Cryptology ePrint Archive: Report 2019/648

Efficient Invisible and Unlinkable Sanitizable Signatures

Xavier Bultel and Pascal Lafourcade and Russell W. F. Lai and Giulio Malavolta and Dominique Schröder and Sri Aravinda Krishnan Thyagarajan

Abstract: Sanitizable signatures allow designated parties (the sanitizers) to apply arbitrary modifications to some restricted parts of signed messages. A secure scheme should not only be unforgeable, but also protect privacy and hold both the signer and the sanitizer accountable. Two important security properties that are seemingly difficult to achieve simultaneously and efficiently are invisibility and unlinkability. While invisibility ensures that the admissible modifications are hidden from external parties, unlinkability says that sanitized signatures cannot be linked to their sources. Achieving both properties simultaneously is crucial for applications where sensitive personal data is signed with respect to data-dependent admissible modifications. The existence of an efficient construction achieving both properties was recently posed as an open question by Camenisch et al. (PKC’17). In this work, we propose a solution to this problem with a two-step construction. First, we construct (non-accountable) invisible and unlinkable sanitizable signatures from signatures on equivalence classes and other basic primitives. Second, we put forth a generic transformation using verifiable ring signatures to turn any non-accountable sanitizable signature into an accountable one while preserving all other properties. When instantiating in the generic group and random oracle model, the efficiency of our construction is comparable to that of prior constructions, while providing stronger security guarantees.

Category / Keywords: public-key cryptography /

Original Publication (with minor differences): IACR-PKC-2019

Date: received 3 Jun 2019

Contact author: xavier bultel at uca fr,pascal lafourcade@uca fr,russell lai@cs fau de,giulio malavolta@hotmail it,dominique schroeder@fau de,sri aravinda krishnan thyagarajan@cs fau de

Available format(s): PDF | BibTeX Citation

Version: 20190604:070753 (All versions of this report)

Short URL: ia.cr/2019/648


[ Cryptology ePrint archive ]