Blank digital signatures: Optimization and practical experiences

Abstract

Blank Digital Signatures (BDS) [18] enable an originator to delegate the signing rights for a template, containing fixed and exchangeable elements, to a proxy. The proxy is then able to choose one of the predefined values for each exchangeable element and issue a signature for such an instantiation of the template on behalf of the originator. In this paper, we propose optimizations for the BDS scheme from [18] and present a library, integrating this optimized version within the Java Cryptography Architecture and the keying material into X.509 certificates. To illustrate the flexibility of the proposed library, we introduce two proof-of-concept implementations building up on XML and PDF, respectively. Finally, we give a detailed insight in the performance of the protocol and our implementation