At first glance, this solution seems to be less attractive than
the first one. Indeed, the number of signatures to be verified is
large if there are many revoked members. But a modification can be
done so as to improve it.
Actually, we can argue that nobody can see nor modify the data
exchanged between the smart card and the card reader. This is a
plausible assumption if we consider that each member of the group
has got a personal card reader that is always linked to his
proper computer.
Therefore we can improve the solution by putting on a new value in
the smart card memory that corresponds to the number of values
that the card has already verified in the group manager database.
Indeed, the card does not need to test twice the same values.
Consequently, it can inform the card reader of the number of
values it has already tested and as a consequence the card reader
will only send to the card the new values since the last signature
of that card (plus the signature of the updating date and of the
number of revoked members). As a result, the card will only have a
limited number of GM signatures to verify before producing a
signature.