Cryptology ePrint Archive: Report 2017/268

Efficient Sanitizable Signatures without Random Oracles

Russell W. F. Lai and Tao Zhang and Sherman S. M. Chow and Dominique Schröder

Abstract: Sanitizable signatures, introduced by Ateniese et al. (ESORICS '05), allow the signer to delegate the sanitization right of signed messages. The sanitizer can modify the message and update the signature accordingly, so that the sanitized part of the message is kept private. For a stronger protection of sensitive information, it is desirable that no one can link sanitized message-signature pairs of the same document. This idea was formalized by Brzuska et al. (PKC '10) as unlinkability, which was followed up recently by Fleischhacker et al. (PKC '16). Unfortunately, the existing generic constructions of sanitizable signatures, unlinkable or not, are based on building blocks with specially crafted features of which efficient (standard model) instantiations are absent. Basing on existing primitives or a conceptually simple primitive is more desirable.

In this work, we present two such generic constructions, leading to efficient instantiations in the standard model. The first one is based on rerandomizable tagging, a new primitive which may find independent interests. It captures the core accountability mechanism of sanitizable signatures. The second one is based on accountable ring signatures (CARDIS '04, ESORICS '15). As an intermediate result, we propose the first accountable ring signature scheme in the standard model.

Category / Keywords:

Original Publication (with major differences): ESORICS 2016
DOI:
10.1007/978-3-319-45744-4_18

Date: received 23 Mar 2017, last revised 23 Mar 2017

Contact author: russell at ie cuhk edu hk

Available format(s): PDF | BibTeX Citation

Note: An extended abstract of this paper appears in ESORICS 2016. In the proceeding version, we have mistakenly removed the tag-based trapdoor functions from the re-randomizable tagging construction which was in the submission version. Some other minor mistakes have also been corrected.

Version: 20170325:202157 (All versions of this report)

Short URL: ia.cr/2017/268

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]