Abstract: Data security issues have become a serious challenge to national economic, political, defence and cultural security. As a core technology in protecting data security, digital signatures have been widely used for the verification of data integrity and source authenticity. The security definition of conventional digital signatures is existentially unforgeable against adaptive chosen-message attacks. Although it meets the basic security requirement of data authentication, it hampers the reasonable operation of authenticated data which is desirable in many practical applications. As a type of malleable homomorphic signatures for editing, redactable signatures allow the signature holder (redactor) to delete sensitive portions of the signed data and generate a valid signature for the disclosed data without any help from the original signer. It has been a research hotspot in the field of cryptography since it was introduced in 2001. In recent years, many researchers have studied redactable signatures from the aspects of formal security definition, redaction control mechanism, computational cost and communication overhead, and there are lots of research results. However, the rapid development of network technology and its applications are putting forward new challenges to redactable signatures. This paper summarizes and analyses redactable signatures in terms of algorithm definition, security model and representative designs. Furthermore, some existing problems worthy of further study are also discussed.

Key words: redactable signatures, homomorphic signatures, digital signature, data authentication, security model