Cryptology ePrint Archive: Report 2019/410

Policy-Based Sanitizable Signatures

Kai Samelin and Daniel Slamanig

Abstract: Sanitizable signatures are a variant of signatures which allow a single, and signer-defined, sanitizer to modify signed messages in a controlled way without invalidating the respective signature. They turned out to be a versatile primitive, proven by different variants and extensions, e.g., allowing multiple sanitizers or adding new sanitizers one-by-one. However, existing constructions are very restricted regarding their flexibility in specifying potential sanitizers. We propose a different and more powerful approach: Instead of using sanitizers' public keys directly, we assign attributes to them. Sanitizing is then based on policies, i.e., access structures defined over attributes. A sanitizer can sanitize, if, and only if, it holds a secret key to attributes satisfying the policy associated to a signature, while offering full-scale accountability.

Category / Keywords: public-key cryptography / Sanitizable Signatures, Chameleon-Hashes, Digital Signatures

Original Publication (with major differences): CT-RSA 2020

Date: received 19 Apr 2019, last revised 10 Aug 2020

Contact author: kaispapers at gmail com, daniel slamanig@ait ac at

Available format(s): PDF | BibTeX Citation

Note: This updated version fixes some minor typos, fixes a problem with the relation R to provably achieve signer-accountability and strengthens the proof-soundness property.

Version: 20200810:124244 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]