标准摘要
[中文适用范围]: 本文件规定了用于编辑真实数据的加密机制。本文件中描述的机制提供了 ISO/IEC 23264-1 中定义和描述的安全属性的不同组合。对于所有机制,本文件描述了密钥生成、生成可编辑证明、执行编辑和验证可编辑证明的过程。本文件包含基于非对称加密的机制,使用三种相关转换: — 由验证密钥定义的公共转换(用于验证可编辑证明的验证过程), — 由私有证明密钥定义的私有转换(用于生成可编辑证明的可编辑证明过程),以及 — 由编辑密钥定义的第三种转换(编辑过程),允许在生成证明期间规定的约束范围内编辑真实信息,使得编辑后的信息无法重建。本文件包含的机制在成功编辑后允许使用验证转换对证明进行验证,并证明已证明消息的未编辑字段未被修改。本文档进一步详细说明了这三种转换具有这样的特性:在给定编辑和/或验证转换和密钥的情况下,从计算上不可能导出私有证明转换。 [外文原描述]: This document specifies cryptographic mechanisms to redact authentic data. The mechanisms described in this document offer different combinations of the security properties defined and described in ISO/IEC 23264-1. For all mechanisms, this document describes the processes for key generation, generating the redactable attestation, carrying out redactions and verifying redactable attestations. This document contains mechanisms that are based on asymmetric cryptography using three related transformations: ¾ a public transformation defined by a verification key (verification process for verifying a redactable attestation), ¾ a private transformation defined by a private attestation key (redactable attestation process for generating a redactable attestation), and ¾ a third transformation defined by the redaction key (redaction process) allowing to redact authentic information within the constraints set forth during generation of the attestation such that redacted information cannot be reconstructed. This document contains mechanisms which, after a successful redaction, allow the attestation to remain verifiable using the verification transformation and attest that non-redacted fields of the attested message are unmodified. This document further details that the three transformations have the property whereby it is computationally infeasible to derive the private attestation transformation, given the redaction and or the verification transformation and key(s).
英文名称Information security - Redaction of authentic data - Part 2: Redactable signature schemes based on asymmetric mechanisms