Policy-Based Sanitizable Signatures

  • Kai SamelinEmail author
  • Daniel Slamanig
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12006)


Sanitizable signatures are a variant of signatures which allow a single, and signer-defined, sanitizer to modify signed messages in a controlled way without invalidating the respective signature. They turned out to be a versatile primitive, proven by different variants and extensions, e.g., allowing multiple sanitizers or adding new sanitizers one- by-one. However, existing constructions are very restricted regarding their flexibility in specifying potential sanitizers. We propose a different and more powerful approach: Instead of using sanitizers’ public keys directly, we assign attributes to them. Sanitizing is then based on policies, i.e., access structures defined over attributes. A sanitizer can sanitize, if, and only if, it holds a secret key to attributes satisfying the policy associated to a signature, while offering full-scale accountability.


  1. [ABC+15]
    Ahn, J.H., et al.: Computing on authenticated data. J. Cryptol. 28, 2 (2015). Scholar
  2. [ABM15]
    Abdalla, M., Benhamouda, F., MacKenzie, P.: Security of the J-PAKE password-authenticated key exchange protocol. In: 2015 IEEE Symposium on Security and Privacy (SP 2015), pp. 571–587 (2015)Google Scholar
  3. [ACdMT05]
    Ateniese, G., et al.: Sanitizable signatures. ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005). Scholar
  4. [ADK+13]
    Abe, M., et al.: Tagged one-time signatures: tight security and optimal tag size. PKC 2013. LNCS, vol. 7778, pp. 312–331. Springer, Heidelberg (2013). Scholar
  5. [AdM04]
    Ateniese, G., de Medeiros, B.: On the key exposure problem in chameleon hashes. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 165–179. Springer, Heidelberg (2005). Scholar
  6. [AFG+10]
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010). Scholar
  7. [AMVA17]
    Ateniese, G., Magri, B., Venturi, D., Andrade, E.R..: Redactable blockchain - or - rewriting history in bitcoin and friends. In: EuroS&P, pp. 111–126 (2017)Google Scholar
  8. [BCD+17]
    Beck, M.T., et al.: Practical strongly invisible and strongly accountable sanitizable signatures. ACISP 2017. LNCS, vol. 10342, pp. 437–452. Springer, Cham (2017). Scholar
  9. [BFF+09]
    Brzuska, C., et al.: Security of sanitizable signatures revisited. PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009). Scholar
  10. [BFKW09]
    Boneh, D., et al.: Signing a linear subspace: signature schemes for network coding. PKC 2009. LNCS, vol. 5443, pp. 68–87. Springer, Heidelberg (2009). Scholar
  11. [BFLS09]
    Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D..: Santizable signatures: how to partially delegate control for authenticated data. In: BIOSIG, pp. 117–128 (2009)Google Scholar
  12. [BFLS10]
    Brzuska, C., et al.: Unlinkability of sanitizable signatures. PKC 2010. LNCS, vol. 6056, pp. 444–461. Springer, Heidelberg (2010). Scholar
  13. [BL17]
    Bultel, X., Lafourcade, P.: Unlinkable and strongly accountable sanitizable signatures from verifiable ring signatures. In: Capkun, S., Chow, S.S.M. (eds.) CANS 2017. LNCS, vol. 11261, pp. 203–226. Springer, Cham (2018). Scholar
  14. [BLL+19]
    Bultel, X., et al.: Efficient invisible and unlinkable sanitizable signatures. PKC 2019, Part 1. LNCS, vol. 11442, pp. 159–189. Springer, Cham (2019).
  15. [BNPS03]
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptol. 16(3), 185–215 (2003). Scholar
  16. [BPS12]
    Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013). Scholar
  17. [BPS13]
    Brzuska, C., Pöhls, H.C., Samelin, K.: Efficient and perfectly unlinkable sanitizable signatures without group signatures. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 12–30. Springer, Heidelberg (2014). Scholar
  18. [BPS17]
    Bilzhause, A., Pöhls, H.C., Samelin, K.: Position paper: the past, present, and future of sanitizable and redactable signatures. In: Ares, pp. 87:1–87:9 (2017)Google Scholar
  19. [BR93]
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS, 62–73 (1993)Google Scholar
  20. [BSW07]
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334 (2007)Google Scholar
  21. [BSZ05]
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005). Scholar
  22. [CDK+17]
    Camenisch, J., et al.: Chameleon-hashes with ephemeral trapdoors - and applications to invisible sanitizable signatures. In: PKC, Part II (2017).
  23. [CJ10]
    Canard, S., Jambert, A.: On extended sanitizable signature schemes. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 179–194. Springer, Heidelberg (2010). Scholar
  24. [CJL12]
    Canard, S., Jambert, A., Lescuyer, R.: Sanitizable signatures with several signers and sanitizers. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 35–52. Springer, Heidelberg (2012). Scholar
  25. [CLM08]
    Canard, S., et al.: Trapdoor sanitizable signatures and their application to content protection. ACNS 2008. LNCS, vol. 5037, pp. 258–276. Springer, Heidelberg (2008). Scholar
  26. [CS97]
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997). Scholar
  27. [CS98]
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). Scholar
  28. [CvH91]
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). Scholar
  29. [DDH+15]
    Demirel, D., et al.: PRISMACLOUD D4.4: overview of functional and malleable signature schemes. Technical report, H2020 Prismacloud (2015).
  30. [DHLW10]
    Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Efficient public-key cryptography in the presence of key leakage. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 613–631. Springer, Heidelberg (2010). Scholar
  31. [dMPPS14]
    De Meer, H., et al.: On the relation between redactable and sanitizable signature schemes. ESSoS 2014. LNCS, vol. 8364, pp. 113–130. Springer, Cham (2014). Scholar
  32. [DPSS15]
    Derler, D., et al.: A general framework for redactable signatures and new constructions. ICISC 2015. LNCS, vol. 9558, pp. 3–19. Springer, Cham (2016). Scholar
  33. [DS15]
    Derler, D., Slamanig, D.: Rethinking privacy for extended sanitizable signatures and a black-box construction of strongly private schemes. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 455–474. Springer, Cham (2015). Scholar
  34. [DS19]
    Derler, D., Slamanig, D.: Key-homomorphic signatures: definitions and applications to multiparty signatures and non-interactive zero-knowledge. Des. Codes Cryptogr. 87(6), 1373–1413 (2019). Scholar
  35. [DSSS19]
    Derler, D., Samelin, K., Slamanig, D., Striecks, C.: Fine-grained and controlled rewriting in blockchains: chameleon-hashing gone attribute-based. In: NDSS (2019)Google Scholar
  36. [FF15]
    Fehr, V., Fischlin, M.: Sanitizable signcryption: sanitization over encrypted data (full version) (2015, ePrint)Google Scholar
  37. [FH18]
    Fischlin, M., Harasser, P.: Invisible sanitizable signatures and public-key encryption are equivalent. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 202–220. Springer, Cham (2018). Scholar
  38. [FKM+16]
    Fleischhacker, N., et al.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. PKC 2016. LNCS, vol. 9614, pp. 301–330. Springer, Heidelberg (2016). Scholar
  39. [FKMV12]
    Faust, S., et al.: On the non-malleability of the Fiat-Shamir transform. INDOCRYPT 2012. LNCS, vol. 7668, pp. 60–79. Springer, Heidelberg (2012). Scholar
  40. [GGOT16]
    Ghosh, E., et al.: Verifiable zero-knowledge order queries and updates for fully dynamic lists and trees. SCN 2016. LNCS, vol. 9841, pp. 216–236. Springer, Cham (2016). Scholar
  41. [GQZ10]
    gong, J., et al.: Fully-secure and practical sanitizable signatures. Inscrypt 2010. LNCS, vol. 6584, pp. 300–317. Springer, Heidelberg (2011). Scholar
  42. [Gro06]
    Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444–459. Springer, Heidelberg (2006). Scholar
  43. [Gro15]
    Groth, J.: Efficient fully structure-preserving signatures for large messages. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 239–259. Springer, Heidelberg (2015). Scholar
  44. [JMSW02]
    Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 244–262. Springer, Heidelberg (2002). Scholar
  45. [KPSS18a]
    Krenn, S., et al.: Chameleon-hashes with dual long-term trapdoors and their applications. AFRICACRYPT 2018. LNCS, vol. 10831, pp. 11–32. Springer, Cham (2018). Scholar
  46. [KPSS18b]
    Krenn, S., et al.: Protean signature schemes. CANS 2018. LNCS, vol. 11124, pp. 256–276. Springer, Cham (2018). Scholar
  47. [KPSS19]
    Krenn, S., Pöhls, H.C., Samelin, K., Slamanig, D.: Fully invisible protean signatures schemes (2019, ePrint)Google Scholar
  48. [KR00]
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS, pp. 143–154 (2000)Google Scholar
  49. [KSS15]
    Krenn, S., Samelin, K., Sommer, D.: Stronger security for sanitizable signatures. In: DPM/QASA, pp. 100–117 (2015).
  50. [LDW13]
    Lai, J., Ding, X., Wu, Y.: Accountable trapdoor sanitizable signatures. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 117–131. Springer, Heidelberg (2013). Scholar
  51. [LOS+10]
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). Scholar
  52. [SBZ01]
    Steinfeld, R., Bull, L., Zheng, Y.: Content extraction signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285–304. Springer, Heidelberg (2002). Scholar
  53. [SSE+12]
    Sakai, Y., et al.: On the security of dynamic group signatures: preventing signature hijacking. PKC 2012. LNCS, vol. 7293, pp. 715–732. Springer, Heidelberg (2012). Scholar
  54. [YAHK11]
    Yamada, S., et al.: Generic constructions for chosen-ciphertext secure attribute based encryption. PKC 2011. LNCS, vol. 6571, pp. 71–89. Springer, Heidelberg (2011). Scholar
  55. [YSL10]
    Yum, D.H., Seo, J.W., Lee, P.J.: Trapdoor sanitizable signatures made easy. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 53–68. Springer, Heidelberg (2010). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.TÜV Rheinland i-sec GmbHHallbergmoosGermany
  2. 2.AIT Austrian Institute of TechnologyViennaAustria

Personalised recommendations