Article Preview
TopIntroduction
Delegation of rights is a common practice in the real world. A variant of ordinary digital signature, the proxy signature, is a cryptographic primitive used to delegate the signing rights. Mambo, Usuda and Okamoto (1996), introduced the concept of proxy signature in 1996. A proxy signature scheme permits an entity, called the original signer to delegate his/her signing capability to another entity, called a proxy signer. On behalf of the original signer, the proxy signer may produce valid signatures. Depending on the type of delegation, proxy signatures may be classified as full delegation, partial delegation and delegation by warrant. In full delegation, the private key of the original signer is given to the proxy signer and therefore the proxy signer has the same signing capability as the original signer. Such schemes are obviously impractical and insecure for most real world situations. The proxy signer has a new key in a partial delegation scheme, called a proxy private key that is different from the private key of the original signer. Therefore, the proxy signatures generated by using proxy private key differ from the standard signatures of the original signer. The proxy signer is not, however, restricted to the range of messages he can sign. This weakness is eliminated in delegation by warrant schemes by including a warrant specifying what type of messages are delegated and may contain other information, such as original signer’s and proxy signer’s identities, the delegation period etc.
There are two types of proxy signature schemes; proxy-unprotected and proxy-protected, depending on whether the original signer can generate the same proxy signatures as the proxy signers do. In the proxy-unprotected scheme, both the proxy signer and the original signer develop the proxy signature. The verifier cannot distinguish the signer’s identity. The proxy-protected scheme is developed by the original signer’s proxy signature key together with the proxy signer’s private key. The verifier confirms a proxy signature with the public keys of both the original signer and a proxy signer. Many practical applications have been found by proxy signatures, including distributed systems (Varadharajan et al., 1991, Neuman, 1993), grid computing (Foster et al., 1998; Ramesh et al., 2020), mobile agent applications (Kim et al., 2001), distributed shared object systems (Leiwo et al., 2000), global distribution networks (Bakker et al., 2001) and mobile communications (Park and Lee, 2001). Proxy signature thus becomes one of the key topics in the area of information security.
The notion of digital signature scheme with message recovery was first introduced by Nyberg and Ruppel in 1993. In such a scheme, the original message does not need to be transmitted together with the signature since it has been appended to the signature and can be recovered according to the process of verification/ message recovery. It is different from an authenticated encryption scheme or signcryption scheme, since in this scheme, the embedded message can be recovered by anyone without the secret information. This type of signature is intended to minimize the overall length of the original message and the appended signature. It is extremely helpful in any organization where bandwidth is one of the most important concerns.