The tag of a file is generated by the user's private key, which includes the file data, the file identifier and other contents. Is there any signature algorithm that can modify the file identifier information and regenerate the file signature under the original user's private key without disturbing the user? I've seen Sanitizable signatures before, but this approach produces signatures that don't change numerically, which is not what I want.
Asked
Active
Viewed 27 times
0
-
The construction $\operatorname{Sign}(\mathsf{Priv},(\mathsf{data},\mathsf{id},\mathsf{other}))=\operatorname{Sign-Ed25519}(\mathsf{Priv},\operatorname{size}(\mathsf{data})|\mathsf{data}|\mathsf{other})\mathbin|\mathsf{id}$ seems to ticks all the question's goals. Notice that changing $\mathsf{id}$ is possible without the private key, and changes the signature. If that construction is not acceptable, please edit the question to define the goals more precisely. – fgrieu Jan 08 '24 at 14:33