Content Extraction Signatures

1
Content Extraction Signatures

• Authored By
• Ron Steinfeld, Laurence Bull, Yuliang Zheng
• Publication
• Volume 2288, Issue, pp 0285 - Lecture Notes in
• Computer Science
• Presented By
• Marques J. Kirsch (5/13/2002)

2
Overview

• Introduction
• Background
• Definitions
• Requirements
• Proposed CES Schemes
• Related work
• Conclusion

3
Introduction

• Definition
• CES Allows for a receiver of the original
  document to extract portions of the document and
  still leave the signature valid for future users.
• Goals
• Ensure authenticity and integrity
• Keep overhead to a minimum

4
Background

• The need
• Electronic documents are becoming more prevalent
• Taxing for originator to develop custom reports
• Aids in reusability
• Faster transmission of information

5
Definitions

• Terminology
• Message
• Extraction Set
• Extracted Mess. M X applied to M
• Clear Set Cl(M) Set of non-clear mi
• Example

6
Definitions

• Example

7
Definitions

• KeyGen(k)
• Returns a secret/public key pair (SK/PK)
• Sign(SK, M, CEAS)
• Returns full signature ( )
• Extract(M, PK, X, )
• Returns output extracted ( )
• Verify(M, PK, )
• Return except or deny

8
Requirements

• Extraction
• Anyone can do it
• No signer intervention
• Efficiency
• Better than multiple signature algorithm
• Reduce overhead in all transmission
• Iterative Extraction
• Should be repeatable

9
Requirements

• Security
• Unforgeable (CES vs. standard)
• Content Extraction Access Structure (CEAS)
• Privacy
• Signature can not tip off contents
• Example
• After X is applied the transmission of M1 is
  indistinguishable from M2

10
Proposed CES Schemes

• CommitVector
• Cryptographic primitives
• Standard signature algorithm (unforgeable)
• Committing algorithm
• Commit submessages
• Pass commitments of unextracted portions with
  signatures

11
Proposed CES Schemes

• CommitVector (contd)

12
Proposed CES Schemes

• Scheme Hashtree
• Similar to Commitvector
• Hash mi and make it a leaf
• Build the tree up from the leafs
• Root will be the hash of the whole message
• Replace consecutives hashed mi with highest
  common parent

13
Proposed CES Schemes

• Hashtree advantages
• While size of n-m (m X) stays the same, the
  proportional signature length goes down
• Hashtree disadvantages
• Computation of hash tree is costly in computation
  time

14
Proposed CES Schemes

• RSAProd
• Based on
• Sign Original signature is n x signature length
• Extract CES is
• Verify Hash received message, multiply and
  compare

15
Proposed CES Schemes

• RSAProd advantages
• Conforms with current encryption methods
• Verification is fast as a consequence to the
  extraction step
• CES is same length as normal signature
• RSAProd disadvantage
• Original signature is costly and large

16
Related Work

• Secure Electronic Transaction
• More specific signer does extraction
• XML-Signature
• Objects act as submessages
• Documents are not self-contained

17
Conclusion

• Need exists
• Several algorithms already
• Room for improvement