摘要:Revocation functionality is very important for an identity-based signature to revoke users efficiently and securely. Hung et al. proposed a revocable identity-based signature (RIBS) scheme in the standard model and proved that it was strongly unforgeable against chosen-message attacks. However, we find that their RIBS scheme is insecure. In this paper, we provide a security analysis of Hung et al.’ s RIBS scheme by showing concrete attacks. Our analysis shows that Hung et al.’ s RIBS scheme does not satisfy the requirement of strong unforgeability, and thus, an adversary can forge a legal signature for a previously signed message. We also note serious flaws in their security proofs. The simulator of Hung et al.’ s security argument cannot correctly answer the signing query in the security model, and the adversary can obtain any valid signature. Furthermore, we demonstrate that Hung et al.’ s RIBS scheme is vulnerable to signing key exposure attack. To solve these problems, we construct an improved RIBS scheme with strong unforgeability and signing key exposure resistance in the standard model. Compared with previous RIBS schemes without random oracles, our scheme has advantages regarding computational cost and security.
