Contingency Revisited: Secure Construction and Legal Implications of Verifiably Weak Integrity

  • Henrich C. Pöhls
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 401)


Digital signatures are by far the most prominent mechanisms to detect violations of integrity. When signing rights are delegated, the integrity protection is gradually weaker as the delegatee’s actions are not considered integrity violations. Taken to an extreme, delegating the right to undetectably change everything to everyone will achieve a property called contingency. Contingency was introduced as the “dual of integrity” in 2009 by Rost and Pfitzmann in German [26] and later translated into English in 2011 [4]. Contingency describes the exact opposite of integrity: the provable absence of integrity. Following this line of privacy research, this paper gives the first rigorous definition of contingency and presents a cryptographic protocol build upon a transparent sanitizable signature scheme. Hence, contingency is a verifiable statement that the signer explicitly desired that the integrity status of data is not verifiable. We analyze legal implications and applications of contingent information.


Signature Scheme Proxy Signature European Economic Community Legal Implication Weak Integrity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ahn, J.H., Boneh, D., Camenisch, J., Hohenberger, S., Shelat, A., Waters, B.: Computing on authenticated data. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 1–20. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable signatures. In: De Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Bedner, M., Ackermann, T.: Schutzziele der IT-Sicherheit. Datenschutz und Datensicherheit (DuD) 34(5), 323–328 (2010)CrossRefGoogle Scholar
  4. 4.
    Bedner, M., Ackermann, T.: Schutzziele der it-sicherheit. Datenschutz und Datensicherheit - DuD 34(5), 323–328 (2010), doi:10.1007/s11623-010-0096-1, ISSN 1614-0702CrossRefGoogle Scholar
  5. 5.
    Birgisson, A., Russo, A., Sabelfeld, A.: Unifying facets of information integrity. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 48–65. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., Volk, F.: Security of Sanitizable Signatures Revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Brzuska, C., Busch, H., Dagdelen, O., Fischlin, M., Franz, M., Katzenbeisser, S., Manulis, M., Onete, C., Peter, A., Poettering, B., Schröder, D.: Redactable Signatures for Tree-Structured Data: Definitions and Constructions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 87–104. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Canard, S., Jambert, A.: On extended sanitizable signature schemes. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 179–194. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Chang, E.-C., Lim, C.L., Xu, J.: Short Redactable Signatures Using Random Trees. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 133–147. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  11. 11.
  12. 12.
    EU. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of 23 November 1995, L 281, pp. 31–50 (November 1995)Google Scholar
  13. 13.
    EU. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Official Journal of the European Communities, L12, 12–20 (2000)Google Scholar
  14. 14.
    Federrath, H., Hansen, M., Waidner, M.: Andreas pfitzmann 1958-2010: Pioneer of technical privacy protection in the information society. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IFIP AICT, vol. 352, pp. 349–352. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Gollmann, D.: Computer Security, 3rd edn. John Wiley & Sons (2011) ISBN 0470741153Google Scholar
  16. 16.
    Gollmann, D.: Veracity, plausibility, and reputation. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds.) WISTP 2012. LNCS, vol. 7322, pp. 20–28. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Shiphol Group. Shiphol pass application form (July 2009),
  18. 18.
    Hanser, C., Slamanig, D.: Blank digital signatures. Cryptology ePrint Archive, Report 2013/130 (2013),
  19. 19.
    Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic Signature Schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 244–262. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Kiltz, E., Mityagin, A., Panjwani, S., Raghavan, B.: Append-only signatures. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 434–445. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Klonowski, M., Lauks, A.: Extended Sanitizable Signatures. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 343–355. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Kundu, A., Bertino, E.: Structural Signatures for Tree Data Structures. In: Proc. of PVLDB 2008, New Zealand. ACM (2008)Google Scholar
  23. 23.
    Mambo, M., Usuda, K., Okamoto, E.: Proxy signatures: Delegation of the power to sign messages. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 79(9), 1338–1354 (1996)Google Scholar
  24. 24.
    Miyazaki, K., Iwamura, M., Matsumoto, T., Sasaki, R., Yoshiura, H., Tezuka, S., Imai, H.: Digitally Signed Document Sanitizing Scheme with Disclosure Condition Control. IEICE Transactions 88-A(1), 239–246 (2005)Google Scholar
  25. 25.
    Pöhls, H.C., Höhne, F.: The Role of Data Integrity in EU Digital Signature Legislation — Achieving Statutory Trust for Sanitizable Signature Schemes. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 175–192. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  26. 26.
    Rost, M., Pfitzmann, A.: Datenschutz-Schutzziele — revisited. Datenschutz und Datensicherheit (DuD) 33(6), 353–358 (2009)CrossRefGoogle Scholar
  27. 27.
    Rost, M., Bock, K.: Privacy by design und die neuen schutzziele. Datenschutz und Datensicherheit - DuD 35(1), 30–35 (2011) ISSN 1614-0702. English Version can be found in [28]CrossRefGoogle Scholar
  28. 28.
    Rost, M., Bock, K.: Privacy by design and the new protection goals (2011),
  29. 29.
    Samelin, K., Pöhls, H.C., Bilzhause, A., Posegga, J., de Meer, H.: Redactable signatures for independent removal of structure and content. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 17–33. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  30. 30.
    Steinfeld, R., Bull, L., Zheng, Y.: Content extraction signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285–304. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  31. 31.
    Zhang, F., Safavi-naini, R., Susilo, W.: ID-Based Chameleon Hashes from Bilinear Pairings. IACR Cryptology ePrint Archive, number 208 (2003)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Henrich C. Pöhls
    • 1
  1. 1.Institute of IT-Security and Security LawUniversity of PassauGermany

Personalised recommendations