Cryptology ePrint Archive: Report 2017/445

Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures

Michael Till Beck and Jan Camenisch and David Derler and Stephan Krenn and Henrich C. Pöhls and Kai Samelin and Daniel Slamanig

Abstract: Sanitizable signatures are a variant of digital signatures where a designated party (the sanitizer) can update admissible parts of a signed message. At PKC’17, Camenisch et al. introduced the notion of invisible sanitizable signatures that hides from an outsider which parts of a message are admissible. Their security definition of invisibility, however, does not consider dishonest signers. Along the same lines, their signer-accountability definition does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message by exploiting the malleability of the signature itself. Both issues may limit the usefulness of their scheme in certain applications. We revise their definitional framework, and present a new construction eliminating these shortcomings. In contrast to Camenisch et al.’s construction, ours requires only standard building blocks instead of chameleon hashes with ephemeral trapdoors. This makes this, now even stronger, primitive more attractive for practical use. We underpin the practical efficiency of our scheme by concrete benchmarks of a prototype implementation.

Category / Keywords: Public-Key Cryptography

Original Publication (with major differences): ACISP 2017

Date: received 19 May 2017, last revised 23 May 2017

Contact author: ksa at zurich ibm com

Available format(s): PDF | BibTeX Citation

Version: 20170523:130732 (All versions of this report)

Short URL: ia.cr/2017/445

Discussion forum: Show discussion | Start new discussion