Revocable Identity-Based Signature without Pairing

Abstract

In an identity based cryptosystem, a user's identity is used as its public key. So, a digital certificate is no longer needed for the authenticity of a public key. However, a necessary problem arises: how to prove that a user is revoked or non-revoked? The ideal revocation mechanism is to update every user's private key at every time period by the private key generater (PKG). Most of the existing works are revocable identity based encryption. In this paper, we present a revocable identity based signature scheme, which is more efficient than previous solutions. In our scheme, a user's private key is composed of both an initial private key and a time key. The time key is periodically updated by PKG, and is transmitted over a public channel. In addition, the new scheme does not use the expensive bilinear pairings. Formal security proofs are provided in the random oracle model under the standard Discrete Logarithm assumption. We also extend the new scheme to be decryption-key-exposure resilient.