Paper 2021/1170

Downgradable Identity-Based Signatures and Trapdoor Sanitizable Signatures from Downgradable Affine MACs

Masahito Ishizaka and Shinsaku Kiyomoto


Affine message authentication code (AMAC) (CRYPTO'14) is a group-based MAC with a specific algebraic structure. Downgradable AMAC (DAMAC) (CT-RSA'19) is an AMAC with a functionality that we can downgrade a message with an authentication tag while retaining validity of the tag. In this paper, we revisit DAMAC for two independent applications, namely downgradable identity-based signatures (DIBS) and trapdoor sanitizable signatures (TSS) (ACNS'08). DIBS are the digital signature analogue of downgradable identity-based encryption (CT-RSA'19), which allow us to downgrade an identity associated with a secret-key. In TSS, an entity given a trapdoor for a signed-message can partially modify the message while keeping validity of the signature. We show that DIBS can be generically constructed from DAMAC, and DIBS can be transformed into (wildcarded) hierarchical/wicked IBS. We also show that TSS can be generically constructed from DIBS. By instantiating them, we obtain the first wildcarded hierarchical/wicked IBS and the first invisible and/or unlinkable TSS. Moreover, we prove that DIBS are equivalent to not only TSS, but also their naive combination, named downgradable identity-based trapdoor sanitizable signatures.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
Downgradable Identity-Based SignaturesTrapdoor Sanitizable Signatures(Wildcarded) HierarchicalWicked Identity-Based Signatures
Contact author(s)
ma-ishizaka @ kddi-research jp
2021-09-14: received
Short URL
Creative Commons Attribution


      author = {Masahito Ishizaka and Shinsaku Kiyomoto},
      title = {Downgradable Identity-Based Signatures and Trapdoor Sanitizable Signatures from Downgradable Affine MACs},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1170},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.