Revocable and strongly unforgeable identity-based signature scheme in the standard model

Revocation functionality is crucial for the practicality of the public key cryptosystems, especially for that of identity-based cryptosystems. When some users lose their private keys, the cryptosystems must support an efficient revocation method to revoke such users. On the other hand, strong unforgeability provides stronger security than existential unforgeability and ensures the adversary cannot even produce a new signature for a previously signed message. However, existing revocable identity-based signature schemes can support neither efficient key revocation nor strong unforgeability. In this paper, we propose a strongly unforgeable identity-based signature scheme with efficient revocation. In the proposed scheme, the master key is randomly divided into two parts: one is used to construct the initial secret key, the other is used to generate the key update. Furthermore, they are used to periodically and re-randomly produce signing keys for non-revoked users. Thus, the proposed scheme can efficiently revoke users and resist key exposure attacks. In the standard model, our scheme is proven to be strongly unforgeable under the CDH hardness assumption.