A lattice-based unordered certificateless aggregate signature scheme for cloud medical health monitoring system

Certificateless aggregate signature (CLAS) protocols mitigate the reliance upon the key-generating center of identity-rooted signatures. Consequently, they partly resolve the intrinsic key escrow issue found in identity-based encryption systems while upholding their implementation efficiency advantage. Over recent years, a range of new CLAS protocols has emerged aiming to transcend the communication and computation constraints of sensors. This is to ensure the integrity, validity, and accessibility of patients' health data within cloud-based healthcare monitoring systems (c-HMS). However, a number of these protocols fail to offer sufficient security guarantees-they are not secured for the post-quantum era, cannot repel collusion attacks, and require signing order, rendering them pseudo-aggregate schemes. Thus, this paper introduces a lattice-based unordered certificateless aggregate signature scheme (L-UCASS) specifically designed for cloud medical health monitoring systems. Additionally, our scheme leverages lattice architecture to guarantee security in the post-quantum era; adopts a certificateless structure to withstand attacks from untrustworthy key generation centers (KGC) and avoid key escrow; implements a bimodal Gaussian distribution to enhance efficiency; and utilizes an intersection technique to accomplish a true aggregate scheme and avert collusion attacks commonly occurring when more than two signers compute another signer's private key. Finally, a comparative study reveals that our scheme successfully enhances protocol security without imposing significant spatial or temporal overhead. We also demonstrate that our scheme is existentially unforgeable in the context of adaptive chosen message attacks (EUF-CMA) against type I and type II adversaries in the random oracle model (ROM).