Photo by Lexi Coon, UAB Marketing and CommunicationsWho wants to know a secret? The answer is almost everyone. Banks request pay stubs to verify your income for a loan. A car rental company wants to see a picture of your driver’s license before they hand over the keys. Investors want to study a company’s private strategies before they put up significant funds. Colleagues would like a sneak peek at your preliminary report before you send it to senior leadership.
You are probably willing to share sensitive documents up to a point: To get a line of credit or an investment to build your startup, or the thoughts of a trusted co-worker. But do you want to reveal all the information on your license just in order to verify that you have one? Especially since, in a digital world, you know there is a good chance those details end up spreading online without your consent?
Nearly 25 years ago, Yuliang Zheng, Ph.D., chair of the Department of Computer Science in the UAB College of Arts and Sciences, came up with a solution: redactable digital signatures. With these tools, users can prove that a document is legitimate and at the same time hide certain elements. They can even give designees a flexible degree of editing power to decide which elements to remove for different recipients. It is kind of like the classified documents that are released during government investigations — carefully edited with black lines to preserve privacy and the identities of witnesses by obscuring certain words or phrases.
That is exactly where Zheng and his Ph.D. students Ron Steinfeld and Laurence Bull got the idea: while watching a police officer holding up redacted documents during a televised press conference.
Yuliang Zheng, Ph.D.Their research paper, “Content Extraction Signatures,” published in 2001, sparked a new subfield that is still generating papers from computer science researchers. “We opened a whole new territory of research,” Zheng said.
Last year, though, the invention received the ultimate sign of technical authority: It was published as an International Standard in cybersecurity by the International Organization for Standardization, specifically ISO/IEC 23264–2: 2024.
“That means that companies all over the world will use this standard when applying the technology to their products,” Zheng said. “Before it is standard, there is risk in using a technology, because other companies’ products may not be able to communicate with yours. Once it becomes part of the international standards, people all over the world will start using it.”
Zheng says the new standard is particularly timely, as the spread of AI-generated content makes it increasingly valuable to have a secure method of proving a digital document’s authenticity. “Microsoft and many other organizations are working on products in this area,” Zheng said.
A major challenge in scientific research is translating outcomes into practical solutions for real-world problems. “Funding agencies increasingly prioritize the potential real-world impact of proposals when making funding decisions,” Zheng said. “Inclusion in an international standard signifies the highest recognition of a research achievement by both academic peers and industry bodies, paving the way for broad adoption of the technology across global industries.”
Redactable digital signatures are actually Zheng’s second ISO standard. In 2011, his invention, Signcryption, was similarly codified in ISO/IEC 29150:2011. Signcryption combines the concepts of a digital signature, which verifies authenticity, with public key encryption for confidentiality. It provides a significant savings in time and computing power to operate over other methods, which makes it a popular choice for companies in e-commerce and for cellphones. The technology is built into the iPhone’s ubiquitous Messages app, for instance — just one of many applications touching users every day. Zheng calls Signcryption the “Swiss Army knife” of data security.
Providing the detailed specifications and implementation information required for ISO standards takes years. Zheng spent four years working on the Signcryption standard. His former student Ron Steinfeld, Ph.D., now a full professor at Monash University in Melbourne, Australia, has spent a similar amount of time working on the Redactable Digital Signatures standard. “It takes so long because you cannot afford any errors,” Zheng said. “It affects people’s products, and any problems would have a huge impact. It’s not lightly done.”
Still, the effort is worthwhile, Zheng says. “I have always felt that it is very important to emphasize doing research that can have a practical impact,” he explained. “I do highly theoretical work as well, but I also enjoy working on practical problems and providing simple, effective solutions.”