Practical SM2-Based Multisignature Scheme with Applications to Vehicular Networks

Hou, Lin; Liu, Wei; Yao, Lisha; Liang, Xiaojian; Zeng, Guo-Qiang

doi:https://doi.org/10.1155/2021/7897527

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security Threats and Defenses for Connected Vehicles

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 7897527 | https://doi.org/10.1155/2021/7897527

Practical SM2-Based Multisignature Scheme with Applications to Vehicular Networks

Lin Hou,¹Wei Liu,¹Lisha Yao,¹Xiaojian Liang,¹and Guo-Qiang Zeng²

Academic Editor: Rongmao Chen

Received11 Jun 2021

Accepted13 Sept 2021

Published27 Oct 2021

Abstract

In vehicular networks, the increasing value of transportation data and scale of connectivity also brings many security and privacy concerns. Peer authentication and message integrity are two vital security requirements to ensure safe transportation system. Because of the constrained resources of the units performing the cryptographic components, the proposed security-enhancing schemes should be lightweight and scalable. In this paper, we present a multisignature scheme derived from the SM2 signature which enables a group of parties to collaboratively sign a message and generate a compact joint signature at the end. Our scheme requires no preprocessing or interactions among the parties before signing, and its performance matches or surpasses known ones in terms of signing time, verification time, and signature size. Therefore, our scheme is also suitable for vehicular networks, with the goal to enhance security with small computation and storage cost.

1. Introduction

With the development of advanced information and communication-based technologies, intelligent transportation system (ITS) can provide a seamless transportation infrastructure and more functionalities for vehicles than a decade ago. Specifically, the Vehicle-to-Everything (V2X) communication technology in vehicular networks nowadays is able to support information sharing between vehicles and any other element involved in ITS [1, 2], including nearby vehicles (V2V), the infrastructure (V2I), mobile devices carried by pedestrians (V2P), and remote application servers or cloud platforms (V2N). The increasing scale of ITS ecosystem and the growing trend to integrate vehicular network deployment with other networks also bring concerns about cybersecurity for ITS since any message interception or modification by malicious units could result in fatal consequences [3, 4].

Digital signature is commonly used in vehicular networks to ensure integrity of messages exchanged among devices. However, the effectiveness of information propagation and routing, which are associated to delays and hence also have impacts on road safety, naturally depends on the computational overhead imposed by the applied security mechanisms [5]. Beyond traditional signature schemes, multisignature (MS) and aggregate signature (AS) are extended primitives considering multiuser setting to support cosigning and to reduce verification cost. The two primitives in common allow a group of signers to combine their individual signatures into a single short one. Specifically, an MS scheme [6, 7] enables a group of signers, each having a public key and a corresponding private key, to collaboratively produce a joint signature on a common message which can be publicly verified given the set of public keys of all signers. As a more general primitive, an AS scheme [8, 9] allows each of the signers to sign a different message, and all these individual signatures can still be aggregated into a single short one. As in the traditional signature scheme, the short combined signature should convince the verifier that all signers signed their designated messages.

Both MS and AS schemes have many potential uses in vehicular networks, such as in the distributed certificate authority (CA) or in V2I/V2V communications. Unfortunately, the commonly used technologies including dedicated short-range communications (DSRC) and cellular-V2X (C-V2X) mainly exploit elliptic curve-based signature schemes, e.g., ECDSA and SM2, which to the best of our knowledge has very few MS or AS extensions due to their nonlinear construction.

In this paper, we propose a candidate multisignature scheme based on the SM2 signature algorithm and specify the applications of for vehicular networks. SM2 is a signature algorithm standard based on the elliptic curve published by the Chinese government and has been extensively used in cryptographic devices in finance and industry. Our proposed scheme allows dynamic joining of signers (with certified public keys) and has no burdensome assumptions on the public-key infrastructure (PKI), which makes it plausible in vehicular networks.

1.1. Our Contributions

The original contribution of this work is mainly twofold:(i)We first present a multisignature scheme based on the SM2 signature by designing a cosigning protocol and prove its security in plain public-key and semihonest model. No preprocessing or any proof-of-knowledge step on the signer side is required in our scheme. The experimental results also show that our protocol is relatively practical for many applications.(ii)We then illustrate some possible applications of in vehicular networks, especially the usage in the multiple CAs architecture to reduce the certification storage for vehicles and RSUs and in V2I communication to reduce the computational overhead for RSUs.

1.2. Related Work

A trivial way to build a multisignature from standard signatures is to concatenate all stand-alone signatures signed individually. However, the resulted multisignature is of large size and particularly of size proportional to the number of signers, which does not scale well in practice [6, 7, 10]. Therefore, a multisignature should be short, meaning its length should be (ideally) independent from the number of signers and about the same as that of an ordinary stand-alone signature. Informally, the possibility of extending standard signature schemes to multisignatures comes from the homomorphism of the involved arithmetic operations of the underlying assumptions. However, the homomorphism also brings a serious vulnerability and allows adversaries to mount rogue key attacks, in which the attackers without valid key pairs can set its public key as a function of those from other honest signers and finally forge multisignatures. Micali et al. [6] described the formal model for the attack and showed a way to prevent such attacks known as knowledge of secret key (KOSK) assumption, in which users are required to prove knowledge of their secret keys during public key registration. Bellare and Neven [7] proposed a new practical multisignature scheme based on the Schnorr signature without KOSK assumption and proved that it can avoid rogue attack in the so-called plain public key model. There are several following-up work on constructing 2-round Schnorr-based multisignatures, i.e., all singers only need 2 rounds of communications to produce a multisignature [11–15]. Recently, public key aggregation is introduced to a multisignature scheme by which the verifier can check the validity of a multisignature only using a short aggregate key rather than a public key list [16, 17].

2. Preliminaries

For prime number , denotes the additive group of integer modulo . We consider elliptic curve in , where and . The set of points on along with the infinity point constitutes an additive elliptic-curve group under points addition, denoted by , with being the identity. Let be the base point in with order . For , denotes the scalar multiplication in .

Range denotes the set of integers , . Given a nonempty set , denotes the operation of sampling an element of uniformly at random and assigning it to . For a randomized algorithm , denotes the operation of running on inputs and random coins then assigning its output to .

2.1. Multisignature Scheme

2.1.1. Syntax

We follow the description of Bellare and Neven [7] and define a multisignature scheme as a tuple . Note that the scheme is defined in the plain public key model, where the key generation is as same as that in any public-key cryptography and no more preprocessing protocol or key verification is required.

: the setup algorithm takes as input the security parameter and generates system parameters .

: the key generation algorithm is a randomized algorithm executed by every signer on input to generate a key pair .

: the algorithm represents the signing protocol run by a group of signers who intend to collaboratively sign the same message . Each signer executes the protocol on input pp, a set of public keys of signers , private key and message . The protocol outputs a multisignature .

: the verification algorithm checks the validity of a multisignature on message on behalf of the group of signers whose public keys are in set and output 1 or 0 indicating the multisignature is valid or not.

2.1.2. Completeness

A multisignature scheme should satisfy the following completeness property, meaning that for any number and message , if for and all signers run , then every signer will output the same signature such that .

2.1.3. Security

The security of multisignature requires that it is infeasible to forge a signature involving at least one honest signer. We assume an adversary (forger) that corrupts all other signers except the honest one and can choose their public keys in arbitrary ways as it likes, e.g., the rogue key attack. The unforgeability of multisignature in plain public key model is defined by the following three-phase game between the forger and a challenger.

Setup. The challenger generates system parameter and a challenge key pair for the target honest signer. It returns to .

Query. The forger is allowed to make signature queries on any message for any set of signers with . This signing oracle simulates the honest signer with key interacting in a signing protocol with other signers in list . can make any number of such queries concurrently.

Forge. outputs a set of public keys, a message , and a multisignature . The forger is said to win the game if with and the message never appeared in Query phase.

The advantage of forger in breaking the multisignature scheme is defined as the probability that wins the above game (over the random coins of the challenger), denoted as .

Definition 1. (UF-CMA security). A multisignature scheme is -unforgeable if it holds that for every forger that runs in time at most , makes at most signing queries, produces forgeries on behalf of parties, and wins the game with negligible probability . In random oracle model, we define it as -unforgeable where denotes the maximum number of hash queries.

2.2. SM2 Signature Algorithm

The SM2 signature algorithm is initialized by taking as input a security parameter and outputs as public parameters, in which is a cryptography hash function. The SM2 signature scheme is briefly reviewed in Table 1.

2.3. General Forking Lemma

We will use the general forking lemma [7] to prove the security of our scheme, which is a useful tool by extending the forking lemma of Pointcheval and Stern [18] without mentioning concrete signatures or random oracles.

Lemma 1 (general forking lemma). Let be a set of size , and . Let be a randomized algorithm that on input returns a pair , where and is a side output. For some randomized input generator IG, the accepting probability of algorithm , denoted by , is defined as . Consider randomized algorithm associated with , taking as input , proceeds as described in Algorithm 1. Let be the probability that . Then,

(1)	Select random coins for
(2)
(3)
(4)	if then
(5)	return
(6)	end
(7)
(8)
(9)	if ( and ) then
(10)	return
(11)	else
(12)	return
(13)	end

2.4. Secure Multiparty Computation

Secure multiparty computation (MPC) enables a group to jointly perform a computation without disclosing any participant’s private inputs. The participants agree on a function to compute and then can use an MPC protocol to jointly compute the output of that function on their secret inputs without revealing them [19]. There are several well-studied MPC protocols such as the GMW protocol [20] and the BGW protocol [21]. Both of the two schemes are based on the secret-sharing technique and can support both Boolean circuit and arithmetic circuit.

Here, we only present the general idea of a simple addition function to show how the protocols work. The basic idea is to allow each party holding the secret shares of the inputs; therefore, each party can locally sum up their shares and get a valid sharing of the final result. We describe it in a bit more detail in Figure 1.

3. SM2-Based Multisignature Scheme:

In this section, we present a multisignature scheme based on the SM2 signature in the plain public key model. Intuitively, the original signing algorithm of SM2 involves a nonlinear combination of secret key and randomness; therefore, it is nontrivial to extend it directly to a multisignature. To cope with the problem, in the protocol, we first exploit the linear part in SM2 to produce a semiaggregated signature and then employ a simple MPC protocol for addition to finally achieve the goal. Note that we slightly modify the output of original SM2 signing algorithm in protocol where we take the inverse of instead to be the part of signature by each party. Therefore, the multisignature in our scheme is almost of the same structure as the original SM2 signature and remains practical. The unforgeability of the multisignature under chosen message attack can be proved in the random oracle model using general forking lemma [7, 16].

3.1. Construction

The initialization algorithm and algorithm of the multisignature are almost the same as that in the SM2 scheme, except that there are two hash functions used in multisignature scheme, denoted as . We now proceed to describe the signing protocol and verification algorithm of the scheme. Note that we take to be size of for simplicity, where is the maximum number of cosigners and .

: each signer with secret key and public key in set runs an interactive protocol to collaboratively sign a message . The communication proceeds in a number of rounds, where in each round, every signer sends and receives messages to and from other signers and also performs some local computation.(1)Choose , compute and , and broadcast .(2)Upon receiving from all other signers, broadcast .(3)Upon receiving from all other signers, check the hash values and abort the protocol if for any that . Otherwise, set , , and . Then, broadcast .(4)Upon receiving from all other signers, compute and run the protocol for with input to get the addition .

At the end the interactive protocol, the algorithm outputs a multisignature , where is the set of all points .

: given a multiset of public keys , message , and multisignature , the verifier computes and , accepts the signature if , and outputs 1. Otherwise, it outputs 0.

Correctness: if is a valid output of protocol, algorithm always accepts and outputs 1. The equation only holds when all signers follow the protocol and use valid key pairs. Note that the integer computations are all modulo , and we omit the notation for simplicity.

3.2. Security Proof

In general, we can treat the multisignature scheme as a multiparty computation protocol and prove its security in simulation-based framework for a clearer security guarantee. Unfortunately, the security of multisignature is traditionally defined in game-based framework, and on the other hand, simulation-based proof is complex in the random oracle model. Here, we follow the game-based definition of Bellare and Neven [7] and only show a proof sketch for the scheme.

The basic idea of game-based proof is to obtain from two different forgeries and with the same randomness by employing the general forking lemma. As a result, we can extract the secret key from the target public key , which is usually a solution of the discrete-logarithm problem in the elliptic-curve group . For simplification, we take an equivalent verification equation into consideration, and if and satisfy then the secret key corresponding to can be computed from the equation

However, in the process of , each signer can check the value before continuing to execute the protocol, which allows signers to quit cosigning immediately if there is any rogue key attack. Specifically, they can compute and check if is equal to the corresponding part in the result.

Therefore, we can let the simulator halt if the forger successfully forged .

Lemma 2. If there exists a -forger that can output a forgery , then there exists a PPT algorithm which -solves the DL problem in .

Proof. Note that and each has similar structure with Schnorr signature. Therefore, the proof of Lemma 2 is similar to that of the scheme. Generally, given a -forger , we first wrap it into an algorithm that can be used in the general forking lemma. We then describe an algorithm that on input and runs to output the corresponding discrete logarithm.

Let , be the programmed hash tables for oracles , respectively, and be the answers of queries to . Two counters and are initialized to zero. An additional array records a unique index to each public key occurring either as a cosigner’s public key in signature queries or queries, where . On input , plays the game with with the target public key . answers queries from by programming the oracles as follows:(i): if is undefined, then randomly assigns and then returns .(ii): if is undefined, then increments and sets . Let ; if has not yet been defined, then assigns random values to all for , increases , and assigns .(iii): if , then returns to the forger. Otherwise, it parses as . first checks whether has already been defined, if not it increases and sets . Then, it increases counter and sets . It chooses and computes a elliptic curve point such that , where . It finally sends to all cosigners. After receiving all from (all other cosigners), looks up the corresponding in table such that . If not all such values can be found, randomly chooses and broadcasts . If there exists such that , then sets and aborts the execution of by outputting . Otherwise, computes and checks whether has already been defined. If the entry was taken, sets and aborts the execution by outputting . If not, sets and broadcasts . Upon receiving all , stops the process if for any such that . then broadcasts .

Finally, if outputs a valid forgery on message under the signer list , then checks . Let be the index that . returns . The accepting probability of is as follows:

We then construct the algorithm that on input and runs . According to the general forking lemma, it returns with probability . Note that the discrete logarithm with regard to can be computed through . Therefore, the probability is as follows:

3.3. Experimental Results

We now present the concrete experimental results based on our implementation. We implemented the scheme in Java and ran it on an EC2 instance of type CPU 2.50 GHz with 1 GB RAM. We use the standard SM2 curve and the SM3 hash algorithm. We ran experiments from 2 to 20 parties and compare our results in two-party setting with a related protocol from Zhang et al. [22] in Table 2. Note that [22] is an SM2-based two-party distributed signing protocol, which is slightly different from multisignature in the way that parties should also cooperate in key generation. Moreover, they omit the zero-knowledge proof component in their implementation, and our demo (https://github.com/lhoou/ms-sm2) as a simulation only includes local computation and omits the communication cost in real world. As for multiuser setting, the performances of our scheme are presented in Table 3.

4. Applications to Vehicular Networks

In this section, we describe two potential applications of to vehicular networks. We first show that it can be employed in the architecture of multiple certificate authorities to reduce the number of certificates that are required for devices in the system including on-board units (OBU) and road-side units (RSU). In addition, we also specify its possible usage in the process of V2I communications. The goal is to reduce computation and storage overhead for the units while maintaining security properties.

4.1. Multi-CA Architecture

In vehicular networks, taking C-V2X, for example, certificate authorities usually include organizations for registration, communication authorization, and pseudonym authorization. Specifically, any device that is involved in the network should first require for registration certificate from registration CA and then require for other certificates from different CAs that are needed to send and receive messages in the network.

For instance, a vehicle is required to get a certificate from the registration CA using its unique identity before joining the network. It can then require a pseudonym certificate for the anonymous V2V communication and a secure V2I communication certificate from secure communication CA using its registration certificate. The vehicle can also apply multiple registration certificates from different registration CAs. To simplify the authentication process, the distributed CAs can employ in order to jointly generate only one certificate or one registration certificate for the vehicle at the same time, instead of generating certificates one by one.

4.2. Cooperative V2I Communication

Cooperative communication in vehicular networks has been leveraged to offer various improvements on spectral efficiency, transmission reliability, and reduced transmission delay. Vehicles can cooperate with each other either directly or through an RSU, and the vehicular node which helps the source node to transmit its data is called a helper node or relay node [23].(i)Cooperative traffic reports: vehicles in the same traffic area, such as in an accident or in a neighborhood, can cooperatively issue a traffic report including awareness messages (CAMs), safety importance, and vehicle heading and transmit a packet to the RSU attached with a signature. The signature can help the RSU to check validity of the packet and also reduce the computation cost of RSU.(ii)RSU-assisted communication: when a source RSU fails to successfully transmit a packet to the targeted destination, it forwards the packet to the next RSU along the path using the backhaul wired connection. The new RSU relays the received packet to the targeted destination. In this scenario, both the source RSU and relayed RSU can jointly sign the packet using to convince the target vehicle of the message transmitted, which can also prevent any malicious RSU from sending out frauds without collusion.

5. Conclusions

In this paper, we present a candidate multisignature scheme from the SM2 signature algorithm in the plain public-key model. Compared to a list of individual signatures, the storage volume of signature reduces nearly 50% and the computation cost is relatively low. In addition, we specify in detail some potential applications of the scheme to vehicular networks, especially in the scenario of cooperatively secure communication, with the goal of maximizing performance and compatibility. Because of the high-speed mobility, designing more efficient protocols with fewer communication rounds for vehicular networks is still a challenging research problem.

Data Availability

The data, including algorithms and proofs, used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This research was supported in part by the National Key Research and Development Plan of China (Grant no. 2020YFB1005600), Key Area Research and Development Program of Guangdong Province (Grant nos. 2020B0101360001 and 2020B0101090004), National Natural Science Foundation of China (Grant nos. 61825203, U1736203, 61732021, and 61902067), Major Program of Guangdong Basic and Applied Research Project (2019B030302008), and Foundation for Young Innovative Talents in Ordinary Universities of Guangdong (2018KQNCX255).

References

N. Xia and C.-S. Yang, “Vehicular communications: standards and challenges,” in Proceedings of the Internet of Vehicles. Technologies and Services for Smart Cities - 4th International Conference, IOV 2017, S.-L. Peng, G. Lee, R. Klette, and C.-H. Hsu, Eds., vol. 10689, pp. 1–12, Springer, Kanazawa, Japan, November, 2017.
View at: Publisher Site | Google Scholar
L. Tuyisenge, M. Ayaida, S. Tohmé, and L.-E. Afilal, “Network architectures in internet of vehicles (iov): review, protocols analysis, challenges and issues,” in Proceedings of the Internet of Vehicles. Technologies and Services Towards Smart City - 5th International Conference, IOV 2018, A. M. J. Skulimowski, Z. Sheng, S. Khemiri-Kallel, C. Cérin, and C.-H. Hsu, Eds., vol. 11253, pp. 3–13, Springer, Paris, France, November, 2018.
View at: Publisher Site | Google Scholar
A. Yang, J. Weng, N. Cheng, J. Ni, X. Lin, and X. Shen, “Deqos attack: degrading quality of service in vanets and its mitigation,” IEEE Transactions on Vehicular Technology, vol. 68, no. 5, pp. 4834–4845, 2019.
View at: Publisher Site | Google Scholar
A. Yang, J. Weng, K. Yang, C. Huang, and X. Shen, “Delegating authentication to edge: a decentralized authentication architecture for vehicular networks,” IEEE Transactions on Intelligent Transportation Systems, pp. 1–15, 2020.
View at: Publisher Site | Google Scholar
C. Pedro, A. Zúquete, S. Sargento, and M. Luís, “The impact of ECDSA in a VANET routing service: insights from real data traces,” Ad Hoc Networks, vol. 90, 2019.
View at: Publisher Site | Google Scholar
S. Micali, K. Ohta, and L. Reyzin, “Accountable-subgroup multisignatures: extended abstract,” in Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 245–254, Philadelphia, PA, USA, November, 2001.
View at: Google Scholar
M. Bellare and G. Neven, “Multi-signatures in the plain public-key model and a general forking lemma,” in Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 390–399, Alexandria, VA, USA, November, 2006.
View at: Publisher Site | Google Scholar
D. Boneh, C. Gentry, B. Lynn, and H. Shacham, “Aggregate and verifiably encrypted signatures from bilinear maps,” in Proceedings of the Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, E. Biham, Ed., vol. 2656, pp. 416–432, Springer, Warsaw, Poland, May, 2003.
View at: Publisher Site | Google Scholar
Y. Zhao, “Practical aggregate signature from general elliptic curves, and applications to blockchain,” in Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (Asia CCS'19), pp. 529–538, New York, NY, USA, 2019.
View at: Google Scholar
K. Itakura, “A public-key cryptosystem suitable for digital multisignature,” NEC Research and Development, vol. 71, pp. 1–8, 1983.
View at: Google Scholar
B. Ali, J.H. Cheon, and S. Jarecki, “Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma,” in Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, pp. 449–458, Alexandria, VA, USA, October, 2008.
View at: Google Scholar
C. Ma, J. Weng, Y. Li, R. Deng, and Deng, “Efficient discrete logarithm based multi-signature scheme in the plain public key model,” Designs, Codes and Cryptography, vol. 54, no. 2, pp. 121–133, 2010.
View at: Publisher Site | Google Scholar
E. Syta, I. Tamas, D. Visher et al., “Keeping authorities ”honest or bust” with decentralized witness cosigning,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 526–545, SP, San Jose, CA, USA, May, 2016.
View at: Publisher Site | Google Scholar
E. Syta, P. Jovanovic, E. Kokoris-Kogias et al., “Scalable bias-resistant distributed randomness,” in Proceedings of the 2017 IEEE Symposium on Security and Privacy, SP 2017, pp. 444–460, San Jose, CA, USA, May, 2017.
View at: Publisher Site | Google Scholar
M. Drijvers, K. Edalatnejad, B. Ford et al., “On the security of two-round multi-signatures,” in Proceedings of the 2019 IEEE Symposium on Security and Privacy, SP 2019, pp. 1084–1101, IEEE, San Francisco, CA, USA, May 19-23, 2019.
View at: Publisher Site | Google Scholar
G. Maxwell, A. Poelstra, Y. Seurin, and P. Wuille, “Simple schnorr multi-signatures with applications to bitcoin,” IACR Cryptology ePrint Archive, vol. 68, 2018.
View at: Google Scholar
D. Boneh, M. Drijvers, and G. Neven, “Compact multi-signatures for smaller blockchains,” in Proceedings of the Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, pp. 435–464, Brisbane, Australia, December, 2018.
View at: Publisher Site | Google Scholar
D. Pointcheval and J. Stern, “Security proofs for signature schemes,” Advances in Cryptology—EUROCRYPT ‘96, vol. 1070, pp. 387–398, 1996.
View at: Publisher Site | Google Scholar
D. Evans, V. Kolesnikov, and M. Rosulek, “A pragmatic introduction to secure multi-party computation,” Foundations Trends Privacyand Security, vol. 2, no. 2-3, pp. 70–246, 2018.
View at: Publisher Site | Google Scholar
O. Goldreich, S. Micali, and A. Wigderson, “How to play any mental game or A completeness theorem for protocols with honest majority,” in Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing (STOC), New York, NY, USA, January 1987.
View at: Google Scholar
M. Ben-Or, S. Goldwasser, and A. Wigderson, “Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract),” in STOC, ACM, New York, NY, USA, 1988.
View at: Google Scholar
Y. Zhang, D. He, M. Zhang, and K.-K. R. Choo, “A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm,” Frontiers of Computer Science, vol. 14, no. 3, p. 143803, 2020.
View at: Publisher Site | Google Scholar
E. Ahmed and H. Gharavi, “Cooperative vehicular networking: a survey,” IEEE Transactions on Intelligent Transportation Systems, vol. 19, no. 3, pp. 996–1014, 2018.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Lin Hou et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies