A digital signature does not allow any alteration of the document to which it is attached. Appropriate alteration of some signed documents, however, should be allowed because there are security requirements other than the integrity of the document. In the disclosure of official information, for example, sensitive information such as personal information or national secrets is masked when an official document is sanitized so that its nonsensitive information can be disclosed when it is requested by a citizen. If this disclosure is done digitally by using the current digital signature schemes, the citizen cannot verify the disclosed information because it has been altered to prevent the leakage of sensitive information. The confidentiality of official information is thus incompatible with the integrity of that information, and this is called the digital document sanitizing problem. Conventional solutions such as content extraction signatures and digitally signed document sanitizing schemes with disclosure condition control can either let the sanitizer assign disclosure conditions or hide the number of sanitized portions. The digitally signed document sanitizing scheme we propose here is based on the aggregate signature derived from bilinear maps and can do both. Moreover, the proposed scheme can sanitize a signed document invisibly, that is, no one can distinguish whether the signed document has been sanitized or not.

A digital signature does not allow any alteration of the document to which it is attached. Appropriate alteration of some signed documents, however, should be allowed because there are security requirements other than that for the integrity of the document. In the disclosure of official information, for example, sensitive information such as personal information or national secrets is masked when an official document is sanitized so that its nonsensitive information can be disclosed when it is demanded by a citizen. If this disclosure is done digitally by using the current digital signature schemes, the citizen cannot verify the disclosed information correctly because the information has been altered to prevent the leakage of sensitive information. That is, with current digital signature schemes, the confidentiality of official information is incompatible with the integrity of that information. This is called the digital document sanitizing problem, and some solutions such as digital document sanitizing schemes and content extraction signatures have been proposed. In this paper, we point out that the conventional digital signature schemes are vulnerable to additional sanitizing attack and show how this vulnerability can be eliminated by using a new digitally signed document sanitizing scheme with disclosure condition control.

This paper describes an efficient k-out-of-n threshold digital signature scheme for a smart card based system where a signer uses multiple cards so that the signature can be issued in a dependable manner. The main feature of our method is that it does not require a secret communication path among these cards in the signature issuing protocol, and that it requires low communication and computational complexity. Former is an advantage under the current export control regulation which makes hard to export more than 56-bit cipher techniques, and latter is advantage over so-called robust signature.

A sanitizable signature scheme is a signature scheme which, after the signer generates a valid signature of a message, allows a specific entity (sanitizer) to modify the message for hiding several parts. Existing sanitizable signature schemes require the message to be divided into pre-defined blocks before signing so that each block can be sanitized independently. However, there are cases where the parts of the message which are needed to be sanitized can not be determined in the time of signing. Thus, it is difficult to decide the partition of the blocks in such cases. Since the length of the signature is usually proportional to the number of blocks, signing every bit independently will make the signature too long. In this paper, we propose a solution by introducing a new concept called sequential bitwise sanitizable signature schemes, where any sequence of bits of the signed document can be made sanitizable without pre-defining them, and without increasing the length of signature. We also show that a one-way permutation suffices to get a secure construction, which is theoretically interesting in its own right, since all the other existing schemes are constructed using stronger assumptions.