Authenticated Data Redaction With Accountability and Transparency
Jinhua Ma, Xinyi Huang, Yi Mu, Robert H. Deng
Abstract
A common practice in data redaction is removing sensitive information prior to data publication or release. In data-driven applications, one must be convinced that the redacted data is still trustworthy. Meanwhile, the data redactor must be held accountable for (malicious) redaction, which could change/hide the meaning of the original data. Motivated by these concerns, we present a novel solution for authenticated data redaction based on a new Redactable Signature Scheme with Implicit Accountability (<inline-formula><tex-math notation="LaTeX">$\mathsf {RSS}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">RSS</mml:mi></mml:math><inline-graphic xlink:href="huang-ieq1-2998135.gif"/></alternatives></inline-formula>-<inline-formula><tex-math notation="LaTeX">$\mathsf {IA}$</tex-math><alternatives><mml:math><mml:mi mathvariant="sans-serif">IA</mml:mi></mml:math><inline-graphic xlink:href="huang-ieq2-2998135.gif"/></alternatives></inline-formula>). In the event of a dispute, not only the original data signer but also the redactor can generate an evidence tag to unequivocally identify the party who produced the data/signature pair. Without the evidence tag, the redaction operation is transparent. Furthermore, the redactor can independently prove the trustworthiness of the redacted data, without any interaction with the original data signer. Our design is built on a new approach which adds accountability to any transparent redactable signature schemes. We show that the proposed design satisfies all the security goals with affordable cost. As an extension, we show how to realize accountable, transparent and authenticated data redaction in the multi-redactor setting.