“…In a short summary of the performance comparison both our proposed schemes, Chien's schemes [11,25], and Fang et al's level-2 D2S authentication [12] demand almost negligible computational cost, compared to other PKC-based schemes. However, Chien's schemes [11,25] do not provide anonymity, Fang et al's level-2 D2S authentication [12] does not consider unlinkability, and the D2S group authentication [12] is vulnerable to the single-compromised-device-impersonation attack. Those pseudonym-bound-certificate schemes [29,31,32] and the pseudonym-bound-CLPK schemes [36] demand much larger computational overhead, which make them much less attractive to the resource-limited devices; additionally, they only provide anonymity but not unlinkability; the process of periodically renewing the certificates or the CLPKs is also very costly.…”