Server-aided attribute-based signature with revocation for resource-constrained industrial Internet of Things devices

The Industrial Internet of Things (IIoT) can be seen as the usage of Internet of Things (IoT) technologies in industries, which provides a way to improve the operational efficiency. Attribute-based signature (ABS) has been a very useful technique for services requiring anonymous authentication in practice, where a signer can sign a message over a set of attributes without disclosing any information about his/her identity, and a signature only attests to the fact that it is created by a signer with several attributes satisfying some claim-predicate. However, an ABS scheme requires exponentiation and/or pairing operations in the signature generation and verification algorithms, and hence it is quite expensive for resource-constrained devices like a sensor in the IIoT network to run an ABS scheme. To reduce the computational overheads for both signers and verifiers, it has been suggested to introduce a server to help with signature generation and verification, but existing results on ABS with “server-aided computation” either suffer from the security issues or are not sufficiently efficient. In this paper, we consider server-aided ABS one step further, and propose a notion called server-aided attribute-based signature with revocation (SA-ABSR), which not only securely mitigates the workloads of users in generating and verifying signatures, but also enables user revocation by having the server immediately stop signature generations for revoked signers. We formally define the security model for SA-ABSR, present a concrete construction of SA-ABSR based on a standard ABS scheme, and prove its security under the defined security model. Also, we implement the proposed SA-ABSR scheme and the underlying standard ABS scheme to evaluate the performance, from which it is easy to see that the proposed SA-ABSR scheme is more efficient than its underlying ABS scheme.