D4.4 Overview of functional and malleable signature schemes

Contributing Partners


Executive Summary 

Cloud computing is about outsourcing of storage to and processing of data at third party infrastructure. Besides many obvious bene ts, such a paradigm clearly comes with many security and privacy related problems, as cloud providers cannot be considered fully trustworthy or immune to attacks or faults. While problems related to the con dentiality of data in this setting are well recognised and already addressed today by commercial products, there are still many open problems when it comes to the integrity and authenticity of processed data (and outsourced processes in general) as well as the veri ability of data and the processing tasks. The main question in this context is how one can ensure that the cloud works as required and how we can hold the cloud accountable if this is not the case, e.g., if faults happen or if there occurs some malicious deviation from a speci ed process.
Within the Prismacloud project we are (among others) interested in designing tools that counter problems related to integrity, authenticity and veri ability in the context of cloud computing. Digital signature schemes are a well known tool for guaranteeing the aforementioned properties in practice. However, their practical application is mainly tailored towards the use with documents so far. Additionally, when considering the outsourcing of processes and their integrity, authenticity and veri ability features, conventional digital signatures are not sucient. Firstly, the document-oriented view may be too coarse grained as well as too inexpressive and more importantly the dynamicity required when processing data imposes requirements that are often diametral to conventional digital signatures. In particular, any manipulation of signed data destroys corresponding signatures and thus prevents (controlled) updates of information.
There are very promising but not yet well known variants of digital signature schemes that can help to overcome the aforementioned issues. In particular, so called functional and malleable signature schemes are the most promising ones candidates. Thereby, functional signature schemes allow to delegate signature generation for speci c types of messages to other parties. Malleable signatures allow to modify already signed messages in a controlled way and without signer-interaction (access to the secret signing key), while preserving the validity of the original signature.
The main purpose of this deliverable (D4.4) is to present the state-of-the-art of the two aforementioned classes of signature schemes.

Full Version 

Download the full version [PDF]