Secure Proxy Signature Schemes for Delegation of Signing Rights

A proxy signature scheme permits an entity to delegate its signing rights to another. These schemes have been suggested for use in numerous applications, particularly in distributed computing. Before our work (Boldyreva et al. in Cryptology ePrint Archive, Report 2003/096, 2003 ) appeared, no precise definitions or proven-secure schemes had been provided. In this paper, we formalize a notion of security for proxy signature schemes and present provably-secure schemes. We analyze the security of the well-known delegation-by-certificate scheme and show that after some slight but important modifications, the resulting scheme is secure, assuming the underlying standard signature scheme is secure. We then show that employment of aggregate signature schemes permits bandwidth savings. Finally, we analyze the proxy signature scheme of Kim, Park and Won, which offers important performance benefits. We propose modifications to this scheme which preserve its efficiency and yield a proxy signature scheme that is provably secure in the random-oracle model, under the discrete-logarithm assumption.