Delegatable Functional Signatures

We introduce delegatable functional signatures (DFS) which support the delegation of signingcapabilities to another party, called the evaluator, with respect to a functionality F . In a DFS,the signer of a message can choose an evaluator, specify how the evaluator can modify thesignature without voiding its validity, allow additional input and decide how the evaluator canfurther delegate its capabilities.The main contribution of this paper is twofold. First, we propose DFS, a novel cryptographicprimitive that unifies several seemingly different signature primitives, including functional sig-natures as defined by Boyle, Goldwasser, and Ivan (eprint 2013/401), sanitizable signatures,identity based signatures, and blind signatures. To achieve this unification, we present severaldefinitions of unforgeability and privacy. Finding appropriate and meaningful definitions in thiscontext is challenging due to the natural mealleability of DFS and due to the multi-party settingthat may involve malicious keys.Second, we present a complete characterization of the instantiability of DFS under commonassumptions, like the existence of one-way functions. Here, we present both positive and negativeresults. On the positive side we show that DFS not achieving our notion of privacy can beconstructed from one-way functions. Furthermore, we show that unforgerable and private DFScan be constructed from doubly enhanced trapdoor permutations. On the negative side weshow that the previous result is optimal regarding its underlying assumptions presenting animpossibility result for unforgeable private DFS from one-way permutations.