Klaus Stranacher et al.
4.4 Blank digital signatures by Slamanig and Hanser( 2013)
Slamanig and Hanser( 2013) proposed a new signature scheme, which bases on redactable and sanitizable signatures. They specified a message template, which is defined by an originator and describe a message containing fixed message blocks and multiple choices of message blocks, which are exchangeable. This template is signed by the originator. A proxy 5 is then able to sign an instantiation of this template, i. e. selecting concrete message blocks of the defined choices. Finally, the resulting message can be verified by a third party using the originator ' s and proxy ' s verification keys. Their proposal builds upon conventional signature schemes, elliptic curve cryptography and polynomial commitments 6.
5. Assessment
5.1 Legal and organisational assessment
In this section, we evaluate redactable and sanitizable signature schemes based on legal and organisational requirements. In order to use redactable and sanitizable signatures for ensuring trusted and reliable public sector data, all defined requirements must and can be fulfilled by the proposed signature schemes.
The European Union has published the EU Signature Directive( European Union, 1999) to define how electronic documents can achieve statutory trust within its Member States. While this directive primarily considers conventional electronic signatures, the use of redactable and sanitizable signatures compliant with this directive has been only slightly discussed so far. Höhne et al.( 2012) and Brzuska et al.( 2012), for instance, examine legal consequences of redactable and sanitizable signatures. They especially argue that redactable and sanitizable signatures are compliant to advanced electronic signatures but cannot be used for qualified electronic signatures according to the EU Signature Directive. The reason for being not compliant with qualified electronic signatures constitutes missing displaying possibilities for the signatory. According to the Signature Directive, the data to be signed must be viewable by the signatory before the signature creation process. This requirement cannot be fulfilled by redactable and sanitizable signatures as modifications of signed data are possible also after signature creation, which the signatory cannot be aware of at the time of the signature creation process regardless the signatory is able to define which message parts are able to be modified and how they can be modified. Another legal requirement to be fulfilled by the proposed signature schemes is accountability. Accountability means that redactors, who used her private keys to modify signed data, can be determined. This requirement cannot be met by all described signature schemes( see following Section 5.2).
Equal to legal requirements, several organisational requirements must be met by the proposed signature schemes in order to successfully apply redactable and sanitizable signatures to public sector or open government data. In fact, all organisational requirements identified in Section 3.2 are independent of the technical implementation of the proposed signature schemes. While some organisational requirements may be fulfilled using technical means, others require solutions on organisational level. For instance, the requirement on revoking designated redactors can be fulfilled on technical level as all of the proposed schemes rely on a public key infrastructure( PKI) and hence on existing and well‐established revocation mechanisms. However, other organisational requirements still require organisational measures. This particularly means that a fulfilment of those requirements requires e. g. some kind of contractual agreements between all involved parties. Within such agreements, especially individual responsibilities, signature validity limitations, or liability questions must be thoroughly elaborated.
5.2 Technical assessment
This sub‐section comprises the technical assessment of the examined sanitizable signature schemes according to the defined requirements in Section 3. In the following, the schemes are assessed in detail and Section 5.2.5 summarizes the findings of this technical assessment.
5 For the public sector use cases the proxy can be seen as the redactor.
6 Polynomial commitments are conventional commitments applied to polynomial functions.
513