A proxy signature scheme permits an entity to delegate its signing rights to another. These schemes have been suggested for use in numerous applications, particularly in distributed computing. Before our work [6] appeared, no precise definitions or proven-secure schemes had been provided. In this paper, we formalize a notion of security for proxy signature schemes and present provably-secure schemes. We analyze the security of the well-known delegation-by-certificate scheme and show that after some slight but important modifications, the resulting scheme is secure, assuming the underlying standard signature scheme is secure. We then show that employment of aggregate signature schemes permits bandwidth and computational savings. Finally, we analyze the proxy signature scheme of Kim, Park and Won, which offers important performance benefits. We propose modifications to this scheme which preserve its efficiency and yield a proxy signature scheme that is provably secure in the random-oracle model, under the discrete-logarithm assumption.

In this paper we give a classification of delegation schemes into four main classes. To solve the problem with simply chained tokens in cascaded delegations we introduce the concept of hierarchical delegation tokens. To realize this concept we use the Schnorr signature scheme and self--certified public keys introduced by Girault. We describe the first approach for hierarchical key generation based on an unregarded idea of Gunther and the generation of designated verifier signatures. Using these tools, we present efficient delegation schemes for the four main classes, which are efficient in generating and using delegation keys compared with other existing approaches. This is one of the few works, that combines cryptographic algorithms and protocols to benefit for the complexity and the efficiency of the resulting delegation mechanisms.