Introduction

Rapid advances in computer technology and the development of the Internet are changing the way of daily life. We also organize our daily and business lives according to Internet facility. Secrecy is an important issue with respect to sensitive data transferred over insecure public channels. In an open network environment, secret session key needs to be shared between two users before it establishes a secret communication [7, 16,17,18]. As the number of users in the network is increasing, key distribution will become a serious problem. The public key cryptosystem can effectively solve the session key distribution problem in an open network environment, but each user should authenticate the public key of the partner before using it. The public key infrastructure (PKI) is proposed to implement the authentication of the public key, but it leads to large management overheads.

In 1984, the concept of the identity-based cryptographic scheme was introduced by Shamir [1]. According to his idea, the public key of each user is just extracted from his public identity information, such as e-mail address, identity number, etc. [1]. Using each user’s public identity as his public key can escape the problem of authentication of the public key, and it enables users to establish the session key in the non-interactive form. However, Shamir only succeeded in constructing an Identity-based signature scheme. When Boneh et al. [17] constructed identity-based encryption using the property of Weil pairing, designed the Identity-based cryptographic scheme, and then only, it was practically implemented. However, the bilinear pair operations make the cryptographic scheme unsuitable to low-performance devices [20]. Tsujii and Itoh [21] also proposed an identity-based cryptographic scheme using the DLP with single discrete exponent which uses the ElGamal [22] public key cryptographic scheme. Recently, Meshram [8] used the variant of IFP and DLP to construct their identity-based encryption scheme and proposed many identity-based cryptographic techniques [9,10,11,12] which have been proposed. However, in these techniques, the public key of each entity is not only an identity, it is some random number selected either by the entity or by the trusted authority.

As above outline, the new identity-based cryptographic schemes always face security challenges and confidentiality worries. The main contribution of our new efficient identity-based QER cryptographic scheme is the key generation phase. In this study, we design an efficient identity-based QER cryptographic scheme using the property of DLP with distinct discrete exponent and IFP. We have also discussed enhancement of security and processing cost of efficient identity-based QER cryptographic scheme.

The rest of this paper is organized as follows: review of Meshram and Obaidat’s identity-based QER cryptographic scheme is discussed in Sect. 2. An efficient identity-based QER cryptographic scheme is proposed in Sect. 3. The security analysis and security proof of our new scheme are presented in Sect. 4. Performance comparison of proposed identity-based cryptographic schemes and other six schemes are described in Sect. 5. Enhancement of security and processing cost of identity-based QER cryptographic scheme are explained in Sect. 6. Finally, in Sect. 7, we conclude the paper.

Review of Meshram and Obaidat’s identity-based QER cryptographic scheme

To describe it briefly, Meshram and Obaidat’s [13] identity-based QER cryptographic scheme can be summarized as four related sub-algorithms, such as Setup, Extraction, Encryption, and Decryption. The Setup algorithm is run by Private Key Generator (PKG) to generate its public and private keys. On receiving the registered application of a user, PKG will run the Extraction algorithm to generate the private key of this user if the user is identified to be legal. If some user wants to securely send a message to another user, he/she can run the Encryption algorithm to encrypt the message with the identity of the latter. On receiving the ciphertext, the receiver can run the Decryption algorithm to decrypt the ciphertext with his private key. Most of the existing identity-based cryptosystems are described in this form [7], so it is easy for readers to understand our QER description of Meshram and Obaidat’s identity-based cryptographic scheme, which is shown as follows:

Setup

PKG carries out the following steps:

  1. 1.

    Selected p and q random prime numbers s.t. \(N=pq\). Let \(n=| N |\) be the bit number and compute Euler-phi function \(\varphi ( N )=( {p-1} )( {q-1} )\).

  2. 2.

    Select two arbitrary random integers e and d, \(1\le e,d\le \varphi ( N )\) satisfying the conditions gcd\(( {e,\varphi ( N )} )=1\), and \(ed\equiv 1( {\hbox {mod}\,\varphi ( N )} )\).

  3. 3.

    Generate n-dimensional vector \({\vec {b}}=(b_1,b_2,\ldots ,b_n)\) defined over multiplicative cyclic group \(Z_{\varphi ( N )}^*\), under the condition \(1\le b_i \le \varphi ( N), ( {1\le i\le n} )\) and \(b_i \ne b_j ( {\text {mod}\,\varphi ( N )} ),( {i\ne j} ).\)

  4. 4.

    Compute n-dimensional vector \({\vec {h}}=(h_1,h_2,h_3,\ldots ,h_n)\), where \(h_i =\alpha ^{b_i }\hbox {mod}\,N( {1\le i\le n} ).\)

PKG uses \(( {N,e,\alpha ,{\vec {h}}} )\) as its public key and informs it to each entity, and at the same time, it uses \(( {\vec {b}}, d )\) as its private key and keeps it secret.

Extraction

PKG carries out the following steps to compute the private key of the entity i, whose identity is a k-dimensional binary vector \(\hbox {ID}_i =(x_{i1} ,x_{i2} ,\ldots ,x_{ik} ),x_{ij} \in \{ {0,1} \},( {1\le j\le k} )\).

  1. 1.

    Compute the entity i \(^\prime \)s extended ID, \({R}_i\) as follows:

    $$\begin{aligned} {R}_i= & {} ( {\hbox {ID}_i } )^{e}( {\hbox {mod}\,N} )\\= & {} (y_{i1}, y_{i2} ,y_{i3} ,\ldots ,y_{it} ),y_{ij} \in \{ {0,1} \},\left( {1\le j\le t}. \right) \end{aligned}$$
  2. 2.

    Entity \(i^{\prime }s\) secrete keys \(s_i \) is computed by inner product of \({\vec {b}}\) and \({R}_i \) as follows:

    $$\begin{aligned} s_i =\vec {b}{R}_{i}(\hbox {mod} \,\varphi (N)) = \sum \limits _{1\le j\le n} b_j y_{ij} \,\hbox {mod} ( {\varphi ( N )} ). \end{aligned}$$

Note that \(\hbox {ID}_i \) is used as the public key of the entity i.

Encryption

Entity 2 wants to send the message M to entity 1, and then entity 2 can encrypt M as follows:

  1. 1.

    Compute the entity 1’s extended ID, \({R}_1 \) by the following form:

    $$\begin{aligned} {R}_1= & {} ( {\hbox {ID}_1 } )^{e}( {\hbox {mod}\,N} )\\= & {} (y_{11} ,y_{12} ,y_{13} ,\ldots ,y_{1t} ),\\&y_{1j} \in \{ {0,1} \},( {1\le j\le t} ). \end{aligned}$$
  2. 2.

    Compute

    $$\begin{aligned} Y_1= & {} \mathop \prod \limits _{1\le i\le n} h_i ^{y_{1i} }( {\hbox {mod}\, N} )\\= & {} \mathop \prod \limits _{1\le i\le n} ( {\alpha ^{b_i }} )^{y_{1i} }( {\hbox {mod} \,N} )\\= & {} \alpha ^{\mathop \sum \nolimits _{1\le i\le n} b_i y_{1i} \hbox {mod}( {\varphi ( N )} )}( {\hbox {mod} \,N} )\\= & {} \alpha ^{s_1 }( {\hbox {mod} \,N} ). \end{aligned}$$

Using \({Y}_1 \) and PKG’s public information \({\vec {h}}\), we follow the next steps:

  1. 3.

    Compute \(C_1 =( {\alpha ^{k}} )^{e}( {\hbox {mod} \,N} )\).

  2. 4.

    Compute \(C_2 =(M(\alpha ^{s_1 })^{k})^{e}( {\hbox {mod} \,N} )\).

Then, the ciphertext is given by \(C=(C_1 ,C_2 )\).

Decryption

Entity 1 does the following to recover the plaintext M from the ciphertext

  1. 1.

    Compute \(C_1^{\varphi ( N )-s_1 } ( {\hbox {mod} \,N} )=C_1^{-s_1 } ( {\hbox {mod}\,N} ).\)

  2. 2.

    It uses secrete key \(s_1 \) to recover M as follows:

    $$\begin{aligned} ( {C_1^{-s_1 } *C_2 } )^{d}( {\hbox {mod}\,N} )= & {} ( {\alpha ^{-s_1 ke}M^{e}\alpha ^{s_1 ke}} )^{d}( {\hbox {mod}\,N} )\\= & {} M^{ed}( {\hbox {mod}\,N} )\\= & {} M( {\hbox {mod}\,N} ). \end{aligned}$$

Propose an efficient identity-based QER cryptographic scheme

The efficient identity-based QER cryptographic scheme is more secure than the previous scheme presented by Meshram and Obaidat’s [13] in terms of security. We used floor function and super-increasing sequence to develop the master key pair in this scheme. It is very difficult for attacker or adversary to find the private key and break the communication between different parties in low time period as compared with the scheme described in [13]. It is also very difficult to maintain the communication cost for breaking the system in view of our proposed scheme.

New efficient identity-based QER cryptographic scheme is described in four sub-algorithms, such as Setup, Extraction, Encryption, and Decryption, which are shown as follows.

Setup

The Setup algorithm is the same as only steps 1–4 in Sect. 2 [13] of this paper. The different steps from scheme [13] are as follows:

  1. 1.

    Select a natural number satisfying the conditions \(\gcd ( {\beta ,\varphi ( N )}) =1\) and \(\beta < \lfloor \varphi ( N )/n\rfloor \), where \(\lfloor x\rfloor \) denote the floor function which implies the largest integer smaller than x.

  2. 2.

    Choose super-increasing sequence corresponding to b as \({\vec {b}}^{\prime }_{i}(1\le i\le n)\) when satisfies \(\mathop \sum \nolimits _{j=1}^{i-1}{\vec {{b}}^{\prime }}_j + \delta < \varphi (N) \) where \(\delta < \lfloor \varphi ( N)/\beta \rfloor \), and \(\mathop \sum \nolimits _{j=1}^n {\vec {b}^{\prime }}_j < \varphi (N)\).

  3. 3.

    Compute \(b_i ={b}^{\prime } \beta (\hbox {mod} \,\varphi (N))\) and \(c_i =b_i ( {\hbox {mod} \,\beta }),( {1\le i\le n} )\)

  4. 4.

    Compute n-dimensional vectors \(v=( {v_1 ,v_2 ,\ldots ,v_n } ),\) where \(v_l =d_l b_l ( {\hbox {mod}\,\varphi ( N )} ),( {1\le l\le n} ).\)

PKG uses \(( {N,e,\vec {h}} )\) as his public key and informs it to each entity, and at the same time, it uses \(( {\vec {v},d} )\) as his private key and keeps it secret.

Extraction

PKG carries out the following steps to compute the private key of the entity i, whose identity is a k-dimensional binary vector \(\hbox {ID}_i =(x_{i1} ,x_{i2} ,\ldots ,x_{ik} ),x_{ij} \in \{ {0,1} \},( {1\le j\le k} )\) .

  1. 1.

    Compute as the extended of entity i’s, by the following:

    $$\begin{aligned} R_i= & {} ( {\hbox {ID}_i })^{e}( {\hbox {mod}\,N} )=( {y_{i1} ,y_{i2} ,\ldots ,y_{it} } ),\\&y_{ij} \in \{ {0,1} \},( {1\le j\le t} ) . \end{aligned}$$
  2. 2.

    Entity \(i^{\prime }s\) secrete keys \(s_i\) is computed by inner product of \({\vec {v}}_l\) and \(R_i\) as follows:

    $$\begin{aligned} s_i ={\vec {v}}_l R_i(\hbox {mod} \,\varphi (N))=\sum \limits _{1\le j\le n} {\vec {v}}_l y_{ij} \hbox {mod} \,(\varphi (N)) \end{aligned}$$

Encryption

Entity 2 wants to send the message M to entity 1, and entity 2 can encrypt M as follows:

  1. 1.

    Compute the entity i’s extended \(\hbox {ID}\),\(R_1 \)by the following:

    $$\begin{aligned} R_1 =( {y_{11} ,y_{12} ,\ldots ,y_{1t} } ),y_{1j} \in \{ {0,1} \},( {1\le j\le t} ). \end{aligned}$$
  2. 2.

    Compute

    $$\begin{aligned} Y_1= & {} \mathop \prod \limits _{1\le i\le n} (h_i ^{y_{1i} })^{d_i }( {\hbox {mod}\,N} )\\= & {} \mathop \prod \limits _{1\le i\le n} (( {\alpha ^{b_i }} )^{y_{1i} })^{d_i }( {\hbox {mod}\,N} )\\= & {} \alpha ^{\mathop \sum \nolimits _{1\le i\le n} \vec {v}_l y_{1i} \hbox {mod}( {\varphi ( N )})}(\hbox {mod} \, N)\\= & {} \alpha ^{s_1 }( {\hbox {mod}\,N} ). \end{aligned}$$

From \({Y}_1 \) and PKG’s public information \({\vec {h}}\)

  1. 3.

    Compute \(Y_2 =\alpha ^{\varphi ( N )-s_1 }( {\hbox {mod}\,N} )=\alpha ^{-s_1 }( {\hbox {mod}\,N})\).

  2. 4.

    Compute the ciphertext \(C=( {M\alpha ^{s_1 }}. )^{e}( {\hbox {mod}\,N} )\)

Decryption

Entity 1 does the following to recover the plaintext M from the cipher text:

  1. 1.

    Use his private key \(s_1 \) to recover M as \(M=( {Y_2^e *C})^{d}({\hbox {mod}\,N} ).\)

The correctness of the proposed scheme can be shown as follows:

Due to \(Y_2^e =(\alpha ^{-s_1 })^{e}( {\hbox {mod}\,N} )\)

We have \(( {Y_2^e *C} )^{d}( {\hbox {mod}\,N} )\equiv (\alpha ^{-s_1 e}M^{e}\alpha ^{s_1 e})^{d}( {\hbox {mod}\,N} )\equiv M^{ed}( {\hbox {mod}\,N} )\equiv M( {\hbox {mod}\,N} ).\)

Security analysis and discussions

The security of identity-based QER cryptographic scheme is based on the index problems, such as IFP and DLP, which define over multiplicative cyclic group \({Z}_{N}^{*}\). Applying Meshram and Meshram attacking method [14] to the proposed system, it may be noted that center’s secret information may be disclosed.

Theorem 1

[14] The \(( {n+1} )\) entities’ \(i, ( {1\le i\le n+1} )\) can derive an n-dimensional vector \(v_i^{\prime } \) over \(Z_{\varphi ( N )}^*\) which is equivalent (not necessarily identical) to the original PKG ’s secret information.

Proof

When \(( {n+1} )\) entities’ \(i,( {1\le i\le n+1} )\) conspire, then system of linear congruence is as follows:

$$\begin{aligned}&\left[ {\begin{array}{c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c} R_1 &{} &{} 0 &{} &{}0 &{} &{} 0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} R_2 &{} &{}0 &{} &{}0\\ &{} \vdots &{} &{} \ddots &{} &{} \vdots &{}\\ 0 &{} &{} 0 &{} &{}R_n &{} &{}0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} 0 &{} &{} 0&{} &{} R_{n+1}\\ \end{array}}\right] \left[ {\begin{array}{c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c} v_1 &{} &{} 0 &{} &{}0 &{} &{} 0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} v_2 &{} &{}0 &{} &{}0\\ &{} \vdots &{} &{} \ddots &{} &{} \vdots &{}\\ 0 &{} &{} 0 &{} &{}v_{n-1} &{} &{}0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} 0 &{} &{} 0&{} &{} v_{n}\\ \end{array}}\right] \nonumber \\&\quad =\left[ {\begin{array}{c} {{s_1}}\\ {{s_2}}\\ {{s_3}}\\ \vdots \\ {{s_{n + 1}}}\\ \end{array}}\right] \quad \left( {\hbox {mod}~\varphi \left( N \right) } \right) . \end{aligned}$$
(1)

However, each \({R}_i \) is an n-dimensional binary vector, there exists an \(( {n+1} )\)-dimensional vector c over the \(Z_{\varphi ( N )} \), such that

$$\begin{aligned} \mathop \sum \limits _{1\le i\le n+1} w_i R_i =0. \end{aligned}$$
(2)

Here, we have

$$\begin{aligned} \mathop \sum \limits _{1\le i\le n+1} w_i s_i =0( {\hbox {mod}\,\varphi ( N )} ) \end{aligned}$$
(3)

and thus

$$\begin{aligned} \mathop \sum \limits _{1\le i\le n+1} w_i s_i =D\,\varphi ( N ). \end{aligned}$$
(4)

The \(( {n+1})\) entities can have an integer multiple of \(\varphi ( N )\), if \(D\ne 0\). Then, they can find out the factorization of N. A similar method with attack (Theorem 1) is applicable. Hence, the PKG’s secret information can be derived by \(( {n+1} )\)-entities conspiracy.

Furthermore, Meshram developed a more general attacking method [2] for the modified system, such that \(( {n+2} )\) entities conspiracy can derive the PKG ’s secret information with high probability.

Theorem 2

[2] The \(( {n+2} )\) entities’ \(i,( {1\le i\le n+2} )\) can derive the PKG ’s secret information v with high probability.

Proof

When \(( {n+1} )\) entities \(i,( {1\le i\le n+1} )\) conspire, they have the following system of linear congruence’s defined by the following equation:

$$\begin{aligned}&\left[ {\begin{array}{c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c} R_1 &{} &{} 0 &{} &{}0 &{} &{} 0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} R_2 &{} &{}0 &{} &{}0\\ &{} \vdots &{} &{} \ddots &{} &{} \vdots &{}\\ 0 &{} &{} 0 &{} &{}R_n &{} &{}0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} 0 &{} &{} 0&{} &{} R_{n+1}\\ \end{array}}\right] \left[ {\begin{array}{c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c} v_1 &{} &{} 0 &{} &{}0 &{} &{} 0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} v_2 &{} &{}0 &{} &{}0\\ &{} \vdots &{} &{} \ddots &{} &{} \vdots &{}\\ 0 &{} &{} 0 &{} &{}v_{n-1} &{} &{}0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} 0 &{} &{} 0&{} &{} v_{n}\\ \end{array}}\right] \nonumber \\&\quad =\left[ {\begin{array}{c} {{s_1}}\\ {{s_2}}\\ {{s_3}}\\ \vdots \\ {{s_{n + 1}}}\\ \end{array}}\right] \quad \left( {\hbox {mod}~\varphi \left( N \right) } \right) \end{aligned}$$
(5)
$$\begin{aligned}&\quad =Ba( {\hbox {mod}\,\varphi \left( N \right) } ). \end{aligned}$$
(6)

Assuming that the matrix B includes n linearly independent column vectors over \(Z_{\varphi ( N )} \), there exist some positive integers \(w_i \quad ( {1\le i\le n+1} )\), such that

$$\begin{aligned}&\left[ {\begin{array}{c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c} R_1 &{} &{} 0 &{} &{}0 &{} &{} 0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} R_2 &{} &{}0 &{} &{}0\\ &{} \vdots &{} &{} \ddots &{} &{} \vdots &{}\\ 0 &{} &{} 0 &{} &{}R_n &{} &{}0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} 0 &{} &{} 0&{} &{} R_{n+1}\\ \end{array}}\right] \left[ {\begin{array}{c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c} v_1 &{} &{} 0 &{} &{}0 &{} &{} 0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} v_2 &{} &{}0 &{} &{}0\\ &{} \vdots &{} &{} \ddots &{} &{} \vdots &{}\\ 0 &{} &{} 0 &{} &{}v_{n-1} &{} &{}0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} 0 &{} &{} 0&{} &{} v_{n}\\ \end{array}}\right] \nonumber \\&\quad =\left[ {\begin{array}{c} {{s_1}}\\ {{s_2}}\\ {{s_3}}\\ \vdots \\ {{s_{n + 1}}}\\ \end{array}}\right] -\left[ {\begin{array}{c} {w_1 } \\ {w_2 } \\ {w_3 } \\ \vdots \\ {w_{n+1} } \\ \end{array}}\right] \varphi ( N ). \end{aligned}$$
(7)

Then, Eq. (7) can be rewritten by the following form:

$$\begin{aligned}&\left[ {\begin{array}{c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c} R_1 &{} &{} 0 &{} &{}0 &{} &{} 0&{}s_1\\ &{}&{}&{}\cdots &{}&{}&{}\\ 0 &{} &{} R_2 &{} &{}0 &{} &{} 0 &{} s_2\\ &{} \vdots &{} &{} \ddots &{} &{} \vdots &{} &{} s_3\\ 0 &{} &{} 0 &{} &{}R_n &{} &{}0 &{} \vdots \\ &{}&{}&{}\cdots &{}&{}&{}\\ 0 &{} &{} 0 &{} &{} 0&{} &{} R_{n+1}&{} s_{n+1}\\ \end{array}}\right] \left[ {\begin{array}{c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c@{\quad }c} v_1 &{} &{} 0 &{} &{}0 &{} &{} 0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} v_2 &{} &{}0 &{} &{}0\\ &{} \vdots &{} &{} \ddots &{} &{} \vdots &{}\\ 0 &{} &{} 0 &{} &{}v_{n-1} &{} &{}0\\ &{}&{}&{}\cdots &{}&{}\\ 0 &{} &{} 0 &{} &{} 0&{} &{} v_{n}\\ \end{array}}\right] \nonumber \\&\quad =-\left[ {\begin{array}{c} {w_1 } \\ {w_2 } \\ {w_3 } \\ \vdots \\ {w_{n+1} } \\ \end{array}}\right] \varphi ( N ) \end{aligned}$$
(8)
$$\begin{aligned}&\quad = {B}^{\prime }v^{\prime }_{i}. \end{aligned}$$
(9)

The matrix B in Eq. (6) includes n linearly independent column vectors over \(Z_{\varphi ( N )} \) by supposition, it follows that the matrix \({B}^{\prime }\) is non-singular over \(Z_{\varphi ( N )} \) [i.e., det \((B^{{\prime }})\ne 0]\) with overwhelming probability, and thus, we have \(v_i^{\prime } \ne 0( {\hbox {mod}\,\varphi ( N )} )\). On the other hand, we have the following system of linear congruences:

$$\begin{aligned} \vec {B}^{\prime }v^{\prime }_i=0(\hbox {mod} \, \varphi (N)). \end{aligned}$$
(10)

If the matrix \({B}^{\prime }\) is non-singular over \(Z_{\varphi ( N )}^*\), then \(v_i^{\prime } =0( {\hbox {mod}\,\varphi ( N )} )\), and this contradicts the above results. Thus, the matrix \({D}'\) is singular over\(Z_{\varphi ( N )}^*\), and we have det \(( {{B}^{\prime }})=0(\hbox {mod} \,\varphi (N))\) with high probability. It shows that det \(( {{B}^{\prime }} ))\) is divisible by \(\varphi ( N )\) with high probability. Furthermore, consider the case where the other \(( {n+1} )\) entities among \(( {n+2} )\) conspire, and define the matrix \({D}^{{\prime }{\prime }}\) in a way similar to the above. Then, det \((B^{{\prime }{\prime }})\) is divisible by \(\varphi ( N )\) with high probability. Hence, gcd (det\((B^{{\prime }})\), det \(( {B}^{{\prime }{\prime }} )\)) gives \(d\varphi ( N )\), where d is a small positive integer. By the above procedure, we can evaluate \(\varphi ( N )\) efficiently. An additional procedure to find the center’s secret information is completely the same as attack (Theorem 2).

Performance comparison of identity-based cryptographic schemes

In this section, we have discussed six most widely used identity-based cryptographic schemes and compared their performance. These eight identity-based cryptographic schemes are: cocks identity-based cryptographic scheme [5], authenticated identity-based cryptographic scheme [3], selective-identity secure identity-based cryptographic scheme without random oracles [15], hierarchical identity-based cryptographic scheme [6], water’s identity-based cryptographic scheme [4], Meshram and Obaidat’s identity-based QER cryptographic scheme [13], and our proposed efficient Identity-based QER cryptographic scheme. These schemes have different performances on server for evaluating Encryption algorithm performance, Decryption algorithm performance, and computational cost.

Notations used in this computation are as follows:

\(T_{\hbox {P}} =\) :

The time of executing a paring operation.

\(T_{\hbox {M}} =\) :

The time of executing a modular multiplication.

\(T_{\hbox {e}} =\) :

The time of executing a modular exponentiation in group.

\(T_{\hbox {m }}=\) :

The time of executing a scalar or point multiplication in group.

\(T_{\hbox {x }}=\) :

The time of executing an XOR operation.

\(T_{\hbox {H}} =\) :

The time of executing a map to point hash function.

\(T_{\hbox {h }}=\) :

The time of executing a one-way hash function.

\(T_{\hbox {a }}=\) :

The time of executing a modular addition operation.

\(T_{\hbox {i}}=\) :

The time of executing a modular inverses operation.

\(T_{\hbox {j}}=\) :

The time of executing a Jacobi symbol operation.

Table 1 Comparisons among our proposed identity-based cryptographic scheme and previously proposed identity-based cryptographic schemes
Full size table

As we all know, the time of executing a paring operation \(T_{\hbox {P}} \) is more time-consuming than other operations. Some performance simulation results [17] demonstrate that \(T_{\hbox {a}} \) and \(T_{\hbox {h}} \) are trivial in comparison with \(T_{\hbox {e}} ,T_{\hbox {M}} ,T_{\hbox {x}} , T_{\hbox {H }},T_{\hbox {i}} \), and \(T_{\hbox {j}} \).

It is to be noted that encryption algorithmic phase and decryption algorithmic phase are the dominating process in terms of computation cost than setup and extract phases as they are executed only once. Thus, we consider only the encryption and decryption phase and accordingly compare the proposed identity-based cryptographic scheme with [3,4,5,6, 13, 15]. We demonstrate the comparative result in Table 1 in terms of computational cost and security properties.

It is quite clear from the above table that the proposed efficient identity-based QER cryptographic scheme bears lower computational cost than [3,4,5,6, 13, 15].

Enhancement of security and processing cost

The PKG’s secret information for the original system is derived by n entities conspiracy in Sect. 3. Now, we consider the practical countermeasure for the enhancement of the security of the system. Here, we used the partitioning strategy [19] for enhancement the security of present scheme. The basic idea is to divide the identity-space into two disjoint segments, depending upon the outcome of a biased coin. For simplicity, we assume that n = 512 throughout this section. The PKG partitions a 512-dimensional binary vector A into 256 segments, every two bits, such as

$$\begin{aligned} {A}= & {} ( {\hbox {a}_1 ,\hbox {a}_2 ,\hbox {a}_3 ,\ldots \ldots {a}_{511} ,\hbox {a}_{512} } )\nonumber \\= & {} ( {\hbox {seg}_1 ,\hbox {seg}_2 ,\hbox {seg}_3 ,\ldots \ldots \hbox {seg}_{511} ,\hbox {seg}_{512} } ). \end{aligned}$$
(11)

Then, the PKG defines \({v}( {{i};{jk}} )( {1\le {i}\le 256;{j},{k}\in \left\{ {0,1} \right\} } )\) appropriately, computes \({h}( {{i};{jk}} ),( {1\!\le \! {i}\!\le \! 256;{j},{k}\!\in \! \{ {0,1} \}}),\)

$$\begin{aligned} {h}( {{i};{jk}} )={\upalpha }^{{v}( {{i};{jk}} )}( {\hbox {mod } {N}} ) \end{aligned}$$
(12)

for each \(\hbox {seg}_{i} \), and publishes the table, including every h( ijk ) to all entities. Furthermore, the center computes each entity’s secret key \(s_k \) by

$$\begin{aligned} s_k =\mathop \sum \limits _{1\le {i}\le 256} v(i;\hbox {seg}_{{ki}} )( {\hbox {mod}\,\varphi ( N )} ) \end{aligned}$$
(13)

depending on Sect. 3. The entity k’s extended identity, \({R}_{{k}}\), where \({R}_{{k}}\) is partitioned into 256 segments. Every two bits, such as:

$$\begin{aligned} {R}_k =( {\hbox {seg}_{{k}1} ,\hbox {seg}_{{k}2} ,\hbox {seg}_{{k}3} ,\ldots \hbox {seg}_{{k}255} ,\hbox {seg}_{{k}256} } ). \end{aligned}$$

Then, the center distributes it to each entity through a highly secure channel. Table 2 gives an example of h( ijk ).

Table 2 Example of h( ijk ) for \(i=1,2,3,4\) and \(jk\in \{ {0,1} \}\)
Full size table

It is quite clear from the above table that the partitioning strategy enhances the security of proposed scheme using the pairing of two difference bit segments as compare the previous scheme [13].

Encryption

Entity 2 computes \({Y}_1^{{\prime }}\),

$$\begin{aligned} {Y}_1 ^{{\prime }}=\mathop \prod \limits _{1\le {i}\le 256} {h}( {{i};\hbox {seg}_{1{i}} } )^{e_i }\hbox {}( {\hbox {mod} {N}} ) \end{aligned}$$
(14)

from \({Y}_1 \) and the published table. Entity 2 uses \({\upgamma {^{\prime }}}\) as \({\upgamma }\) in the original system (in Sect. 3) to encrypt the message M.

Decryption

It is exactly the same as in the original system in Sect. 3.

In the original system in Sect. 3, the PKG’s secret information is derived by 512 entities conspiracy, while in the above system, it is derived by 1024 (=4 \(\times \) 256) entities conspiracy. Furthermore, the running cost for encryption-key generation in the above system is about half of the original system. However, the KAC’s public information in the above system is about twice than the original system. Further generalizations, e.g., each \({Y}_{{i}} \) is partitioned into 128 segments every four bits, etc., are possible and such schemes are regarded as the hybrid system of the identity-based cryptosystem and the conventional public key cryptosystem.

Conclusion

In this study, the proposed efficient identity-based QER cryptographic scheme must satisfy Shamir’s original concepts in a strict sense, i.e., it does not need any interactive earliest communications in, respectively, data transmission. It provides longer and higher levels of security than the schemes using IFP and the general formulation of DLP. The presented scheme needs nominal operations in encryption and decryption proses, thus makes it is very efficient. The offered out comes provides the special result from the security point of view, because we face the problem of solving IFP and DLP simultaneously in the multiplicative group define over finite fields as compared with the other identity-based cryptographic scheme. Using our propose scheme, we can develop an identity-based encryption model based on lightweight public key management techniques. It has small sizes key pair’s private and public keys as compared with other Identity-based cryptographic schemes available in literature. It is more benefited in grid security architecture. The grid environment may have a large number of members that join and leave over time and that certificates are used extensively for every job submission. This would inevitably complicate key management and increase the bandwidth requirement of a grid system. It was also noted that these problems could be simplified using certificate-free identity-based cryptographic scheme. Moreover, in the identity-based cryptographic setting, a user’s public key can be created and used immediately without the need for a public key certificate to be forwarded to the intended recipient [normally via a Transport Layer Security (TLS) handshake]. However, the supposedly dynamic use of identity-based keys was hindered by some traditional limitations of identity-based cryptographic scheme, such as key escrow, and the need to distribute private keys through secure channels. More importantly, some of the essential security requirements desired in the Globus Toolkit (GT) require using proxy credentials for single sign-on and delegation, but our developed efficient identity-based QER cryptographic scheme is free from certificate and key escrow problems.