Secure Mobile Agent from Leakage-Resilient Proxy Signatures

A mobile agent can sign a message in a remote server on behalf of a customer without exposing its secret key; it can be used not only to search for special products or services, but also to make a contract with a remote server. Hence a mobile agent system can be used for electronic commerce as an important key technology. In order to realize such a system, Lee et al. showed that a secure mobile agent can be constructed using proxy signatures. Intuitively, a proxy signature permits an entity (delegator) to delegate its signing right to another entity (proxy) to sign some specified messages on behalf of the delegator. However, the proxy signatures are often used in scenarios where the signing is done in an insecure environment, for example, the remote server of a mobile agent system. In such setting, an adversary could launch side-channel attacks to exploit some leakage information about the proxy key or even other secret states. The proxy signatures which are secure in the traditional security models obviously cannot provide such security. Based on this consideration, in this paper, we design a leakage-resilient proxy signature scheme for the securemobile agent systems.


Introduction
Mobile agents [1][2][3] are designed as some autonomous software entities which are able to sign some messages in a remote server on behalf of a customer without exposing its secret key.Therefore, a mobile agent system can be used for electronic commerce in many ways such as negotiating something with other entities, searching and buying special products or services on behalf of a customer, and selling products on behalf of a shopping server.As shown by previous works, a mobile agent system can be constructed using some proxy signature schemes; for example, Lee et al. [4] used a strong nondesignated proxy signature scheme; they also provided an RSA-based and Schnorr-based constructions of secure mobile agent.
Proxy Signatures.This notion was first introduced by Mambo et al. [5] in 1996.In a proxy signature scheme, an entity called delegator may delegate its signing right to another entity called proxy who can then sign some specified messages on behalf of the delegator; we call such signatures as proxy signatures.Finally, the verifier can be convinced from the proxy signatures that the original signer's agreement on the signed message and such proxy signatures must be computed by the proxy rather than the delegator.Obviously, proxy signatures are very useful in many application scenarios, for example, mobile agents [3,[6][7][8][9] and mobile communications [10,11].In the existing proxy signature schemes, the model of delegation by warrant [5] (a signed warrant, e.g.,  :=  proxy ‖ M ‖ indate ‖ ⋅ ⋅ ⋅ , used to describe the validity of the delegation) has received the most attention.Kim et al. [12] suggested that a proxy key should be generated from such warrant.After Mambo et al. 's seminal work, many variants or improved schemes have been proposed (e.g., see [4,11,[13][14][15][16][17]).BPW Transformation.Boldyreva et al. [13] (henceforth called BPW) have given a secure generic construction of proxy schemes in the model of delegation by warrant from any secure ordinary signature scheme.Informally, to generate a proxy key, the original signer first signs a concatenation of the proxy's public key and a warrant with a specific way to obtain a delegation certificate.Then the proxy could set up the proxy key by himself using this delegation certificate.Finally, the proxy could sign some messages that are described in the warrant on behalf of the original signer (cf.Section 4 of [13] for detailed description).
Multilevel Proxy Model.Malkin et al. [14] extended the general proxy signatures to the scenario of multilevel proxy, where the proxy can also delegate the proxy signing right to another proxy (in such setting the former proxy also is a delegator); similarly, the second proxy also can delegate its proxy signing right to another, and so on.We call the identities that the original signer and all proxies construct a delegation chain, that is, (original signer)-(1th proxy)-(2th proxy)-⋅ ⋅ ⋅ -(th proxy)-⋅ ⋅ ⋅ .
Security Models for Proxy Signatures.Due to the additional property of the proxy signatures, how to define the security for the proxy signatures is more complicated than the standard signatures [18].In [19], Mambo et al. introduced several security notions (then enhanced by Lee et al. [4]) for the proxy signatures (here we omit them; please refer to [4,19] for detailed description).These notions provide some intuitive security requirements for the proxy signatures, but corresponding security definitions are unclear (i.e., lacking of formal definitions), so many constructions were shown to be insecure and then fixed and finally to be shown insecure again (e.g., [4,19,20]).Subsequently, Boldyreva et al. [13] first presented a well-defined security model for the proxy signatures.In their model, the adversary is allowed to corrupt an arbitrary number of users and learn their secret keys.Moreover, the adversary can also register some public keys on behalf of new users.Then, the adversary interacts with honest users playing the role of a delegator or a proxy and it can see the transcripts of all executions of the delegation protocol between the honest users.It is a rather strong security model.Malkin et al. [14] later extended this model to allow multilevel proxy signatures; they also showed that proxy signatures are equivalent to key-insulated signatures [21].The models of [13,14] both are registered key models, which means that it is required that the adversary submits the secret and public keys of all users used in the model except a single challenging user.Schuldt et al. [15] got rid of this requirement and gave a new security model, existential unforgeability under adaptive chosen message attack with proxy key exposure (EU-CMA-PKE).In this model, adversary directly controls all user's secret keys of the delegation chain except the challenging user; furthermore, the adversary can corrupt some user to obtain the proxy keys (see Section 4 of [15] for more detailed description).

Black-Box Assumption versus Reality.
In the security model of cryptographic schemes, traditionally, it is assumed that the secret internal state (secret key, randomness, etc.) of the schemes is completely hidden to the adversary, and hence the adversary in the traditional black-box model only can access an oracle to learn the input and output behaviors about the scheme.Unfortunately, many cryptographic engineers have shown that this assumption is not true in real world applications.They have designed a large class of realistic attacks, called side-channel attacks, to detect some leakage information about the secret state, for example, timing attacks [22], power consumption [23], and fault attacks [24,25].Therefore, if we implement a mobile agent system from a secure proxy signature that is in the traditional security model, it may be also insecure if the device of mobile agent encounters the side-channel attacks.
Leakage-Resilient Cryptography.To resist such side-channel attacks, cryptographers have proposed many countermeasures in the past few years.Leakage-resilient cryptography is one of them, which means that a cryptosystem is also secure; even the adversary obtains some bounded (even arbitrary) leakage information about the secret internal state.
To model the security of cryptographic schemes in the leakage-resilient cryptography setting with a formal way,considering an adversary attacks a scheme besides the ordinary queries (as in the black-box model), it also can adaptively choose arbitrary polynomial time computable functions (named leakage functions)   : {0, 1} * → {0, 1}  to obtain some information about the secret internal state.The restrictions of the input and output for such leakage functions depend on the leakage models.Here, we briefly present some of them.
(i) Only computation leaks model, introduced by Micali and Reyzin [26]: in this model, leakage is assumed to only occur on values that are currently accessed during the computation.Therefore, the input of the leakage function   is confined to the active part of the internal secret state, while the passive part of the secret state is not taken as input to the leakage function.
(ii) Bounded leakage model: the overall amount of the leakage should be bounded on a prespecified value .
(iii) Continual-leakage model, introduced by Brakerski et al. [27] and Dodis et al. [28], independently: in this model, the secret key is allowed to be refreshed, while the corresponding public key remains fixed.Then the amount of the leakage is bounded only in between any two successive key refreshes and the overall amount can be unbounded.
Leakage-Resilient Signatures.In this paper, we focus on the construction of leakage-resilient signature schemes.Alwen et al. [35] gave a construction of leakage-resilient signature scheme in the random oracle model which may tolerate leakage of up to half the secret key.Then Katz and Vaikuntanathan [38] constructed a bounded leakage-resilient signature scheme in the standard model which can tolerate leakage of up to ℓ−ℓ  (ℓ denotes the bit-length of the secret key) bits of information about the secret key.In the same paper, they also introduced the notion of fully leakage-resilient signatures which means that it is EU-CMA secure even the adversary may obtain leakage information on all internal state values that are used throughout the lifetime of the scheme.Boyle et al. [36] then improved their scheme to a full one which can be resilient to any leakage of length (1 − (1))ℓ bits.Faust et al. [37] constructed a tree-based leakage-resilient signature scheme (in the model of "only computation leaks") which can be instantiated with any 3-time bounded leakage-resilient signature.Their scheme resilient to  =   /3 bits per signing process, where   is size of the underlying 3-time signature scheme, can leak in total.
Our Contribution.Proxy signatures are often proposed for use in applications where signing is done in a potentially hostile environment; for example, if we use a proxy signature to realize a mobile agent system, then the proxy key is stored in a laptop, or even an IC card, which might become infected by malware.In such setting, an adversary who launches sidechannel attacks can detect some leakage information about the proxy key or even other internal states.Based on this consideration, we construct a proxy signature scheme in the setting of leakage-resilient cryptography, the leakage-resilient proxy signature (LRPS), for the first time.The proposed LRPS scheme maintains the properties of these two primitives, leakage-resilient cryptography and proxy signatures.
To define the security notion to the LRPS scheme, we combine the existing security models of proxy signatures and leakage-resilient cryptography to put forward the security model of existential unforgeability against the adaptive chosen message and leakage attacks (EU-CMLA (We also introduce the notion of EU-CMLA-PKE which is extended from EU-CMA-PKE in [15] for the full construction of the LRPS in Appendices.)).Furthermore, we also construct a concrete LRPS scheme under the delegation by warrant and multilevel proxy models, it can be regarded as a concrete implementation of the BPW transformation in the setting of leakage-resilient cryptography.We use a tree-based signature scheme to construct the proxy signature scheme, which is different than the method that [13,15] adopted; they both adopted an aggregate signature [41].Hence our construction provides an alternative method to the construction of the proxy signatures.The concrete construction of the LRPS scheme is based on Faust et al. 's [37] (henceforth called FKPR, in TCC 2010) leakage-resilient signature scheme.

Definitions
In this section, we present some basic definitions for this paper: the notion of the stateful signatures and its security in the black-box model and in the presence of leakage, respectively.

2.1.
Notations. 1  denotes the string of  ones for  ∈ .|| denotes the length of the bit string  if  is a bit string; || denotes the number of the entries in the set .  $ ←   means randomly choosing an element  from the set .We write  ← A() to indicate that running the algorithm A with input  and then outputs  and  $ ←  A() has the same indication except that A is a probabilistic algorithm.We use the notation  1 ‖  2 to denote the concatenation of the bit strings  1 and  2 ; if they are not strings, we assume that they will be encoded as a string before the concatenation takes place.Lastly we write PPT for the probabilistic polynomial time.

Stateful Signatures.
A signature scheme SIG consists of three algorithms, key generation, signing, and verification denoted by Kg, Sign, and Vfy, respectively.We say that a signature scheme is stateful if the Sign algorithm is stateful, which means that the secret key will be refreshed after (or before) each signing process, while its corresponding public key remains fixed.That is to say, SIG = (Kg, Sign, Vfy) is a stateful signature scheme if it satisfies the following.
(i) Kg is a PPT algorithm that takes as input a security parameter  and then outputs the signer's initial secret key SK 0 and public key PK.We write it (SK 0 , PK) (ii) Sign is a PPT algorithm run by the signer who takes as input its stateful secret key SK −1 and a message   and then outputs a signature Σ  and the next stateful secret key SK  .We write it (Σ  , SK  ) (iii) Vfy is a deterministic algorithm run by the verifier who takes as input the signer's public key PK, the signed message   , and the corresponding signature Σ  and then outputs 1 if it is valid; else it outputs 0. We write it 1/0 ← Vfy(PK,   , Σ  ).

Security of Stateful Signatures in the Black-Box Model.
The definition of existential unforgeability against adaptive chosen message attack (EU-CMA) for the stateful signatures is defined by the following experiment Exp eu-cma SIG,A which is played by a EU-CMA adversary A and a challenger B.
) and gives PK * to A.
(ii) A can adaptively ask B for the following: (iii) At some point, A outputs ( * , Σ * ).
We say that A wins the above experiment Exp eu-cma SIG,A if 1 ← Vfy(PK * ,  * , Σ * ) and  * was not submitted to the signing query.We denote the probability of A succeeded by Adk eu-cma SIG,A .We say SIG is EU-CMA secure if Adk eu-cma SIG,A is negligible for every PPT adversary A.

Security of Stateful Signatures in the Presence of Leakage.
In the setting of the leakage-resilient cryptography, adversary A can obtain  bits of leakage information with every signing query.With the th signing query, the adversary A adaptively chooses any computable leakage function   : {0, 1} * → {0, 1}  to the leakage query and then obtains the output Λ  of   which takes as input the active part SK * + −1 of the stateful secret key and the randomness   used in the signing phase.Formally, the model of existential unforgeability against adaptive chosen message and leakage attacks (EU-CMLA) is defined by the following experiment Exp eu-cmla SIG,A which is played by a EU-CMLA adversary A and a challenger B. (iii) At some point, A outputs ( * , Σ * ).
We say that A wins the above experiment Exp eu-cmla SIG,A if 1 ← Vfy(PK,  * , Σ * ) and  * was not submitted to the signing query.We denote the probability of A succeeded by Adk eu-cmla SIG,A .We say SIG is EU-CMA secure if Adk eu-cmla SIG,A is negligible for every PPT adversary A.

Leakage-Resilient Proxy Signatures
As outlined in the Introduction, there exists three entities in a proxy signature scheme: an original signer, a (or multi) proxy signer, and a verifier.A delegator, whether it is the original signer or a proxy signer, wants to delegate its signing right, whether original signing is right (i.e., the delegator is the original signer) or proxy signing is right (i.e., the delegator is a proxy signer) to a proxy.Finally, the verifier can be convinced with the original signer's agreement on the signed message and the identities of the proxy signers from the proxy signatures.
In the multilevel proxy model, a delegation chain, (ori ginal signer)-(1th proxy)-(2th proxy)-⋅ ⋅ ⋅ -(th proxy)-⋅ ⋅ ⋅ , consists of an original signer and  (or more) proxy signers.To identify them, we require a list PK of their public keys in the proxy signatures.
In the BPW transformation, the delegator will sign its proxy's public key and corresponding warrant to obtain a certificate to generate the proxy key.Therefore, to verify the validity of the delegation, it is also required that the proxy signatures contain a list W of the warrants and C of the certificates of the delegations.
3.1.Syntax.Formally, we define the stateful proxy signatures (under the BPW transformation) as follows.That is to say, SIG * = (Kg * , Sign * , Vfy * , ⟨Del * , PKg * ⟩, PSign * , PVfy * ) is a stateful proxy signature scheme if the first three algorithms are defined as Kg, Sign, and Vfy of the scheme SIG, respectively, and the latter three algorithms satisfy the following.
(i) ⟨Del * , PKg * ⟩ is a pair of interactive PPT delegation protocol which means that the delegator D whose stateful key is (SK D(−1) , PK D ) delegates its signing right to a proxy P who has a stateful key pair (SK P(  −1) , PK P ).
(a) Del * is run by the delegator with input (SK D(−1) , PK P , PK, W, C, ,   ), where PK, W, and C are the lists of public keys, warrants, and delegation certificates of the previous delegators, respectively,  describes the current proxy is the th proxy in the delegation chain ( = 0 means that the delegator is the original signer), and   is the warrant for the current delegation.(b) PKg * is run by the proxy with input (SK P(  −1) , PK P , PK D ) to generate its proxy key.
As a result of this interactive algorithm, the algorithm Del * has no local output except that the delegator's next stateful key SK D .The local output of PKg * is the delegation information (PK  , W  , C  , , SK P(  −1) ), where PK  , W  , and C  are the lists of public keys, warrants, and certificates in the delegation chain extended with the public key of the proxy and warrant and certificate of the current delegation, respectively.We write it (SK D , PK  , W  , , PK P , PK, W, C, ,   ), PKg * (SK P(  −1) , PK P , PK D )⟩.
(ii) PSign * is a PPT algorithm run by a proxy that takes as input its delegation information (PK, W, C, , SK P(  −1) ) and a message   and then outputs a proxy signature (PK, W, C, , Σ  ) on behalf of the delegator and its next stateful key SK P  .We write it (PK, W, C, , Σ  , SK P  ) $ ←  PSign * (PK, W, C, , SK P(  −1) ,   ).
In the real world applications, user's long-term secret key should be stored in a secure way and thus to guarantee that no information about the long-term key is leaked while the proxy key is exposed, it is better to generate a proxy key independent of the long-term key.We call such construction a full construction.There exists a simple method to the full construction from any BPW transformed proxy signature (cf.Section 5 of [15]).The concrete full construction of such proxy signature scheme and corresponding security analysis are presented in Appendices.

Implement Secure Mobile Agent from Proxy Signature
Scheme.When we realize a mobile agent system construction by using a secure proxy signature scheme let the clients be the delegators and let the mobile agent be the proxy.Then the clients and the agent together run the interactive delegation protocol to delegate the client's signing right to the agent.Finally, the agent can sign some specified messages on behalf of the client.A secure proxy signature scheme implies a secure mobile agent system; similarly, a leakage-resilient proxy signature scheme means that the corresponding mobile agent system can be resilient to some bounded information leakage.

Security of the Leakage-Resilient Proxy Signatures.
We put forward the security model of existential unforgeability against adaptive chosen message and leakage attacks (EU-CMLA) for the proxy signatures in the presence of leakage.It defined by the following experiment Exp eu-cmla SIG * ,A which is played by a challenger B and a EU-CMLA adversary A who controls all user's secret keys except the challenging user.), that is, the ( + 1)-th entry in the set PK), then output 1 else output 0.
We say that A wins the above experiment Exp eu-cmla SIG * ,A if it outputs a valid forgery.We denote the probability of A succeeded by Adk eu-cmla SIG * ,A .We say SIG * is EU-CMLA secure if Adk eu-cmla SIG * ,A is negligible for every PPT adversary A.
Remark.In the model of EU-CMA-PKE, A is allowed to query a redelegation of a user's proxy key.However, we define the LRPS under the BPW transformation model (i.e., the user's proxy key is exactly its secret key), so in the model of EU-CMLA, A can run the redelegation by itself except that the redelegation of SK * −1 which can be obtained from the query of delegation of SK * −1 in such setting.Similarly, A has no need to query the proxy key exposure queries.

Construction of Leakage-Resilient Proxy Signatures
In this section, we present a concrete construction of the LRPS scheme SIG * based on FKPR signature scheme which can be instantiated with any EU-CMTLA (existential unforgeability against chosen message and total leakage attacks) 3-time signature scheme sig = (kg, sign, vfy).Before giving the detailed description of the SIG * , we first introduce some notations relative to the tree-based (with depth  ∈ ) signature.We denote the all bit strings of length at most  (including the empty string ) with {0, 1} ≤ = ⋃  =1 {0, 1}  ∪  (size 2 +1 − 1).The left and right child of an internal node (or root)  ∈ {0, 1} ≤−1 are denoted by  ‖ 0 and  ‖ 1, respectively, and par() denotes the node 's Mobile Information Systems parent node.Depth-first traversal algorithm can be used to traverse and label the tree.For a node  ∈ {0, 1} ≤ \ 1  , we define algorithm DF() as the node traversed after  in the depth-first traversal; that is, ( is the root or an internal node) where  =   ‖ 0 ‖ 1  ( is a leaf) . ( When the depth-first algorithm traverses the binary tree, each node  is associated with a secret-public key pair (sk  , pk  ) by invoking the kg algorithm of the underlying signature scheme sig.The following notations will be used in the latter part of this paper.Let  =  1  2 ⋅ ⋅ ⋅   be a bit string with length .
(i) Γ  := {(pk  ,   ), . . ., (pk  1  2 ,   1  2 ), (pk  1 ,   1 )} is a "signature path" from  to the root;    is a signature of 010 ‖ pk   with its parent's key sk par(  ) ; that is, is a subset of the secret keys on the path from the root  to node .sk   ∈   if and only if the path goes to the left child   ‖ 0 at the node   .(The reason is that, in this case, the node   's right child   ‖ 1 will be traversed after node  under the depth-first traversal.Consequently, we need the secret key sk   of node   to sign its right child   ‖ 1's public key pk   ‖1 .) The stateful secret key of the scheme SIG * will have the form (,   , Γ  ) (i.e., using stacks   and Γ  to keep track of the state, or node ).For a stack , define the following three algorithms: (1) push(, ): putting element  on the stack ; (2)  ← pop(): removing the topmost element from the stack  and assigning it to ; (3) trash(): removing the topmost element from the stack .

Construction.
To avoid trivial attacks against this scheme, we use the idea of Boldyreva et al. [13], attach a 3-bit string as the prefix of the text that will be signed, that is, 111‖(text which will be to compute ordinary signatures), 010‖(text which will be to compute signature paths), 100‖(text which will be to compute delegation certificates), and 101‖(text which will be to compute proxy signatures), respectively.The LRPS scheme SIG * is constructed as follows.
If someone, whose key pair is (SK SD(−1) , PK SD ), wants to designate itself as a proxy it runs ) to generate a fresh key pair as the proxy key and creates a certificate Mobile Information Systems 7 finally, it sets the delegation information as (PK, W, C, , SK  P0 ).
(vii) PVfy * (PK, W, C, , , Σ): V first checks the validity of the delegation certificates, for  = 1, .For a fixed signing key, in both of the schemes FKPR and SIG * , the upper bound of the number of the message that can be signed is  = 2 +1 − 2. We can see that, from the above construction, each internal node is used only one time to the signing algorithm.However, the key (with respect to the scheme sig) of any leaf can be signed three times.Hence, the upper bound of the number of the message can be signed and could be increased to 2 +2 − 4 that is double the number of the previous upper bound, as well as the FKPR scheme.We should stress here that there is a disadvantage to our scheme which is based on tree-based signature compared to that constructed based on aggregate signature [13,15]; that is, in those schemes, the verification of the delegation certificates can be executed at a time due to the property of aggregability of the aggregate signatures [41].

Security.
We now analyze the security of the proposed LRPS scheme.Theorem 1.If the FKPR scheme (denoted by SIG) is EU-CMLA secure, then the proxy signature scheme SIG * also is EU-CMLA secure.
Our proof line is similar to that of Boldyreva et al. 's [13].If there exists a EU-CMLA adversary and A can break the security of the scheme SIG * , then we can construct a challenger B to break the security of the FKPR scheme SIG.
(i) Initially, B will be given a challenging public key PK  and can adaptively make signing query (SQ) and leakage query (LQ) in the experiment Exp eu-cmla SIG,B .B first sets PK * := PK  as the challenging public key of the experiment Exp eu-cmla SIG * ,A and sends it to A. Then it plays the experiment with A.
(ii) A may adaptively ask B for the following.−1 , because SK * −1 will be set as the proxy key of the challenging user, so upon completion, B does not know the corresponding proxy key.(b) Delegation from SK * −1 : (PK P ,   ) B interacts with A through the delegation protocol to generate a proxy key to PK P .B makes the signing query SQ with input 00 ‖ PK P ‖  ‖   ; then it will be returned Σ.After the delegation protocol is finished, A will obtain the delegation information (PK  , W  , C  , , * ), where PK P ∈ PK  ,   ∈ W  , and cert  := Σ ∈ C  .
(c) Self-delegation of SK * −1 :  B runs the delegation protocol to generate a proxy key of PK * to itself.B first runs ←  Kg * and then makes the signing query SQ with input 00 ‖ PK  ‖ 0 ‖ ; then it will be returned to Σ. Finally, B will return the delegation information (PK  , W  , C  , 0, SK  0 ) and sends the delegation transcripts to A, where PK  ∈ PK  ,  ∈ W  , and cert  := Σ ∈ C  .(d) Ordinary signing queries of SK * −1 :   B makes the signing query SQ with input 11 ‖   ; then it will be returned to signature Σ.A may make query   for the leakage information after each delegation protocol, ordinary signing, or proxy signing query.To answer it, B makes the same query to LQ; it will be returned as a valid leakage information Λ  or ⊥ if   is illegal.Finally, B returns it to A.
Remark.In the construction of scheme SIG * , except for the Sign * algorithm, there are also two algorithms using the signing or proxy signing key, the Del * and PSign * .Actually, however, they are also a signing algorithm just with different input of text, so the leakage information answered by B (from LQ) is indistinguishable to what A obtains in the real interaction in the experiment Exp eu-cmla SIG * ,A .
(iii) Finally, according to the assumption, A outputs a forgery for the challenging public key PK * with respect to scheme SIG * .It must be one of the following cases.We now show the challenger B how to translate A's forgery as a forgery with respect to the FKPR scheme SIG.
( .We now show that any valid output of the adversary A can be translated to a valid forgery with respect to the FKPR scheme SIG. (1) If A outputs an ordinary signature ( * , Σ * ), 1 ← Vrf * (PK * ,  * , Σ * ), and  * has not been submitted to the ordinary signing queries, so B does not make the signing query SQ with input 11 ‖  * .Therefore, (11 ‖  * , Σ * ) is a valid forgery with respect to the scheme SIG.
From the above analysis, we can see that the challenger B's output of forgery is contradictory to the security of the FKPR scheme SIG (cf.Theorem 1 of [37]) and thus proves the security of the LRPS scheme SIG * .

Conclusion
In this paper, we design a leakage-resilient proxy signature scheme, the LRPS.To model the security of such schemes, we adapt the existing models of the proxy signature schemes which are proposed by Schuldt et al. (in PKC 2008) [15] and Boldyreva et al. (in Jour. Crypto. 2012) [13] to the leakageresilient cryptography setting and give an extended model, EU-CMLA, for the LRPS schemes.Furthermore, we present a concrete construction based on Faust et al. 's (in TCC 2010) [37] LR signature scheme.This construction is provably secure under the given security model.

Appendices
Now we show that their proposed proxy signature scheme SIG * in Section 4 which is based on the BPW transformation can be used to produce a secure full construction (denoted by SIG * * ) of the proxy signature scheme.

A. Construction
As said before, to guarantee that no information about the user's long-term secret key is leaked if its proxy keys are exposed, we had better let a proxy generate fresh and independent keys (PK, SK) in a delegation, create a certificate for PK, and keep the SK as the proxy secret key; to record the proxy public keys of the proxies maintain a separate list FK to store them.The construction of the scheme SIG * * = (Kg * * , Sign * * , Vfy * * , ⟨Del * * , PKg * * ⟩, PSign * * , PVfy * * ) is as follows, where the algorithms Kg * * , Sign * * , Vfy * * are the same as the algorithms Kg * , Sign * , Vfy * of the scheme SIG * , respectively.Here we should stress that the following construction is based on Schuldt et al. 's [15] idea, while their scheme is based on sequential aggregate signature, but ours is based on tree-based signature and we focus on the realization of the leakage-resilient proxy signature.
In the scheme SIG * , the proxy's proxy key is in fact exactly its long-term secret key and hence it delegates its own signing right or proxy's signing right to the next proxy, it takes as input its secret key to run the delegation algorithm Del * .However, when we consider the full construction of the proxy signature scheme, proxy's secret key and proxy's key are different and independent, and thus when it delegates its own signing right to a proxy it takes as input its secret key; when it delegates its proxy signing right to the next proxy, then it takes as input the proxy key.To uniformly describe these two cases, we use sk to denote the input to the Del * * algorithm run by the delegator in the scheme SIG * * .For ease of description, here we describe the stateful signing algorithm Sign * * as a nonstateful formalization.