Hindawi
Security and Communication Networks
Volume 2023, Article ID 2093407, 18 pages
https://doi.org/10.1155/2023/2093407
Research Article
Improved Multisignature Scheme for Authenticity of Digital
Document in Digital Forensics Using Edward-Curve Digital
Signature Algorithm
Gauri Shankar ,1 Liwa H. Ai-Farhani ,2 P. Anitha Christy Angelin ,3
Parvinder Singh ,4 Abdullah Alqahtani ,5 Abha Singh ,6 Gaganpreet Kaur ,7
and Issah Abubakari Samori 8
1Chandigarh University Mohali, Mohali, Punjab 140413, India
2System Analysis, Control and Information Processing, Academy of Engineering, RUDN University, Moscow, Russia
3PSNA College of Engineering and Technology, Dindigul 624622, Tamilnadu, India
4Central University of Punjab Bathinda, Punjab 151001, India
5Department of Computer Science, College of Computer Science, King Khalid University, Abha, Saudi Arabia
6Department of Basic Science, College of Science and Teoretical Study, Dammam-Female Branch,
Saudi Electronic University, Saudi Arabia
7Chitkara University Institute of Engineering and Technology, Chitkara University, Rajpura, Punjab, India
8School of Engineering Sciences, University of Ghana, Accra, Ghana
Correspondence should be addressed to Issah Abubakari Samori; iasamori@st.ug.edu.gh
Received 18 August 2022; Revised 7 October 2022; Accepted 11 October 2022; Published 7 April 2023
Academic Editor: Keping Yu
Copyright © 2023 Gauri Shankar et al.Tis is an open access article distributed under the Creative Commons Attribution License,
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
At themoment, digital documents are just as important as paper documents. As a result, authenticity is essential, especially in legal
situations and digital forensics. As technology advances, these digital signature algorithms become weaker, necessitating the
development of digital authentication schemes capable of withstanding current security threats. Tis study proposed a scheme
based on an asymmetric key cryptosystem and the user’s biometric credentials to generate keys for digital signatures. A single
document can be signed by multiple signatories at the same time under this scheme. Te primary goal of this article is to create
a safe and cost-efective multiignature scheme. To create keys for document signing and verifcation, the Edwards-curve Digital
Signature Algorithm (EdDSA), especially Ed25519, is employed. Te Edwards-curve Digital Signature Algorithm is used with
blockchain technology to sign crypto wallets. Te Python implementation of a scheme that enables platform independence. We
performed performance, security, and comparative analysis to ensure maximum usability. Te article’s main fndings are that the
Ed25519 algorithm can be used in blockchain.
1. Introduction models have been suggested to achieve the goal of securing
a digital document, with certain cryptographic signature
In the present day, everyone prefers to use digital documents techniques being more secure than others. Asymmetric key
instead of paper and gives the same value in terms of cryptography is the foundation for the majority of digital
contracts, agreements, and more. Te authenticity of the signatures. To establish safe and quick digital signatures,
document is crucial in case that is accepted as an ofcial of a variety of public-key methods, including Rivest–
any kind of agreement [1]. As the authenticity and integrity Shamir–Adleman (RSA) and Elliptical Curve Cryptography
of digital documents are crucial, similar to traditional (ECC), are utilized in the modern day [2]. Tere are three
documents; therefore, digital signature algorithms and forms of cryptography in general. Te frst type of
2 Security and Communication Networks
cryptography is symmetric key cryptography. Using just holder of S and V stands for the verifcation key that cor-
a single shared key, the receiver and the transmitter encrypt responds to A. Te certifcate is issued by a trustworthy
and decode messages in this encryption system. While the organization called the certifcate authority.Te only duty of
symmetric key systems are quicker and easier to use, they the certifcate authority is to link parties. With the use of
need secure key encryption between the sender and re- a digital signature, the sender may ensure that the com-
cipient.Temost popular symmetric key encryptionmethod munication the recipient receives was indeed sent by the
is technology (DES). Hash functions come in second. Tere intended recipient.Te digital signature standard is often the
are no keys used in this technique. Since a hash value with foundation of digital signature algorithms (DSA) (DSS). A
a predetermined length is calculated using plain text, it is digital signature enables mathematical validation of the
difcult to interpret the contents of the simple text. Hash authenticity and integrity of communication, software ap-
algorithms are used by several operating systems to protect plication, or digital document. Digital signatures, also
passwords. Asymmetric key encryption is the third option. known as electronic signatures, attest to the communica-
Te data are encrypted and decrypted using a pair of keys in tion’s sender’s identity. Authenticity and integrity should be
this system. For encryption and decryption, public and ensured while making digital transactions since data can be
private keys are utilized. Public and private keys are distinct. altered or someone could claim to be the sender and an-
Even if everyone is aware of the public key, only the intended ticipate a response. Te verifer receives data and a digital
receiver can decode this since he has access to the signature. Te verifcation algorithm is used to process the
private key. digital signature and the public key (verifcation key), which
By maintaining data integrity, you reduce your vul- provides some value. Te very same hash function is also
nerability to threats. Neglecting security is negligent since used to hash the incoming data, yielding a hash value. To
anybody might become a breach victim. Data integrity is construct a digital signature, e-mail programs and other
a group of vital controls that guarantee the assigned data in signing algorithms create a one-way hash of the digital data
a system are secure, unmodifed, and safe. Emergencies can that need to be signed. Te signing method then uses the
happen. Terefore, even after the problem has been fxed, private key to encrypt the hash value (signature key). Tis
data integrity defnes how reliable the data are. Data integrity encrypted hash is a part of the digital signature along with
also involves adhering to online laws and norms, particularly additional information like the hashing algorithm. Tis
one as important as the General Data Protection Regulation digital signature is appended to the data before it is sent to
(GDPR). It is essential to use its strategies if you are creating the verifer. It is preferred to encrypt the hash instead of the
an Internet startup. In the lack of data integrity, online theft full message or document since a hash function may convert
is prevalent and has detrimental efects. Most often, data any arbitrary input into a substantially smaller fxed-length
integrity is compromised after a deadly accident, an result. Tis saves a lot of time since only a brief hash value
emergency, or a breach. In order toTota breaches, a repu- needs to be signed now rather than a large message, and
table frm has established a set of regulations for GDPR hashing takes far less time than signing. In the digital sig-
compliance. Any online company that processes data in any nature algorithm, the sender frst calculates a message digest
way is required to follow the standards set to avoid other using a secure hash algorithm over the original message (M),
unintended efects. Data security is important not only just now the sender encrypts this hash code using his/her private
for corporations but also for people. You must evaluate key (Kpriv). Encrypted hash code is called a digital signature;
internal handling to prevent sensitive information. Te furthermore, the receiver uses a public-key (Kpub) of the
likelihood of data being miscategorized or altered is de- sender to verify the digital signature [3, 4]. Digital signatures
creased by validating the data and monitoring the system for provide security services, such as authenticity, integrity, and
error checks. A secure database with total integrity will nonrepudiation, but do not provide privacy of the message.
continue to provide security against bad intent no matter Terefore, the basic characteristics of a signature are au-
how long you keep or access critical information. Au- thenticity, nonforgery, no reusability, and irrevocability.
thentication procedures only make your sign-in procedure Tese characteristics ensure the security of the message from
more rigorous. Authentication procedures in no way further diferent cryptographic attacks such as masquerade, modi-
encrypt your information. It is undeniable that authenti- fcation, and fabrication. [2, 4]. Numerous digital signature
cation procedures reduce a user’s vulnerability to identity systems have been put out over the last three decades;
theft, but it is equally undeniable that they have several however, as technology advances, the security services they
drawbacks. ofer can be readily undermined. At present, the versions of
Asymmetric key authentication is also a possibility. Te digital signatures originated from public-key cryptography
term “signature scheme” refers to both asymmetric en- algorithms. However, some of these signature algorithms are
cryption and the asymmetric key equivalent of a message weaker in time such as RSA [5]. Terefore, with the new
authentication code. A signature system includes three generation of technology, more secure and fast approaches
operations: key generation, signing, and verifcation, much to digital signatures are required. Hence, a lot of theoretical
like a message authentication code does. Te creation of and experimental progress has been made continuously in
signature methods facilitated authentication. Te verifca- the area of digital signatures [6]. In comparison to con-
tion key must be made public to achieve this purpose, and it ventional signature methods, the threshold signature
is often issued in a certifcate, which we will refer to as cert scheme, or TSS, can provide stronger security levels. It is
(IDASV), where IDA stands for the identifcation of the key becoming more and more common among the suppliers of
Security and Communication Networks 3
cryptographic services as a means of ensuring safe data fow Standard for digital signatures, is based. Te DSA signature
without interruption from outside parties such as hackers system combines the Schnorr and ElGamal signature tech-
and scammers. A threshold signature scheme produces the niques. Te National Institute of Standards and Technology
same results as a single-key digital signature scheme, but (NIST) frst became aware of the DSAS in 1991 and proposed
somehow it uses MPC to build an interactive multiparty it for adoption as the Digital Signature Standard (DSS). Al-
protocol that allows for the formation of private key shares though the DSA is copyrighted, NISTofers it royalty-free for
and the fabrication of a single digital signature. everybody. According to NIST, older versions of the digital
In 1993, Bruce Schneier developed the very frst sym- signature algorithm are only employed to validate signatures
metric encryption algorithm, Blowfsh. Te symmetric key and not to generate signatures [10]. Te DSA performed four
encryption uses a single encryption key to encrypt and major operations: key distribution, key generation, signature
decode data. To transform sensitive information into ci- creation, and signature verifcation. For all these operations,
phertext, the encryption technique employs sensitive doc- an image illustration is provided in Figure 1.
uments and the symmetric encryption key. Blowfsh, as well
as its sequel Two fsh, competed to replace the Data En- 2.1. Key Generation. Key generation happens in two steps.
cryption Standard (DES) but were unable to do so owing to Te frst stage entails choosing algorithmic parameters that
the low size of their blocks. Blowfsh embedding capacity is may be shared by all users of the system, and the second stage
64, which is considered entirely unsafe. Two fsh solved the entails calculating and creating a single-key pair for an in-
challenge by creating a 128-bit block. Blowfsh is much faster dividual user that consists of the public (Pubic-key) and
thanDES, but it trades speed for security. To replace the Data private key (PrivKey). Te message is signed using the private
Encryption Standard (DES) technique, which hackers later key, and the public key is employed to validate the signature.
learned was easily broken, Triple DES was created. Tradi-
tionally, Triple DES was the most used symmetric method
and the industry’s preferred benchmark. Tree separate 56- 2.2. Key Distribution. Private key any trustworthy or se-
bit keys are used in triple DES. Despite having a total length cretive method that will be employed to validate the sig-
of 168 bits, experts think that a key strength of 112 bits is nature can be used to communicate Pubic-key with the
more precise. Despite being gradually phased down, the recipient. Te sender or signatory must not know the private
Advanced Encryption Standard has largely taken the role of key, abbreviated PrivKey.
Triple DES (AES). By eliminating one-a-round transmission
in a typical scheme, ASMS, an improved Schnorr-based 2.3. Signature Generation. Te frst stage in creating a sig-
multisignature approach, provides public key aggregation. nature is to create a message’s hash, or H(M). Te generated
As a result, it is appropriate for e-business and e-government hash is added with the private key Priv of the signatory
scenarios. We used chain code technology to develop our keyand now multiply the generated value to some random
solution as an application on Fabric, an enterprise block- number K−1 so at last, we got the value as the signature S of
chain platform [7]. Similar to RSA-like signature systems, that message. Terefore,
the Schnorr signature technique enables data recovery
straight from the signature. Te quantity of the recovered S − 1� 􏼐K 􏼐H(M) + Privkey r􏼑􏼑. (1)
information is changeable. Te main advantages of the
quality improvement include shorter keys with equivalent Te signature is (r, s).
cryptographic strength, shorter signatures, and fewer
amounts of delivered data overall. Te time required to 2.4. Signature Verifcation. Tis operation is performed on
produce and validate sensitive information that is dependent the receiver side. Verifcation V requires a signature (r; s),
on the method used and is built on elliptic curves is therefore message M, and a public key PubKey of the signatory. So
decreased by using a safe and reliable digital signature ap-
proach that incorporates a privacy service [8]. V � H(M) + Pubkey(r, s). (2)
1.1. Digital Signature. A digital signature is an electronic 2.5. RSA. Te RSA stands for Rivest–Shamir–Adleman, who
signature having the same value as the written signature and proposed this algorithm in 1977. Te RAS is an asymmetric
that can be verifed by the original signatory. Moreover, it cryptographic algorithm a type of Public Key Cryptographic.
can be used to identify whether or not information has been Tis allows other users to encrypt data with the user’s public
manipulated since it was generated after the signature. To key (PubKey), which is kept in the system andmay be shared
create a digital signature, specifc protocols are used, known with them and transfer it over the network. Only the person
as digital signature algorithms [9]. whose public key (PubKey) was used to encrypt, or whose
private key (PrivKey), may perform the decryption opera-
2. Digital Signature Algorithms tion. Te security of the cryptosystem entails the amount of
time and efort required to factor in huge numbers. Te
Te discrete logarithm problem and modular exponentiation hybrid key confguration strategy utilizes less energy on end-
are mathematical ideas on which the Digital Signature Al- user mobile devices whilst dramatically improving security
gorithm (DSA), a Government Information Processing over our previous pure symmetric key-based methodology.
4 Security and Communication Networks
Private Key
Data/Message Message digest
Signature
Hash Function Generation
Signature
Hash Function Signature Valid/
verification Invalid
Data/Message Message digest
Public Key
Figure 1: Process of digital signature.
Te pure symmetric key-based approach utilizes less node Signature generation: Te process of generating a sig-
energy than the hybrid key setup technique. However, one nature using the private key of the user or signatory.
expensive elliptic-curve scalar multiplication of a random For this, frst calculate the hash H of the given message
point is shifted to the security manager side and replaced by M and then encrypt it with the exponent D to generate
one low-cost modular multiplication, one modular addition, signature S.
and one symmetric key decryption because we verify that the
sensor’s private key is a public key formed by a linear H � hash(M)S � HD(modn). (3)
combination of the static key and the ethereal key rather
than a multiplicative combination as in other ECC-based Here, theH and S should be in the range between 0, . . .,
pure public key protocols. As a result, our hybrid key setup and N
approach is quicker and more energy-efcient than prior And
public key-based techniques. Te encoded text and blocked Signature verifcation: At the time of signature verif-
cipher in this plain text are represented by integer values that cation, the message M, the public key RSAPubkey (N, E)
range from 0 toN 1 for a given value ofN. A number is given of the signatory, and the signature S are required. In the
to every communication. Every block has a binary value that verifcation process, frst, calculate the hash H of the
must be less than or equal to N and is used to encrypt the signed messageM and then run the decryption process
message. Te three steps of the RSA algorithm are key with exponent E, so
creation, encryption, and decryption [11]. Figure 2 in the ′
next section illustrates how the cryptosystem operates. H � hash(M)H � SD(modn), (4)
and last, compare H and H′ by
2.6. RSA Digital Signature. Such RSA Public-key crypto-
system too is employed in the digital signature procedure, ′H � SE(modn) � ( HD􏼁E(modn) � H. (5)
which involves singing and confrming the message’s au-
thenticity. Tis can be conducted by a discrete algorithm, If the condition is satisfed, then the signature is au-
modular exponentiation, and computational difculty of the thenticated else not.
algorithm. In this, there are three steps or operations that are
performed, frst key generation, signature, and verifcation
[12]. Tese three processes are explained is as follows: 2.7. ECC. Te authors of [13] proposed a public-keycryptosystem using the concept of elliptic curves known
Key generation: Te RSA is using a 1024 to 65536 bits as Elliptic Curve Cryptography (ECC) in 1985. Te algo-
long Key. Here, we are generating a key for the 128-bit rithm is operating on discrete logarithm issues and the al-
security level, so 3072 bits are required. Trough this gebraic structure of the elliptic curve over fnite felds. ECC is
process, Private Key RSAPrivkey (N, E), and public key capable of performing all key operations, signatures, and key
RSAPubkey (N, generates dates.) in which N is the exchanges in a public-key cryptosystem. Comparatively
number of bits of the key and E or D represents the speaking, it has a smaller key size than RSA. Te private key
exponents. used in the ECC is a straightforward random integer
Security and Communication Networks 5
Plain text Plain text
RSA RSA
Encryption Decryption
T
Receiver's Receiver's
Sender Public key ReceiverPublic key
RPubKey+M RPrivKey+M
Figure 2: Process RSA cryptosystem.
number. Te PrivKey generating process is safe and level. In terms of security, a 256-bit ECDSA signature is
collision-resistant. Te private key for the ECC can be any comparable to a 3072-bit RSA signature. Te elliptic curve
integer, hence, the key has a particular length size.Te public digital signature method is one sort of electronic signature
key, on the other hand, is the integer obtained from the (ECDSA). It is essentially just used as identifying documents
curve’s elliptic curve point pair. EC points can be com- by bitcoin traders. Te heart of the ECDSA key-creation
pressed into a single point and it can be odd or even. From process is complexity ECDSA methods. It is theoretically
the EC curve can be generated a diferent elliptic curve that difcult to breach an ECDSA code, although hackers will
will be having diferent levels of security performance, key undoubtedly attempt to do so. Websites strive to load pages
length, and diferent types of ECC algorithms. Another in under a second. Te little keys used by ECDA help speed
characteristic of the ECC is that, while ofering the very same up a website. You must utilize ECDSA if you are working in
level of security with a short key length, it uses fewer re- the bitcoin ecosystem. ECDSA does the same task as any
sources than an asymmetric cryptographic algorithm. An- other digital signing signature, but more quickly. Tis is so
other feature of this cryptographic system is that the public that ECDSA can ofer the same security level as any other
keys have a trapdoor mechanism, making it impossible to digital signature method while using fewer keys. ECDSA
extract the private key from the public key [2]. An elliptical certifcates, a type of electronic document used to validate
curve is expressed in mathematical form as follows: the certifcate’s owner, are produced using ECDSA. Cre-
2 3 dentials contain the signature of the certifcate’s issuer,
y � x + ax + b. (6) which is a trusted institution, information about the key
In the ECC public-key cryptosystem, the following types used to construct the certifcate, information about the
of digital signature algorithms are generated from the EC certifcate’s owner, and certifcate data. Tis trustworthy
curve, which are mostly used these days. issuer is typically a certifcate authority having a signed
certifcate that can be tracked back to the original giving
ECDSA certifcate authority via the chain of trust.
EdDSA Tis algorithm is working on fnite felds in the classical
Weierstrass form over elliptic curves.Terefore, these curves
Both algorithms are discussed in the following sections. are represented by the elliptic curve domain parameter that
is specifed by various cryptographic standards. Te elliptic
2.8. ECDSA. Te Elliptic Curve Digital Signature Algorithm curves that are used in cryptography can be defned as
(ECDSA) is an elliptic curve cryptography-based signature follows:
algorithm (ECC). ECDSA is based on elliptic curve cyclic Point G is a point for scalar multiplication on the curve
groups over limited felds and the problems of the ECDLP that is multiplied by the integer by an elliptic curve point.
problem (elliptic curve discrete logarithm problem). Te G is generating another point n which is the subset of the
ECDSA sign/verify method functions as follows and is based elliptic curve point that expresses the length of the private
on EC point multiplication. ECDSA keys and signatures are key such as 256 bits.
lower than RSA keys and signatures for the same security For this example, the 256-bit elliptic curve secp256k1 has
n � 1157920892373161954235709850086879078 52837564279074904382605163141518161494337. (7)
6 Security and Communication Networks
Generator point G x � 550662630222773436695 S � 􏼐i + h ∗Ed 􏼑. (10)
78718895168534326250603453777594175500 187360 privkey
389116729240, y � 326705100207588169780830851305070 Te calculated signature is {r, S}.
43184471273380659243275938904335757337482424 A simplifed structure of the above process can be for-
Te process of key generation, signature generation, and mulated as
verifcation of the ECDSA are the same as the EdDSA, which
is discussed in the next section. Edsign􏼐M, Edprivkey􏼑⇒{r, S}. (11)
After signing the message and generation of a signature
2.9.EdDSA. Based on the ECC, EdDSA is a variation of the for it, the receiver must verify the Edverif EdDSA signature.
Schnorr signature method [14, 15]. Te private key (Prk) (Edsign) by using the Edpubkey of the signer. Te process
in EdDSA is a randomly created hashed number at the for verifcation of EdDSA signature is explained step-by-step
encryption point, and the public key (Puk) is derived from as follows:
the private key. Ed25519, an EdDSA point that uses the Calculate the hash:
secure hash method to produce the key pair and establish h � H􏼐r + Edpubkey + M􏼑modq. (12)
a digital signature, was proposed by Bernstein et al. in
2011 [16] (SHA-512). Te key pair is created via a cryp- Calculate the frst point of the curve:
tographic hash function that EdDSA utilizes, and these
Pnt � S ∗ C. (13)
hash functions must possess the following four key 1
characteristics. Ten, calculate the second point of the curve:
Hash functions are one-way functions; therefore, it is
easy to compute the hash value for a given message, but the Pnt2 � r + h ∗ Edpubkey. (14)
reverse is not possible.
Preimage resistance-for a given message x and hash Compare
code h �H(x), it is computationally impossible to fnd Pnt1 � Pnt2. (15)
a message y such that x ≠ y with h �H(y); second preimage
resistance-for a given message x, it is computationally From the above steps, a simplifed equation of the
impossible to fnd another message y with the same verifcation process of the signature can be presented as
hash value. follows:
Strong collision resistance: it is computationally infeasible valid
to fnd a pair of messages (x, y) with the same hash value. Edverif􏼐M, Edpub, r, S􏼑⇒ . (16)invalid
Te Ed25519 is having some properties that make it
2.9.1. Te Curve Ed25519. Te Ed25519 is using SHA-512 more useable than other versions of EdDSA. Tat is the
for hashing of data at the elliptic curve point 25519, as motivation behind using this specifc version of the
suggested in the nomenclature. Tis algorithm generates proposed scheme. Tose properties are discussed as
a key pair with each key size 256 bits long, and the hash value follows:
is 512-bit long.Tis algorithm is fast andmore secure against EdDSA provides more security than ECDSA as that key
many cryptographic attacks compared to other public key generation is possible through not only random numbers
cryptographic algorithms [15]. In Ed25519, the private key but also through other input factors.
Edprivkey is generated from a random integer, further private Some of the security issues with discrete log signatures
key and curve generator C on the elliptic curve are used to are resolved by deterministic signatures.
generate the public key Edpubkey. In batch verifcation with numerous signatures, EdDSA
has superiority compared to ECDSA.
Edprivkey � IntegerEdpubkey � EdDSAprivkey ∗ C. (8) EdDSA is proven secure for the next two decades in the
Te private key (Edprivkey) is used in the generation of the
chain and other security efects.
EdDSA signature (Design) for any message M that is In the next 20 years, it is unlikely that 256-bit ECDLP
explained step-by-step as follows whereH is a hash function: instance-solving quantum computers will be created.
Generating a secreted integer, I from H (H (Ed )|| Cryptographic hash functions also exhibit an avalancheprivkey
M). efect that makes the whole information invalid if a single bit
Calculating the public key point r from I by multiplaying is changed in the hash string. Terefore, EdDSA becomes
with C as r i ∗ C a secure scheme for digital signatures due to the use of the�
Calculate the hash hash function.
h � H􏼐r + Edpubkey + M􏼑modq. (9) 3. Comparison between RSA, ECDSA,
and EdDSA
(Te q is prime in the range [2b−4, 2b−3] where b is an
integer ≥10 on the curve). In this section, we compare RSA, ECDSA, and EdDSA
Calculate integer: which are the popular digital signature algorithms these
Security and Communication Networks 7
days. Tese algorithms are working on public-key correlate to diferent outputs; however, sometimes a colli-
cryptography. A comparison of Table 1 is presented as sion might occur. Textual or binary data are converted into
follows: a fxed-length hash value through cryptographic hash
functions that are proven to be collision-resistant and ir-
3.1. Cryptographic Hash Functions. Hash functions are used revocable. SHA-256 is an example of a cryptographic hash
in a programming language to convert text (or any other function:
information) into integer numbers. Various inputs generally
SHA3 − 256(”hello”) � “3338be694f50c5f338814986cdf0686453a888b84f424d792af4b9202398f392”. (17)
Mainly, cryptographic hash functions are commonly combine the public keys of the signer for the verifcation of
employed to encode data without disclosing it due to their the received document.
inability to be reversed [17]. Encryption and hashing have Furthermore, the overall transmission time in the
served as the foundation for new security modules, among multiignature schemes is less compared to the individual
other network security developments. One of the most used signature schemes. Figure 4 clearly describes the multi-
hash algorithms is the safe hash algorithm with digest size of signature scheme.
256 bits or SHA 256. Although there are numerous varia- In the current scenario, ECDSA is a widely used ap-
tions, SHA 256 has been the most often used in practical proach for digital signatures. ECDSA is more secure and has
applications.Te Secure Hash Algorithm, or SHA, is a family a better performance in terms of time and space complexity
of algorithms that includes the SHA 256 algorithm.Te NSA [4] in comparison to other asymmetric digital signature
and NISTcollaborated to publish it in 2001 as a replacement algorithms. Another ECC-based digital signature algorithm
for the SHA 1 family, which was gradually becoming less is EdDSA. EdDSA is faster and more secure than ECDSA,
resistant to brute force assaults. Te fnal hash digest value, this motivates us to develop an identity-based multi-
represented by the number 256 in the name, is signifcant. signature scheme using EdDSA for digital documents.
EdDSA is generally used in blockchain or in the crypto-
3.2. Identity-Based Digital Signature. User identifcations currency wallet to generate hashed signatures [19–21] due to
such as biometric characteristics, identity cards, social se- its speed and security features. Furthermore, we know that
curity numbers, or emails are used in the identity-based digital documents can be forged in the absence of digital
digital signature system to produce the public-private key signatures. In the current digital era, technology is getting
pair. Key pair generation is expensive in public key in- advanced, and with this, the algorithms for digital signatures
frastructure, and this infrastructure is susceptible to key become more vulnerable. Tis also motivates us to develop
search, brute force, and man-in-the-middle (MIMT) attacks. a more secure model for digital signatures. Multisignature
A trustworthy key exchange center generates keys in an threshold schemes combine the qualities of threshold group-
identity-based digital signature system utilizing the user’s oriented signature schemes with multisignature schemes to
identifcation. As a result, a trustworthy third party lowers provide a signature technique that allows extra group
the total cost and increases the security of key creation in the members to sign any message collectively. Genuine multi-
context of persons. Terefore, this signature scheme’s main signatures, as opposed to threshold group signatures, enable
beneft is that it lessens the vulnerability of the public key the public to identify particular signers, removing their
infrastructure. Furthermore, an identity-based digital sig- anonymity. Te distributed-key management infrastructure
nature can also be used in multisignature models, known as (DKMI) includes the distributed-key generation (DKG) and
the identity-based multisignature (IBMS) model [18]. Fig- distributed-key redistribution/updating (DKRU) protocols.
ure 3 clearly describes the process of identity-based digital Te round optimum DKRU protocol provides group
signature. members with a way to recognize dishonest or fawed
shareholders in the frst round, hence eliminating repeated
protocol executions, which resolves a signifcant issue with
3.3. Multisignature Scheme. A multisignature scheme pro- current secret redistribution/updating techniques.
vides a way that allows several signers to sign the same
message M at the same time using their respective private
keys such as Pk1, Pk2, . . ., and Pkn. In this scheme, the private 3.4. Our Contribution to the Article. Te article is repre-
keys of all signatories are combined to generate a single senting a scheme for a digital signature on documents from
private-key such that Pk� (Pk1, Pk2, . . ., Pkn), this reduces multiple signatories that sign a single document at the same
the time and cost of signing the document compared to the time. To prove that our proposed system is fast and secure,
process in which every party individually signs. However, we provide a performance and security comparison in the
the security level and the size of the signature are the same as study with earlier suggested plans. Te comparison suggests
the standard signature. Te same process is followed to that the manuscript provides a fast and secure identity-based
8 Security and Communication Networks
Table 1: Comparison of RSA, ECDSA, and EdDSA schemes.
Properties RSA ECDSA EdDSA
Security bits
80 1024 160 160
1 112 2048 224 224128 3072 256 256
192 7880 384 384
256 15360 512 512
2 Performance Slow due to long key size Fast Fastest
3 Popularity Widely used Not much used New and widely used
ID of Alice Public Key of Alice
Provides Pair Key Generation
of Keys and exchange Center
Alice signed message Bob uses Alice's Public key
with her Private key for Verification of message
Signed message
Figure 3: Te basic architecture of identity-based digital signature (IDBDS).
Sending to Verifire for Verification of Message
Combined
Public key
Verifing the Message
Combined with received public key
Private key
Signing Message
Figure 4: Te process of the Multisignature scheme.
multisignature scheme to sign digital documents to save We introduce a fast and more secure identity-based
them from forgery. multisignature scheme for a document using the
Te major contributions of the scheme are listed as EdDSA signature algorithm
follows:
Signers Verifier
Security and Communication Networks 9
Te EdDSA signature algorithm is the frst time message digest is produced using a hash function (SHA-
implemented without a blockchain technology for 512), and the digital signature is produced using ECDSA.
digital signature and verifcation of documents Te authors asserted that this technique’s structure mini-
Te scheme is very cost-efective, secure, and fast than mizes the time complexity of creating a digital signature.
the other schemes, because of the EdDSA signature Reference [16] describes how to create an ED25519 signature
algorithm is used without the blockchain technology algorithm using the Fiat–Shamir paradigm. Te authors
and implementation of the scheme in Python makes it assert that the performance and security analysis assures that
platform-independent it cannot be faked. Te author discusses several clamping of
Te credentials such as an Aadhar number and a fn- private scalars and the nonprime order group. Researchers
gerprint are used with a random number generator in also demonstrated that Ed25519-IETF is SUF-CMA com-
the scheme that generates a unique and secure key pair pliant. All Ed25519 schemes are resistant to key replacement
for each signatory. attacks.Using Ed25519 as a case study, researchers [22] examine
several EdDSA authentication strategies; one is speed-
3.5. Organization of the Article. Te article has the following optimized, whereas the other prioritizes a little amount of
sections: RAM. Te speed-optimized version uses a joint-sparse form
Section 1 in this section, the article provides an in- to describe the two scalars and performs the double scalar
troduction to the feld of research and related tools and multiplication in parallel. Due to the Frobenius endomor-
technologies and mentions the author’s contribution phism, Koblitz curves, a particular class of elliptic curves,
and suggests how this research work adds more perform better while calculating scalar multiplication in
knowledge to the relevant feld of research. elliptic curve encryption. Te performance of a single scalarmultiplication has increased thanks to the double-base
Section 2 discusses the previously proposed schemes number system technique for Frobenius expansion. Addi-
related to digital signature algorithms and accordingly tion, squaring, multiplication, and inversion are the four
proposes the research work. fundamental arithmetic operations carried out by the binary
Section 3 discusses the overview and algorithms of the arithmetic processor to execute point multiplication. Te
proposed scheme along with the process diagram of the standard base representation is used for all arithmetic op-
implementation of the scheme. Moreover, providing erations. A single clock cycle can be used to conduct addition
the justifcation that why we are selecting the specifc and squaring. In the standard basis representation, adding is
algorithm ED25519. an exclusive OR (XOR) action whereas square rooting is
In Section 4, in this section, the implementation part of a cyclic shift operation. Te mathematical calculation of
the proposed scheme is discussed properly. Also, KP-IQ is split into two parts by the memory-optimized
provide information tools and packages used in the variant, according to the authors: a fxed-based scalar
implementation. multiplication using a traditional comb technique with eight
In Section 5, the security analysis of the proposed precomputed points and a diferential scalar multiplication
system is discussed. Diferent kinds of attacks per- using the typical Montgomery ladder on the birationally-
formed on the digital signature algorithms are dis- equivalent Montgomery curve. Te segregated approach is
cussed in the proposed scheme. 24% slower than the simultaneous strategy, but it uses 40%less RAM, according to the authors’ research using a 16-bit
Section 6: Te result is described in this section, which ultra-low-power MSP430 microcontroller. Tis makes the
also explains the advantages and limitations of using divided approach desirable for “lightweight” cryptographic
our proposed model in comparison with the previously libraries, especially when both X25519 key exchange and
proposed scheme. Ed25519 signature creation and verifcation are required.
Section 7: Tis section is provided a summary of the Researchers [23] propose an ECC-based ID with mul-
whole work and suggests the future scope of the work. tiple signatures, which are much more robust than forgery
that can be detected in the proposed approach because the
secret key is generated from the identity hash and a random
3.5.1. Previous Work. Recently, in 2019, Saho and Ezin [2] number Di �H(IDi|r). Tis may be further enhanced by
have given a comparative analysis according to the signif- using a blind signature and encryption on the message. It
icant use of RSA-based and ECC-based digital signature may also be confgured for multiple receivers. Authors [24]
algorithms. Tis comparative analysis shows that the key present a novel variation of signature construction using
length of ECC is much shorter than the key length of the sequential OR proofs. Tey aim to obtain strong protection
RSA algorithm for the same security level. Tis article also against adaptive corruptions, optimize efciency, and im-
claims that the time complexity is antiproportional to the mediately achieve strong existential unforgeability building
key length in the case of ECC for the generation of digital signatures in the nonprogrammable random oracle model
signatures. El-Rahman et al. in 2018 [4] suggested a cloud- (NPROM). Tis results in a little diferent construction, and
based digital signature technique to safeguard IoT applica- they ema ploy of t distinct and extra lossless format rec-
tions. Te secure hash algorithm SHA-512 is used in this ognition scheme features. Signatures that provide strong
method, which is based on the ECDSA. In this approach, the multiuser security against adaptive corruptions are a popular
10 Security and Communication Networks
building component for highly secure authentication multiple signatories. Furthermore, Nagashima et al. [33]
schemes exchange systems. Te authors used the ECDSA have presented a detailed explanation of the vulnerabilities
algorithm to achieve their goal of strong multiuser security of digital signatures. In the presented article, the authors
against adaptations. have discussed diferent types of vulnerabilities of digital
Te identity-based digital signature scheme proposed by signatures at diferent stages and discussed the solutions for
Rahmawati et al. [3] uses a fngerprint scan to generate the these vulnerabilities. At the moment, based on the brief
key pairs. Furthermore, the RSA-based multisignature overview of already proposed schemes, to overcome the
scheme was proposed by Bellare and Neven [18], in which security threats, in this work, in the article [34], the authors
the user’s identity is used to generate the key pairs. In this create and test the model of digital signature for the artist to
study, the authors provided security notation with a random sign their creative content and integration with the creative
oracle model to prove that the proposed scheme was content license. In the development of this model, the au-
unforgeable and a trapdoor system for the key pairs. Te thors used ECC algorithms to generate the signature of
trapdoor system is a one-way computation which means it a single or multiple creators and take the creator’s work with
can be computed easily in one direction, but the inverse of the creator’s ID as input depending on to create the public
this function is computationally infeasible to compute. In and private keys. Te key pair creators are eligible to sign
2019, an identity-based multisignature model was proposed their creative content after the signature, they get permission
in [1], this model uses the RAS-based digital signature al- to access or modify their content on the developed platform.
gorithm. Tis model uses e-mail ID and Aadhaar number as Tempered with the content can be identifed from the
an input to generate the key pairs. Te authors analyze the verifcation of the signature.
security of the given model against diferent attacks and Authors [35] proposed hardware implementation of
claim it is secure against diferent cryptographic attacks. a feld-programmable gate array for the EdDSA. Tis ar-
Another algorithm introduced by Ahmed et al. [25] is based chitecture is provided high efciency and performed well in
on SHA-256 and RSA digital signature algorithms. Tis comparison to AES-128. Based on the test and analysis
algorithm uses face biometrics to generate the key pairs. In results, the authors claim that the efciency of the EdDSA is
this scheme, signers register with the system using their increased and improved by greater than 84% in comparison
facial identities. Now, the system uses these face identities to with the previous work. Te speed of generating signatures
generate the key pair and create the digital signature. In can be gone more than 8x speedup. Te proposed scheme
2017, for more fexibility, a multisection multisignature generates 62,000 digital signatures per second. Te side-
model was proposed [26], that overcomes the restrictions of channel attack countermeasures are included in the archi-
signing the whole message by every signer. Tis scheme tecture. In high-performance architecture and efcient
provides the facility for a signer to sign the specifc section at processed 2,200 signs and 5,100 and 15 verifcations per
the time of multisignature. To provide security services- second.
confdentiality, authenticity, and integrity, a cloud-based We discuss the implementation of a more secure and fast
double signature scheme DS-SHA256 is proposed by the identity-based multisignature model using the EdDSA
authors [27], in which the RSA digital signature is used with algorithm.
the SHA-256 two times to provide a strong security to the
authenticity of the document while it is uploaded on the 4. Proposed Model
cloud server. Complexity and power consumption is high,
but the authors represent the encryption and decryption Te proposed scheme uses multiple identity sources to
process as taking less time than normal RSA and AES. generate the key pairs. Terefore, for this purpose, we are
Jin et al. [28] proposed an identity-based combined using the fngerprint and Aadhaar number of individual
signature and encryption (IBCSE) model. Tis model is signatories as identity sources for key generation. Te
based on Boneh and Franklin’s encryption and Cha and Aadhaar number is a unique identity of the Indian citizen
Cheon’s signature algorithms. Te security analysis for similar to the social security number in the US. Aadhaar uses
IBCSE shows that the proposed scheme is secure against an e-KYC service for the authentication of the cardholder. A
diferent cryptographic attacks such as chosen identity at- central database is used to store the personal and biometric
tacks. Another model for identity-based digital signature is information of the cardholder, and this database is main-
proposed in [29], which is based on ECC. As the presented tained by the Unique Identifcation Authority of India
model is based on the ECC with the nonpairing scheme, (UIDAI). Te fngerprint is a unique biometric that cannot
hence, the cost of computation for signature and verifcation be the same for two persons, even in the case of twins. Other
is very less. biometrics such as iris, vein pattern, retina, and gait rec-
A multisignature model for a specifed group of verifers ognition are also unique, but require high-cost equipment
is proposed with an improvement by [30], such that ex- and take more time to acquisition in comparison to fn-
amines Zhang and Xiao’s scheme against rogue key attacks. gerprints. Furthermore, in the Aadhaar database fngerprints
Furthermore, a tightly secure multiparty signature scheme are also stored along with the name, address, and photo of
was proposed in [31]. Recently, in 2020, Ra- Rajkumar, and the person, and this provides proof of identity in the pro-
Juneja presented a security protocol [32] for multisignature posed model [36].
authentication and key management. Tis model uses In the proposed scheme, signatories create public and
Newton’s Foreword Interpolation for chaining keys from private-key pairs based on their identities. Tese key-pairs
Security and Communication Networks 11
are required at the time of signing and verifcation. Digital (EdDSApriv) pairs. Te Aadhaar number is linked to the
signatures are generated using a private key and verifed biometric database created by the government of India, so
using the public keys of signatories. Figure 5 visualizes the there is no need for the verifcation of the signatory.
architecture of the proposed scheme. Hereafter, we operate the XOR operation on an Aadhaar
Te working process of the proposed model is clear in number, fngerprint, and a random Number (Rand). After
Figure 5. Te proposed model is based on EdDSA and by that, a secure hash algorithm (SHA-256) is implemented on
using this model, multiple signatories can digitally sign the XORed value to generate a 256-bit long hash string. Tis
a document in a single attempt. In the frst step, signatories hashed string is used as a private key in the EdDSA algo-
provide fngerprint (Fprint) and Aadhaar number (Anum) rithm and used as input in EdDSAKeyGen to generate the
for generating public key (EdDSApub) and private key corresponding public key; therefore,
EdDSApriv � hashfunc(Fprint⊕Anum⊕Rand)EdDSApub � EdDSAKeyGen􏼐EdDSApriv􏼑. (18)
After key generation, signatories must have to save the From the above equations and algorithms, we can un-
private keys securely, because the security of the whole derstand the internal process of the proposed scheme. when
system depends on the safety of the private key, and with we are talking about the integrity of the message in our
this, the key generation process is also fnished. scheme. Te Ed25519 signature algorithm is having the
In a multisignature scheme, a single private (EdDSApriv) SHA-256 hashing algorithm by default that generates a hash
key is required to generate the digital signature, and this of every message that signs by the user’s private key of
master private key depends on the private keys of all sig- ED25519 for the message. Tat hash is calculated for the
natories. In this process, signatories provide their respective receiver by the ED25519 signature algorithm and verifes the
private keys, then these keys are ANDed to generate a single integrity of the signature. Te hashing scheme of ed25519 is
private key that is used for a digital signature. Tis process the same as others, but the keys are not. Tese keys are used
can be expressed as to sign and verify or authenticate the message very less
compared to another digital signature algorithm. Tat re-
andandEdDSApriv � (EdDSApriv1∧EdDSApriv2∧. . . . . . .). duces the time of all three processes of digital signature, i.e.,
(19) key generation, signature generation, and verifcation.When
the time is taken by our proposed scheme, then it is also cost-
Now, this master private-key EdDSApriv is used in Ed-the efective, as the process will complete in very less time
DSA algorithm to generate the digital signature for the given compared then other digital signature algorithms.
document, such as
EdDSASig � Sign( Doc,EdDSAPrive􏼁. (20) 4.1. Implementation of Proposed Model. We have imple-
Forth coming, a digital signature is appended with the mented an ofine tool for a digital signature-based proposed
document and sent to the receiver, now receiver verifes the algorithm that runs on command-line interface (CLI). List of
signature to confrm the authenticity and integrity of the tools and packages used to implement the proposed scheme
received document. At the time of verifcation, a signed is given in Table 2.
document (Doc), master public (EdDSA All three diferent modules, namely, generation of keypub) key, and digital
signature (EdDSASig) are required. Similar to the generation pairs, signing of the document, and verifcation of signature,
of a master private key, all public keys combine using AND have been implemented as follows:
operation to generate the single master public key. Now, this Key generation: In the key pair generation process, the
public key (EdDSApub), signed document (Doc), and digital Python module is used to calculate the hash code of the
signature (EdDSASig) are used as input in the EdDSA sig- imported credentials of users. In this process, the length of
nature algorithm for the verifcation process. Tis process Aadhaar number is 12 digits long and the scanned fnger-
can be expressed as print is used as an image. A Python module random is
andEdDSAPub � (EdDSAPub1∧EdDSAPub2∧ . . . . . . . . .) imported to generate random numbers that make our
private key distinct and more secure. Now, we generate
EdDSAverif � Verify(Doc,EdDSAPup, EdDSASig). a 256-bit hash code from user credentials and a random
(21) number, for example, a 256-bit hashed code is repre-
sented as bed6d45b0aa9802cd31706afc9c090111
Based on the verifcation, the system shows a message 4ec80c72536f016330f11bc8a440339. Tis hash code or
either “signature is verifed” or “signature is not verifed”. string is used as a private key to generate the master
Algorithms for three diferent modules, namely, key gen- private key used in EdDSA digital signature module; fur-
eration is in Algorithm 1, signing the document is in Al- thermore, this private key is also used to generate a 256-bit
gorithm 2, and verifcation of the signature is in Algorithm 3, long public key represented as: 5d8b8b5331dad29532b15-
are described. ce82105f727addcf23a0e 61e88124c49e5979565226. After
12 Security and Communication Networks
Random Aadhaar Number
Number
Generator
Fingerprint
XOR
SHA-256 Private Key
Saving Keys
EdDSA Key Generation
Public Key
Private Keys of
Signatories
EdDSA Signature Generating a Single
Generation private key with
AND operator
EdDSA Signature
Document + EdDSA Signature + Public Keys of Signatories
Received For Generating a Single Signature is
Verification Public key with Verified
AND operator
EdDSA
Public Keys of Signature
Signatories Verification
EdDSA
Signature
Signature is not
Signed Verified
Receiver Document
Figure 5: Te architecture of the proposed identity-based multisignature scheme using EdDSA.
the completion of the key pair generation process, the Signing of document: To generate the cryptographic
private keys are kept secret by users.Te key pair generation signature for a document, we use EdDSA digital signature
process is completed in approximately 0.011285 seconds. module. In this process, amessage id-test of 512-bit length
Verification Signing Document Generation of Key PairSignatories
Security and Communication Networks 13
Input: Biometric Credential of users, Aadhaar
Number, Random Integer.
Output: Public and Private Key pairs.
Notations;
EdDSApriva← EdDSA private-key
EdDSApub← EdDSA public-key
hashfunc(.)← SHA-256 hash function
Initialization;
Fprint←User fngerprint input
Anum←Aadhar Number
Rand←Random Number
Key Generation;
EdDSA, priv� hashfunc(Fprint⊕Anum⊕Rand)
EdDSApub�EdDSAKeyGen (EdDSApriv)
Print EdDSApriv and EdDSApub.
ALGORITHM 1: Key pair generation.
Input: Document, Private Keys of all signatories
Result: Digital Signature
Notations;
EdDSApriv←EdDSA private-key
EdDSAPrive←EdDSA combined private-key
Doc← File to be signed
EdDSASignature← EdDSA Signature
Initialization;
EdDSApriv1 ▷Private key of user 1
EdDSApriv2 ▷Private key of user 2.
.
.
EdDSAprivn ▷Private key of user n.
EdDSAPrive�EdDSApriv1 ∧ EdDSApriv2. . . ∧ EdDSAprivn
Digital Signing;
EdDSASign � Sig (Doc, EdDSAPrive)
Print EdDSASig
ALGORITHM 2: Document signing.
Input: Signed Document, Digital Signature,
Public Keys of Signatories
Result: Verifcation Results
Notations;
EdDSApub←EdDSA public-key
EdDSAPub←EdDSA combined public-key
Doc← Signed document
EdDSASignature←EdDSA Signature
Initialization;
EdDSApub1 ▷Public key of user 1.
EdDSApub2 ▷Public key of user 2.
.
.
EdDSApubn ▷Public key of user n.
EdDSAPub �EdDSApub1 ∧ EdDSApun2. . .. . .. ∧ EdDSApubn
Digital Signature Verifcation;
ALGORITHM 3: Continued.
14 Security and Communication Networks
EdDSAverif �Verify (Doc, EdDSAPub, EdDSASig)
if EdDSAverif �� 1 then
Signature verifed Successfully;
else
Verifcation is Failed;
end
ALGORITHM 3: Signature verifcation.
is generated from the original message, and now, this 5.3. Forgery or Key Replacement. In the implemented
message digest is encrypted using a private key that is scheme, private keys are kept secret by individuals; hence,
derived from the private keys of individuals. Tis whole key replacement is not possible with private keys. However,
process takes approximately 0.012143 seconds. Finally, the most of the time, the attacker tries to replace or forge the
original message, the digital signature, and a set of public values of a public key, attack is performed by a man-in-the-
keys of individuals are sent to the receiver. middle attack. In the proposed scheme, we are using EdDSA
Signature verifcation process: In the verifcation pro- for digital signatures, and the version of EdDSA which we
cess, the public keys of signers are ANDed to generate are using in the proposed scheme is unforgeable [39] by
a 256-bit long master public key. Now, the receiver man-in-the-middle attack.
generates 512-bit message digest from the original
documents and decrypts the digital signature using the 5.3.1. Security Analysis of EdDSA with Random Oracle
master public key. Finally, the receiver checks the Model. Te random oracle model is used for security
message digest to the decrypted data blocks to ensure analysis, which works on the randomly chosen function.
the message’s integrity and authenticity. If the digital Hash functions are defned as key pairs for any digital
signature is validated, the system indicates that the signature algorithms or models that provide a random fxed
message signature is validated! else shows the signature length of hash when it processes a random amount of data.
is failed to verify! Te approximate time for the veri- Te newly generated hash function cannot be predictable for
fcation process is 0.016799 seconds. Te proposed given random numbers. As the proposed system uses
model is implemented using Python programming, and Ed25519, which is a curve point of ECC, we discuss the
it is a platform-independent tool. security analysis with the random oracle model as follows.
5. Security Analysis
5.4. Tampering with Ed25519 Signature. Te point (X1, y1)
In the proposed scheme, we are using the fngerprint and −⟶ x1modp is independent of the value of y1 in the
Aadhaar number of multisignatories for the key pair genera- Ed25519 function. Two points present in the elliptic curve at
tion. As we know, biometric traits are difcult to be tampered the same x1 coordinate and both points are opposite mean K
and this scheme also uses a unique identity number like can be replaced with −Kmodm, which would also follow the
Aadhaar number that is verifed by a government agency. Only same x1 and hence the same r. Tis tempering process
authorized users can use their private keys for signing docu- replaces s with −Smodp. Terefore, the (r, s) can be replaced
ments. Hence, the proposed scheme secures and provides the by (r, smodp) which can act as a real signature for the same
integrity and authenticity of the documents. message. However, using the hash function is preventing this
tempering.
5.1. KeyGuessing Attacks. A key guessing attack such as brute
force attack in that a cryptanalyst tries all possibilities to guess 5.5. Reset Attack on Ed25519. Assume that the pseudoran-
the private key [37, 38]. In the proposed scheme, we are using dom generator k is identifable and the internal state can be
SHA-256 hash function to generate 256-bit long private keys. reconfgurable. Te scheme can be penetrable with two
Each private key depends on the user’s credentials, namely, diferent message signatures. As if the signatory signs D1 by
fngerprint and Aadhaar number along with a 256-bit random k and then resets it to generate k for D2, so the signatures we
number. Terefore, the security of the proposed system is not get (r, s1) for D1 and (r, s2) for D2. Terefore, we get that
feasible to break by the brute force attack in fnite time s2SHA2(D1) − s1SHA2(D2)
x � modp. (22)
r(s2 − s1)
5.2. Collusion Attack. Te collusion attack occurs when
a specifc user or a group of users intentionally has a secret
agreement with an eve or a compromised the security policy. 5.6. Comparison of Security Analysis. Here, we present
In this scheme, the private keys are kept secret by in- a comparison of security analysis with previous works in the
dividuals; hence, no participant can steal the private key of following Table 3, in the context of the above discussed
the other participants. points.
Security and Communication Networks 15
Table 2: List of tools and packages used to implement the proposed scheme.
Component Description
Processor I3 5th gen intel processor
RAM 12GB
Operating system Ubuntu 20.10
Programming language Python 3.7
IDE VS code
Component Description
Table 3: Comparison of Security analysis with previously implemented schemes.
Security property Bisheh N. et al. [34] Brendel et al. [16] Großschädl et al. [22] Proposed
Key guessing attacks N N N Y
Collusion attack N N N Y
Forgery or key replacement N Y N Y
Tampering with Ed25519 signature N Y N Y
Reset attack on Ed25519 N Y N Y
20
17.02
16.09 16.42
15 14.88 14.21 14.67
12.97
12.08
10.89
10.18 10.25 10.06
10
5
0
10 50 100 150 250 500
File Size (In Kb)
Signature
Verification
Figure 6: Bar-chart of time comparison for signature generation and verifcation for two signers.
6. Results and Discussion EdDSA also possesses the property of batch verifcation;
therefore, it is useful for multisignatures schemes [39].
Te implementation has been tested for two, fve, and ten Terefore, the implemented scheme is fast and more secure
signatories to compare the time of signature generation and compared to previously implemented schemes.
its verifcation with diferent fle sizes. Figures 6–8 are
representing the results.
Table 4 compares the suggested plans with the schemes that 6.1. Limitations of the Work. As in the previous section, we
have already been put into place.Te execution reveals that the can understand that the proposed work is better than the
length of the private key and the public key is 256 bits, and the previously presented scheme. However, every scheme has
processing time for key pair creation is around 11milliseconds. their constraints
Similarly, the processing time for the signing and verifcation When the number of signatories is rising, the time com-
process is approximately 12milliseconds and 16milliseconds plexity of the algorithm is increasing. Tis happens because of
successively. From Figure 9, one can easily see that the key the many numbers of public and private keys that will be used.
length of EdDSA is small in comparison with the RSA for the Tis is also a slow process of signing and verifcation time.
same security level; therefore, one can say EdDSA is less space- Tis scheme is not only a test in an ofine environment
complex than RSA. Te time complexity for signing and as it is designed as an ofine application but can be tested
verifcation is less for EdDSA comparison to RSA [7]. Te online also by developing as an online application with
Python web development tools.
Time (In Miliseconds)
16 Security and Communication Networks
20 19.15
17.93 18.12
15.83 15.35
15 14.18 14.82
13.82
12.41
11.49 11.62 11.25
10
5
0
10 50 100 150 250 500
File Size (In Kb)
Signature
Verification
Figure 7: Bar-chart of time comparison for signature generation and verifcation for fve signers.
20
18.56
16.09
15 15.07 14.24 14.59
13.55
12.72
11.69 11.84
10.58 10.91 11.08
10
5
0
10 50 100 150 250 500
File Size (In Kb)
Signature
Verification
Figure 8: Bar-chart of time comparison for signature generation and verifcation for ten signers.
Table 4: Comparative Overview of the proposed scheme and previously implemented schemes.
Scheme Credentials for keygeneration Based on Security analysis
Ahmed et al. [25] Face recognition RSA No
Rahmawati et al. [3] Fingerprint RSA No
Bellare and Neven [18] Unavailable RSA Yes
Tanwar and Kumar [1] E-mail and Aadhaar number RSA Yes
Prathapkumar et al. [40] Unavailable Double RSA No
Nagashima et al. [33] Creator’s content and ID ECC No
Tanwar et al. [23] ID card ECDSA Yes
Diemert et al. [24] Unavailable ECDSA Yes
Bisheh N. et al. [34] Unavailable EdDSA Yes
Proposed scheme Fingerprint, Aadhaar number, and random number EdDSA Yes
Time (In Miliseconds) Time (In Miliseconds)
Security and Communication Networks 17
16000
14000
12000
10000
8000
6000
4000
2000
0
256
192 C
Secu 128rity (b 112its B) 80
EdDSA
RSA
Figure 9: Bar-chart of time comparison for signature generation and verifcation for ten signers.
Te scheme is not a test in a real-time environment. It References
can be tested in the real-time environment with some
specifc adjustments such as using hardware to collect the [1] S. Tanwar and A. Kumar, “An efcient and secure identity
fngerprint images in real-time. based multiple signatures scheme based on RSA,” Journal of
Te scheme is designed to test documents only, spe- Discrete Mathematical Sciences and Cryptography, vol. 22,
cifcally PDF fles, but can be a test for other types of fles also no. 6, pp. 953–971, 2019.[2] N. J. G. Saho and E. C. Ezin, “Securing document by digital
and can identify the complexity of diferent fles. signature through RSA and elliptic curve cryptosystems,” in
Proceedings of the 2019 International Conference on Smart
7. Conclusion Applications, Communications, and Networking (SmartNets),
pp. 1–6, IEEE, Sharm El Sheik, Egypt, December 2019.
We have evaluated multisignature systems that have previously [3] E. Rahmawati, M. Listyasari, A. S. Aziz et al., “Digital sig-
been proposed as well as identity-based multisign systems nature on fle using biometric fngerprint with a fngerprint
(IBMS). We have suggested our improven identity-based sensor on a smartphone,” in Proceedings of the 2017 In-
multisignature technique utilizing EdDSA for electronically ternational Electronics Symposium on Engineering Technologyand Applications (IES-ETA), pp. 234–238, IEEE, Surabaya,
signing documents based on the fndings of this investigation. Indonesia, September 2017.
In this scheme, we have used the Ed25519 algorithm that is [4] S. A. El-Rahman, D. Aldawsari, M. Aldosari, O. Al- rashed,
based on the ECC. Tis algorithm is more secure and faster in and G. Alsubaie, “A secure cloud-based digital signature
compare to RSthe A algorithm. In the implemented scheme, an application for iot,” International Journal of E-Services and
Aadhar number, fngerprint, and a randomnumber are used to Mobile Applications, vol. 10, no. 3, pp. 42–60, 2018.
generate the key pairs. In this study, we have provided a de- [5] T. Jager, J. Schwenk, and J. Somorovsky, “On the security of tls
tailed description of key-pair generation, signing documents, 1.3 and quick against weaknesses in pkcs# 1 v1. 5 encryption,”
and verifcation of digital signatures. We further also provide in Proceedings of the 22nd ACM SIGSAC Conference on
security analysis based on the properties of our proposed Computer and Communications Security, pp. 1185–1196,
scheme, which suggests that the proposed scheme is more Denver, Colorado, October 2015.
secure and fast compared to previously proposed schemes. In [6] A. A. Imem, “Comparison and evaluation of digital signatureschemes employed in ndn network,” 2015, https://arxiv.org/
the future, it will be interesting to extend this scheme to au- abs/1508.00184.
thenticate social messaging and verify the integrity and au- [7] C. Li, Y. Wu, and F. Yu, “An Improved Schnorr-Based Multi-
thenticity of big data. Furthermore, the proposed scheme can Signature Scheme with Blockchain Applicatio,” in Proceedings
also be used to authenticate multimedia fles [40]. of the IEEE 3rd International Conference on Civil Aviation
Safety and Information Technology, pp. 858–863, ICCASIT),
Changsha, China, September 2021.
Data Availability [8] S. Kazmirchuk, A. Ilyenko, S. Ilyenko, O. Prokopenko, and
Te data that used to support the fndings of this study are Y. Mazur, “Te improvement of digital signature algorithmbased on elliptic curve cryptography,” Advances in Computer
available from the corresponding author upon request. Science for Engineering and Education III ICCSEEA 2020,
vol. 1247, 2021.
Conflicts of Interest [9] R. Kaur and A. Kaur, “Digital signature,” in Proceedings of the
2012 International Conference on Computing Sciences,
Te authors declare that they have no conficts of interest. pp. 295–301, IEEE, Washington, DC, USA, September 2012.
Key Length (bits)
18 Security and Communication Networks
[10] R. C. Merkle, “A certifed digital signature,” Conference on the Soft Computing, pp. 131–135, Yogyakarta, Indonesia, May
Teory and Application of Cryptology, Springer, Heidelberg, 2017.
Germany. [27] Y. Zhou, Z. Li, F. Hu, and F. Li, “Identity-based combined
[11] F. O. Mojisola, S. Misra, C. Falayi Febisola, O. Abayomi-Alli, public key schemes for signature, encryption, and encryp-
and G. Sengul, “An improved random bit-stufng technique tion,” in Information Technology and Applied Mathema-
with a modifed RSA algorithm for resisting attacks in in- ticsVol. 3–22, Springer, Heidelberg, Germany, 2019.
formation security (rbmrsa),” Egyptian Informatics Journal, [28] H. Jin, H. Debian, and C. Jianhua, “An identity-based digital
vol. 23, no. 2, pp. 291–301, 2022. signature from ecdsa,” Second International Workshop on
[12] S. C. Gupta and M. Sanghi, “Matrix modifcation of RSA Education Technology and Computer Science, IEEE, vol. 1,
digital signature scheme,” Journal of Applied Security Re- pp. 627–630 2010.
search, vol. 16, no. 1, pp. 63–70, 2021. [29] M. K. Chande, C. C. Lee, and T. Y. Chen, “An improved
[13] N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of multi-signature scheme for specifed group of verifers,” In-
Computation, vol. 48, no. 177, pp. 203–209, 1987. ternational Journal of Electronic Security and Digital Forensics,
[14] C.-P. Schnorr, “Efcient signature generation by smart cards,” vol. 9, no. 2, pp. 180–190, 2017.
Journal of Cryptology, vol. 4, no. 3, pp. 161–174, 1991. [30] L. Wei, J. Ai, and S. Liu, “A tightly secure multi-party-
[15] S. Josefsson and I. Liusvaara, “Edwards-curve digital signature signature protocol in the plain model,” in Proceedings of the
algorithm (eddsa),” Internet Research Task Force, vol. 8032, 2015 8th International Conference on Biomedical Engineering
pp. 257–260, 2017. and Informatics (BMEI), pp. 672–677, IEEE, Shenyang, China,
[16] J. Brendel, C. Cremers, D. Jackson, and M. Zhao, “Te October 2015.
provable security of ed25519: theory and practice,” in Pro- [31] K. Ramkumar and M. Juneja, “Multi-signature authentication
ceedings of the 2021 IEEE Symposium on Security and Privacy and key management system to ensure reliable paths for
(SP), pp. 1659–1676, IEEE, Francisco, CA, USA, May 2021. payload delivery,” in Proceedings of the 2020 Indo– Taiwan
[17] B. Preneel, “Cryptographic hash functions,” European 2nd International Conference on Computing, Analytics and
Transactions on Telecommunications, vol. 5, no. 4, pp. 431– Networks (Indo-Taiwan ICAN, pp. 194–201, IEEE, Rajpura,
448, 2010. India, February 2020.
[18] M. Bellare and G. Neven, “Identity-based multi-signatures [32] G. Lax, F. Buccafurri, and G. Caminiti, “Digital document
from RSA,” in Proceedings of the Cryptographers’ Track at the signing: vulnerabilities and solutions,” Information Security
RSA Conference, pp. 145–162, Springer, Francisco, CA, USA, Journal: A Global Perspective, vol. 24, no. 1-3, pp. 1–14, 2015.
February 2007. [33] N. Nagashima, M. Inamura, and K. Iwamura, “Imple-
[19] N. Storublevtcev, “Cryptography in blockchain,” in Compu- mentation of secondary available digital content protection
tational Science and its Applications – ICCSA 2019, S. Misra, schemes using identity-based signatures,” in Proceedings of
O. Gervasi, B. Murgante et al., Eds., pp. 495–508, Springer the 7th International Conference on Information Systems Se-
International Publishing, Heidelberg, Germany, 2019. curity and Privacy, ICISSP 2021, pp. 485–491.
[20] R. Gennaro and S. Goldfeder, “Fast multiparty threshold [34] M. Bisheh-Niasar, R. Azarderakhsh, and M. Mozafari-Ker-
ecdsa with fast trustless setup,” in Proceedings of the 2018 mani, “Cryptographic accelerators for digital signature based
ACM SIGSAC Conference on Computer and Communications on ed25519,” IEEE Transactions on Very Large Scale In-
Security, pp. 1179–1194. tegration Systems, vol. 29, no. 7, pp. 1297–1305, 2021.
[21] N. K. Dewangan and P. Chandrakar, “Enhanced privacy and [35] S. Dargan and M. Kumar, “A comprehensive sur- vey on the
security of voters’ identity in an inter-planetary fle system- biometric recognition systems based on physiological and
based e-voting process,” in Blockchain for Information Se- behavioral modalities,” Expert Systems with Applications,
curity and Privacy, pp. 113–132, Auerbach Publications, Boca vol. 143, Article ID 113114, 2020.
Raton, FL, USA, 2021. [36] C. Ambrose, J. W. Bos, B. Fay, M. Joye, M. Lochter, and
[22] J. Großschädl, C. Franck, and Z. Liu, “Lightweight eddsa B. Murray, “Diferential attacks on determine- istic signa-
signature verifcation for the ultra-low-power internet of tures,” in Cryptographers’ Track at the RSA Conference,
things,” in International Conference on Information Security pp. 339–353, Springer, Heidelberg, Germany, 2018.
Practice and Experience, pp. 263–282, Springer, Heidelberg, [37] N. Samwel, L. Batina, G. Bertoni, J. Daemen, and R. Susella,
Germany, 2021. “Breaking ed25519 in wolfssl,” in Crypt- Geographers Track at
[23] S. Tanwar, S. Badotra, M. Gupta, and A. Rana, “Efcient and the RSA Conference, pp. 1–20, Springer, Heidelberg, Germany,
secure multiple digital signature to prevent forgery based on 2018.
ECC,” International Journal of Applied Science & Engineering, [38] D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang,
vol. 18, no. 5, pp. 1–7, 2021. “High-speed high-security signatures,” Journal of crypto-
[24] D. Diemert, K. Gellert, T. Jager, and L. Lyu, “More efcient graphic engineering, vol. 2, no. 2, pp. 77–89, 2012.
digital signatures with tight multi-user security,” in Pro- [39] B. Harsha, A. Damodaran, S. Ranganath, V. Raut, and
ceedings of the IACR International Conference on Public-Key S. Holla, “An approach to enable secure and reliable com-
Cryptography, Springer, Edinburgh, UK, May 2021. munication on iot devices,” International Conference on
[25] A. Ahmed, T. Hasan, F. A. Abdullatif, andM. S. M. Rahim, “A Computational Systems and Information Technology for Sus-
digital signature system based on real-time face recognition,” tainable Solution (CSITSS), IEEE, , vol. 4, pp. 1–6, 2019.
in Proceedings of the 2019 IEEE 9th International Conference [40] K. Prathapkumar and A. T. Raja, “Double signa- ture based
on System Engineering and Technology, pp. 298–302, Shah cryptography using ds-sha256 in cloud computing,” NVEO-
Alam, Malaysia, October 2019. NATURAL VOLATILES & ES- ESSENTIAL OILS Journal|
[26] D. M. Tuan, “Msms: a multi-section multi-signature model NVEO, vol. 8, no. 5, pp. 9535–9541, 2021.
with distinguished signing responsibilities,” in Proceedings of
the 2017 International Conference on Machine Learning and