| Data security issues have become a serious challenge to national economic,polit-ical,defence,and cultural security.As a core technology in protecting data security,digital signatures have been widely used for the verification of data integrity and source authenticity.The security definition of conventional digital signatures is ex-istentially unforgeable against adaptive chosen-message attacks.Although it meets the basic security requirements of data authentication,it hampers the reasonable operation of authenticated data which is desirable in many practical applications.As a type of malleable digital signatures for editing,redactable signatures allow the signature holder(redactor)to delete portions of the signed data and generate a valid signature for the remained data without any help from the original signer.Featured with the functionality of authenticated data redaction,redactable signatures have shown a wide applicability in electronic health records systems,social networks,smart grids,etc.It has been a research hotspot in the field of cryptography since it was intro-duced in 2001,and there are lots of significant research results.However,most of existing redactable signature schemes do not take into account malicious deletion problem.Redactors may abuse redaction function and maliciously delete some data portions,leading to the information change of original data.To solve the malicious deletion problem of redactable signatures,this paper studies redactable signatures for set data from aspects of redaction content control and redactor control,meeting the practical needs of applications such as electronic health records.This paper proposes the following innovative schemes:Firstly,this paper studies redactable signatures with fine-grained and monotone redaction control.The first generic model of redactable signature schemes with fine-grained and monotone redaction control(RSS-MRC)is presented,which redaction rule supportsandlogic operations of data blocks.The redactor only can generate a valid signature for the data satisfying the monotone redaction rule specified by the signer.The security model is formally defined.The first concrete design of RSS-MRC is presented by using monotone span programs and linear secret sharing schemes,etc.The security proof ensures that the proposed design satisfies unforgeability,privacy and transparency.The comparison analysis results show that the presented design can effectively achieve the fine-grained and monotone redaction control,which provides an effective solution to the malicious deletion problem of redactable signatures.Secondly,this paper studies redactable signatures with fine-grained and non-monotone redaction control to further enrich the redaction rule.Firstly,the first generic model of redactable signature schemes with fine-grained and non-monotone redaction control(RSS-NMRC)is presented,which redaction rule supports,andlogic operations of data blocks.Then,two concrete designs of RSS-NMRC are presented,RSS-NMRC1and RSS-NMRC2,by using bloom filters and accumulators,etc.The security proof ensures that RSS-NMRC1satisfies unforgeabil-ity and privacy,and RSS-NMRC2satisfies unforgeability,privacy and transparency.The comparison analysis results show that the presented schemes can effectively achieve the fine-grained and non-monotone redaction control,which provide anoth-er two effective solutions to the malicious deletion problem of redactable signatures.Finally,this paper studies redactable signatures with redactor control.Firstly,the first generic model of redactable signature schemes with implicit accountability(RSS-IA)is presented.The evidence tag can be generated by multi-parties,i.e.,not only the signer but also the redactor(s)can independently generate the evidence tag to trace the responsible party.The security requirements of RSS-IA are for-mally defined,including unforgeability,privacy,transparency,signer accountability,redactor accountability,and collision-resistance accountability.Then,two concrete generic designs,RSS-IA1and RSS-IA2,which can add implicit accountability to any redactable signature schemes with transparency,are presented.The hardness of discrete logarithm problem,computational Diffie-Hellman problem and decisional Diffie-Hellman problem ensures the proposed schemes satisfy all the security require-ments of RSS-IA.The simulation results show that the proposed generic designs are effective and practical in achieving accountable and transparent authenticated data redaction.The implementation of this function costs 0.0323 s computation time.The proposed designs provide new solutions to the malicious deletion problem of redactable signatures.The research results of this paper enrich the redaction rule of redactable sig-natures,strengthen the accountability of redactable signatures,and improve the practicability of redactable signatures.This paper presents several effective solu-tions to the malicious deletion problem of redactable signatures. |
PDF Full Text Request