Cryptology ePrint Archive: Report 2015/1059

A General Framework for Redactable Signatures and New Constructions

David Derler and Henrich C. Pöhls and Kai Samelin and Daniel Slamanig

Abstract: A redactable signature scheme (RSS) allows removing parts of a signed message by any party without invalidating the respective signature. State-of-the-art constructions thereby focus on messages represented by one specific data structure, e.g., lists, sets or trees, and adjust the security model accordingly. To overcome the necessity for this myriad of models, we present a general framework covering arbitrary data-structures and even more sophisticated possibilities. For example, we cover fixed elements which must not be redactable and dependencies between elements. Moreover, we introduce the notion of designated redactors, i.e., the signer can give some extra information to selected entities which become redactors. In practice, this often allows to obtain more efficient schemes. We then present two RSSs; one for sets and one for lists, both constructed from any EUF-CMA secure signature scheme and indistinguishable cryptographic accumulators in a black-box way and show how the concept of designated redactors can be used to increase the efficiency of these schemes. Finally, we present a black-box construction of a designated redactor RSS by combining an RSS for sets with non-interactive zero knowledge proof systems. All the three constructions presented in this paper provide transparency, which is an important property, but quite hard to achieve, as we also conceal the length of the original message and the positions of the redactions.

Category / Keywords: cryptographic protocols / redactable signatures, designated redactors, privacy, transparency, generalized security model, black-box constructions

Original Publication (with minor differences): ICISC 2015

Date: received 30 Oct 2015, last revised 9 Mar 2016

Contact author: david derler at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Note: Added missing abort condition in privacy definition.

Version: 20160309:142135 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]