1 digitally signed document sanitizing scheme based on bilinear maps kunihiko miyazaki, goichiro...
TRANSCRIPT
1
Digitally Signed Document Sanitizing Scheme Based on Bilinear Maps
Kunihiko Miyazaki , Goichiro Hanaoka , Hideki ImaiASIACCS’06, March 21–24, 2006, Taipei, Taiwan
Adviser: 鄭錦楸 , 郭文中 教授 Reporter: 林彥宏
2
Outline
IntroductionPreliminariesDigitally signed Document Sanitizing Scheme Based on Bilinear MapsModifications and ExtensionsConclusions
3
Introduction
protect documents from alteration by malicious attackersdigital document sanitizing problemcurrent digital signature schemes cannot assure both the confidentiality and integrity of a document
4
Introduction
Content extraction signatureR. Steinfeld, L. Bull, and Y. Zheng. ; ICISC 2001, volume 2288 of LNCSextracted signature on selected portions extracted from the original documents
Sanitizable signatureG. Ateniese, D. H. Chou, B. de Medeiros, and G. Tsudik ;ESORICS 2005, volume 3679 of LNCSuses the chameleon hash function instead of an usual hash function
5
Introduction
Digitally Signed Document Sanitizing Scheme with Disclosure Condition Control
K. Miyazaki, M. Iwamura, T. Matsumoto, R. Sasaki, H. Yoshiura, S. Tezuka, and H. Imai ; IEICE Fundamentals, Vol. E88-A, No.1, 2005SUMI-5, that protects documents from additional sanitizingthree disclosure conditions:
1. Sanitized2. disclosed and additional sanitizing is allowed3. disclosed and additional sanitizing is prohibited
6
Motivation of Work
sanitizing should be invisibleno one should be able to determine whether or not the disclosed document has been sanitized
7
Our Contribution
propose a digitally signed document invisible sanitizing scheme with disclosure condition controlSUMI-5, disclosure condition:
Sanitized: sanitized document that consists of only the legitimate mask datadisclosed and additional sanitizing is allowed: both the original document and the legitimate mask datadisclosed and additional sanitizing is prohibited: only the original document
8
Our Contribution
legitimate mask data can be used to count up how many masks appear in a sanitized documentAggregate and Verifiably Encrypted Signatures from Bilinear Maps
D. Boneh, C. Gentry, B. Lynn, and H. Shacham ; In Eurocrypt 2003, volume 2656 of LNCSallow to aggregate all of the individual signatures into one aggregate signaturehelpful to hide the number of sanitized portion of the document
9
Preliminaries
Security Definition: proposed scheme has the following three properties
Privacy: verifier is difficult to retrieve sanitized information about subdocuments of the documentUnforgeability: It is difficult for everyone to generate a signed and sanitized document that has not been signed beforeInvisibility: verifier is difficult to know how many and whether the document has been sanitized
niiM 1 ][ tssubdocumen ofset unorder of consists
, Mdocument original
10
Aggregate Signature
scheme based on bilinear maps
T
T
GGGee
ggG G
GG , gg
p , G , GG
21
1221
2121
21
: map atenondegenerbilinear computable a is
)( with tofrom misomorphis computable a is
and of generatorsly respective are
order prime of groups cyclic tivemultiplica are
abba , gge , gge
Za , b
)()( 2121
11
Aggregate Signature
Key Generation:
Signing:
Verification:
PPR
x
ZZx
Gvgv
x, iskey secret
, iskey public suser' 22
1
*
is signature the
; )(
1 , 0 message a
Gσ
hσMHh
Mx
validityis signature the)()( if ; )(
) ( receiveverifier
2 h , veσ , geMHh
v , M , σ
12
Aggregate Signature
Aggregation:
Aggregate Verification:1
1
1
, signature aggregatecomputer
signature a provides user each
to1 from ranging index user
Gσσ
GσUu
Uki
k
ii
ii
k
iiiii
i
ii
, vheσ , geUkiMHh
M
, vσ , M
12 )()( ifaccept and ,1for )(computer 2.
otherwisereject and distinct, all are message that theensure 1.
)(
),(...),(),(),(...),(),(
),(...),(),(),...(),...(
221122221
22221221221
21
2121
kkx
kxx
xk
xxxk
xxk
vhevhevheghegheghe
gheghegheghhhegek
kk
13
Digitally signed Document Sanitizing Scheme Based on Bilinear Maps
(SANI)
(DASP)
(DASA)
14
Detailed Description of Scheme
Key Generation:
Signing:
xgvx 2 iskey public and iskey private ssigner'
][||:][~
, :]0[~
)(IDDocument :number random
)1( ][t subdocumen
iMDIDiMDIDM
DID
niiM
n
ii
xiii
σ
hσiMhh
0
: signature aggregatecomputer
then , ])[~
(
) , , , ][~
(Output
)1( setscondition disclosure
ii
i
CiM
niDASAC
15
Detailed Description of Scheme
Sanitizing:
documentinput from remove :""condition if-
doucmentinput from and , ][~
remove
then, :""condition if-
DASA
, ][t subdoucmeneach toconditions disclosure assignssanitizer
)][~
( receivessanitizer
i
DASP
C σiM
SANI
C
iM
, C , σ, σ iM
ii
i
i
ii
)1( , ,
where)0(][~
document signed sanitizedoutput
niCσ
n nni iM
ii
16
Detailed Description of Scheme
Verification:
DASAC where v), h e()g , (
)()( , ])[~
(
0][~
in toequal are s all
ii2
02
i
n
iii
e
, vheσ , geiMHh
MDIDDID
17
Security Analysis
Indistinguishable: no information about sanitized portions of the document remains in the sanitized documentUnforgeable: attacker cannot forge a signature for a document M that has not been signed beforePerfectly Invisible: attacker cannot distinguish the input document is signed and sanitized
18
Modifications and Extensions
Binding Subdocuments:ensure a subsequent sanitizer cannot sanitize two individually but can both be sanitized togetherassign another condition “bound” to any two subdocument
Multiple Signers:sanitizer can merge documents signed by different signers into a document
jijiji DASACCjMiM , , such that ][ ],[
19
Modifications and Extensions
20
Conclusions
Sanitizer can hide the number of sanitized portions.
Assign a different disclosure condition for each portion of the document.
Their scheme is suitable for application for log files archiving.