Revocable signature: handling valid but unauthorized Non-Fungible Token through Auxiliary Embedded Key

Non-Fungible Token (NFT) creators use digital signatures to ensure the ownership, authenticity, integrity, and nonrepudiation of their digital works. However, if the private key is compromised, an attacker can generate unauthorized NFTs by using the creator’s private key to issue valid signatures. These valid but unauthorized signatures will be accepted in the NFT market and cannot be revoked. Even if the NFT creators update their private-public key pairs, they cannot deny the NFTs generated by the attacker. To mitigate these risks, we propose revocable signature by introducing commitment mechanism and an Auxiliary Embedded Key (AEK) into the signature, while the regular verification process does not involve this AEK. If a valid but unauthorized signature is detected and needs to be revoked, AEK will be disclosed to perform the revocation operation. To illustrate the application of revocable signatures in NFT, we design and implement a revocable Elliptic Curve Digital Signature Algorithm (ECDSA) scheme with provable security. Experimental evaluations on the FIPS-recommended elliptic curves show that the performance of revocable ECDSA is comparable to the basic ECDSA, with additional 0.0303 s (P-256 curve) and 0.15 USD gas fee in Remix VM for revoking a signature.