏𝑗 . 𝑐𝑖 . P𝑖 , 𝑐𝑖 . S + P𝑘 )

= ( r. 𝑎𝑖−1 . 𝑏𝑗 . 𝑐𝑖 . 𝑎𝑖 . P𝑇 , 𝑐𝑖 . S + P𝑘 ) = ( r. 𝑏𝑗 . 𝑐𝑖 . 𝑃𝑇 , 𝑐𝑖 . S + 𝑃𝑘 )

The correctness of the equation P𝑘𝑖 = 𝜆𝑗′ − 𝑏𝑗−1 . 𝜇𝑗′

P𝑘𝑖 = 𝜆𝑗′ − 𝑏𝑗−1 . 𝜇𝑗′ = 𝑐𝑖 . S + P𝑘 − 𝑏𝑗−1 . r. 𝑏𝑗 . 𝑐𝑖 . P𝑇

= 𝑐𝑖 . S + P𝑘 − r. 𝑐𝑖 . P𝑇 = 𝑐𝑖 . S + P𝑘 − 𝑐𝑖 . S = P𝑘

7. Security Proof

Suppose that the ECDH problem is hard. The scheme, suggested above, is secure in the standard
security model; IND-CPA (Indistinguishability-Chosen Plaintext Attack)

Proof: suppose that we have two probabilistic polynomial time PPT adversary A and B. A has the non-
negligible advantage ε in breaking the proposed scheme. B plays the game with A to solve the ECDH
problem in 𝔾 with the non-trivial advantage. With the input tuple (𝑃, 𝑥𝑃, 𝑦𝑃, 𝑍) B get the output=1 if
𝑍 = 𝑥𝑦. 𝑃 and fails if the output is 0.

The following scenario will be between 𝔸 and 𝔹:

7.1. Set up:

𝔹 generates the system parameters param = (p, 𝔾, P, n , PT ) for some security parameter k. 𝔹 delivers
the param to 𝔸.

7.2. Key generation: in this phase 𝔹 answers 𝔸 queries as follow:

Firstly, Public key query 𝑞_𝑃(𝑖, 𝑗): 𝔹 randomly choose 𝑎, 𝑏 ∈ Zp∗

According to Coron techniques [11], 𝔹 switches a coin 𝑛𝑖 ∈ {0,1}; 𝑛𝑖 = 1 with probability €, €

constant otherwise 𝑛𝑖 = 0.

 If 𝑛𝑖 = 1, 𝔹 computes the public key 𝑃𝑖 = 𝑎𝑖 . 𝑃 and where 𝑎𝑖 are the secrete keys of the user i
 Otherwise; if 𝑛𝑖 = 0, 𝔹 computes the public key 𝑃𝑖 = 𝑑. 𝑎𝑖 . 𝑃 where (𝑑. 𝑎) is the secrete keys
of the user i. 𝔹 doesn't know the private keys at this time.
 Do the same for user j.

At the end, 𝔹 returns 𝑃𝑖 , 𝑎𝑛𝑑 𝑃𝑗 to 𝔸. 𝔹 stores {𝑎𝑖 , 𝑃𝑖 , 𝑛𝑖 }, and {𝑎𝑗 , 𝑃𝑗 , 𝑛𝑗 } in the public keys list 𝐿𝑃 .

Secondly, Secrete key query 𝑞_𝑠𝑒𝑐(𝑃𝑖 , 𝑃𝑗 ): 𝔹 visit 𝐿𝑃 .f 𝑛𝑖 = 1 𝔹 returns 𝑠𝑒𝑐𝑖 = 𝑎𝑖 to 𝔸. Otherwise 𝔹

randomly choose a number in Zp∗ and exist.

Thirdly, Re-encryption key 𝑟𝑘 query 𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ) , 𝑖 ≠ 𝑗: 𝔹 visit 𝐿𝑃 . 𝔹 returns {𝑎𝑖 , 𝑃𝑖 , 𝑛𝑖 }, and

{𝑏𝑗 , 𝑃𝑗 , 𝑛𝑗 } to 𝔸 according to the following:

 If 𝑛𝑖 = 1, 𝔹 randomly choose 𝑟 ∈ Zp∗ and computes the re-encryption key : 𝑟𝑘𝑖𝑗 =

r. 𝑎𝑖−1 modp and S=r. PT, this mean that the re-encryption key is unknown to 𝔹.
 If {𝑛𝑖 , 𝑛𝑗 } = 1, 𝔹 randomly choose 𝑟′ ∈ Zp∗ and computes the re-encryption key : 𝑟𝑘𝑖𝑗 =
r. 𝑎𝑖−1 . 𝑏𝑗 modp and S'=r'. PT. 𝔹 stores {𝑟, 𝑟𝑘′𝑖𝑗 , 𝑆′} in the list 𝐿𝑟𝑘′ .
 If 𝑛𝑖 ≠ 𝑛𝑗 , 𝔹 exist.

7.3. Encryption query 𝑞_𝐸(𝑃𝑖, 𝑆′): the output of this query depends on the results in 𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ).

𝓒𝓱𝒂𝒍𝒍𝒆𝒏𝒈𝒆 ∶ 𝔸 submits two messages 𝑚0 , 𝑚1 ∈ 𝔾 to target users {𝑖, 𝑗} under the following
conditions:
  𝔸 did not run any secret key generation query either for user 𝑖: 𝑃𝑖 ∗ or user 𝑗: 𝑃𝑗 ∗ in the
𝑞_𝑃(𝑖, 𝑗).
 𝔸 did not run any 𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ) . 𝔸 gets the secret key of user j from 𝑞_𝑠𝑒𝑐(𝑃𝑗 )

𝔹 choose a random bit 𝑧 𝜖 {1,0} and visit 𝐿𝑃 and gets {𝑎𝑖 ∗ , 𝑃𝑖 ∗ , 𝑛𝑖 ∗ }, and {𝑏𝑗 ∗ , 𝑃𝑗 ∗ , 𝑛𝑗 ∗ }. Then 𝔹
encrypts the message as follow:

If {𝑛𝑖 , 𝑛𝑗 } = 1: 𝔹 generates a symmetric key 𝑘′ ∈ Zp∗ and computes 𝑓(𝑘′) → 𝑃𝑘′ . 𝔹 randomly choose
𝑐′𝑖 ∈ Zp∗ and visit 𝐿𝑃 to get 𝑃𝑖, and gets S′ from 𝐿𝑟𝑘 .Then 𝔹 computes 𝐸𝑘′𝑖 = (μ𝑖∗ , λ∗𝑖 ) =
(𝑐 ′ 𝑖 . 𝑃𝑖 , 𝑐 ′ 𝑖 . S′ + 𝑃𝑘′ ) and 𝑆𝐸𝑀′𝑖 = 𝐸𝑛𝑐𝑘 ′ (𝑚𝑧 ) and stores {μ𝑖∗ , λ𝑖∗ , 𝑧, 𝑃𝑘′ } in 𝐿𝐸 Otherwise 𝔹 aborts.

7.4. Fog Re-encryption query 𝑞_𝑅𝑒(𝐸𝑘𝑖 , 𝑟𝑘𝑖𝑗 , 𝑆′): the output of this query depends on the results
of 𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ), and 𝑞_𝐸(𝑃𝑖, 𝑆′).

If {𝑛𝑖 , 𝑛𝑗 } = 1: 𝔹 visits 𝐿𝐸 to search for μ𝑖∗ , λ𝑖∗ and 𝐿𝑟𝑘′ to search for 𝑟𝑘′𝑖𝑗 . 𝔹 computes the ciphertext
as ; Ek𝑗 ∗ = (𝜇𝑗′∗ , 𝜆𝑗′∗ ) = (μ∗𝑖 . 𝑟𝑘′𝑖𝑗 , λ𝑖∗ ). 𝔹 stores {𝜇𝑗′∗ , 𝜆𝑗′∗ , 𝑧′} in 𝐿𝑅𝐸 list.𝔹 delivers Ek𝑗 ∗ as the challenge
ciphertext. Otherwise 𝔹 aborts

𝓖𝓾𝓮𝓼𝓼:

𝔸 can run more quires in the extract phase with the following conditions:

1- 𝔸 can not run the secret key queries 𝑞_𝑠𝑒𝑐(𝑃𝑖 , 𝑃𝑗 ) either for user i or j.
2- 𝔸 is allowed to make 𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ), 𝑞_𝐸(𝑃𝑖, 𝑆′), and 𝑞_𝑅𝑒(𝐸𝑘𝑖 , 𝑟𝑘𝑖𝑗 , 𝑆′) but not allowed to make
𝑞_𝑠𝑒𝑐(𝑃𝑖 , 𝑃𝑗 ).
3- The guess output is 𝑧′ 𝜖 {1,0}. 𝔹 outputs 1 if 𝑧 = 𝑧′ and then 𝑍 = 𝑥𝑦. 𝑃. Otherwise 𝑍 is a
random point on the elliptic curve 𝔽∗p .

7.5. Probability Analysis

If 𝔹 does not exist if

1- 𝑛𝑖 = 1: on a 𝑞_𝑠𝑒𝑐(𝑃𝑖 , 𝑃𝑗 ) query. 𝔹 does not exist with the probability 𝛿 𝑞_𝑠𝑒𝑐 assuming that 𝔸
run a 𝑞_𝑠𝑒𝑐 query to generate secrete keys.
2- {𝑛𝑖 , 𝑛𝑗 } = 1 on a 𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ) query and 𝑖 ≠ 𝑗. 𝔹 does not exist with the probability 𝛿 𝑞_𝑟𝑘
assuming that 𝔸 run a 𝑞_𝑟𝑘(𝑃𝑖, 𝑃𝑗 ) query to generate a re-encryption key.
3- {𝑛𝑖 , 𝑛𝑗 } = 1 on a 𝑞_𝐸(𝑃𝑖, 𝑆′) query and 𝑖 ≠ 𝑗. 𝔹 does not exist with the probability 𝛿 𝑞_𝐸
assuming that 𝔸 run a 𝑞_𝐸(𝑃𝑖, 𝑆′) query to generate 𝐸𝑘′𝑖 = (μ𝑖∗ , λ𝑖∗ ).
4- {𝑛𝑖 , 𝑛𝑗 } = 1 on a 𝑞_𝑅𝑒(𝐸𝑘𝑖 , 𝑟𝑘𝑖𝑗 , 𝑆′): query and 𝑖 ≠ 𝑗. 𝔹 does not exist with the probability
𝛿 𝑞_𝑅𝑒 assuming that 𝔸 run a 𝑞_𝑅𝑒(𝐸𝑘𝑖 , 𝑟𝑘𝑖𝑗 , 𝑆′): query to generate Ek𝑗 ∗ = (𝜇𝑗′∗ , 𝜆𝑗′∗ ).
5- In case of 𝓖𝓾𝓮𝓼𝓼 if 𝔹 outputs 𝑧 ′ = 1 and doesn’t abort with a probability 1 − 𝛿

𝔸 conducts a real attack if 𝔹 doesn't abort with total probability:

𝑓(𝛿) = (1 − 𝛿)𝛿 𝑞𝑠𝑒𝑐+𝑞𝑟𝑘+𝑞_𝐸+𝑞_𝑅𝑒

The function 𝑓(𝛿) has a maximum value when

1 1
(1 − )𝑞𝑠𝑒𝑐+𝑞𝑟𝑘 +𝑞𝐸+𝑞𝑅𝑒+1
𝑞𝑠𝑒𝑐 + 𝑞𝑟𝑘 + 𝑞𝐸 + 𝑞𝑅𝑒 𝑞𝑠𝑒𝑐 + 𝑞𝑟𝑘 + 𝑞𝐸 + 𝑞𝑅𝑒 + 1

𝔹 doesn't abort with a probability at least

1 1
𝛿𝑒 = 1 − ≅
𝑞𝑠𝑒𝑐 +𝑞𝑟𝑘 +𝑞𝐸 +𝑞𝑅𝑒 +1 𝑒(𝑞𝑠𝑒𝑐 +𝑞𝑟𝑘 +𝑞𝐸 +𝑞𝑅𝑒 +1)

8. Comparative study:
We compare the performance of the proposed secure pairing free HPRE scheme with the hybrid proxy
re-encryption scheme in [18]. The author proposed a hybrid scheme without random oracle. Also, this
scheme includes pairing operation in the re-encryption phase and exponential operation in the
encryption phase so, this make it heavy computations. Moreover, the author used XXTEA as
asymmetric scheme. The authors in [41] proposed a secure lightweight NTSA symmetric block cipher
for IoT network. They tried three different size text files; (0.95 kB, 12.2 kB, and 26.7 kB) using NTSA
and XXTEA ciphers for encryption and decryption as in table 1. Therefore, we use the lightweight
NTSA block cipher for the proposed lightweight secure HPRE. Table 1 shows the saving time when
using NTSA block cipher in the proposed scheme when compared with using XXTEA in [18]. When
using the file with size 0.95 kB the proposed scheme saves about 66% in the total encryption and
decryption time. When using the file with size 12.2 kB the proposed scheme saves about 34% in the
total encryption and decryption time. When using the file with size 26.7 kB the proposed scheme saves
about 17% in the total encryption and decryption time.

Table 1: The Encryption/Decryption time (ms)

Encryption/Decryption time (ms) HPRE Osama[18] Saving

File size with 128 bit key NTSA block XXTEA block
cipher cipher
0.95kB Encryption 0.097 0.158 39%
Decryption 0.090 0.179 50%
Total time 0.997 0.337 66%
12.2kB Encryption 1.04 1.534 32%
Decryption 1.020 1.583 36%
Total time 2.06 3.117 34%
26.7kB Encryption 1.856 2.224 17%
Decryption 1.820 2.193 17%
Total time 3.676 4.417 17%

8.1 Results and Discussion

From the point of view of mathematical operations, the proposed scheme is more efficient than [18]. It
did not use any pairing operations and saves in the setup, encryption, and re-encryption phases about
67%. It saves about 58% from the total time. Thus, our proposed scheme is more efficient. The authors
in [46] evaluate the elliptic curve mathematical operation in terms of modular time multiplications 𝑇𝑚 .
The evaluation of the computational cost based on the following symbols:

𝑇𝑒𝑚 Time the elliptic curve scalar point multiplication 𝑇𝑒𝑚 ≈ 29 𝑇𝑚 .

𝑇𝑝 Time for the pairing operation 𝑇𝑝 ≈ 87 𝑇𝑚

𝑇𝑒𝑥 Time for the exponentiation operation 𝑇𝑒𝑥 ≈ 240 𝑇𝑚

𝑇𝑖𝑛𝑣 Time for the modular inversion 𝑇𝑖𝑛𝑣 ≈ 11.6 𝑇𝑚

𝑇𝑎 Time for the addition of two elliptic curve points 𝑇𝑎 ≈ 0.12 𝑇𝑚

𝑇𝑀𝑇𝑃 Time for the map-to-point function 𝑇𝑀𝑇𝑃 ≈ 29 𝑇𝑚

Table 2: The propose scheme efficiency

Mathematical HPRE Osama[18] Saving

operations in phases
Set up 𝑇𝑒𝑚 𝑇𝑝 67%
Key generation 3𝑇𝑒𝑚 + 𝑇𝑖𝑛𝑣 3𝑇𝑒𝑚 + 𝑇𝑖𝑛𝑣 0%
Encryption 2𝑇𝑒𝑚 +𝑇𝑎 +𝑇𝑀𝑇𝑃 2𝑇𝑒𝑚 +𝑇𝑒𝑥 + 𝑇𝑎 + 𝑇𝑀𝑇𝑃 67%

Re-encryption 𝑇𝑒𝑚 𝑇𝑝 67%

Decryption 𝑇𝑒𝑚 + 𝑇𝑖𝑛𝑣 + 𝑇𝑎 𝑇𝑒𝑚 + 𝑇𝑖𝑛𝑣 + 𝑇𝑎 0%
Total 8𝑇𝑒𝑚 +2𝑇𝑖𝑛𝑣 + 2𝑇𝑎 2𝑇𝑝 + 6𝑇𝑒𝑚 +2𝑇𝑖𝑛𝑣 + 58%
2𝑇𝑎 + 𝑇𝑒𝑥
Total in 𝑇𝑚 284.44𝑇𝑚 669.44𝑇𝑚

9. Conclusion

a new lightweight hybrid proxy re-encryption scheme without pairings is introduced in this paper to
enhance the security of IOT networks which use fog computing. Our proposed scheme used both
symmetric and asymmetric encryption; the NTSA scheme for symmetric encryption and Elgamal
scheme for public key encryption. A formal definition is given for the proposed scheme. Also, the
performance and security analyses are provided. The obtained results demonstrated the security and the
computational efficiency of our scheme compared to other schemes found in literature and hence, it can
substantially compete in real time applications.

10. List of Abbreviations

IOT internet of things

PRE proxy re-encryption
HPRE Hybrid proxy re-encryption
ABE Attribute based encryption
ID-BE identity based encryption
TEA Tiny Encryption Algorithm
C-PRE conditional proxy re-encryption
ECC Elliptic curve cryptography
XXTEA Corrected Block TEA
NTSA novel tiny symmetric encryption algorithm
IND-CPA Indistinguishability-Chosen Plaintext Attack

11. Declaration

Availability of data and material

All Data is available

Author’s Contributions
Conceptualization, SES, EA. Funding acquisition, EA. Investigation and methodology, SES, EA.
Project administration SES, EA. Resources SES, EA. Supervision SES. Writing of the original draft
SES, EA. Writing of the review and editing SES, EA. Software SES, EA. Validation SES. Formal
analysis SES, EA. Data curation SES, EA. Visualization SES, EA. All the authors have proofread the
final version.

Funding
This research funded by Qassim University.

Acknowledgement
The researchers would like to thank the Deanship of Scientific Research, Qassim University for
funding the publication of this project

Competing Interests
The authors declare that they have no competing interests.

References
[1] C. Perera, A. Zaslavsky, P. Christen and D. Georgakopoulos, "Context aware computing for the
Internet of Things: A survey", IEEE Commun. Surveys Tuts., vol. 16, no. 1, pp. 414-454, 1st Quart.
2014.

[2] J. E. Siegel, S. Kumar and S. E. Sarma, "The Future Internet of Things: Secure, Efficient, and
Model-Based," in IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2386-2398, Aug. 2018,

[3] P. Maiti, J. Shukla, B. Sahoo and A. K. Turuk, "Mathematical modeling of qos-aware fog
computing architecture for iot services" in Emerging Technologies in Data Mining and Information
Security, Singapore: Springer, pp. 13-21, 2019.

[4] M. Mukherjee , L. Shu , D. Wang, “Survey of Fog Computing: Fundamental, Network

Applications, and Research Challenges”, IEEE Communications Surveys & Tutorials ( Volume:
20 , Issue: 3 , thirdquarter 2018 ), pp. 1826 – 1857, 2018

[5] A. A. Diro, N. Chilamkurti and Y. Nam, "Analysis of lightweight encryption scheme for Fog-to-
Things communication", IEEE Access, vol. 6, pp. 26820-26830, 2018.

[6] R. Lu, K. Heung, A. H. Lashkari and A. A. Ghorbani, "A lightweight privacy-preserving data
aggregation scheme for fog computing-enhanced IoT", IEEE Access, vol. 5, pp. 3302-3312, 2017.

[7] Y. Miao, J. Ma, X. Liu, J. Weng, H. Li and H. Li, "Lightweight fine-grained search over encrypted
data in fog computing", IEEE Trans. Services Comput., vol. 12, no. 5, pp. 772-785, Sep. 2019.

[8]X. Liu, R. H. Deng,Y. Yang, H. N.Tran, and S. Zhong,“Hybrid privacy-preserving clinical decision
support system in fog–cloud computing,” Future Generation Computer Systems, vol. 78, pp. 825–
837, 2018.
[9] F. Bonomi, R. Milito, J. Zhu and S. Addepalli, "Fog computing and its role in the Internet of
Things", Proc. 1st Ed. MCC Workshop Mobile Cloud Comput., pp. 13-16, 2012.

[10] Stojmenovic and S. Wen, "The fog computing paradigm: Scenarios and security issues", Proc.
IEEE Federated Conf. Comput. Sci. Inf. Syst. (FedCSIS), pp. 1-8, Sep. 2014.

[11] CISCO white paper, “Fog Computing and the Internet of Things: Extend the Cloud to Where the
Things Are”, 2015

[12] J. Pizoń and J. Lipski, "Perspectives for fog computing in manufacturing", Appl. Comput. Sci., vol.
12, no. 3, pp. 37-46, 2016.

[13] Singh, S.P., Nayyar, A., Kumar, R. et al. Fog computing: from architecture to edge computing and
big data processing. J Supercomput 75, 2070–2105, 2019.

[14] P. Zhang, J. K. Liu, F. R. Yu, M. Sookhak, M. H. Au and X. Luo, "A survey on access control in
fog computing", IEEE Commun. Mag., vol. 56, no. 2, pp. 144-149, Feb. 2018.

[15] Q. Qi and F. Tao, "A Smart Manufacturing Service System Based on Edge Computing, Fog
Computing, and Cloud Computing," in IEEE Access, vol. 7, pp. 86769-86777, 2019, doi:
10.1109/ACCESS.2019.2923610.

[16] M. Al-khafajiy, T. Baker, A. Waraich, D. Al-Jumeily and A. Hussain, "IoT-fog optimal workload
via fog offloading", Proc. IEEE/ACM Int. Conf. Utility Cloud Comput. Companion (UCC), pp. 359-
364, Dec. 2018.

[17] N. Farjana, S. Roy, M. J. N. Mahi and M. Whaiduzzaman, "An identity-based encryption scheme
for data security in fog computing", Proc. Int. Joint Conf. Comput. Intell., pp. 215-226, 2020.

[18] O. A. Khashan, "Hybrid Lightweight Proxy Re-Encryption Scheme for Secure Fog-to-Things
Environment," in IEEE Access, vol. 8, pp. 66878-66887, 2020, doi: 10.1109/ACCESS.2020.2984317.

[19] S. Fugkeaw and H. Sato, "Improved lightweight proxy re-encryption for flexible and scalable
mobile revocation management in cloud computing", Proc. IEEE 9th Int. Conf. Cloud Comput.
(CLOUD), pp. 894-899, Jun. 2016.
[20] Y. Chang, , S. Zhang, , L.Yan et al. A Quantum secure sharing protocol for Cloud data based on
proxy re-encryption. Sci Rep 10, 9074 (2020).
[21] O. A. Khashan, A. M. Zin and E. A. Sundararajan, "Performance study of selective encryption in
comparison to full encryption for still visual images", J. Zhejiang Univ. Sci. C, vol. 15, no. 6, pp. 435-
444, Jun. 2014.

[22] A. Ragab, G. Selim, A. Wahdan and A. Madani, "Robust Hybrid Lightweight Cryptosystem for
Protecting IoT Smart Devices", Int. Conf. Secur. Privacy Anonymity Comput. Commun. Storage, pp. 5-
19, 2019.

[23] Zhengjun, C., Lihua, L.: ‘On the disadvantages of pairing-based cryptography’, Int. J. Netw.
Secur., 2015, 17, (4), pp. 454–462

[24] M. R. Asaar, M. Salmasizadeh and W. Susilo, "An Identity-Based Multi-Proxy Multi-Signature

Scheme Without Bilinear Pairings and its Variants," in The Computer Journal, vol. 58, no. 4, pp. 1021-
1039, April 2015, doi: 10.1093/comjnl/bxu037.

[25] Z. Qin, H. Xiong, S. Wu, and J. Batamuliza, “A survey of proxy reencryption for secure data
sharing in cloud computing,” IEEE Trans.on Serv. Comput., 2016.

[26] J. Weng, R. H. Deng, X. Ding, C. K. Chu and J. Lai, "Conditional proxy re-encryption secure
against chosen-ciphertext attack", Proc. 4th Int. Symp. Inf. Comput. Commun. Secur. Sydney Aust., pp.
322-332, 2009.

[27] C. Sur, Y. Park, S. U. Shin, K. H. Rhee and C. Seo, "Certificate-based proxy re-encryption for
public cloud storage", Proc. 7th Int. Conf. Innov. Mobile Internet Services Ubiquitous Comput., pp.
159-166, Jul. 2013.

[28] P. Zeng and K. R. Choo, "A New Kind of Conditional Proxy Re-Encryption for Secure Cloud
Storage," in IEEE Access, vol. 6, pp. 70017-70024, 2018, doi: 10.1109/ACCESS.2018.2879479.

[29]M. Sun, C. Ge, L. Fang and J. Wang, "A proxy broadcast re-encryption for cloud data
sharing", Multimedia Tools Appl., vol. 77, no. 9, pp. 10455-10469, May 2018

[30] L. Jiang and D. Guo, "Dynamic Encrypted Data Sharing Scheme Based on Conditional Proxy
Broadcast Re-Encryption for Cloud Storage," in IEEE Access, vol. 5, pp. 13336-13345, 2017,

[31] P. Xu, T. Jiao, Q. Wu, W. Wang and H. Jin, "Conditional Identity-Based Broadcast Proxy Re-
Encryption and Its Application to Cloud Email," in IEEE Transactions on Computers, vol. 65, no. 1,
pp. 66-79, 1 Jan. 2016.

[32]L. Ferretti, M. Marchetti and M. Colajanni, "Fog-based secure communications for low-power IoT
devices", ACM Trans. Internet Technol., vol. 19, no. 2, pp. 27, 2019.

[33]J. Ni, K. Zhang, X. Lin and X. Shen, "Securing fog computing for Internet of Things applications:
Challenges and solutions", IEEE Commun. Surveys Tuts., vol. 20, no. 1, pp. 601-628, 1st Quart. 2018.

[34]Q. Huang, Y. Yang and L. Wang, "Secure data access control with ciphertext update and
computation outsourcing in fog computing for Internet of Things", IEEE Access, vol. 5, pp. 12941-
12950, 2017.

[35] Z. Wang, "Leakage resilient ID-based proxy re-encryption scheme for access control in fog
computing", Future Gener. Comput. Syst., vol. 87, pp. 679-685, Apr. 2018.

[36] P. Zhang, Z. Chen, J. K. Liu, K. Liang and H. Liu, "An efficient access control scheme with
outsourcing capability and attribute update for fog computing", Future Generat. Comput. Syst., vol. 78,
pp. 753-762, Jan. 2018.

[37] Wheeler, D.; Needham, R. TEA, A Tiny Encryption Algorithm. Available online:
http://www.cix.co.uk/ ~{}klockstone/tea.pdf (accessed on 22 April 2018).
[38] Needham, R.M.; Wheeler, D.J. TEA Extensions; Technical Report; Computer Laboratory,
University of Cambridge: Cambridge, MA, USA, 1997

[39] Wheeler, D.; Needham, R. XXTEA: Correction to XTEA; Technical report; Computer Laboratory,
University of Cambridge: Cambridge, MA, USA, 1998.

[40] E. M. Galas, and B. D. Gerardo, “Feasibility Assessment on the

Implementation of the Enhanced XXTEA on IoT Devices,” In 2019
IEEE 9th Int. Conf. on System Engineering and Technology (ICSET),
Shah Alam, Malaysia, pp. 178-182, October, 2019.

[41] Rajesh, S.; Paul, V.; Menon, V.G.; Khosravi, M.R. A Secure and Efficient Lightweight
Symmetric Encryption Scheme for Transfer of Text Files between Embedded IoT
Devices. Symmetry , 11, 293, 2019.

[42] V. S. Miller, “Use of elliptic curves in cryptography,” In Conf. on the theory and application of
cryptographic techniques, LNCS 218, Springer-Verlag, Berlin, pp. 417-426, August, 1985.

[43] D. Boruah, and M. Saikia, “Implementation of ElGamal Elliptic Curve Cryptography over prime
field using C,” In Int. Conf. on Information Communication and Embedded Systems (ICICES2014),
Chennai, India, pp. 1-7, 2014.

[44] K. Rabah, “Elliptic curve elgamal encryption and signature schemes,” Information technology j.,
vol. 4, no. 3, pp. 299-306, 2005.

[45] Eman Abouelkheir and Shamia El-sherbiny , Pairing free identity based aggregate signcryption
scheme", IET Information Security, 2020, 10.1049/iet-ifs.2019.0579

[46] Sk Hafizul Islam and G. P. Biswas, "An Efficient And Secure Strong Designated Verifier
Signature Scheme Without Bilinear Pairings" J. Appl. Math. & Informatics Vol. 31, No. 3 - 4, pp. 425
– 441, 2013.

Figure Title and Legend

Figure 1 The infrastructure of fog computing

Figure 2 The proposed scheme