Content Extraction Signatures
Motivated by emerging needs in online interactions, we define a new type of digital signature called a ‘Content Extraction Signature’ (CES). A CES allows the owner, Bob, of a document signed by Alice, to produce an ‘extracted signature’ on selected extracted portions of the original document, which can be verified (to originate from Alice) by any third party Cathy, without knowledge of the unextracted (removed) document portions. The new signature therefore achieves verifiable content extraction with minimal multi-party interaction. We specify desirable functional and security requirements from a CES (including an efficiency requirement: a CES should be more efficient in either computation or communication than the simple multiple signature solution). We propose and analyse four provably secure CES constructions which satisfy our requirements, and evaluate their performance characteristics.
KeywordsContent-extraction fragment-extraction content blinding fact verification content verification digital signatures provable security
Unable to display preview. Download preview PDF.
- 1.M. Bellare, A. Desai, D. Pointcheval and P. Rogaway. Relations Among Notions of Security for Public-Key Encryption Schemes. In CRYPTO’ 98, LNCS 1462.Google Scholar
- 2.NIST. Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180-1. April 1995.Google Scholar
- 3.NIST. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186. November 1994.Google Scholar
- 4.MasterCard and VISA. Secure Electronic Transaction (SET) Specification Books 1-3 (Version 1.0). May 31, 1997.Google Scholar
- 5.XML Core Working Group. XML-Signature Syntax and Processing: W3C Proposed Recommendation. August 20, 2001. Available from http://www.w3.org/TR/xmldsig-core.
- 6.M. Bellare and J.A. Garay and T. Rabin. Fast Batch Verification for Modular Exponentiation and Digital Signatures. In EUROCRYPT’ 98, LNCS 1403. Springer-Verlag, Berlin, 1998.Google Scholar
- 7.J.S. Coron and D. Naccache. On the Security of RSA Screening. In PKC’ 99, LNCS 1560. Springer-Verlag, Berlin, 1999.Google Scholar
- 8.D. Naccache and D. M’Raihi and S. Vaudenay and D. Raphaeli. Can D.S.A be improved? In EUROCRYPT’ 94, LNCS 950. Springer-Verlag, Berlin, 1999.Google Scholar
- 9.A. Fiat. Batch RSA. In CRYPTO’ 89, LNCS 435. Springer-Verlag, Berlin, 1990.Google Scholar
- 11.M. Bellare and P. Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. In EUROCRYPT’ 96, LNCS 1070. Springer-Verlag, Berlin, 1996.Google Scholar
- 12.M. Bellare and O. Goldreich and S. Goldwasser. Incremental Cryptography: The Case of Hashing and Signing. In CRYPTO’ 94, LNCS 839, Springer-Verlag, Berlin, 1994.Google Scholar
- 13.M. Bellare and O. Goldreich and S. Goldwasser. Incremental Cryptography and Application to Virus Protection. In Proc. of 27th STOC ACM, 1995.Google Scholar
- 14.C.J. Pavlovski and C. Boyd. Efficient Batch Signature Generation Using Tree Structures. In CrypTEC’99. City University of Hong Kong Press, 1999.Google Scholar
- 16.A. Menezes and P. van Oorschot and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
- 18.S. Halevi and S. Micali. Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing. In CRYPTO’ 96, LNCS 1109. Springer-Verlag, Berlin, 1996.Google Scholar