scope:

This document specifies cryptographic mechanisms to redact authentic data. The mechanisms described in this document offer different combinations of the security properties defined and described in ISO/IEC 23264-1. For all mechanisms this document describes the processes for key generation, generating the redactable attestation, carrying out redactions and verifying redactable attestations. All mechanisms described in this document are based on asymmetric cryptography, a cryptographic technique that uses in this case three related transformations: a public transformation defined by a verification key (verification process for verifying a redactable attestation) and a private transformation defined by a private attestation key (redactable attestation process for generating a redactable attestation). Additionally a third transformation defined by the redaction key (redaction process) allows to redact authentic information within the constraints set forth during generation of the attestation such that redacted information shall not be reconstructed. After a successful redaction the attestation itself remains verifiable using the verification transformation and allows to attest that non-redacted fields of the attested message are unmodified. As required for any asymmetric cryptography mechanism, the three transformations have the property that, given the redaction and or the verification transformation and key(s), it is computationally infeasible to derive the private attestation transformation.