Klaus Stranacher et al.
as for the data, which is going to be redacted. Based on this mechanism the redactor can replace message blocks with arbitrary message blocks and the verification of the original signature will not fail. In this case it is neither possible to detect if a message has been redacted nor it is possible to detect which message blocks have been modified. Therefore the authors propose to add non‐redactable meta information after each redactable message block indicating the restriction for the message to be replaced. Obviously, this is a very inefficient solution.
Figure 2: Overview about redactable and sanitizable signature schemes
4.2 Extended sanitizable signatures by Klonowski and Lauks( 2006) Klonowski and Lauks( 2006) extended the scheme of Ateniese et al( 2005). They omitted the added meta information and extended the schema itself to allow the signatory to limit the message blocks which are modifiable by the redactor and to limit the messages which are replaced. This scheme also bases on chameleon hash‐functions. For the message replacement restrictions they propose to use accumulators 3 or bloom filters 4.
4.3 On extended sanitizable signature schemes by Canard and Jambert( 2010)
Canard and Jambert( 2010) presented a second approach to limit the modification of message blocks and the message to be replaced by the scheme itself. As for the other sanitizable signature schemes, the authors base their proposal on chameleon hash‐functions. In addition, they use pseudorandom generators and accumulators to implement the message replacement restrictions.
3 An accumulator is a one‐way hash function which satisfies a quasi‐commutative property. See Benaloh and Mare( 1994) for details.
4 Bloom filters are data structures which allow to efficient test whether an element is a member of a certain set or not. See Bloom( 1970) for details.
512