### Short Redactable Signatures Using Random Trees

Ee-Chien Chang, Chee Liang Lim, and Jia Xu

##### Abstract

A redactable signature scheme for a string of objects supports verification even if multiple substrings are removed from the original string. It is important that the redacted string and its signature do not reveal anything about the content of the removed substrings. Existing schemes completely or partially leak a piece of information: the lengths of the removed substrings. Such length information could be crucial for many applications, especially when the removed substring has low entropy. We propose a scheme that can hide the length. Our scheme consists of two components. The first component $\mathcal{H}$, which is a collision resistant'' hash, maps a string to an unordered set, whereby existing schemes on unordered sets can then be applied. However, a sequence of random numbers has to be explicitly stored and thus it produces a large signature of size at least $(m k)$-bits where $m$ is the number of objects and $k$ is the size of a key sufficiently large for cryptographic operations. The second component uses RGGM tree, a variant of GGM tree, to generate the pseudo random numbers from a short seed, expected to be of size $O(k+ tk\log m)$ where $t$ is the number of removed substrings. Unlike GGM tree, the structure of the proposed RGGM tree is random. By an intriguing statistical property of the random tree, the redacted tree does not reveal the lengths of the substrings removed. The hash function $\mathcal{H}$ and the RGGM tree can be of independent interests.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. CT-RSA 2009
Keywords
Redactable SignaturePrivacyRandom tree
Contact author(s)
xujia @ comp nus edu sg
History
2009-05-26: last of 4 revisions
See all versions
Short URL
https://ia.cr/2009/025

CC BY

BibTeX

@misc{cryptoeprint:2009/025,
author = {Ee-Chien Chang and Chee Liang Lim and Jia Xu},
title = {Short Redactable  Signatures  Using Random Trees},
howpublished = {Cryptology ePrint Archive, Paper 2009/025},
year = {2009},
note = {\url{https://eprint.iacr.org/2009/025}},
url = {https://eprint.iacr.org/2009/025}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.