Forward-Secure Proxy Signature Scheme for Multiple Proxy Signers using DSA with Proxy Revocation

Abstract

A proxy signature scheme allows one user to delegate his/her signing capability to another user called a proxy signer in such a way that the latter can sign messages on behalf of the the former. After verification the verifier is convinced of the original signer's agreement on the signed message. Like digital signatures, these proxy signatures are also vulnerable to leakage of proxy secret key. Forward-Secure signatures enable the signer to guarantee the security of messages signed in the past even if his secret key is exposed today. By applying the concept of Forward-Security to proxy signatures, we have come up with a forward secure proxy signature scheme based on DSA(Digital signature algorithm). Compared to existing schemes, the special feature of our scheme is that an original signer can delegate his signing capability to any number of proxy signers in varying time periods. Though the original signer gives proxy information to all the proxy signers at the beginning of the protocol, the proxy signers will be able to generate proxy signatures only in their allotted time periods. Further, the proxy signatures are made forward-secure. Moreover, our scheme meets the basic requirements of a proxy signature scheme along with proxy revocation. Both on-demand proxy revocation i.e. whenever the original signer wants to revoke the proxy signer and automatic proxy revocation i.e. immediate revocation after the expiry of the time period of the proxy signer, is provided. Additional properties of our scheme are as follows: identity of the proxy signer is available in the information sent by original signer to proxy signer, original signer need not send the information to proxy signer through a secure channel, warrant on the delegated messages can be specified, original signer cannot play the role of proxy signer, and verifier can determine when the proxy signature was generated.