How to construct random functions
Journal of the ACM (JACM)
Incremental cryptography and application to virus protection
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Incremental Cryptography: The Case of Hashing and Signing
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Digitally signed document sanitizing scheme based on bilinear maps
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
PIATS: a partially sanitizable signature scheme
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Extended sanitizable signatures
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Directed transitive signature scheme
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
A Storage Efficient Redactable Signature in the Standard Model
ISC '09 Proceedings of the 12th International Conference on Information Security
Redactable signatures for tree-structured data: definitions and constructions
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Sanitizable sgnatures with srong tansparency in the sandard model
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Homomorphic signatures for polynomial functions
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Fully-secure and practical sanitizable signatures
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Generalizations and extensions of redactable signatures with applications to electronic healthcare
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Computing on authenticated data
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
A short redactable signature scheme using pairing
Security and Communication Networks
Redactable signatures for independent removal of structure and content
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Redactable Signatures for Signed CDA Documents
Journal of Medical Systems
On structural signatures for tree data structures
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Computing on authenticated data for adjustable predicates
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Hi-index | 0.00 |
A redactable signature scheme for a string of objects supports verification even if multiple substrings are removed from the original string. It is important that the redacted string and its signature do not reveal anything about the content of the removed substrings. Existing schemes completely or partially leak a piece of information: the lengths of the removed substrings. Such length information could be crucial in many applications, especially when the removed substring has low entropy. We propose a scheme that can hide the length. Our scheme consists of two components. The first component $\mathcal{H}$, which is a "collision resistant" hash, maps a string to an unordered set, whereby existing schemes on unordered sets can then be applied. However, a sequence of random numbers has to be explicitly stored and thus it produces a large signature of size at least (mk )-bits where m is the number of objects and k is the size of a key sufficiently large for cryptographic operations. The second component uses RGGM tree, a variant of GGM tree, to generate the pseudo random numbers from a short seed, expected to be of size O (k + tk logm ) where t is the number of removed substrings. Unlike GGM tree, the structure of the proposed RGGM tree is random. By an intriguing statistical property of the random tree, the redacted tree does not reveal the lengths of the substrings removed. The hash function $\mathcal{H}$ and the RGGM tree can be of independent interests.