A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
One-way accumulators: a decentralized alternative to digital signatures
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Proxy signatures for delegating signing operation
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
A Digital Signature Based on a Conventional Encryption Function
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Proxy signatures secure against proxy key exposure
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Secure Proxy Signature Schemes for Delegation of Signing Rights
Journal of Cryptology
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Extended sanitizable signatures
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
On extended sanitizable signature schemes
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Hi-index | 0.00 |
In this paper we present a novel type of digital signatures, which we call blank digital signatures. The basic idea behind this scheme is that an originator can define and sign a message template, describing fixed parts of a message as well as multiple choices for exchangeable parts of a message. One may think of a form with blank fields, where for such fields the originator specifies all the allowed strings to choose from. Then, a proxy is given the power to sign an instantiation of the template signed by the originator by using some secret information. By an instantiation, the proxy commits to one allowed choice per blank field in the template. The resulting message signature can be publicly verified under the originator's and the proxy's signature verification keys. Thereby, no verifying party except the originator and the proxy learn anything about the "unused" choices from the message template given a message signature. Consequently, the template is hidden from verifiers. We discuss several applications, provide a formal definition of blank digital signature schemes and introduce a security model. Furthermore, we provide an efficient construction of such a blank digital signature scheme from any secure digital signature scheme, pairing-friendly elliptic curves and polynomial commitments, which we prove secure in our model. We also provide a detailed efficiency analysis of our proposed construction supporting its practicality. Finally, we outline several open issues and extensions for future work.