This document proposes an efficient message authentication scheme for wireless sensor networks based on elliptic curve cryptography (ECC). It discusses the limitations of existing symmetric-key and polynomial-based authentication schemes, such as vulnerability to node compromise and threshold limitations. The proposed scheme generates a source anonymous message authentication code (SAMAC) using a modified ElGamal signature scheme on elliptic curves. This provides unconditional source anonymity, efficient hop-by-hop authentication without threshold limitations, and resilience against node compromise attacks. The scheme aims to authenticate messages with low computational and communication overhead suitable for resource-constrained wireless sensor networks.

1. Message authentication and security schemes based on
ECC in wireless sensor network
Abstract
Message authentication is one of the most efficient ways to prevent unauthorized and corrupted
messages from being forwarded in wireless sensor networks (WSNs). That's why, several message
authentication proposals have been developed, based on either symmetric-key cryptosystems or public-
key cryptosystems. Most of them, however, have the restrictions of high computational and
communication overhead in addition to lack of scalability and resilience to node compromise attacks.
Wireless Sensor Networks are being very popular day by day, however one of the main concern in WSN
is its limited resources. One have to look to the resources to generate Message Authentication Code
(MAC) keeping in mind the feasibility of method used for the sensor network at hand. This paper
investigates different cryptographic approaches such as symmetric key cryptography and asymmetric key
cryptography. To provide this service, a polynomial-based scheme was recently introduced, this scheme
and its extensions all have the weakness of a built-in threshold determined by the degree of the
polynomial. In this paper, we propose a scalable authentication scheme based optimal Modified
ElGamal signature (MES) scheme on elliptic curves cryptography
I. INTRODUCTION
Message authentication [1] performs a very important role in thwarting unauthorized and corrupted
messages from being delivered in networks to save the valuable sensor energy. Therefore, many
authentication schemes have been proposed in literature to offer message authenticity and integrity
verification for wireless sensor networks (WSNs) [ 4, 12, 13 ]. These approaches can largely be separated
into two categories: public-key based approaches and symmetric-key based approaches.
The symmetric-key [2] based approach necessitates composite key management, lacks of
scalability, and is not flexible to large numbers of node compromise attacks since the message sender and
the receiver have to share a secret key. The shared key is handled by the sender to produce a message
authentication code (MAC) for each transmitted message. However, for this process the authenticity and
integrity of the message can only be confirmed by the node with the shared secret key, which is usually
shared by a group of sensor nodes. An intruder can compromise the key by incarcerating a single sensor

2. node. In addition, this method is not useful in multicast networks. To solve the scalability problem, a
secret polynomial based message authentication scheme was introduced.[3]
The idea of this scheme is similar to a threshold secret sharing, where the threshold is
determined by the degree of the polynomial. This approach offers information-theoretic security
of the shared secret key when the number of messages transmitted is less than the threshold. The
intermediate nodes verify the authenticity of the message through a polynomial evaluation. when
the number of messages transmitted is larger than the threshold, the polynomial can be fully
recovered and the system is completely broken. An alternative solution was proposed in to
thwart the intruder from recovering the polynomial by computing the coefficients of the
polynomial. The idea is to add a random noise, also called a perturbation factor, to the
polynomial so that the coefficients of the polynomial cannot be easily solved. The random noise
can be completely removed from the polynomial using error correcting code techniques.[5]
For the public-key based method, each message is transmitted along with the digital signature of
the message produced using the sender’s private key. Every intermediate forwarder and the final receiver
can authenticate the message using the sender’s public key [10], [11]. One of the restrictions of the public
key based method is the high computational overhead. The recent progress on elliptic curve
cryptography (ECC) shows that the public-key schemes can be more advantageous in terms of
computational complexity, memory usage, and security resilience, since public-key based
approaches have a simple and clean key management. In this project, an unconditionally secure
and efficient source anonymous message authentication (SAMA) scheme based on the optimal
Modified ElGamal signature (MES) scheme on elliptic curves. This MES scheme is secure
against adaptive chosen-message attacks in the random oracle model.[6]
MES scheme enables the intermediate nodes to authenticate the message so that all
corrupted message can be detected and dropped to conserve the sensor power. While achieving
compromise resiliency, flexible-time authentication and source identity protection this scheme
does not have the threshold problem. Both theoretical analysis and simulation results
demonstrate that the proposed scheme is more efficient than the polynomial-based algorithms
under comparable security levels.
The principal attraction of ECC, compared to RSA, is that it appears to offer equal
security for a far smaller key size, thereby reducing processing overhead. ECC is a method of

3. encoding data files so that only specific individuals can decode them. ECC based on
mathematics of elliptic curves and uses the location of points on an elliptic curve to encrypt and
decrypt information. The main advantage of ECC over RSA is particularly important in wireless
devices, where computing power, memory and battery life are limited. ECC is having good
potential for wireless sensor networks security due to its smaller key size and its high strength of
security. ECC is a public key cryptosystem.
1.1 GOAL
The following function provides hop by hop message authentication and source privacy
in wireless sensor networks.
• To develop a source anonymous message authentication code (SAMAC) on elliptic
curves that can provide unconditional source anonymity.
• It offers an efficient hop-by-hop message authentication mechanism for WSNs
without the threshold limitation.
• It provides network implementation criteria on source node privacy protection in
WSNs.
• To propose an efficient key management framework to ensure isolation of the
compromised nodes.
• It provides an extensive simulation results under ns-2 on multiple security levels.
MES scheme provides hop-by-hop node authentication without the threshold limitation,
and has performance better than the symmetric-key based schemes. The distributed nature of
algorithm makes the scheme suitable for decentralized networks.
1.2 PROBLEM DEFINITION
Message authentication is one of the most effective ways to thwart unauthorized and
corrupted messages from being forwarded in wireless sensor networks (WSNs). Most of them
have the limitations of high computational and communication overhead in addition to lack of
scalability and resilience to node compromise attacks. An intruder can compromise the key by
capturing a single sensor node. In addition, symmetric key based method does not work in
multicast networks. The intermediate node can verify the authenticity of message through

4. polynomial evaluation. In polynomial based scheme, when the number of messages transmitted
is larger than the threshold the adversary can fully recover the polynomial.
II. TERMINOLOGY AND PRELIMINARY
This section briefly describes the terminology and the cryptographic tools.
A. Thread Model and Assumptions
The wireless sensor networks are implicit to consist of a huge number of sensor nodes. It is assumed that
each sensor node recognizes its relative location in the sensor domain and is competent of communicating
with its neighboring nodes directly using geographic routing. The entire network is fully connected
through multi-hop communications. It is assumed that there is a security server (SS) that is liable for
generation, storage and distribution of the security parameters among the network. This server will by no
means be compromised. However, after deployment, the sensor nodes may be compromised and captured
by attackers. Once compromised, all data stored in the sensor nodes can be obtained by the attackers. The
compromised nodes can be reprogrammed and completely managed by the attackers.
However, the compromised nodes will be unable to produce new public keys that can be accepted by the
SS and other nodes. Two types of possible attacks launched by the adversaries are:
• Passive attacks: By passive attacks, the adversaries could snoop on messages transmitted in the
network and execute traffic analysis.
• Active attacks: Active attacks can only be commenced from the compromised sensor nodes. Once the
sensor nodes are compromised, the adversaries will gain all the data stored in the compromised nodes,
including the security parameters of the compromised nodes. The adversaries can alter the contents of the
messages, and introduce their own messages.
An authentication protocol should be resistant to node compromise by allowing secure key management.
The protocol may provide an integrated key-rotation mechanism or allow for key rotation by an external
module.
2.2 Design Goals
Our proposed authentication scheme aims at achieving the following goals:
Message authentication. The message receiver should be able to verify whether a received
message is sent by the node that is claimed, or by a node in a particular group. In other

5. words, the adversaries cannot pretend to be an innocent node and inject fake messages into
the network without being detected.
Message integrity. The message receiver should be able to verify whether the message has
been modified en-route by the adversaries. In other words, the adversaries cannot modify
the message content without being detected.
Hop-by-hop message authentication. Every forwarder on the routing path should be
able to verify the authenticity and integrity of the messages upon reception.
Identity and location privacy. The adversaries cannot determine the message sender’s ID
and location by analyzing the message contents or the local traffic.
Node compromise resilience. The scheme should be resilient to node compromise attacks.
No matter how many nodes are compromised, the remaining nodes can still be secure.
Efficiency. The scheme should be efficient in terms of both computational and
communication overhead.
2.3 Terminology
Privacy is sometimes referred to as anonymity. Communication anonymity in information management
has been discussed in a number of previous works [14][15][16][17][18][19]. It generally refers to the state
of being unidentifiable within a set of subjects. This set is called the AS. Sender anonymity means that a
particular message is not linkable to any sender, and no message is linkable to a particular sender.
We will start with the definition of the unconditionally secure SAMA.
Definition 1 (SAMA). A SAMA consists of the following two algorithms:
• Generate (m; Q1; Q2; .. . ; Qn ). Given a message m and the public keys Q1, Q2………. Qn
of the AS.S = {A1,A2,…….An}, the actual message sender At, 1< t < n, produces and anonymous
message S (m) using its own private key dt .
• Verify S(m). Given a message m and an nonymous message S (m), which includes the public
keys of all members in the AS, a verifier can determine whether S (m) is generated by a member
in the AS.
The security requirement for SAMA include:
• Sender ambiguity. The probability that a verifier successfully determine the real sender of the
anonymous message is exactly 1/n, where n is the total number of member in the AS.

6. • Unforgeability. An anonymous message scheme is unforgeable if no adversary, given the public
keys of all members of the AS and the anonymous messages m1,m2.......mn adaptively chosen by
the adversary, can produce in polynomial time a new valid anonymous message with non –
negligible probability.
In this paper, the user ID and the user public key will be used interchangeably without making and
distinctions.
II.4 Modified ElGamal Signature Scheme
Definition 2 (MES). The modified ElGamal signature scheme [8] consists of the following three
algorithms:
Key generation algorithm. Let be a large prime and g be a generator of ZZp*,. Boath p and g are
made public. For a random private key ZZp, the public key y is computed from y =gx
mod p.
Signature algorithm. The MES can also have many variants [20],[21]. For the purpose of efficiency,
we will describe the variant, called optimal scheme. To sign a message m, one chooses a random k ZZp-
1,then computes the exponentiation r=gk
mod p and solves s from :
S =rxh (m ,r) + k mod (p-1),
Where is a one-way hash function. The signature of message m is defined as the pair (r,s).
Verification algorithm. The verifier checks whether the signature equation gs
= ry rh(m,r)
mod p. If the
equality holds true, then the verifier Accepts the signature, and rejects otherwise.
III .RELATED WORK
Message authentication are used in different applications and security is one of the key characteristic of
all the applications for that, many authors proposed different kinds of security algorithms like symmetric
key algorithm and public key algorithm. Both passive and active attacks are discussed in that algorithms
and also recovery mechanisms are shown in simulation. The advantages and disadvantages of such
algorithms are discussed below.
3.1. STATISTICAL ENROUTE FILTERING

7. Statistical En-route Filtering (SEF) mechanism detects and drops false reports. SEF requires each sensing
report must be validated by multiple keyed message authentication codes (MACs), each generated
message by a node that detects the same event. As the report is forwarded, each node verifies the
correctness of the MACs probabilistically and drops those invalid MACs at earliest points. The sink
filters out remaining false reports that escape the enroute filtering. SEF exploits to determine the
truthfulness of each report through collective decision-making by multiple detecting nodes and collective
false-report-detection by multiple forwarding. The limitation it fails to detect malicious misbehaviors
with the presence of the following disadvantages like ambiguous collisions, receiver collisions, limited
transmission power, false misbehavior report, collision and partial dropping.
3.2.SECRET POLYNOMIAL MESSAGE AUTHENTICATION
A secret polynomial based message authentication scheme was introduced to prevent message form
adversaries. This scheme offers security with ideas similar to a threshold secret sharing, where the
threshold is determined by the degree of the polynomial. If the number of messages transmitted is below
the threshold, then the intermediate node to verify the authenticity of the message through polynomial
evaluation. When the number of messages transmitted is larger than the threshold, the polynomial be fully
recovered by adversary and the system is broken completely. To increase the threshold for the intruder to
reconstruct the secret polynomial, a random noise, also called a perturbation factor, was added to the
polynomial to prevent the adversary from computing the coefficient of the polynomial.
IV.PROPOSED WORK
4.1 PROPOSED SYSTEM
In the proposed system an unconditionally secure and efficient source anonymous message
authentication scheme was introduced. The main idea is that for each message to be released, the
message sender, or the sending node, generates a source anonymous message authenticator for
the message m. The generation is based on the MES scheme on elliptic curves. For a ring
signature, each ring member is required to compute a forgery signature for all other members in
the AS. In this scheme, the entire SAMA generation requires only three steps, which link all non-
senders and the message sender to the SAMA alike. In addition, design enables the SAMA to be
verified through a single equation without individually verifying the signatures.
SYSTEM MODEL

8. Fig.3.1. System Architecture
The figure 3.1 gives the overall architecture of a system in which the user enters the
network and request for the service. The wireless sensor network consists of a large number of
sensor nodes. Sensor node knows its relative location in the sensor domain and is capable of
communicating with its neighboring nodes directly using geographic routing.
The whole network is fully connected through multi-hop communications. An inquiry
node register the information, after registration the registration node will continue the login
process. Security server is responsible for generation and storage and distribution of security
parameters among the network. This server will never be compromised. After deployment the
sensor nodes may be captured and compromised by attackers.
The compromised node will not be able to create new public keys. For each message m
to be released, the message sender, or the sending node, generates a source anonymous message
authenticator for the message m using its own private key.

9. This is the improved form of SAMA it generates a source anonymous message authenticator for the
message. The generation is based on MES scheme on elliptic curves. SAMA generation requires three
steps, which link all non-senders and the message sender to the SAMA. SAMA is verified through a
single equation without individually verifying the signatures.
4.2 Proposed MES Scheme on Elliptic Curves
The design of the proposed SAMA relies on the ElGamal signature scheme. Signature schemes
can achieve at different levels of security. Security against existential forgery under adaptive-
chosen message attacks is the maximum level of security.
The appropriate selection of an AS plays a key role in message source privacy, since the actual
message source node will be hidden in the AS. The Techniques used to prevent the adversaries
from tracking the message source through the AS analysis in combination with local traffic
analysis. Before a message is transmitted, the message source node selects an AS from the public
key list in the SS as its choice. This set should include itself, together with some other nodes.
When an adversary receives a message, find the direction of the previous hop, or even the real
node of the previous hop. The adversary is unable to distinguish whether the previous node is the
actual source node or simply a forwarder node if the adversary is unable to monitor the traffic of
the previous hop. Therefore, the selection of the AS should create sufficient diversity so that it is
infeasible for the adversary to find the message source based on the selection of the AS itself.
SAMA techniques does not have the threshold problem. Unlimited number of messages are
authenticated. SAMA is a secure and efficient mechanism. Generates a source anonymous
message authenticator for the message m. The message generation is based on the MES
scheme on elliptic curves. An elliptic curve E is defined by an equation of the form:
E : y²=x³ +ax + b mod p;
1. Considering a base point elliptic curve.
2. Assuming the private key of sender node.
3. Calculate public key of sender.
4. The message is to be hashed and left bit of hash functions are converting into binary
format.

10. 5. Finding the signature of message.
B. Modified ElGamal Signature Scheme
Authentication generation algorithm:
Sender node is send the message to be transmitted to receiver node. (SAMA):
A SAMA consists of the following these steps:
1. Receiver node receiving the hashed message.
2. Left most bit of the hash is taken in decimal format.
3. If it receives same key means allow to transform and access that message.
4.3 Key Management and Compromised Node Detection
SS responsibilities include public-key storage and distribution in the WSNs .SS will never be
compromised. After deployment, the sensor node may be captured and compromised by the
attackers. Once compromised, all information stored in the sensor node will be accessible to the
attackers. The compromised node will not be able to create new public keys that can be accepted
by the SS. For efficiency, each public key will have a short identity. The length of the identity is
based on the scale of the WSNs
Advantages
• Message authentication: The message receiver should be able to verify whether a received
message is sent by the node that is claimed or by a node in a particular group. In other words, the
adversaries cannot pretend to be an innocent node and inject fake messages into the network
without being detected.
• Message integrity: The message receiver should be able to verify whether the message has been
modified en-route by the adversaries. In other words, the adversaries cannot modify the message
content without being detected.
• Hop-by-hop message authentication: Every forwarder on the routing path should be able to
verify the authenticity and integrity of the messages upon reception.
• Identity and location privacy: The adversaries cannot determine the message sender’s ID and
location by analyzing the message contents or the local traffic.

11. • Node compromise resilience: The scheme should be resilient to node compromise attacks. No
matter how many nodes are compromised, the remaining nodes can still be secure.
• Efficiency: The scheme should be efficient in terms of both computational and communication
overhead.
V. SYSTEM IMPLEMENTATION
5.1MODULES
The System can be designed using the following modules,
• Node Deployment.
• Source Anonymous Message Authentication (SAMA).
• Modified EIGamal Signature (MES).
• Compromised Node Detection.
5.1.1 NODE DEPLOYMENT
An inquiry node register the information, after registration the registration node will
continue the login process.
Fig 7.1.1 Node Deployment
Inquiry node Registration
Process
Registered
Node
Login

12. 5.1.2 SOURCE ANONYMOUS MESSAGE AUTHENTICATION
For each message m to be released, the message sender, or the sending node, generates a
source anonymous message authenticator for the message m using its own private key.
msg msg msg
msg
Fig 7.1.2 Source Anonymous Message Authentication
5.1.3 MODIFIED ELGAMAL SIGNATURE
The optimal Modified ElGamal signature (MES) scheme on elliptic curves generate
signature dynamically then it provide intermediate nodes to authenticate the message so that all
corrupted message can be detected.
Fig 7.1.3 Modified Elgamal Signature
5.1.4 COMPROMISED NODE DETECTION
Sensor information will be delivered to a sink node, which can be co-located with the
Security Server (SS).when a message is received by the sink node, the message source is hidden
in an Ambiguity Set (AS).when a bad or meaningless message is received by the sink node, the
Source
Neighbor
Neighbor
Neighbor
Destination
Sender Neighbor Neighbor
Information
received
Destination
Verification
Process

13. source node is viewed as compromised. The compromised node will not be able to create new
public keys that can be accepted by the SS
Compromised node
Sign generate
.
Fig 7.1.4 Compromised Node Detection
5.2 MES SCHEME ON ELLIPTIC CURVES
Let p > 3 is an odd prime. An elliptic curve E is defined by an equation of the form: E: y2 = x3 +
ax + b mod p,[7]
Signature generation algorithm
The MES can also have many variants. For the purpose of efficiency, describe the
variant, called optimal scheme.
1. Choose a random k such that 0<k<p-1 and
gcd(k,p-1)=1.
2. Compute r ≡ gk
(mod p).
Sender Neighbor Neighbor
Information
received
Destination
Verification
Process
Attackers

14. 3. Compute S≡ (H(m)-xr)k-1
(mod p-1).
4. If s=0 start over again.
Then the pair(r,s) is the digital signature of m.
The signer repeats these steps for every signature.
Authentication generation algorithm
Suppose m is a message to be transmitted. To generate an efficient SAMA for message
m, Alice performs the following steps:
A signature (r,s) of a message m is verified as follows.
1. 0<r<p and 0<s<p-1.
2. gH(m)
≡ yr
rs
(mod p).
VI. PERFORMANCE EVALUATION
A. Simulation model and parameters
TABLE 1 TABLE 2
PROCESS TIME FOR EXISTING SCHEME PROCESS TIME FOR PROPOSED SCHEME
To evaluate the performance of proposed system, compare it with some existing techniques using
NS-2 Simulator. The bivariate polynomial based scheme is a symmetric key based implementation,
Proposed approach
n=1 n=10
Gen Verify Gen Verify
L=24 0.24 0.53 4.24 2.39
L=32 0.34 0.80 5.99 3.32
L=40 0.46 1.05 8.03 4.44
L=64 1.18 1.77 20.53 11.03

15. while proposed scheme is based on ECC. Assume that the key size to be l for symmetric key
cryptosystem, the key size for proposed should be 2l which is much shorter than the traditional public
key cryptosystem. The simulation parameters are helpful in simulating the proposed system. Table 1
shows the process time for existing scheme and Table 2 shows the process time for proposed scheme.
B. Performance Metrics
Figure 4.1 Packet Delivery Ratio Figure 4.2 Network Overhead
The ECC scheme is compared against polynomial based and it has provided the positive
results. Packet delivery ratio (PDR): PDR defines the ratio of the number of packets received by the
destination node to the number of packets sent by the source node. Routing overhead (RO): RO
defines the ratio of the amount of routing-related transmissions [Route REQuest (RREQ), Route
REPly (RREP), Route ERRor (RERR), ACK, S-ACK, and MRA]. Delay: Delay is the interarrival
time of 1st and 2nd packet to that of total data packets delivered.
C. Results
Enhanced message authentication scheme is evaluated by comparing it with other existing algorithms
using the NS-2 Simulator. Fig 4.1 shows Packet Delivery Ratio of the proposed method over other
existing methods

16. VII. CONCLUSION
Message authentication has always been a major threat to the security in wireless sensor
Networks. A Novel and efficient source anonymous message authentication scheme based on ECC to
provide message content authenticity. To provide hop by hop message authentication without the
weakness of the built in threshold of the polynomial based scheme. SAMA based on ECC compared it
against other popular mechanisms in different scenarios through simulations and TelosB.
Simulations results indicate that it greatly increases the effort of an attacker, but it requires proper
models for every application. Proposed scheme is more efficient than the bivariate polynomial-based
scheme in terms of computational overhead, energy consumption, delivery ratio, message delay, and
memory consumption.
VIII. REFERENCES
1. Jian Li Yun Li Jian Ren Jie Wu, ―Hop-by-Hop Message Authentication and Source Privacy in Wireless
Sensor Networks , IEEE Transactions On Parallel And Distributed Systems, pp 1-10, 2013‖
2. S. Zhu, S. Setia, S. Jajodia, and P. Ning, “An interleaved hop-by-hop authentication scheme for
filtering false data in sensor networks,” in IEEE Symposium on Security and Privacy, 2004
3. C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, “Perfectly-secure key
distribution for dynamic conferences,” in Advances in Cryptology - Crypto’92, ser. Lecture Notes in
Computer Science Volume 740, 1992, pp. 471–486.
4. F. Ye, H. Lou, S. Lu, and L. Zhang, ―Statistical en-route filtering of injected false data in sensor
networks, in IEEE INFOCOM, March 2004‖
5. M. Albrecht, C. Gentry, S. Halevi, and J. Katz, “Attacking cryptographic schemes based on
”perturbation polynomials”,” Cryptology ePrint Archive, Report 2009/098, 2009.
6. D. Pointcheval and J. Stern, “Security proofs for signature schemes,” in Advances in Cryptology -
EUROCRYPT, ser. Lecture Notes in Computer Science Volume 1070, 1996, pp. 387–398.
7. D. Pointcheval and J. Stern, “Security arguments for digital signatures and blind signatures,” Journal
of Cryptology, vol. 13, no. 3, pp. 361–396, 2000.
8. D. Pointcheval and J. Stern, “Security Arguments for Digital Sig- natures and Blind Signatures,” J.
Cryptology, vol. 13, no. 3, pp. 361- 396, 2000.

17. 9. R. Rivest, A. Shamir, and L. Adleman, ―A method for obtaining digital signatures and public-key
cryptosystems, Communications. of the Assoc. of Comp. Mach., vol. 21, no. 2, pp. 120–126, 1978.‖
10. T. A. ElGamal, ―A public-key cryptosystem and a signature scheme based on discrete logarithms,‖
IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469–472, 1985.
11. H. Wang, S. Sheng, C. Tan, and Q. Li, “Comparing symmetric-key and public-key based security
schemes in sensor networks: A case study of user access control,” in IEEE ICDCS, Beijing, China,
2008, pp. 11–18.
12. A. Perrig, R. Canetti, J. Tygar, and D. Song, “Efficient authentication and signing of multicast streams
over lossy channels,” in IEEE Symposium on Security and Privacy, May 2000.
13. W. Zhang, N. Subramanian, and G. Wang, “Lightweight and compromise resilient message
authentication in sensor networks,” in IEEE INFOCOM, Phoenix, AZ., April 15-17 2008.
14. D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,” Comm.
ACM, vol. 24, no. 2, pp. 84-88, Feb. 1981.
15. D. Chaum, “The Dinning Cryptographer Problem: Unconditional Sender and Recipient
Untraceability,” J. Cryptology, vol. 1, no. 1, pp. 65-75, 1988.
16. A. Pfitzmann and M. Hansen, “Anonymity, Unlinkability, Unobservability, Pseudonymity,
and Identity Management a Proposal for Terminology,” http://dud.inf.tu-dresden.de/
literatur/Anon_Terminology_v0.31.pdf, Feb. 2008.
17. A. Pfitzmann and M. Waidner, “Networks without User Observ- ability—Design Options.,” Proc.
Advances in Cryptology (EURO- CRYPT), vol. 219, pp. 245-253, 1985.
18. M. Reiter and A. Rubin, “Crowds: Anonymity for Web Trans- action,” ACM Trans. Information
and System Security, vol. 1, no. 1, pp. 66-92, 1998.
19. M. Waidner, “Unconditional Sender and Recipient Untraceability in Spite of Active Attacks,”
Proc. Advances in Cryptology (EURO- CRYPT), pp. 302-319, 1989.
20. D. Pointcheval and J. Stern, “Security Arguments for Digital Sig- natures and Blind Signatures,” J.
Cryptology, vol. 13, no. 3, pp. 361- 396, 2000.
21. L. Harn and Y. Xu, “Design of Generalized ElGamal Type Digital Signature Schemes Based on
Discrete Logarithm,” Electronics Let- ters, vol. 30, no. 24, pp. 2025-2026, 1994.