#### Abstract

A mobile agent can sign a message in a remote server on behalf of a customer without exposing its secret key; it can be used not only to search for special products or services, but also to make a contract with a remote server. Hence a mobile agent system can be used for electronic commerce as an important key technology. In order to realize such a system, Lee et al. showed that a secure mobile agent can be constructed using proxy signatures. Intuitively, a proxy signature permits an entity (delegator) to delegate its signing right to another entity (proxy) to sign some specified messages on behalf of the delegator. However, the proxy signatures are often used in scenarios where the signing is done in an insecure environment, for example, the remote server of a mobile agent system. In such setting, an adversary could launch side-channel attacks to exploit some leakage information about the proxy key or even other secret states. The proxy signatures which are secure in the traditional security models obviously cannot provide such security. Based on this consideration, in this paper, we design a leakage-resilient proxy signature scheme for the secure mobile agent systems.

#### 1. Introduction

Mobile agents [1–3] are designed as some autonomous software entities which are able to sign some messages in a remote server on behalf of a customer without exposing its secret key. Therefore, a mobile agent system can be used for electronic commerce in many ways such as negotiating something with other entities, searching and buying special products or services on behalf of a customer, and selling products on behalf of a shopping server. As shown by previous works, a mobile agent system can be constructed using some proxy signature schemes; for example, Lee et al. [4] used a strong nondesignated proxy signature scheme; they also provided an RSA-based and Schnorr-based constructions of secure mobile agent.

*Proxy Signatures*. This notion was first introduced by Mambo et al. [5] in 1996. In a proxy signature scheme, an entity called delegator may delegate its signing right to another entity called proxy who can then sign some specified messages on behalf of the delegator; we call such signatures as proxy signatures. Finally, the verifier can be convinced from the proxy signatures that the original signer’s agreement on the signed message and such proxy signatures must be computed by the proxy rather than the delegator. Obviously, proxy signatures are very useful in many application scenarios, for example, mobile agents [3, 6–9] and mobile communications [10, 11]. In the existing proxy signature schemes, the model of delegation by warrant [5] (a signed warrant, e.g., , used to describe the validity of the delegation) has received the most attention. Kim et al. [12] suggested that a proxy key should be generated from such warrant. After Mambo et al.’s seminal work, many variants or improved schemes have been proposed (e.g., see [4, 11, 13–17]).

*BPW Transformation*. Boldyreva et al. [13] (henceforth called BPW) have given a secure generic construction of proxy schemes in the model of delegation by warrant from any secure ordinary signature scheme. Informally, to generate a proxy key, the original signer first signs a concatenation of the proxy’s public key and a warrant with a specific way to obtain a delegation certificate. Then the proxy could set up the proxy key by himself using this delegation certificate. Finally, the proxy could sign some messages that are described in the warrant on behalf of the original signer (cf. Section 4 of [13] for detailed description).

*Multilevel Proxy Model*. Malkin et al. [14] extended the general proxy signatures to the scenario of multilevel proxy, where the proxy can also delegate the proxy signing right to another proxy (in such setting the former proxy also is a delegator); similarly, the second proxy also can delegate its proxy signing right to another, and so on. We call the identities that the original signer and all proxies construct a delegation chain, that is, (original signer)-(1th proxy)-(2th proxy)--(th proxy)-.

*Security Models for Proxy Signatures*. Due to the additional property of the proxy signatures, how to define the security for the proxy signatures is more complicated than the standard signatures [18]. In [19], Mambo et al. introduced several security notions (then enhanced by Lee et al. [4]) for the proxy signatures (here we omit them; please refer to [4, 19] for detailed description). These notions provide some intuitive security requirements for the proxy signatures, but corresponding security definitions are unclear (i.e., lacking of formal definitions), so many constructions were shown to be insecure and then fixed and finally to be shown insecure again (e.g., [4, 19, 20]). Subsequently, Boldyreva et al. [13] first presented a well-defined security model for the proxy signatures. In their model, the adversary is allowed to corrupt an arbitrary number of users and learn their secret keys. Moreover, the adversary can also register some public keys on behalf of new users. Then, the adversary interacts with honest users playing the role of a delegator or a proxy and it can see the transcripts of all executions of the delegation protocol between the honest users. It is a rather strong security model. Malkin et al. [14] later extended this model to allow multilevel proxy signatures; they also showed that proxy signatures are equivalent to key-insulated signatures [21]. The models of [13, 14] both are registered key models, which means that it is required that the adversary submits the secret and public keys of all users used in the model except a single challenging user. Schuldt et al. [15] got rid of this requirement and gave a new security model, existential unforgeability under adaptive chosen message attack with proxy key exposure (EU-CMA-PKE). In this model, adversary directly controls all user’s secret keys of the delegation chain except the challenging user; furthermore, the adversary can corrupt some user to obtain the proxy keys (see Section 4 of [15] for more detailed description).

*Black-Box Assumption versus Reality*. In the security model of cryptographic schemes, traditionally, it is assumed that the secret internal state (secret key, randomness, etc.) of the schemes is completely hidden to the adversary, and hence the adversary in the traditional black-box model only can access an oracle to learn the input and output behaviors about the scheme. Unfortunately, many cryptographic engineers have shown that this assumption is not true in real world applications. They have designed a large class of realistic attacks, called side-channel attacks, to detect some leakage information about the secret state, for example, timing attacks [22], power consumption [23], and fault attacks [24, 25]. Therefore, if we implement a mobile agent system from a secure proxy signature that is in the traditional security model, it may be also insecure if the device of mobile agent encounters the side-channel attacks.

*Leakage-Resilient Cryptography*. To resist such side-channel attacks, cryptographers have proposed many countermeasures in the past few years. Leakage-resilient cryptography is one of them, which means that a cryptosystem is also secure; even the adversary obtains some bounded (even arbitrary) leakage information about the secret internal state.

To model the security of cryptographic schemes in the leakage-resilient cryptography setting with a formal way,considering an adversary attacks a scheme besides the ordinary queries (as in the black-box model), it also can adaptively choose arbitrary polynomial time computable functions (named leakage functions) to obtain some information about the secret internal state. The restrictions of the input and output for such leakage functions depend on the leakage models. Here, we briefly present some of them.(i)Only computation leaks model, introduced by Micali and Reyzin [26]: in this model, leakage is assumed to only occur on values that are currently accessed during the computation. Therefore, the input of the leakage function is confined to the* active* part of the internal secret state, while the passive part of the secret state is not taken as input to the leakage function.(ii)Bounded leakage model: the overall amount of the leakage should be bounded on a prespecified value .(iii)Continual-leakage model, introduced by Brakerski et al. [27] and Dodis et al. [28], independently: in this model, the secret key is allowed to be refreshed, while the corresponding public key remains fixed. Then the amount of the leakage is bounded only in between any two successive key refreshes and the overall amount can be unbounded.

Many cryptographic schemes have been proposed in the leakage-resilient cryptography setting based on different leakage models, for example, leakage-resilient stream ciphers [29], leakage-resilient zero knowledge [30], leakage-resilient PKE [31, 32], leakage-resilient IBE [33, 34], and leakage-resilient signatures [35–40].

*Leakage-Resilient Signatures.* In this paper, we focus on the construction of leakage-resilient signature schemes. Alwen et al. [35] gave a construction of leakage-resilient signature scheme in the random oracle model which may tolerate leakage of up to half the secret key. Then Katz and Vaikuntanathan [38] constructed a bounded leakage-resilient signature scheme in the standard model which can tolerate leakage of up to ( denotes the bit-length of the secret key) bits of information about the secret key. In the same paper, they also introduced the notion of fully leakage-resilient signatures which means that it is EU-CMA secure even the adversary may obtain leakage information on all internal state values that are used throughout the lifetime of the scheme. Boyle et al. [36] then improved their scheme to a full one which can be resilient to any leakage of length bits. Faust et al. [37] constructed a tree-based leakage-resilient signature scheme (in the model of “only computation leaks”) which can be instantiated with any 3-time bounded leakage-resilient signature. Their scheme resilient to bits per signing process, where is size of the underlying 3-time signature scheme, can leak in total.

*Our Contribution*. Proxy signatures are often proposed for use in applications where signing is done in a potentially hostile environment; for example, if we use a proxy signature to realize a mobile agent system, then the proxy key is stored in a laptop, or even an IC card, which might become infected by malware. In such setting, an adversary who launches side-channel attacks can detect some leakage information about the proxy key or even other internal states. Based on this consideration, we construct a proxy signature scheme in the setting of leakage-resilient cryptography, the leakage-resilient proxy signature (LRPS), for the first time. The proposed LRPS scheme maintains the properties of these two primitives, leakage-resilient cryptography and proxy signatures.

To define the security notion to the LRPS scheme, we combine the existing security models of proxy signatures and leakage-resilient cryptography to put forward the security model of existential unforgeability against the adaptive chosen message and leakage attacks (EU-CMLA (We also introduce the notion of EU-CMLA-PKE which is extended from EU-CMA-PKE in [15] for the full construction of the LRPS in Appendices.)). Furthermore, we also construct a concrete LRPS scheme under the delegation by warrant and multilevel proxy models, it can be regarded as a concrete implementation of the BPW transformation in the setting of leakage-resilient cryptography. We use a tree-based signature scheme to construct the proxy signature scheme, which is different than the method that [13, 15] adopted; they both adopted an aggregate signature [41]. Hence our construction provides an alternative method to the construction of the proxy signatures. The concrete construction of the LRPS scheme is based on Faust et al.’s [37] (henceforth called FKPR, in TCC 2010) leakage-resilient signature scheme.

#### 2. Definitions

In this section, we present some basic definitions for this paper: the notion of the stateful signatures and its security in the black-box model and in the presence of leakage, respectively.

##### 2.1. Notations

denotes the string of ones for . denotes the length of the bit string if is a bit string; denotes the number of the entries in the set . means randomly choosing an element from the set . We write to indicate that running the algorithm with input and then outputs and has the same indication except that is a probabilistic algorithm. We use the notation to denote the concatenation of the bit strings and ; if they are not strings, we assume that they will be encoded as a string before the concatenation takes place. Lastly we write PPT for the probabilistic polynomial time.

##### 2.2. Stateful Signatures

A signature scheme consists of three algorithms, key generation, signing, and verification denoted by , , and , respectively. We say that a signature scheme is stateful if the Sign algorithm is stateful, which means that the secret key will be refreshed after (or before) each signing process, while its corresponding public key remains fixed. That is to say, = (, , ) is a stateful signature scheme if it satisfies the following.(i) is a PPT algorithm that takes as input a security parameter and then outputs the signer’s initial secret key and public key . We write it .(ii) is a PPT algorithm run by the signer who takes as input its stateful secret key and a message and then outputs a signature and the next stateful secret key . We write it .(iii) is a deterministic algorithm run by the verifier who takes as input the signer’s public key PK, the signed message , and the corresponding signature and then outputs 1 if it is valid; else it outputs 0. We write it .

##### 2.3. Security of Stateful Signatures in the Black-Box Model

The definition of existential unforgeability against adaptive chosen message attack (EU-CMA) for the stateful signatures is defined by the following experiment which is played by a EU-CMA adversary and a challenger .(i) runs and gives to .(ii) can adaptively ask for the following: signing query : runs and returns to .(iii)At some point, outputs .We say that wins the above experiment if and was not submitted to the signing query. We denote the probability of succeeded by . We say SIG is EU-CMA secure if is negligible for every PPT adversary .

##### 2.4. Security of Stateful Signatures in the Presence of Leakage

In the setting of the leakage-resilient cryptography, adversary can obtain bits of leakage information with every signing query. With the th signing query, the adversary adaptively chooses any computable leakage function to the leakage query and then obtains the output of which takes as input the active part of the stateful secret key and the randomness used in the signing phase. Formally, the model of existential unforgeability against adaptive chosen message and leakage attacks (EU-CMLA) is defined by the following experiment which is played by a EU-CMLA adversary and a challenger .(i) runs and gives to .(ii) can adaptively ask for the following: (a)signing query : runs and returns to ;(b)leakage query : runs and if then it returns ; else it returns to .(iii)At some point, outputs .We say that wins the above experiment if and was not submitted to the signing query. We denote the probability of succeeded by . We say SIG is EU-CMA secure if is negligible for every PPT adversary .

#### 3. Leakage-Resilient Proxy Signatures

As outlined in the Introduction, there exists three entities in a proxy signature scheme: an original signer, a (or multi) proxy signer, and a verifier. A delegator, whether it is the original signer or a proxy signer, wants to delegate its signing right, whether original signing is right (i.e., the delegator is the original signer) or proxy signing is right (i.e., the delegator is a proxy signer) to a proxy. Finally, the verifier can be convinced with the original signer’s agreement on the signed message and the identities of the proxy signers from the proxy signatures.

In the multilevel proxy model, a delegation chain, (original signer)-(1th proxy)-(2th proxy)--(th proxy)-, consists of an original signer and (or more) proxy signers. To identify them, we require a list of their public keys in the proxy signatures.

In the BPW transformation, the delegator will sign its proxy’s public key and corresponding warrant to obtain a certificate to generate the proxy key. Therefore, to verify the validity of the delegation, it is also required that the proxy signatures contain a list of the warrants and of the certificates of the delegations.

##### 3.1. Syntax

Formally, we define the stateful proxy signatures (under the BPW transformation) as follows. That is to say, is a stateful proxy signature scheme if the first three algorithms are defined as , , and of the scheme , respectively, and the latter three algorithms satisfy the following.(i) is a pair of interactive PPT delegation protocol which means that the delegator D whose stateful key is delegates its signing right to a proxy who has a stateful key pair .(a) is run by the delegator with input , , , , , , , where , , and are the lists of public keys, warrants, and delegation certificates of the previous delegators, respectively, describes the current proxy is the th proxy in the delegation chain ( means that the delegator is the original signer), and is the warrant for the current delegation.(b) is run by the proxy with input , , to generate its proxy key.As a result of this interactive algorithm, the algorithm has no local output except that the delegator’s next stateful key . The local output of is the delegation information , where , , and are the lists of public keys, warrants, and certificates in the delegation chain extended with the public key of the proxy and warrant and certificate of the current delegation, respectively. We write it (, , , , , . (ii) is a PPT algorithm run by a proxy that takes as input its delegation information , , , , and a message and then outputs a proxy signature on behalf of the delegator and its next stateful key . We write it , , , , , .(iii) is a deterministic algorithm run by the verifier who takes as input and then outputs 1 if it is valid; else it outputs 0. We write it .

In the real world applications, user’s long-term secret key should be stored in a secure way and thus to guarantee that no information about the long-term key is leaked while the proxy key is exposed, it is better to generate a proxy key independent of the long-term key. We call such construction a full construction. There exists a simple method to the full construction from any BPW transformed proxy signature (cf. Section 5 of [15]).(i)After obtaining the delegation information , , , , , the proxy first generates a fresh proxy key pair .(ii)Compute , , , where is the delegation certificate from the delegator.(iii)The new delegation information is , , , , where and .The concrete full construction of such proxy signature scheme and corresponding security analysis are presented in Appendices.

##### 3.2. Implement Secure Mobile Agent from Proxy Signature Scheme

When we realize a mobile agent system construction by using a secure proxy signature scheme let the clients be the delegators and let the mobile agent be the proxy. Then the clients and the agent together run the interactive delegation protocol to delegate the client’s signing right to the agent. Finally, the agent can sign some specified messages on behalf of the client. A secure proxy signature scheme implies a secure mobile agent system; similarly, a leakage-resilient proxy signature scheme means that the corresponding mobile agent system can be resilient to some bounded information leakage.

##### 3.3. Security of the Leakage-Resilient Proxy Signatures

We put forward the security model of existential unforgeability against adaptive chosen message and leakage attacks (EU-CMLA) for the proxy signatures in the presence of leakage. It defined by the following experiment which is played by a challenger and a EU-CMLA adversary who controls all user’s secret keys except the challenging user.(i) runs and gives to .(ii) can adaptively ask for the following:(a)delegation to : interacts with through the delegation protocol by running algorithm , , ). When it is finished, will obtain the delegation information , , , ;(b)delegation of : interacts with through the delegation protocol to generate a proxy key to ; runs . When it is finished, returns the transcript of the delegation to ;(c)self-delegation of : first runs and then runs the delegation protocol to generate a proxy key to the challenging user itself, , . When it is finished, will obtain the delegation information and send the transcript of the delegation to ;(d)ordinary signing queries of : runs and returns to ;(e)proxy signing queries of : runs , and returns , , , to ;(f)leakage queries: may adaptively launches leakage query after each query to the delegation protocol, ordinary signing, or proxy signing oracle; that is, these algorithms have taken as input the secret key . runs and if then it returns ; else it returns to .(iii)At some point, outputs a forgery which must be one of the following cases.(1)Ordinary signature of : () if and has not been submitted to the ordinary signing queries, then output 1; else output 0.(2)Proxy signature of : , is the last entry in if and has not submitted to the proxy signing queries, then output 1; else output 0.(3)Proxy signature on behalf of : , is the th entry in . If and has not queried the delegation of oracle on inputs (), that is, the -th entry in the set ), then output 1 else output 0.We say that wins the above experiment if it outputs a valid forgery. We denote the probability of succeeded by . We say is EU-CMLA secure if is negligible for every PPT adversary .

*Remark*. In the model of EU-CMA-PKE, is allowed to query a redelegation of a user’s proxy key. However, we define the LRPS under the BPW transformation model (i.e., the user’s proxy key is exactly its secret key), so in the model of EU-CMLA, can run the redelegation by itself except that the redelegation of which can be obtained from the query of delegation of in such setting. Similarly, has no need to query the proxy key exposure queries.

#### 4. Construction of Leakage-Resilient Proxy Signatures

In this section, we present a concrete construction of the LRPS scheme based on FKPR signature scheme which can be instantiated with any EU-CMTLA (existential unforgeability against chosen message and total leakage attacks) 3-time signature scheme .

Before giving the detailed description of the , we first introduce some notations relative to the tree-based (with depth ) signature. We denote the all bit strings of length at most (including the empty string ) with (size ). The left and right child of an internal node (or root) are denoted by and , respectively, and denotes the node ’s parent node. Depth-first traversal algorithm can be used to traverse and label the tree. For a node , we define algorithm as the node traversed after in the depth-first traversal; that is,When the depth-first algorithm traverses the binary tree, each node is associated with a secret-public key pair by invoking the algorithm of the underlying signature scheme . The following notations will be used in the latter part of this paper. Let be a bit string with length .(i), is a “signature path” from to the root; is a signature of with its parent’s key ; that is, .(ii) is a subset of the secret keys on the path from the root to node . if and only if the path goes to the left child at the node . (The reason is that, in this case, the node ’s right child will be traversed after node under the depth-first traversal. Consequently, we need the secret key of node to sign its right child ’s public key .)

The stateful secret key of the scheme will have the form (i.e., using stacks and to keep track of the state, or node ). For a stack , define the following three algorithms:(1): putting element on the stack ;(2): removing the topmost element from the stack and assigning it to ;(3): removing the topmost element from the stack .

##### 4.1. Construction

To avoid trivial attacks against this scheme, we use the idea of Boldyreva et al. [13], attach a 3-bit string as the prefix of the text that will be signed, that is, 111(text which will be to compute ordinary signatures), 010(text which will be to compute signature paths), 100(text which will be to compute delegation certificates), and 101(text which will be to compute proxy signatures), respectively. The LRPS scheme is constructed as follows.(i): ; return .(ii): (to ease exposition, the signing process of the root (i.e., ) is not contained in this formalizing description) parse ; if return ; , ; return .(iii): parse , ; for do if return 0; else return .(iv): D runs , , and then sends , , , , , to .(v): P first checks the validity of the delegation certificates, for does if , it returns and rejects this delegation; otherwise, run ; finally, set the delegation information as . If someone, whose key pair is , wants to designate itself as a proxy it runs to generate a fresh key pair as the proxy key and creates a certificate , then does finally, it sets the delegation information as .(vi): and output the proxy signature .(vii): V first checks the validity of the delegation certificates, for does if returns 0; else it returns .

*Upper Bound of the Number of the Messages Can Be Signed.* For a fixed signing key, in both of the schemes FKPR and , the upper bound of the number of the message that can be signed is . We can see that, from the above construction, each internal node is used only one time to the signing algorithm. However, the key (with respect to the scheme sig) of any leaf can be signed three times. Hence, the upper bound of the number of the message can be signed and could be increased to that is double the number of the previous upper bound, as well as the FKPR scheme.

We should stress here that there is a disadvantage to our scheme which is based on tree-based signature compared to that constructed based on aggregate signature [13, 15]; that is, in those schemes, the verification of the delegation certificates can be executed at a time due to the property of aggregability of the aggregate signatures [41].

##### 4.2. Security

We now analyze the security of the proposed LRPS scheme.

Theorem 1. *If the FKPR scheme (denoted by ) is EU-CMLA secure, then the proxy signature scheme also is EU-CMLA secure.*

Our proof line is similar to that of Boldyreva et al.’s [13]. If there exists a EU-CMLA adversary and can break the security of the scheme , then we can construct a challenger to break the security of the FKPR scheme .(i)Initially, will be given a challenging public key and can adaptively make signing query () and leakage query () in the experiment . first sets as the challenging public key of the experiment and sends it to . Then it plays the experiment with .(ii) may adaptively ask for the following.(a)Delegation to : interacts with through the delegation protocol by running ). When it is finished, will obtain the delegation information . can run the algorithm even if it has no idea about the , because will be set as the proxy key of the challenging user, so upon completion, does not know the corresponding proxy key.(b)Delegation from : interacts with through the delegation protocol to generate a proxy key to . makes the signing query with input ; then it will be returned . After the delegation protocol is finished, will obtain the delegation information , where , and .(c)Self-delegation of : runs the delegation protocol to generate a proxy key of to itself. first runs and then makes the signing query with input ; then it will be returned to . Finally, will return the delegation information , , , 0, and sends the delegation transcripts to , where , and .(d)Ordinary signing queries of : makes the signing query with input ; then it will be returned to signature . Finally, returns to .(e)Proxy signing queries of : makes the signing query with input ; then it will be returned to signature . Finally, returns to .(f)Leakage queries: may make query for the leakage information after each delegation protocol, ordinary signing, or proxy signing query. To answer it, makes the same query to ; it will be returned as a valid leakage information or if is illegal. Finally, returns it to . *Remark*. In the construction of scheme , except for the algorithm, there are also two algorithms using the signing or proxy signing key, the and . Actually, however, they are also a signing algorithm just with different input of text, so the leakage information answered by (from ) is indistinguishable to what obtains in the real interaction in the experiment .(iii)Finally, according to the assumption, outputs a forgery for the challenging public key with respect to scheme . It must be one of the following cases. We now show the challenger how to translate ’s forgery as a forgery with respect to the FKPR scheme .(1)Ordinary signature of : If outputs an ordinary signature of , then outputs .(2)Proxy signature of : , is the last entry in . If outputs a proxy signature of , outputs .(3)Proxy signature on behalf of : , is the th entry in the list . If outputs a proxy signature on behalf of , then outputs .

*Analysis of *. It is clear that the view of which is answered by in the above experiment is identical to what obtains in the real interaction in the experiment . We now show that any valid output of the adversary can be translated to a valid forgery with respect to the FKPR scheme .(1)If outputs an ordinary signature , , and has not been submitted to the ordinary signing queries, so does not make the signing query with input . Therefore, is a valid forgery with respect to the scheme .(2)If outputs a proxy signature , , and has not submitted to the proxy signing queries, so does not make the signing query with input . Therefore, is a valid forgery with respect to the scheme .(3)If outputs a proxy signature on behalf of : , where is the th entry in , and does not make the query of delegation from with input (th entry in ), so does not make the signing query with input . Therefore, is a valid forgery with respect to the scheme .

From the above analysis, we can see that the challenger ’s output of forgery is contradictory to the security of the FKPR scheme (cf. Theorem 1 of [37]) and thus proves the security of the LRPS scheme .

#### 5. Conclusion

In this paper, we design a leakage-resilient proxy signature scheme, the LRPS. To model the security of such schemes, we adapt the existing models of the proxy signature schemes which are proposed by Schuldt et al. (in PKC 2008) [15] and Boldyreva et al. (in Jour. Crypto. 2012) [13] to the leakage-resilient cryptography setting and give an extended model, EU-CMLA, for the LRPS schemes. Furthermore, we present a concrete construction based on Faust et al.’s (in TCC 2010) [37] LR signature scheme. This construction is provably secure under the given security model.

#### Appendices

Now we show that their proposed proxy signature scheme in Section 4 which is based on the BPW transformation can be used to produce a secure full construction (denoted by ) of the proxy signature scheme.

#### A. Construction

As said before, to guarantee that no information about the user’s long-term secret key is leaked if its proxy keys are exposed, we had better let a proxy generate fresh and independent keys in a delegation, create a certificate for , and keep the as the proxy secret key; to record the proxy public keys of the proxies maintain a separate list to store them. The construction of the scheme is as follows, where the algorithms are the same as the algorithms of the scheme , respectively. Here we should stress that the following construction is based on Schuldt et al.’s [15] idea, while their scheme is based on sequential aggregate signature, but ours is based on tree-based signature and we focus on the realization of the leakage-resilient proxy signature.

In the scheme , the proxy’s proxy key is in fact exactly its long-term secret key and hence it delegates its own signing right or proxy’s signing right to the next proxy, it takes as input its secret key to run the delegation algorithm . However, when we consider the full construction of the proxy signature scheme, proxy’s secret key and proxy’s key are different and independent, and thus when it delegates its own signing right to a proxy it takes as input its secret key; when it delegates its proxy signing right to the next proxy, then it takes as input the proxy key. To uniformly describe these two cases, we use to denote the input to the algorithm run by the delegator in the scheme . For ease of description, here we describe the stateful signing algorithm as a nonstateful formalization.(i): it is divided into the following two cases depending on (a)If and are empty (i.e., is an long-term secret key), the delegator constructs lists , , and . Then compute and send the delegation information to the proxy.(b)If and are not empty (i.e., is a proxy key), the delegator constructs lists and . Then compute and send the delegation information to the proxy.(ii): the proxy first checks the validity of the delegation certificates for does: if , it returns and rejects this delegation, where means the th entry in the list . Otherwise, first generate a fresh proxy key pair and run . Then compute , . Finally, run ; set and output the delegation information .(iii): , output the proxy signature .(iv): V first checks the validity of the delegation certificates, for does , or dependent on the current certificate generated by or , respectively. If all the verifications pass then return .

#### B. Security

We now analyze the security of the scheme . This proof is roughly analogous to the proof of scheme . However, because the proxy key is independent of the long-term secret key, we have to permit more queries to the adversary, such as a redelegation of a user’s proxy key. Here we adapt Schuldt et al.’s [15] security model, EU-CMA-PKE which is the strongest notion for the proxy signature schemes (cf. Section 4 of [15] for detailed description), to the leakage-resilient cryptography setting, EU-CMLA-PKE. In the presence of leakage, we should care about what secret can be taken as input to the leakage function: long-term secret key, proxy key, or both? Our answer is both.

The detailed analysis is as follows.

Theorem B.1. *The proxy signature scheme is EU-CMLA-PKE secure based on the security of the leakage-resilient FKPR signature scheme .*

We show that if there exists a EU-CMLA-PKE adversary which can break the security of the scheme , then it can be used to construct a challenger to break the security of the FKPR scheme .

(I) Initially, will be given a challenging public key and can adaptively make signing query () and leakage query () in the experiment . first chooses a random . If , sets and . Otherwise, generates a fresh key pair and chooses random (where is the number that queries to the delegation oracle; will use instead of a fresh key in the th delegation query by ). For both cases, sends to as the challenging public key of the experiment . Then it plays the experiment with .

(II) may adaptively ask for the following. When the queries by need signing invocation of corresponding to , queries its own singing oracle , and we omit this implicit description in the following proof. In addition, will maintain a set of lists which contains all proxy keys generated by for the delegation chain with the public keys and warrants .(i)Delegation to : if , or and this is not the th delegation query, then first runs and set . If and this is the th delegation query, runs and set . Then computes . Finally, store in .(ii)Delegation from : this query can be divided into the following three cases.(a)Delegation of : sets , and . Then compute and set . Finally return the delegation information to .(b)Redelegation of : retrieves the th proxy key and parses it as . Then run , compute , and set. Finally return the delegation information to .(c)Self-delegation of : (1)if and are empty (i.e., self-delegation of ), constructs , and and sets and .(2)If and (i.e., delegation of ), retrieves the th proxy key in and parses it as . Then compute , and set and . then computes . If or and this not the th delegation query, first runs , and construct . Otherwise, constructs , and set . Finally, computes and, and then store the proxy key in and send the transcript to .(iii)Ordinary signing queries of : returns .(iv)Proxy signing queries of : retrieves the th proxy key in and parses it as . Then compute and return to .(v)Proxy key exposure queries: retrieves the th proxy key in and parses it as . If , aborts. Otherwise, returns to .(vi)Leakage queries: : makes query for the leakage information about the secret key (randomness is also included here) after each delegation protocol, ordinary signing, or proxy signing query. If the used secret key is chosen by , then returns . Otherwise, makes the same query to its own leakage oracle , it will be returned as valid leakage information or if is illegal. Finally, returns it to . *Remark*. The secret state for can be divided into two kinds, the first one is that chosen by in the experiment, and the second one is that unknown to , that is, and the randomness used in the singing oracle . For the first one, can directly answer by itself. For the second one, similar to the proof in Theorem 1, can make the same query to its leakage oracle .

(III) Finally, according to the assumption, outputs a forgery for the challenging public key (with respect to the scheme ). It must be one of the following cases:(1)ordinary signature ;(2)proxy signature , where the last key in was not generated by ;(3)proxy signature , where the th key in was not generated by ;(4)proxy signature , where the last key in was generated by ;(5)proxy signature , where the th key in was generated by .

We now show how the challenger translates ’s forgery as a forgery with respect to the FKPR scheme SIG. If has flipped which means that , then the first three cases correspond to the forgeries where has forged a signature under the secret key , and hence can translate them to a forged signature corresponding to the scheme which can be analogous to that in the proof of Theorem 1. Otherwise, if outputs a forgery that belongs to the last two cases, will abort.

If which means that sets as the th fresh proxy public key: in this case, if outputs a forgery that belongs to the first three cases, then will abort. Otherwise, the last two cases indicate that has forged a signature under one of the keys generated by in a delegation, but for which has not received the corresponding secret key. In those two cases, will be a valid signature under a key generated by in some delegation query; that is, will be the last key in the list for a proxy key from some proxy key list . Therefore, with probability , can choose the right such that . In this case, outputs as a valid forgery of the key for the underlying signature scheme .

From the above analysis, we can see that the challenger ’s forgery with a nonnegligible probability is contradictory to the security of the FKPR scheme (cf. Theorem 1 of [37]) and thus proves the security of the LRPS scheme .

#### Disclosure

An abstract of this paper has been presented in the proceedings of the 5th International Conference on Intelligent Networking and Collaborative Systems (INCoS), IEEE, pp, 495–502, 2013 [42].

#### Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

#### Acknowledgments

This research is supported by the National Natural Science Foundation of China (Grant no. 60970139), the Strategic Priority Program of Chinese Academy of Sciences (Grant no. XDA06010702), and the IIEs Cryptography Research Project. The authors would like to thank anonymous reviewers for their helpful comments and suggestions.