Group Signatures with Time-Bound Keys Revisited: A New Model, an Efficient Construction, and its Implementation

Abstract

Chu et al. (ASIACCS 2012) proposed group signature with time-bound keys (GS-TBK), where each signing key is associated with expiry time $\tau$ τ . In addition, to prove membership of the group, a signer needs to prove that the expiry time has not passed, i.e., $t t τ , where $t$ t is the current time. A signer whose expiry time has passed is automatically revoked, and this revocation is called natural revocation. Signers can be revoked simultaneously before their expiry times if the credential is compromised. This revocation is called premature revocation. A nice property in the Chu et al. proposal is that the size of revocation lists can be reduced compared to those of Verifier-Local Revocation (VLR) group signature schemes by assuming that natural revocation accounts for most of the signer revocations in practice, and prematurely revoked signers are only a small fraction. In this paper, we point out that the definition of traceability of Chu et al. did not capture the unforgeability of expiry time for signing keys, which guarantees that no adversary who has a signing key associated with expiry time $\tau$ τ can compute a valid signature after $\tau$ τ has passed. This situation significantly reduces the dependability of the system since legitimate signing keys may be used for providing a forged signature. We introduce a security model that captures unforgeability, and propose a secure GS-TBK scheme in the new model. Our scheme also provides constant signing costs, whereas those of the previous schemes depended on the bit-length of the time representation. Finally, we provide the implementation results. We employ Barreto-Lynn-Scott (BLS) curves with 455-bit prime order and the RELIC library, and demonstrate that our scheme is feasible in practical settings.