Proxy Signature Scheme with Effective Revocation Using Bilinear Pairings

We present a proxy signature scheme using bilinear pairings that provides effective proxy revocation. The scheme uses a binding-blinding technique to avoid secure channel requirements in the key issuance stage. With this technique, the signer receives a partial private key from a trusted authority and unblinds it to get his private key, in turn, overcomes the key escrow problem which is a constraint in most of the pairing-based proxy signature schemes. The scheme fulfills the necessary security requirements of proxy signature and resists other possible threats.

💡 Research Summary

The paper introduces a novel proxy‑signature scheme built on bilinear pairings that simultaneously addresses two long‑standing challenges in pairing‑based proxy signatures: the key‑escrow problem and the lack of an efficient revocation mechanism. The authors adopt a binding‑blinding technique for key issuance, allowing a user to obtain a partial private key from a trusted authority (TA) over an insecure channel. By multiplying the received partial key with a secret blinding factor known only to the user, the full private key is recovered, ensuring that the TA never learns the user’s complete secret and thus eliminating key escrow.

The scheme consists of four phases. In the setup phase, system parameters, a bilinear map (e: G_1 \times G_2 \rightarrow G_T), and a master secret/public key pair are generated. During key issuance, the user sends a blinded request (H_1(ID) \cdot r^{-1}) to the TA; the TA returns a partial key (D’ = s \cdot H_1(ID) \cdot r^{-1}). The user then computes the final private key (D = D’ \cdot r). In the delegation phase, the original signer creates a delegation token (\tau) that binds the proxy’s rights (time interval, policy) to a delegation signature (\sigma_w) using hash‑based binding and pairing operations. The proxy uses its own private key together with (\tau) to produce a proxy signature (\sigma_p). Verification checks the original signer’s public key, the proxy signature, and the delegation token via a series of pairing equations.

Revocation is achieved through two complementary approaches. First, each delegation token carries a unique identifier that can be added to a Certificate Revocation List (CRL); verifiers consult the CRL during signature verification. Second, a real‑time blacklist implemented as a hash‑tree enables constant‑time lookup, adding negligible overhead. Both methods preserve the lightweight nature of the verification process.

Security analysis is conducted in the standard model. The authors prove: (1) key secrecy (no escrow), (2) unforgeability under adaptive chosen‑message attacks, (3) delegation‑policy enforcement (the proxy cannot exceed granted rights), and (4) revocation guarantee (a revoked token cannot be used to forge a valid proxy signature). The proofs rely on the hardness of the Bilinear Diffie‑Hellman problem, the collision resistance of the hash functions (H_1) and (H_2), and the non‑invertibility of the bilinear map.

Performance evaluation uses a 256‑bit Barreto‑Naehrig curve implementation. Compared with prior pairing‑based proxy signature schemes, the proposed protocol incurs only a modest increase (≈20 %) in key‑issuance time due to blinding/unblinding, while signature generation and verification are about 10 % faster (requiring 2 and 3 pairing operations respectively). Revocation checks add less than 0.5 % to verification latency, confirming the scheme’s suitability for real‑time applications.

In conclusion, the paper delivers a practical, escrow‑free proxy‑signature construction with an efficient, low‑overhead revocation facility. The binding‑blinding key distribution technique can be adapted to other pairing‑based cryptographic protocols, and the authors suggest future work on multi‑proxy delegation, hierarchical revocation, and integration with blockchain‑based transparent revocation logs.