Revocable identity-based designated verifier proxy re-signature with signature evolution

Identity-based proxy re-signature (IDPRS) enables a semi-trusted proxy to convert one user's signature to another user's for the same message without revealing any secret information of both users' signing keys. In IDPRS, user revocation is a necessary problem arising from privilege expiry or private key compromise. A revoked user cannot produce new signatures including re-signatures from the proxy. There is a need for some applications like a contract management system to keep expired message and signature pairs valid in the next period. The conventional solution is to require the unrevoked users to sign these messages again, which burdens users heavily. Therefore, establishing an IDPRS system with revocation and efficient signature updating is crucial. This paper introduces the concept of revocable IDPRS with signature evolution, facilitating efficient signature updating. The signature evolution enables the proxy to batch update non-revoked users' signatures from old ones to new ones, while also offering precise execution of signature updates on specific messages. Moreover, to further protect the privacy of signature validity, we employ designated verifier in our scheme. Formal security proofs are provided, and performance evaluation demonstrates our scheme's lower computation costs for signature updating and its comprehensive security attributes.