Efficient Authorization in Delegation Chains with Strong Non-Repudiation

In an organization, it is a common practice for a user (the delegator) to delegate some rights, in particular the signing right, to another user (the delegate). From the perspective of digital signature, a secure scheme is required to handle the delegation process so that the authorization as well as the signature of the delegate can be verified efficiently. In general, delegation can occur more than one level, thus forming a delegation chain. Among the existing approaches, delegation certificate [1] is a popular technique for performing delegation and handling chained delegation. However, it is not scalable because the verification of authorization is inefficient. In this paper, we extend Kim et al.'s proxy signature [6], which only handles one level of delegation, to support efficient verification for a delegation chain. We first show that a straight-forward extension of Kim et al.'s scheme does not support strong non-repudiation. Wepropose a possible way to modify the scheme to support the property.