Almost everyone wants to know a secret. But revealing sensitive information can be tricky in a digital world, with a good chance of those details spreading online without consent.

To mitigate this, Yuliang Zheng, Ph.D., chair of the Department of Computer Science at the University of Alabama at Birmingham, came up with a solution 25 years ago: redactable digital signatures. Now, the invention is the ultimate sign of technical authority: It was published as an International Standard in cybersecurity by the International Organization for Standardization.

“Inclusion in an International Standard signifies the highest recognition of a research achievement by both academic peers and industry bodies, paving the way for broad adoption of the technology across global industries,” Zheng said. “Providing the detailed specifications and implementation information required for ISO standards takes years because it affects products and companies cannot afford any errors.”

Using redactable signatures allows users to prove that a document is legitimate and hide certain elements simultaneously. It gives designees a flexible degree of editing power to decide which elements to remove for different recipients.

Zheng equates these signatures to classified documents released during government investigations — carefully edited with black lines to preserve privacy and the identities of witnesses by obscuring certain words or phrases.

“The new standard is particularly timely, as the spread of AI-generated content makes it increasingly valuable to have a secure method of proving a digital document’s authenticity,” Zheng said.

Birth of redactable signatures

Zheng and his Ph.D. students ideated these signatures while watching a police officer holding up redacted documents during a televised press conference.

As a result, they published a research paper, “Content Extraction Signatures,” in 2001, sparking a new subfield that is still generating papers from computer science researchers.

“We opened a whole new territory of research,” Zheng said.

Now that redactable signatures are an International Standard, they are safe to use for everyone.

“Companies all over the world will use this standard when applying the technology to their products,” Zheng said. “Before it is standard, there is risk in using a technology, because other companies’ products may not be able to communicate with yours. Once it becomes part of the International Standard, people all over the world will start using it.”

Redactable digital signatures are Zheng’s second ISO standard. In 2011, his invention Signcryption, which he calls the “Swiss Army knife” of data security, was similarly codified. Signcryption combines the concepts of a digital signature, which verifies authenticity, with public key encryption for confidentiality. It provides significant savings in time and computing power to operate over other methods, which makes it a popular choice for companies in e-commerce and for cellphones. The technology is built into the iPhone’s ubiquitous Messages app, for instance — just one of many applications touching users every day.

Zheng leads the UAB Department of Computer Science to continue investing in research that translates into practical, real-world solutions.

“I have always felt that it is very important to emphasize doing research that can have a practical impact,” Zheng said. “We do highly theoretical work as well but particularly enjoy working on practical problems and providing simple, effective solutions.”