Practical time capsule signatures in the standard model from bilinear maps

At FC'05, Dodis and Yum introduced a new cryptographic tool called time capsule signature (TCS) which allows signers to generate "future signatures" that only become valid from a specific future time t (chosen at signature generation) when a trusted entity (called Time Server) discloses some trapdoor information for period t. In addition, time capsule signatures endow signers with the ability to make their signatures valid before the pre-determined time t. Full signatures that were completed by their original issuer should be indistinguishable from those that automatically became valid after the release of the time- specific trapdoor. Time capsule signatures were showed to be generically constructible from another primitive called identity-based trapdoor hard-to-invert relation (ID-THIR). The only known instantiations of the latter either rely on the idealized random oracle model or are too inefficient for real-world applications. In this paper, we devise the first efficient ID-THIR (and thus TCS) construction which is secure in the standard model (i.e. without the random oracle heuristic).