Proxy Signature Schemes for Controlled Delegation

A proxy signature scheme allows one user to delegate his/her signing capability to another user called a proxy signer in such a way that the latter can sign messages on behalf of the former. After verification the verifier is convinced of the original signer's agreement on the signed message. We begin by proposing a simple proxy signature scheme which satisfies the basic requirements of a secure proxy signature scheme. We find that the scheme can be used to control delegation of financial power to a proxy signer. Using our scheme the proxy signer will be able to submit an e-cheque for only the amount he is entitled to by the original signer. Any cheating by the original signer or the proxy signer is identified by the verifier i.e. the bank. Any discrete log based signature scheme can be used to sign the messages. Here we use the Digital Signature Algorithm(DSA). Forward-Secure signatures enable the signer to guarantee the security of messages signed in the past even if his secret key is exposed today. We extended our work on proxy signatures by constructing two forward secure proxy signature schemes, one based on DSA and the other based on the popular Bellare-Miner Forward-secure scheme. Compared to existing schemes, the special feature of our schemes is that an original signer can delegate his signing capability to any number of proxy signers in varying time periods. Though the original signer gives proxy information to all the proxy signers at the beginning of the protocol, the proxy signers will be able to generate proxy signatures only in their allotted time periods. Moreover, our schemes meet the basic requirements of a proxy signature scheme along with proxy revocation. Both on-demand proxy revocation i.e. whenever the original signer wants to revoke the proxy signer and automatic proxy revocation i.e. immediate revocation after the expiry of the time period of the proxy signer, is provided. Additional properties of our scheme are as follows: identity of the proxy signer is available in the information sent by original signer to proxy signer, original signer need not send the information to proxy signer through a secure channel, warrant on the delegated messages can be specified, original signer cannot play the role of proxy signer, and verifier can determine when the proxy signature was generated. The Bellare-Miner Forward-secure proxy scheme can also be used as a Forward-secure threshold proxy signature scheme. We have considered Forgery by the original signer, Impersonating and framing attack to prove the security of our scheme.