There is no way for the revoked member to learn anything about the
new group-shared key. Then, the key contained in his smart card is
no longer valid. As a consequence, the second signature will never
be correct anymore. Finally, the group manager can efficiently and
securely revoke group members.
The size of the signature is constant and the group signature is
only increased by a single classical signature. Moreover, this
method can be applied to any group signature scheme (including the
one of section 3) and there is no extra work for the verifier (the
cost is constant). The revocation protocol depends on the group
key distribution scheme which is used. In particular, its cost
will be at most linear in the number of group members.