Non-interactive Public Accountability for Sanitizable Signatures

Sanitizable signatures enable a designated party to modify signed documents in a controlled way, while the derived signature still verifies. In this paper, we introduce the notion of non-interactive and public accountability. It allows a third party to determine whether a message-signature pair was issued by the signer or the sanitizer. The original notion of accountability does not satisfy European legal standards, while non-interactive public accountability does. A contradictory security goal is the indistinguishability of message-signature pairs from the signer and the sanitizer, a.k.a. transparency. As state-of-the-art schemes often satisfy transparency, they can only achieve a weaker notion of accountability. We show that non-interactive public accountability does not contradict privacy by proving that an existing scheme by Brzuska et al. BIOSIG '09 satisfies both notions. We then extend the scheme to also satisfy blockwise public accountability. Overall, for e-business applications within the EU, opting for non-interactive public accountability can be preferable over transparency.

[1]  Gene Tsudik,et al.  Sanitizable Signatures , 2005, ESORICS.

[2]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[3]  R. Caplan HIPAA. Health Insurance Portability and Accountability Act of 1996. , 2003, Dental assistant.

[4]  Yongdae Kim,et al.  Information Security Applications , 2013, Lecture Notes in Computer Science.

[5]  Marc Fischlin,et al.  Unlinkability of Sanitizable Signatures , 2010, Public Key Cryptography.

[6]  Rafael Accorsi,et al.  Security and Trust Management , 2013, Lecture Notes in Computer Science.

[7]  Aggelos Kiayias,et al.  Multi-query Computationally-Private Information Retrieval with Constant Communication Rate , 2010, Public Key Cryptography.

[8]  Bart Preneel,et al.  Topics in Cryptology — CT-RSA 2002 , 2002, Lecture Notes in Computer Science.

[9]  Hideki Imai,et al.  Digitally Signed Document Sanitizing Scheme with Disclosure Condition Control , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Abhi Shelat,et al.  Computing on Authenticated Data , 2012, Journal of Cryptology.

[11]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[12]  Sébastien Canard,et al.  TrapdoorSanitizable Signatures and Their Application to Content Protection , 2008, ACNS.

[13]  Susan W. Berson HIPAA , 2003 .

[14]  Ron Steinfeld,et al.  Content Extraction Signatures , 2001, ICISC.

[15]  Joachim Posegga,et al.  Redactable Signatures for Independent Removal of Structure and Content , 2012, ISPEC.

[16]  Sébastien Canard,et al.  Sanitizable Signatures with Several Signers and Sanitizers , 2012, AFRICACRYPT.

[17]  Stefan Katzenbeisser,et al.  Redactable Signatures for Tree-Structured Data: Definitions and Constructions , 2010, ACNS.

[18]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[19]  Kwangjo Kim,et al.  Information Security and Cryptology — ICISC 2001 , 2002, Lecture Notes in Computer Science.

[20]  Yu-Fang Chung,et al.  Redactable Signatures for Signed CDA Documents , 2012, Journal of Medical Systems.

[21]  Jia Xu,et al.  Short Redactable Signatures Using Random Trees , 2009, CT-RSA.

[22]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[23]  Henrich Christopher Pöhls,et al.  The Role of Data Integrity in EU Digital Signature Legislation - Achieving Statutory Trust for Sanitizable Signature Schemes , 2011, STM.

[24]  Marc Fischlin,et al.  Topics in Cryptology – CT-RSA 2009 , 2009 .

[25]  Stanislaw Jarecki,et al.  Public Key Cryptography – PKC 2009 , 2009, Lecture Notes in Computer Science.

[26]  Elisa Bertino,et al.  Structural signatures for tree data structures , 2008, Proc. VLDB Endow..

[27]  Serge Vaudenay,et al.  Progress in Cryptology - AFRICACRYPT 2012 , 2012, Lecture Notes in Computer Science.

[28]  Kazuo Ohta,et al.  Sanitizable and Deletable Signature , 2009, WISA.

[29]  Carolina Monica Laborde Electronic Signatures in International Contracts , 2010 .

[30]  Florian Volk,et al.  Security of Sanitizable Signatures Revisited , 2009, Public Key Cryptography.

[31]  Marc Fischlin,et al.  Santizable Signatures: How to Partially Delegate Control for Authenticated Data , 2009, BIOSIG.