Paper 2019/410

Policy-Based Sanitizable Signatures

Kai Samelin and Daniel Slamanig


Sanitizable signatures are a variant of signatures which allow a single, and signer-defined, sanitizer to modify signed messages in a controlled way without invalidating the respective signature. They turned out to be a versatile primitive, proven by different variants and extensions, e.g., allowing multiple sanitizers or adding new sanitizers one-by-one. However, existing constructions are very restricted regarding their flexibility in specifying potential sanitizers. We propose a different and more powerful approach: Instead of using sanitizers' public keys directly, we assign attributes to them. Sanitizing is then based on policies, i.e., access structures defined over attributes. A sanitizer can sanitize, if, and only if, it holds a secret key to attributes satisfying the policy associated to a signature, while offering full-scale accountability.

Note: This updated version fixes some minor typos, fixes a problem with the relation R to provably achieve signer-accountability and strengthens the proof-soundness property.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Major revision. CT-RSA 2020
Sanitizable SignaturesChameleon-HashesDigital Signatures
Contact author(s)
kaispapers @ gmail com
daniel slamanig @ ait ac at
2020-08-10: last of 3 revisions
2019-04-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kai Samelin and Daniel Slamanig},
      title = {Policy-Based Sanitizable Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2019/410},
      year = {2019},
      doi = {10.1007/978-3-030-40186-3_23},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.