Redactable Signatures: A Game-Changer for Secure Data Sharing
A new technology for redacting digitally signed documents has been adopted as an international standard. Developed jointly by Hitachi and the National Institute of Advanced Industrial Science and Technology (AIST) in Japan, this "redactable signature" technology has been approved by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
The technology, now part of the ISO/IEC 23264-2 standard, addresses a crucial challenge in the digital age: how to partially disclose documents while still ensuring their authenticity. This is particularly important for industries such as pharmaceuticals and finance, where data integrity is paramount, but privacy concerns often necessitate redaction.
The newly standardized schemes allow signers to pre-designate certain parts of a document as redactable when creating it. When the document is released, these sections can be easily hidden or removed without invalidating the original digital signature. This process preserves the document's authenticity while protecting sensitive information.
Two specific schemes developed by Hitachi and AIST have been included in the standard:
- MHI06: This scheme allows for merging multiple signed documents and hiding information in redacted fields. It's particularly useful when the scope of disclosure needs to be adjusted dynamically based on privacy policies.
- MIMSYTI05: Compatible with various digital signing methods, including quantum-safe signatures, this scheme can detect whether a document has been redacted.
Implications for Data Security
Dr. Masayuki Abe, a lead researcher at Hitachi, explained the significance: "This technology bridges the gap between privacy protection and data authenticity. It's a crucial step towards a safer data-utilization society."
The adoption of this standard is expected to streamline the process of releasing public documents and enhance data security across various sectors. It could prove especially valuable in scenarios where partial disclosure is necessary, such as in response to freedom of information requests or during legal proceedings.
Both Hitachi and AIST have expressed their commitment to further developing cryptographic technologies. They aim to implement these advancements in products and services, contributing to the realization of a secure digital society.
The technology is set to be implemented in the coming months, with both public and private sector entities showing keen interest in its potential applications.
https://www.aist.go.jp/index_en.html