Verifier-local revocation group signatures with time-bound keys

A prominent issue in group signatures is revoking a group member's signing capability. To solve this issue, the group manager can send revocation messages only to signature verifiers, known as group signatures with verifier-local revocation (VLR). In existing VLR designs, the cost of revocation check grows linearly with the size of revocation messages. This paper introduces time-bound keys into group signatures to reduce the size of revocation messages and speed up the revocation check. In the new notion, the secret key of each group member is associated with an expiration date, and verifiers can tell (at a constant cost) whether or not a group signature is produced using an expired key. Consequently, revocation messages only need to provide the information about group members revoked prematurely (e.g., due to key compromise) but not those with expired keys. This will lead to a significant saving on revocation check in situations where prematurely revoked members are only a small fraction of revoked members. Following this approach, we give two concrete designs of group signatures with VLR to demonstrate the trade-offs between efficiency and privacy.