Cryptology ePrint Archive: Report 2016/1064

Signer-Anonymous Designated-Verifier Redactable Signatures for Cloud-Based Data Sharing

David Derler and Stephan Krenn and Daniel Slamanig

Abstract: Redactable signature schemes allow to black out predefined parts of a signed message without affecting the validity of the signature, and are therefore an important building block in privacy-enhancing cryptography. However, a second look shows, that for many practical applications, they cannot be used in their vanilla form. On the one hand, already the identity of the signer may often reveal sensitive information to the receiver of a redacted message; on the other hand, if data leaks or is sold, everyone getting hold of (redacted versions of) a signed message will be convinced of its authenticity.

We overcome these issues by providing a definitional framework and practically efficient instantiations of so called signer-anonymous designated-verifier redactable signatures (AD-RS). As a byproduct we also obtain the first group redactable signatures, which may be of independent interest. AD-RS are motivated by a real world use-case in the field of health care and complement existing health information sharing platforms with additional important privacy features. Moreover, our results are not limited to the proposed application, but can also be directly applied to various other contexts such as notary authorities or e-government services.

Category / Keywords: public-key cryptography / redactable signatures, designated-verifier, group signatures, key-homomorphic signatures, data sharing, cloud computing

Original Publication (with major differences): CANS 2016

Date: received 14 Nov 2016, last revised 28 Nov 2016

Contact author: david derler at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Note: Updated Theorem 2 and Proof of Lemma 9: we strengthened the security requirement for the proof system. This greatly simplifies the security analysis and the instantiations we target satisfy this property anyway.

Version: 20161128:094751 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]