Mediated attribute based signature scheme supporting key revocation

Attribute-based signature (ABS) schemes rise as the attribute-based systems prevail, in which a user´s capability depends on the attributes he has obtained from one or more authorities. A signature generated by ABS only proves whether the signer owns attributes satisfying the verifier´s policy, without leaking any more information about the signer. It is flexible in anonymous authentication and attribute-based access control systems, as the signer can choose any subset of his attributes satisfying the policy to generate a valid signature. As a user´s secret key is associated with his attributes, and represents his right in the system, the key revocation associated with attributes´ revocation is a pivotal secure problem in ABS systems. However, it becomes more challenging since the verifier does not obtain the signer´s certificate on-line and cannot check if the signer is revoked. Even worse, there may be several different users matching a verification policy, which puts forward new challenge. In this paper, we propose the mABS, a mediated attribute-based signature scheme, focusing on solutions for the key revocation problem. In mABS, there is a mediator responsible for the key revocation for the attribute authority. A user´s secret key generated by the attribute authority is divided into two shares, one for the mediator, and the other for the user. When a user wants to generate a signature, he has to ask the mediator to generate some signature components with his secret key share. Before answering the user, the mediator performs a revocation check for the user´s identifier and claimed attributes. If and only if the signer owns unrevoked attributes satisfying the policy, he can generate a valid signature. The mediator patakes the workload of the authority, and realizes instantaneous key revocation through revocation check during signing a message. Moreover, our mABS can support monotone policies in the form of attribute trees under the computational Diffie-He- lman assumption.