Paper 2017/445

Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures

Michael Till Beck, Jan Camenisch, David Derler, Stephan Krenn, Henrich C. Pöhls, Kai Samelin, and Daniel Slamanig


Sanitizable signatures are a variant of digital signatures where a designated party (the sanitizer) can update admissible parts of a signed message. At PKC’17, Camenisch et al. introduced the notion of invisible sanitizable signatures that hides from an outsider which parts of a message are admissible. Their security definition of invisibility, however, does not consider dishonest signers. Along the same lines, their signer-accountability definition does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message by exploiting the malleability of the signature itself. Both issues may limit the usefulness of their scheme in certain applications. We revise their definitional framework, and present a new construction eliminating these shortcomings. In contrast to Camenisch et al.’s construction, ours requires only standard building blocks instead of chameleon hashes with ephemeral trapdoors. This makes this, now even stronger, primitive more attractive for practical use. We underpin the practical efficiency of our scheme by concrete benchmarks of a prototype implementation.

Note: Fixed a detail in the transparency definition and added page numbers.

Available format(s)
Publication info
Published elsewhere. Major revision. ACISP
Public-Key Cryptography
Contact author(s)
ksa @ zurich ibm com
2017-12-13: revised
2017-05-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Michael Till Beck and Jan Camenisch and David Derler and Stephan Krenn and Henrich C.  Pöhls and Kai Samelin and Daniel Slamanig},
      title = {Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2017/445},
      year = {2017},
      doi = {10.1007/978-3-319-60055-0_23},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.