A sanitizable signature scheme is a signature scheme which, after the signer generates a valid signature of a message, allows a specific entity (sanitizer) to modify the message for hiding several parts. Existing sanitizable signature schemes require the message to be divided into pre-defined blocks before signing so that each block can be sanitized independently. However, there are cases where the parts of the message which are needed to be sanitized can not be determined in the time of signing. Thus, it is difficult to decide the partition of the blocks in such cases. Since the length of the signature is usually proportional to the number of blocks, signing every bit independently will make the signature too long. In this paper, we propose a solution by introducing a new concept called sequential bitwise sanitizable signature schemes, where any sequence of bits of the signed document can be made sanitizable without pre-defining them, and without increasing the length of signature. We also show that a one-way permutation suffices to get a secure construction, which is theoretically interesting in its own right, since all the other existing schemes are constructed using stronger assumptions.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Goichiro HANAOKA, Shoichi HIROSE, Atsuko MIYAJI, Kunihiko MIYAZAKI, Bagus SANTOSO, Peng YANG, "Sequential Bitwise Sanitizable Signature Schemes" in IEICE TRANSACTIONS on Fundamentals,
vol. E94-A, no. 1, pp. 392-404, January 2011, doi: 10.1587/transfun.E94.A.392.
Abstract: A sanitizable signature scheme is a signature scheme which, after the signer generates a valid signature of a message, allows a specific entity (sanitizer) to modify the message for hiding several parts. Existing sanitizable signature schemes require the message to be divided into pre-defined blocks before signing so that each block can be sanitized independently. However, there are cases where the parts of the message which are needed to be sanitized can not be determined in the time of signing. Thus, it is difficult to decide the partition of the blocks in such cases. Since the length of the signature is usually proportional to the number of blocks, signing every bit independently will make the signature too long. In this paper, we propose a solution by introducing a new concept called sequential bitwise sanitizable signature schemes, where any sequence of bits of the signed document can be made sanitizable without pre-defining them, and without increasing the length of signature. We also show that a one-way permutation suffices to get a secure construction, which is theoretically interesting in its own right, since all the other existing schemes are constructed using stronger assumptions.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E94.A.392/_p
Copy
@ARTICLE{e94-a_1_392,
author={Goichiro HANAOKA, Shoichi HIROSE, Atsuko MIYAJI, Kunihiko MIYAZAKI, Bagus SANTOSO, Peng YANG, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Sequential Bitwise Sanitizable Signature Schemes},
year={2011},
volume={E94-A},
number={1},
pages={392-404},
abstract={A sanitizable signature scheme is a signature scheme which, after the signer generates a valid signature of a message, allows a specific entity (sanitizer) to modify the message for hiding several parts. Existing sanitizable signature schemes require the message to be divided into pre-defined blocks before signing so that each block can be sanitized independently. However, there are cases where the parts of the message which are needed to be sanitized can not be determined in the time of signing. Thus, it is difficult to decide the partition of the blocks in such cases. Since the length of the signature is usually proportional to the number of blocks, signing every bit independently will make the signature too long. In this paper, we propose a solution by introducing a new concept called sequential bitwise sanitizable signature schemes, where any sequence of bits of the signed document can be made sanitizable without pre-defining them, and without increasing the length of signature. We also show that a one-way permutation suffices to get a secure construction, which is theoretically interesting in its own right, since all the other existing schemes are constructed using stronger assumptions.},
keywords={},
doi={10.1587/transfun.E94.A.392},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - Sequential Bitwise Sanitizable Signature Schemes
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 392
EP - 404
AU - Goichiro HANAOKA
AU - Shoichi HIROSE
AU - Atsuko MIYAJI
AU - Kunihiko MIYAZAKI
AU - Bagus SANTOSO
AU - Peng YANG
PY - 2011
DO - 10.1587/transfun.E94.A.392
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E94-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2011
AB - A sanitizable signature scheme is a signature scheme which, after the signer generates a valid signature of a message, allows a specific entity (sanitizer) to modify the message for hiding several parts. Existing sanitizable signature schemes require the message to be divided into pre-defined blocks before signing so that each block can be sanitized independently. However, there are cases where the parts of the message which are needed to be sanitized can not be determined in the time of signing. Thus, it is difficult to decide the partition of the blocks in such cases. Since the length of the signature is usually proportional to the number of blocks, signing every bit independently will make the signature too long. In this paper, we propose a solution by introducing a new concept called sequential bitwise sanitizable signature schemes, where any sequence of bits of the signed document can be made sanitizable without pre-defining them, and without increasing the length of signature. We also show that a one-way permutation suffices to get a secure construction, which is theoretically interesting in its own right, since all the other existing schemes are constructed using stronger assumptions.
ER -