20 research outputs found
Protean Signature Schemes
We introduce the notion of Protean Signature schemes. This novel type of signature scheme allows to
remove and edit signer-chosen parts of signed messages by a semi-trusted third party simultaneously. In existing
work, one is either allowed to remove or edit parts of signed messages, but not both at the same time. Which and
how parts of the signed messages can be modified is chosen by the signer. Thus, our new primitive generalizes both
redactable (Steinfeld et al., ICISC \u2701, Johnson et al., CT-RSA \u2702 & Brzuska et al., ACNS\u2710) and sanitizable
signatures schemes (Ateniese et al., ESORICS \u2705 & Brzuska et al., PKC\u2709). We showcase a scenario where either
primitive alone is not sufficient. Our provably secure construction (offering both strong notions of transparency and
invisibility) makes only black-box access to sanitizable and redactable signature schemes, which can be considered
standard tools nowadays. Finally, we have implemented our scheme; Our evaluation shows that the performance is
reasonable
Fully Invisible Protean Signatures Schemes
Protean Signatures (PS), recently introduced by Krenn et al. (CANS \u2718), allow a semi-trusted third party, named the sanitizer, to modify a signed message in a controlled way.
The sanitizer can
edit signer-chosen parts to arbitrary bitstrings, while the sanitizer can also redact
admissible parts, which are also chosen by the signer. Thus, PSs generalize both redactable signature (RSS) and sanitizable signature (SSS)
into a single notion.
However, the current definition of invisibility does not prohibit that an outsider can decide which
parts of a message are redactable - only which parts can be edited are hidden. This negatively
impacts on the privacy guarantees provided by the state-of-the-art definition.
We extend PSs to be fully invisible.
This strengthened notion guarantees that an outsider can neither decide which parts of a message can be edited nor which
parts can be redacted. To achieve our goal, we introduce the new notions of Invisible RSSs and Invisible Non-Accountable SSSs (SSS\u27), along with a consolidated framework for aggregate signatures.
Using those building blocks, our resulting construction is significantly
more efficient than the original scheme by Krenn et al., which we demonstrate in a prototypical implementation