Abstract
Redactable signature schemes allow to black out predefined parts of a signed message without affecting the validity of the signature, and are therefore an important building block in privacy-enhancing cryptography. However, a second look shows, that for many practical applications, they cannot be used in their vanilla form. On the one hand, already the identity of the signer may often reveal sensitive information to the receiver of a redacted message; on the other hand, if data leaks or is sold, everyone getting hold of (redacted versions of) a signed message will be convinced of its authenticity.
We overcome these issues by providing a definitional framework and practically efficient instantiations of so called signer-anonymous designated-verifier redactable signatures (AD-RS). As a byproduct we also obtain the first group redactable signatures, which may be of independent interest. AD-RSĀ are motivated by a real world use-case in the field of health care and complement existing health information sharing platforms with additional important privacy features. Moreover, our results are not limited to the proposed application, but can also be directly applied to various other contexts such as notary authorities or e-government services.
The full version of this paper is available in the IACR Cryptology ePrint Archive. All authors have been supported by EU H2020 project Prismacloud, grant agreement n\(^{\tiny \circ }\)644962. S. Krenn has additionally been supported by EU H2020 project Credential, grant agreement n\(^{\tiny \circ }\)653454.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See e.g., http://www.healthcaredive.com/news/407746/.
- 2.
- 3.
As it is common for RS, we assume that \({{{\mathsf{{\textsc {ADM}}}}}}\) can always be recovered from \((\mathsf{m}, \sigma )\).
- 4.
Here \(\mathring{{{{\mathsf{{\textsc {ADM}}}}}}}_0\) and \(\mathring{{{{\mathsf{{\textsc {ADM}}}}}}}_1\) are derived from \({{{\mathsf{{\textsc {ADM}}}}}}_0\) and \({{{\mathsf{{\textsc {ADM}}}}}}_1\) with respect to \({{{\mathsf{{\textsc {MOD}}}}}}_0\) and \({{{\mathsf{{\textsc {MOD}}}}}}_1\).
References
Applebaum, B., Harnik, D., Ishai, Y.: Semantic security under related-key attacks and applications. In: ICS (2011)
Bellare, M., Cash, D., Miller, R.: Cryptography secure against related-key attacks and tampering. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 486ā503. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_26
Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614ā629. Springer, Heidelberg (2003). doi:10.1007/3-540-39200-9_38
Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136ā153. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30574-3_11
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. J. Cryptology 17(4), 297ā319 (2004)
Brzuska, C., et al.: Redactable signatures for tree-structured data: definitions and constructions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 87ā104. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13708-2_6
Brzuska, C., Fischlin, M., Lehmann, A., Schrƶder, D.: Unlinkability of sanitizable signatures. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 444ā461. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13013-7_26
Brzuska, C., Pƶhls, H.C., Samelin, K.: Efficient and perfectly unlinkable sanitizable signatures without group signatures. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 12ā30. Springer, Heidelberg (2014). doi:10.1007/978-3-642-53997-8_2
Camenisch, J., Dubovitskaya, M., Haralambiev, K., Kohlweiss, M.: Composable and modular anonymous credentials: definitions and practical constructions. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 262ā288. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48800-3_11
Chaum, D.: Designated confirmer signatures. In: Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 86ā91. Springer, Heidelberg (1995). doi:10.1007/BFb0053427
Chaum, D., Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212ā216. Springer, Heidelberg (1990). doi:10.1007/0-387-34805-0_20
Derler, D., Hanser, C., Slamanig, D.: Revisiting cryptographic accumulators, additional properties and relations to other primitives. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 127ā144. Springer, Heidelberg (2015). doi:10.1007/978-3-319-16715-2_7
Derler, D., Pƶhls, H.C., Samelin, K., Slamanig, D.: A general framework for redactable signatures and new constructions. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 3ā19. Springer, Heidelberg (2016). doi:10.1007/978-3-319-30840-1_1
Derler, D., Slamanig, D.: Key-homomorphic signatures and applications to multiparty signatures. IACR Cryptology ePrint Archive 2016, 792 (2016)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186ā194. Springer, Heidelberg (1987). doi:10.1007/3-540-47721-7_12
Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schrƶder, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 301ā330. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49384-7_12
Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143ā154. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_13
Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 244ā262. Springer, Heidelberg (2002). doi:10.1007/3-540-45760-7_17
Lipmaa, H., Wang, G., Bao, F.: Designated verifier signature schemes: attacks, new security notions and a new construction. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 459ā471. Springer, Heidelberg (2005). doi:10.1007/11523468_38
Monnerat, J., Pasini, S., Vaudenay, S.: Efficient deniable authentication for signatures. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 272ā291. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01957-9_17
Pƶhls, H.C., Samelin, K.: Accountable redactable signatures. In: ARES (2015)
Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 111ā126. Springer, Heidelberg (2016). doi:10.1007/978-3-319-29485-8_7
Ristenpart, T., Yilek, S.: The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 228ā245. Springer, Heidelberg (2007). doi:10.1007/978-3-540-72540-4_13
Schnorr, C.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161ā174 (1991)
Shahandashti, S.F., Safavi-Naini, R.: Construction of universal designated-verifier signatures and identity-based signatures from standard signatures. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 121ā140. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78440-1_8
Steinfeld, R., Bull, L., Wang, H., Pieprzyk, J.: Universal designated-verifier signatures. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 523ā542. Springer, Heidelberg (2003). doi:10.1007/978-3-540-40061-5_33
Steinfeld, R., Bull, L., Zheng, Y.: Content extraction signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285ā304. Springer, Heidelberg (2002). doi:10.1007/3-540-45861-1_22
Tessaro, S., Wilson, D.A.: Bounded-collusion identity-based encryption from semantically-secure public-key encryption: generic constructions with short ciphertexts. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 257ā274. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54631-0_15
Vergnaud, D.: New extensions of pairing-based signatures into universal designated verifier signatures. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 58ā69. Springer, Heidelberg (2006). doi:10.1007/11787006_6
Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114ā127. Springer, Heidelberg (2005). doi:10.1007/11426639_7
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2016 Springer International Publishing AG
About this paper
Cite this paper
Derler, D., Krenn, S., Slamanig, D. (2016). Signer-Anonymous Designated-Verifier Redactable Signatures for Cloud-Based Data Sharing. In: Foresti, S., Persiano, G. (eds) Cryptology and Network Security. CANS 2016. Lecture Notes in Computer Science(), vol 10052. Springer, Cham. https://doi.org/10.1007/978-3-319-48965-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-48965-0_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48964-3
Online ISBN: 978-3-319-48965-0
eBook Packages: Computer ScienceComputer Science (R0)