Chu et al. (ASIACCS 2012) proposed group signature with time-bound keys (GS-TBK), where each signing key is associated with expiry time $\tau$τ. In addition, to prove membership of the group, a signer needs to prove that the expiry time has not passed, i.e., $t<\tau$t<τ, where $t$t is the current time. A signer whose expiry time has passed is automatically revoked, and this revocation is called natural revocation. Signers can be revoked simultaneously before their expiry times if the credential is compromised. This revocation is called premature revocation. A nice property in the Chu et al. proposal is that the size of revocation lists can be reduced compared to those of Verifier-Local Revocation (VLR) group signature schemes by assuming that natural revocation accounts for most of the signer revocations in practice, and prematurely revoked signers are only a small fraction. In this paper, we point out that the definition of traceability of Chu et al. did not capture the unforgeability of expiry time for signing keys, which guarantees that no adversary who has a signing key associated with expiry time $\tau$τ can compute a valid signature after $\tau$τ has passed. This situation significantly reduces the dependability of the system since legitimate signing keys may be used for providing a forged signature. We introduce a security model that captures unforgeability, and propose a secure GS-TBK scheme in the new model. Our scheme also provides constant signing costs, whereas those of the previous schemes depended on the bit-length of the time representation. Finally, we provide the implementation results. We employ Barreto-Lynn-Scott (BLS) curves with 455-bit prime order and the RELIC library, and demonstrate that our scheme is feasible in practical settings.

中文翻译：

---

重访具有时限密钥的组签名：一种新模型、一种高效构造及其实现

楚等人。(ASIACCS 2012) 提出了带时限密钥的组签名 (GS-TBK)，其中每个签名密钥都与到期时间相关联$\tau$τ. 另外，为了证明组的成员身份，签名者需要证明没有过期，即：$t<\tau$吨<τ， 在哪里 $t$吨是当前时间。过期时间已过的签名者将被自动撤销，这种撤销称为自然撤销。如果证书被泄露，签名者可以在其到期时间之前同时被撤销。这种撤销称为过早撤销。Chu等人的一个不错的财产。提议是，与验证者-本地撤销 (VLR) 组签名方案相比，撤销列表的大小可以通过假设自然撤销占实践中签名者撤销的大部分，而过早撤销的签名者只是一小部分。在本文中，我们指出了 Chu 等人对溯源性的定义。没有捕获签名密钥到期时间的不可伪造性，这保证了没有与到期时间相关联的签名密钥的对手$\tau$τ 之后可以计算出一个有效的签名 $\tau$τ已通过。这种情况显着降低了系统的可靠性，因为合法的签名密钥可用于提供伪造的签名。我们引入了一个捕获不可伪造性的安全模型，并在新模型中提出了一个安全的 GS-TBK 方案。我们的方案还提供恒定的签名成本，而以前的方案取决于时间表示的位长。最后，我们提供了实现结果。我们采用具有 455 位素数阶的 Barreto-Lynn-Scott (BLS) 曲线和 RELIC 库，并证明我们的方案在实际环境中是可行的。