The role of data integrity in EU digital signature legislation -- achieving statutory trust for sanitizable signature schemes

Authors:
Henrich C. Pöhls;Focke Höhne
Affiliations:
Institute of IT Security and Security Law, University of Passau, Germany;Institute of IT Security and Security Law, University of Passau, Germany
Venue:
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Year:
2011

Citing 10
Cited 0

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Content Extraction Signatures

ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Computer Security 2e

Computer Security 2e
Network Security Essentials: Applications and Standards (3rd Edition)

Network Security Essentials: Applications and Standards (3rd Edition)
Security of Sanitizable Signatures Revisited

Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Towards Automated Processing of the Right of Access in Inter-organizational Web Service Compositions

SERVICES '10 Proceedings of the 2010 6th World Congress on Services
Sanitizable sgnatures with srong tansparency in the sandard model

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Sanitizable signatures in XML signature: performance, mixing properties, and revisiting the property of transparency

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Security and trust in the italian legal digital signature framework

iTrust'05 Proceedings of the Third international conference on Trust Management
Sanitizable signatures

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We analyse the legal requirements that digital signature schemes have to fulfil to achieve the Statutory Trust granted by the EU electronic signature laws ("legally equivalent to hand-written signatures"). Legally, we found that the possibility to detect subsequent changes is important for the Statutory Trust. However, detectability was neither adequately nor precisely enough defined in the technical and legal definitions of the term "Data Integrity". The existing definition on integrity lack a precise notion of which changes should not invalidate a corresponding digital signature and also lack notions to distinguish levels of detection. We give a new definition for Data Integrity including two notions: Authorized changes, these are changes which do not compromise the data's integrity; and their level of detection. Especially, the technical term "Transparency" introduced as a security property for sanitizable signature schemes has an opposite meaning in the legal context. Technically, cryptography can allow authorized changes and keep them unrecognisably hidden. Legally, keeping them invisible removes the Statutory Trust. This work shows how to gain the Statutory Trust for a chameleon hash based sanitizable signature scheme.