Inside stage two of Natalie Chan’s redactable signature research project
When Natalie Chan began exploring redactable digital signatures, she was grappling with a deceptively simple question: how do you prove a document is authentic when parts of it need to be hidden — and when future quantum computers may one day try to break that proof?
Senetas has been proud to support Natalie Chan, a recent Monash University Honours graduate in Computer Science and participant in the CSIRO Next Generation Graduates Program.
With a focus on Quantum-Resistant Cryptography, her research explored how to safeguard digital assets using redactable signature schemes (RSSs). Her resulting paper advanced to the second round submissions for this year’s Public Key Cryptography (PKC) conference – a significant achievement – although it was ultimately not accepted. The experience, however, sharpened and validated the work.
Why redactable signatures matter
Imagine a doctor signs a detailed medical report that includes both clinical details and highly personal notes. Later, the patient wants to share the report with an insurer, but only after hiding some sensitive information. Today, you have two poor options: edit the document and lose the original doctor’s signature or ask the doctor to re-sign each version you need.
With a redactable signature, you have a third, slightly improved option: the doctor signs once, marks which sections may be hidden and, later, an authorised party can black out those sections while still ending up with a verifiable, valid signature on the edited document.
A verifier can check that:
- The visible parts really did come from the original signer
- Only allowed sections were removed
- Nothing else was altered.
This concept is increasingly relevant in areas like medical records, legal filings, compliance archives and emerging content provenance standards.
When today’s signatures won’t survive tomorrow – the need for a post-quantum redactable signature
The problem is that many of today’s digital signatures face trade-offs. For example, some lattice‑based redactable schemes — attractive because of their post quantum security properties — come with very large keys and bulky signatures. In practice, that can mean megabytes of data, high memory usage and limited real world practicality.
Other elegant and compact schemes rely on classical number theoretic assumptions that large scale quantum computers are expected to weaken. For documents that must remain trustworthy for decades, this creates a long term risk.
In a post-quantum world, weakened signatures could undermine:
- Long‑term document authenticity (think contracts, medical records, legal filings, etc.)
- Content provenance standards like C2PA, which aim to prove where media came from and how it was edited
- Organisational trust in records that must remain verifiable well into the future.
Addressing the challenge
Stage one of Chan’s research explored current post-quantum RSS resistant tools that have been standardised recently – and their potential for future development.
Stage two saw her looking at one approach leveraging RedModFalcon.
RedModFalcon builds on the ModFalcon and FN DSA frameworks — lattice based constructions aligned with the broader movement toward NIST standardised post quantum cryptography. The goal was ambitious: design a quantum safe redactable signature scheme that remains compact and efficient enough to be practical.
RedModFalcon uses lattice‑based maths that are believed to resist known quantum attacks, aligning with NIST’s push towards quantum‑safe standards.
“Not many lattice-based redactable signatures are available today, and my aim was to create one that was as small and efficient as possible, while maintaining the high security of the design it had been based on,” says Chan.
This was possibly the most challenging part of the project. “To ensure high security, I had to make sure my design followed previously secure design approaches – for example, for random number generators.”
Firm foundations for future development
The evaluation focused on a few key performance indicators (KPIs) including the size of full signatures against redacted signatures to quantitatively determine the signature size and bandwidth efficiency. The time required to redact a portion of the signature and successfully verify it was also quantified as an additional efficiency and scalability measurement.
Concrete parameter estimates and comparisons with existing lattice based schemes suggest that, in theory, RedModFalcon offers significantly more compact bandwidth and storage characteristics than earlier approaches. The work also aimed to demonstrate unforgeability, correctness and privacy under adaptive attack models.
Chan is clear that the research is not a finished product. Further work — including alternative lattice constructions or sampling techniques — may shrink keys and signatures even further or reduce signer overhead. Nonetheless, the project represents a meaningful step toward a practical, quantum safe blueprint for redactable signatures that could one day support long term authenticity and provenance requirements.
Everyone at Senetas wishes Natalie well in her next challenge: a new engineering role with the Australian Energy Market Operator (AEMO), the independent organisation that manages Australia’s electricity and gas systems.
About Senetas and the CSIRO Next Generation Graduates Program
Managed by CSIRO’s Data61, the Next Generation Graduates Program embodies a multidisciplinary ethos — bringing together students, researchers, and industry leaders to advance innovation in AI, quantum technology, and cryptographic research.
Its mission — fostering entrepreneurial thinking and driving industry-led projects — aligns perfectly with Senetas’ commitment to innovation and real-world impact.
By investing in the next generation of talent and pushing the boundaries of cryptographic research, Senetas and its partners are helping to address today’s challenges and lay the foundations for a secure and resilient digital future.
