Henrich C. Pöhls will present the results of the joint work with Hermann de Meer Joachim Posegga and Kai Samelin at the International Symposium on Engineering Secure Software and Systems (ESSOS 2014).
ESSOS 2014 takes place in Munich from 26th till 28th of February 2014
These are first results that we obtained during the work in RERUM. We rigorously prove that RSSs are less expressive than SSSs: no unforgeable RSS can be transformed into an SSS. For the opposite direction we give a black-box transformation of a single SSS, with tightened security, into an RSS.
Redactable signatures (RSS) and sanitizable signatures (SSS) are among the most well studied cryptographic constructions of so called Malleable signature schemes (MSS).
Malleable signature schemes (MSS) enable a third party to alter signed data in a controlled way, maintaining a valid signature after an authorised change.
RSSs allow the removal of blocks from a signed document, while SSSs allow changing blocks to arbitrary strings.
This paper presents a method to transform a single instantiation of an SSS into an RSS. In detail, if we use one SSS instantiation, an emulation of an RSS can only be achieved, if the SSS’s security is strengthened, raising it above the existing standard. The resulting emulated RSS offers only weaker privacy guarantees. Moreover, we have argued rigorously that the opposite implication is not possible. Thus, no RSS can be transformed into an unforgeable SSS. Hence, RSSs and SSSs are indeed two different cryptographic building blocks, even if they achieve to define and delegate authorised modifications of signed messages. Currently, the number of SSSs achieving the new security requirements needed to securely emulate an RSS is still low.
For the future, we suggest to focus on implementing and standardising an SSS secure enough to emulate RSSs, to have one universal building block. In the meantime we advice to use dedicated RSS algorithms if only redactions are needed and a SSS algorithm. Of course, you are advised to check current work to ensure the cryptographic strength of the constructions.
For an up-to-date list of RERUM’s academic publications including DOI links, please visit the papers page.