Flexible Redactable Signature Schemes for Trees - Extended Security Model and Construction
Henrich C. Pöhls, Kai Samelin, Hermann de Meer, Joachim Posegga
2012
Abstract
At ISPEC’12, Samelin et al. show that the redactable signature scheme introduced at VLDB’08 by Kundu and Bertino does not always preserve the structural integrity of the tree signed. In particular, they show how redaction of non-leaves promotes descendants and allows a third party to add new edges to the signed tree. This alters the semantic meaning of the tree and is not acceptable in certain scenarios. We generalize the model, such that it offers the signer the flexibility to sign trees where every node is transparently redactable. This includes intermediates nodes, i.e, to allow redacting a hierarchy, but also the tree’s root. We present a provably secure construction, where this possibility is given, while remaining under explicit control of the signer. Our security model is as strong as Brzuska et al.’s introduced at ACNS’10. We have implemented our secure construction and present a detailed performance analysis.
References
- Ahn, J. H., Boneh, D., Camenisch, J., Hohenberger, S., Shelat, A., and Waters, B. (2011). Computing on authenticated data. Cryptology ePrint Archive, Report 2011/096. http://eprint.iacr.org/.
- Ahn, J. H., Boneh, D., Camenisch, J., Hohenberger, S., Shelat, A., and Waters, B. (2012). Computing on authenticated data. In Cramer, R., editor, TCC, volume 7194 of Lecture Notes in Computer Science, pages 1-20. Springer.
- Ateniese, G., Chou, D. H., de Medeiros, B., and Tsudik, G. (2005). Sanitizable Signatures. In ESORICS, pages 159-177.
- Baric, N. and Pfitzmann, B. (1997). Collision-free accumulators and fail-stop signature schemes without trees. In EUROCRYPT, pages 480-494.
- Benaloh, J. and Mare, M. D. (1993). One-way accumulators: A decentralized alternative to digital signatures. pages 274-285. Springer-Verlag.
- Boneh, D. and Freeman, D. M. (2011). Homomorphic signatures for polynomial functions. In Advances in Cryptology - EUROCRYPT 2011, volume 6632 of Lecture Notes in Computer Science, pages 149-168.
- Boneh, D., Gentry, C., Lynn, B., and Shacham, H. (2003). Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In EUROCRYPT, pages 416-432.
- Brzuska, C., Busch, H., Dagdelen, O., Fischlin, M., Franz, M., Katzenbeisser, S., Manulis, M., Onete, C., Peter, A., Poettering, B., and Schröder, D. (2010a). Redactable Signatures for Tree-Structured Data: Definitions and Constructions. In Proceedings of the 8th International Conference on Applied Cryptography and Network Security, ACNS'10, pages 87-104. Springer.
- Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., and Volk, F. (2009). Security of Sanitizable Signatures Revisited. In Proc. of PKC 2009, pages 317-336. Springer.
- Brzuska, C., Fischlin, M., Lehmann, A., and Schröder, D. (2010b). Unlinkability of Sanitizable Signatures. In Public Key Cryptography, pages 444-461.
- Camacho, P. and Hevia, A. (2012). Short transitive signatures for directed trees. In Dunkelman, O., editor, Topics in Cryptology - CT-RSA 2012, volume 7178 of Lecture Notes in Computer Science, pages 35-50. Springer Berlin / Heidelberg.
- Camenisch, J. and Lysyanskaya, A. (2002). Dynamic accumulators and application to efficient revocation of anonymous credentials. In CRYPTO, pages 61-76.
- Chang, E.-C., Lim, C. L., and Xu, J. (2009). Short Redactable Signatures Using Random Trees. In Pro-
- Conference 2009 on Topics in Cryptology, CT-RSA
- Gottlob, G., Koch, C., and Pichler, R. (2003). The complexity of XPath query evaluation. In Proceedings of the 22nd Symposium on Principles of Database Systems, PODS, pages 179-190, New York, USA. ACM.
- Johnson, R., Molnar, D., Song, D., and D.Wagner (2002). Homomorphic signature schemes. In Proceedings of the RSA Security Conference - Cryptographers Track, pages 244-262. Springer.
- Kundu, A. and Bertino, E. (2008). Structural Signatures for Tree Data Structures. In Proc. of PVLDB 2008, New Zealand. ACM.
- Kundu, A. and Bertino, E. (2009). CERIAS Tech Report 2009-1 Leakage-Free Integrity Assurance for Tree Data Structures.
- Liu, B., Lu, J., and Yip, J. (2009). XML data integrity based on concatenated hash function. International Journal of Computer Science and Information Security, 1(1).
- Merkle, R. C. (1989). A certified digital signature. In CRYPTO, pages 218-238.
- Micali, S. and Rivest, R. L. (2002). Transitive signature schemes. In Preneel, B., editor, CT-RSA, volume 2271 of Lecture Notes in Computer Science, pages 236- 243. Springer.
- Miyazaki, K., Iwamura, M., Matsumoto, T., Sasaki, R., Yoshiura, H., Tezuka, S., and Imai, H. (2005). Digitally Signed Document Sanitizing Scheme with Disclosure Condition Control. IEICE Transactions, 88- A(1):239-246.
- Miyazaki, K., Susaki, S., Iwamura, M., Matsumoto, T., Sasaki, R., and Yoshiura, H. (2003). Digital documents sanitizing problem. Technical Report ISEC2003-20, IEICE.
- Nyberg, K. (1996). Fast accumulated hashing. In FSE, pages 83-87.
- P öhls, H. C., Samelin, K., and Posegga, J. (2011). Sanitizable Signatures in XML Signature - Performance, Mixing Properties, and Revisiting the Property of Transparency. In Applied Cryptography and Network Security, 9th International Conference, volume 6715 of LNCS, pages 166-182. Springer-Verlag.
- Rivest, R. L., Shamir, A., and Adleman, L. (1983). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 26(1):96-99.
- Samelin, K., P öhls, H. C., Bilzhause, A., Posegga, J., and de Meer, H. (2012). Redactable signatures for independent removal of structure and content. In ISPEC, volume 7232 of LNCS, pages 17-33. Springer-Verlag.
- Steinfeld, R. and Bull, L. (2002). Content extraction signatures. In Information Security and Cryptology - ICISC 2001: 4th International Conference. Springer Berlin / Heidelberg.
- Tan, K. W. and Deng, R. H. (2009). Applying Sanitizable Signature to Web-Service-Enabled Business Processes: Going Beyond Integrity Protection. In ICWS, pages 67-74.
- Wu, Z.-Y., Hsueh, C.-W., Tsai, C.-Y., Lai, F., Lee, H.- C., and Chung, Y. (2010). Redactable Signatures for Signed CDA Documents. Journal of Medical Systems, pages 1-14.
- SignCut(Tj,0, L j,0, Tj,1, L j,1, sk, b) if Tj,0 \ L j,0 ? Tj,1 \ L j,1 return ? (Tj,b, s j,b) ? sSign(sk, Tj,b) return (Tj',b, s'j,b) ? sCut(pk, Tj,b, s j,b, L j,b)
- Figure 15: SignCut Oracle.
- 1. Compute the pre- and post-order traversal numbers, of the tree T .
- 2. Transform these lists into an randomized but order-preserving space. For each node ni, let ?i denote the associated pair of randomized traversal numbers
- 3. Set GT ? H (?||?1||c1|| . . . ||?n||cn), where ? is a nonce and H a cryptographic hash-function like SHA-512
- 4. ?ni ? T compute: ?i ? H (GT ||?i||ci)
- 5. Sign all ?i, i.e., si ? SIGNAS S (sk, ?i)
- 6. Aggregate all signatures into sT
- 7. Output s = (T, sT , {(si, ?i)}0<i=n, GT , pk)
Paper Citation
in Harvard Style
Pöhls H., Samelin K., de Meer H. and Posegga J. (2012). Flexible Redactable Signature Schemes for Trees - Extended Security Model and Construction . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 113-125. DOI: 10.5220/0004038701130125
in Bibtex Style
@conference{secrypt12,
author={Henrich C. Pöhls and Kai Samelin and Hermann de Meer and Joachim Posegga},
title={Flexible Redactable Signature Schemes for Trees - Extended Security Model and Construction},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={113-125},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004038701130125},
isbn={978-989-8565-24-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Flexible Redactable Signature Schemes for Trees - Extended Security Model and Construction
SN - 978-989-8565-24-2
AU - Pöhls H.
AU - Samelin K.
AU - de Meer H.
AU - Posegga J.
PY - 2012
SP - 113
EP - 125
DO - 10.5220/0004038701130125