Cryptanalysis and improvement of certificateless proxy signcryption scheme for e-prescription system in mobile cloud computing

Certificateless proxy signcryption (CLPSc) is one of the most efficient security primitives for secure data transmission. The entrustment of signing rights to a proxy signcrypter at the behest of an original signcrypter imparts its utility in various fields such as an online proxy auction, healthcare industry, cloud computing, mobile-agents, ubiquitous computing, etc. Unlike the traditional sign-then-encrypt approach, signcryption primitive saves computational costs and bandwidth load. Recently, a pairing-free CLPSc scheme has been proposed which claims to be secure against forgery under adaptive chosen-message attacks. This paper unveils that the aforementioned scheme has failed to provide unforgeability. As an improvement of their scheme, a novel pairing-free certificateless proxy signcryption scheme using elliptic curve cryptography (ECC) has been proposed for e-prescription system in mobile cloud computing. The proposed scheme is proven to be secure against indistinguishability under adaptive chosen-ciphertext attack and existential forgery under adaptive chosen-message attack in the random oracle model against Type 1 and Type 2 adversaries through formal analysis. The proposed scheme outperforms the existing schemes in terms of computational efficiency making it suitable for futuristic mobile cloud computing applications.