Redactable Signatures for Independent Removal of Structure and Content

Samelin, Kai; Pöhls, Henrich C.; Bilzhause, Arne; Posegga, Joachim; Meer, Hermann de

doi:10.1007/978-3-642-29101-2_2

Cited by 45 publications

(21 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, their schemes do not preserve privacy [38]. While the work of Yum and Joong tries to combine the two properties in [42], the authors are not aware of any work considering relations between the notions.…”

Section: ) a Visiblementioning

confidence: 97%

“…Since then, RSSs have been subject to much research and got extended to tree-structured data [7,28] and to arbitrary graphs [29]. Samelin et al introduced the concept of redactable structure in [38]. The standard security properties of RSSs have been formalized in [7,17,37].…”

Section: ) a Visiblementioning

confidence: 98%

“…This rules out cases where a signer prohibits alterations of blocks. This constraint can easily be transformed into the useful notion of consecutive disclosure control [32,38].…”

Section: Construction 1 Letmentioning

confidence: 99%

“…This section contains the required security properties and models. They are derived from [8,21,38], but have been significantly altered. The requirement that adm is always correctly reconstructible is captured within the unforgeability and immutability definitions.…”

Section: Definition 3 (Redactable Signature Schemesmentioning

confidence: 99%

See 3 more Smart Citations

On the Relation between Redactable and Sanitizable Signature Schemes

Meer

Pöhls

Posegga

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Malleable signature schemes (MSS) enable a third party to alter signed data in a controlled way, maintaining a valid signature after an authorized change. Most well studied cryptographic constructions are (1) redactable signatures (RSS), and (2) sanitizable signatures (SSS). RSSs allow the removal of blocks from a signed document, while SSSs allow changing blocks to arbitrary strings. We rigorously prove that RSSs are less expressive than SSSs: no unforgeable RSS can be transformed into an SSS. For the opposite direction we give a black-box transformation of a single SSS, with tightened security, into an RSS.

show abstract

Section: ) a Visiblementioning

confidence: 97%

Section: ) a Visiblementioning

confidence: 98%

“…This rules out cases where a signer prohibits alterations of blocks. This constraint can easily be transformed into the useful notion of consecutive disclosure control [32,38].…”

Section: Construction 1 Letmentioning

confidence: 99%

Section: Definition 3 (Redactable Signature Schemesmentioning

confidence: 99%

See 2 more Smart Citations

On the Relation between Redactable and Sanitizable Signature Schemes

Meer

Pöhls

Posegga

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, not even all schemes are private, e.g. for the scheme by Kundu and Bertino [22] attacks on transparency and privacy [7] and one attacking structural integrity [29] have been given.…”

Section: Definition 2 (Contingency:) Contingency Describes the Verifmentioning

confidence: 99%

Contingency Revisited: Secure Construction and Legal Implications of Verifiably Weak Integrity

Pöhls

2013

Trust Management VII

Self Cite

View full text Add to dashboard Cite

Abstract. Digital signatures are by far the most prominent mechanisms to detect violations of integrity. When signing rights are delegated, the integrity protection is gradually weaker as the delegatee's actions are not considered integrity violations. Taken to an extreme, delegating the right to undetectably change everything to everyone will achieve a property called contingency. Contingency was introduced as the "dual of integrity" in 2009 by Rost and Pfitzmann in German [26] and later translated into English in 2011 [4]. Contingency describes the exact opposite of integrity: the provable absence of integrity. Following this line of privacy research, this paper gives the first rigorous definition of contingency and presents a cryptographic protocol build upon a transparent sanitizable signature scheme. Hence, contingency is a verifiable statement that the signer explicitly desired that the integrity status of data is not verifiable. We analyze legal implications and applications of contingent information.

show abstract