Efficient Unlinkable Sanitizable Signatures from Signatures with Re-randomizable Keys

  • Nils Fleischhacker
  • Johannes Krupp
  • Giulio Malavolta
  • Jonas Schneider
  • Dominique Schröder
  • Mark Simkin
Conference paper

DOI: 10.1007/978-3-662-49384-7_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9614)
Cite this paper as:
Fleischhacker N., Krupp J., Malavolta G., Schneider J., Schröder D., Simkin M. (2016) Efficient Unlinkable Sanitizable Signatures from Signatures with Re-randomizable Keys. In: Cheng CM., Chung KM., Persiano G., Yang BY. (eds) Public-Key Cryptography – PKC 2016. Lecture Notes in Computer Science, vol 9614. Springer, Berlin, Heidelberg

Abstract

In a sanitizable signature scheme the signer allows a designated third party, called the sanitizer, to modify certain parts of the message and adapt the signature accordingly. Ateniese et al. (ESORICS 2005) introduced this primitive and proposed five security properties which were formalized by Brzuska et al. (PKC 2009). Subsequently, Brzuska et al. (PKC 2010) suggested an additional security notion, called unlinkability which says that one cannot link sanitized message-signature pairs of the same document. Moreover, the authors gave a generic construction based on group signatures that have a certain structure. However, the special structure required from the group signature scheme only allows for inefficient instantiations.

Here, we present the first efficient instantiation of unlinkable sanitizable signatures. Our construction is based on a novel type of signature schemes with re-randomizable keys. Intuitively, this property allows to re-randomize both the signing and the verification key separately but consistently. This allows us to sign the message with a re-randomized key and to prove in zero-knowledge that the derived key originates from either the signer or the sanitizer. We instantiate this generic idea with Schnorr signatures and efficient \(\varSigma \)-protocols, which we convert into non-interactive zero-knowledge proofs via the Fiat-Shamir transformation. Our construction is at least one order of magnitude faster than instantiating the generic scheme of Brzuska et al. with the most efficient group signature schemes.

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Nils Fleischhacker
    • 1
  • Johannes Krupp
    • 1
  • Giulio Malavolta
    • 1
  • Jonas Schneider
    • 1
  • Dominique Schröder
    • 1
  • Mark Simkin
    • 1
  1. 1.CISPASaarland UniversitySaarbrückenGermany

Personalised recommendations