The legal status of malleableand functional signatures in light of Regulation (EU) No 910/2014

F. W. J. van Geelkerken1,3 franciskus.vangeelkerken [at] juridicum.su.se
H. C. Pöhls2 hp [at] sec.uni-passau.de
S. Fischer-Hübner3 simone.fischer-huebner [at] kau.se
  1. Swedish Institute for legal informatics, Stockholm University, Sweden, Stockholm, Universitetsvägen 10, SE-106 91
  2. Institute for IT-Security and Security Law, Chair of IT-Security, University of Passau, Germany, Innstrasse 43, 94032 Passau
  3. HumanIT, Karlstad University, Sweden, Karlstad, Universitetsgatan 2, SE-651 88
Abstract 

In this article, we analyse the legal status of malleable- and functional signatures in light of 910/2014/EU. Both these forms of signatures possess beneficial properties which already legally acknowledged signatures do not. Namely, they allow subsequent changes by authorised parties to for instance anonymise or remove personal data from signed documents. We conclude that the legal status of both these forms of electronic signatures is – depending on cryptographic properties of the malleable- or functional signature as well as the chosen signature-scheme – similar to that of a qualified electronic signature.

References 

[1] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

[2] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (OJ 2000, L 013/12-20)

[3] D. Slamanig & D. Derler (eds.), PRISMACLOUD D4.4: Overview of Functional and Malleable Signature Schemes, 31 July 2015.

[4] H. C. Pöhls, Increasing the Legal Evidentiary Value of Private Malleable Signatures (diss.), Passau, Germany: University of Passau (forthcoming), 2016.

[5] M. Chase M., M. Kohlweiss, A. Lysyanskaya, and S. Meiklejohn, Malleable Signatures: Complex Unary Transformations and Delegatable Anonymous Credentials, Cryptology ePrint Archive, report 2013/179, 2013, p. 1.

[6] K. Miyazaki and S. Susaki and M. Iwamura and T. Matsumoto and R. Sasaki and H. Yoshiura, Digital documents sanitising problem, Techreport at IEICE, ISEC2003-20, 2003.

[7] H. Pöhls, K. Samelin, and C. Brzuska, ‘Non-Interactive Public Accountability for Sanitizable Signatures’, in Proceedings of the 9th European PKI Workshop: Research and Applications (EuroPKI), Springer, p. 178, 2012.

[8] H. de Meer, H. C. Pöhls, J. Posegga, and K. Samelin, ‘Scope of security properties of sanitizable signatures revisited’, in Proceedings of the 10th Intl. Conference on Availability, Reliability and Security (ARES), IEEE, pages 188–197, 2013.

[9] F. Höhne, H. Pöhls, and K. Samelin, ‘Rechtsfolgen editierbarer Signaturen’ in Datenschutz und Datensicherheit 2012 (7), p. 485-491. (German only)

[10] H. C. Pöhls, S. Peters, K. Samelin, J. Posegga and H. de Meer, ‘Malleable Signatures for Resource Constrained Platforms’, in Proceedings of Information Security Theory and Practice (WISTP), pages 18-33, Springer-Verlag, 2013.

[11] H. C. Pöhls and K. Samelin, ‘Accountable Redactable Signatures’ in Proc. of the 10th International Conference on Availability, Reliability and Security (ARES 2015), IEEE, 2015.