Skip to main content
SpringerLink
Log in

Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10342))

Included in the following conference series:

Abstract

Sanitizable signatures are a variant of digital signatures where a designated party (the sanitizer) can update admissible parts of a signed message. At PKC ’17, Camenisch et al. introduced the notion of invisible sanitizable signatures that hides from an outsider which parts of a message are admissible. Their security definition of invisibility, however, does not consider dishonest signers. Along the same lines, their signer-accountability definition does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message by exploiting the malleability of the signature itself. Both issues may limit the usefulness of their scheme in certain applications.

We revise their definitional framework, and present a new construction eliminating these shortcomings. In contrast to Camenisch et al.’s construction, ours requires only standard building blocks instead of chameleon hashes with ephemeral trapdoors. This makes this, now even stronger, primitive more attractive for practical use. We underpin the practical efficiency of our scheme by concrete benchmarks of a prototype implementation.

The full version of this paper is available at the IACR Cryptology ePrint Archive. J. Camenisch and K. Samelin were supported by the EU ERC Percy, grant agreement 32131. D. Derler, S. Krenn, H. C. Pöhls and D. Slamanig were supported by EU H2020 project Prismacloud: This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement 644962.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Their idea dates back to the original paper by Ateniese et al. [2], which name this property “strong transparency” (cf. Pöhls et al. for a discussion [41]). However, they neither provide a formal definition nor a provably secure construction.

  2. 2.

    The randomness r is also sometimes called “check value” [3].

  3. 3.

    Which, in turn, is based on prior work [8, 30, 36].

References

  1. Ahn, J.H., Boneh, D., Camenisch, J., Hohenberger, S., shelat, A., Waters, B.: Computing on authenticated data. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 1–20. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28914-9_1

    Chapter  Google Scholar 

  2. Ateniese, G., Chou, D.H., Medeiros, B., Tsudik, G.: Sanitizable signatures. In: Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005). doi:10.1007/11555827_10

    Chapter  Google Scholar 

  3. Ateniese, G., Magri, B., Venturi, D., Andrade, E.R.: Redactable blockchain - or - rewriting history in bitcoin and friends. IACR Cryptology ePrint Archive 2016, 757 (2016)

    Google Scholar 

  4. Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-rsa-inversion problems and the security of chaum’s blind signature scheme. J. Cryptol. 16(3), 185–215 (2003). doi:10.1007/s00145-002-0120-1

    Article  MathSciNet  MATH  Google Scholar 

  5. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS, pp. 62–73 (1993)

    Google Scholar 

  6. Bilzhause, A., Huber, M., Pöhls, H.C., Samelin, K.: Cryptographically enforced four-eyes principle. In: ARES, pp. 760–767 (2016)

    Google Scholar 

  7. Brzuska, C., et al.: Redactable signatures for tree-structured data: definitions and constructions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 87–104. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13708-2_6

    Chapter  Google Scholar 

  8. Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., Volk, F.: Security of sanitizable signatures revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00468-1_18

    Chapter  Google Scholar 

  9. Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Sanitizable signatures: how to partially delegate control for authenticated data. In: BIOSIG, pp. 117–128 (2009)

    Google Scholar 

  10. Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Unlinkability of sanitizable signatures. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 444–461. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13013-7_26

    Chapter  Google Scholar 

  11. Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40012-4_12

    Chapter  Google Scholar 

  12. Brzuska, C., Pöhls, H.C., Samelin, K.: Efficient and perfectly unlinkable sanitizable signatures without group signatures. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 12–30. Springer, Heidelberg (2014). doi:10.1007/978-3-642-53997-8_2

    Chapter  Google Scholar 

  13. Camenisch, J., Derler, D., Krenn, S., Pöhls, H.C., Samelin, K., Slamanig, D.: Chameleon-hashes with ephemeral trapdoors and applications to invisible sanitizable signatures. IACR Cryptology ePrint Archive 2017, 11 (2017)

    Google Scholar 

  14. Camenisch, J., Lehmann, A., Neven, G., Samelin, K.: Virtual smart cards: how to sign with a password and a server. In: Zikas, V., Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 353–371. Springer, Cham (2016). doi:10.1007/978-3-319-44618-9_19

    Google Scholar 

  15. Canard, S., Jambert, A.: On extended sanitizable signature schemes. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 179–194. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11925-5_13

    Chapter  Google Scholar 

  16. Canard, S., Jambert, A., Lescuyer, R.: Sanitizable signatures with several signers and sanitizers. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 35–52. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31410-0_3

    Chapter  Google Scholar 

  17. Canard, S., Laguillaumie, F., Milhau, M.: Trapdoor sanitizable signatures and their application to content protection. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 258–276. Springer, Heidelberg (2008). doi:10.1007/978-3-540-68914-0_16

    Chapter  Google Scholar 

  18. Canard, S., Lescuyer, R.: Protecting privacy by sanitizing personal data: a new approach to anonymous credentials. In: ASIACCS, pp. 381–392 (2013)

    Google Scholar 

  19. Damgård, I., Haagh, H., Orlandi, C.: Access control encryption: enforcing information flow with cryptography. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 547–576. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53644-5_21

    Chapter  Google Scholar 

  20. Demirel, D., Derler, D., Hanser, C., Pöhls, H.C., Slamanig, D., Traverso, G.: PRISMACLOUD D4.4: overview of functional and malleable signature schemes. Technical report, H2020 Prismacloud (2015). www.prismacloud.eu

  21. Derler, D., Hanser, C., Slamanig, D.: Blank digital signatures: optimization and practical experiences. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity 2014. IAICT, vol. 457, pp. 201–215. Springer, Cham (2015). doi:10.1007/978-3-319-18621-4_14

    Chapter  Google Scholar 

  22. Derler, D., Pöhls, H.C., Samelin, K., Slamanig, D.: A general framework for redactable signatures and new constructions. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 3–19. Springer, Cham (2016). doi:10.1007/978-3-319-30840-1_1

    Chapter  Google Scholar 

  23. Derler, D., Slamanig, D.: Rethinking privacy for extended sanitizable signatures and a black-box construction of strongly private schemes. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 455–474. Springer, Cham (2015). doi:10.1007/978-3-319-26059-4_25

    Google Scholar 

  24. Ejgenberg, Y., Farbstein, M., Levy, M., Lindell, Y.: SCAPI: the secure computation application programming interface. IACR Cryptology ePrint Archive 2012, 629 (2012)

    Google Scholar 

  25. Fehr, V., Fischlin, M.: Sanitizable signcryption: sanitization over encrypted data (full version). IACR Cryptology ePrint Archive, Report 2015/765 (2015)

    Google Scholar 

  26. Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schröder, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 301–330. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49384-7_12

    Chapter  Google Scholar 

  27. Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schröder, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 301–330. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49384-7_12

    Chapter  Google Scholar 

  28. Ghosh, E., Goodrich, M.T., Ohrimenko, O., Tamassia, R.: Fully-dynamic verifiable zero-knowledge order queries for network data. ePrint 2015, 283 (2015)

    Google Scholar 

  29. Ghosh, E., Ohrimenko, O., Tamassia, R.: Zero-Knowledge authenticated order queries and order statistics on a list. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 149–171. Springer, Cham (2015). doi:10.1007/978-3-319-28166-7_8

    Chapter  Google Scholar 

  30. Gong, J., Qian, H., Zhou, Y.: Fully-secure and practical sanitizable signatures. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 300–317. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21518-6_21

    Chapter  Google Scholar 

  31. Hanser, C., Slamanig, D.: Blank digital signatures. In: ASIACCS, pp. 95–106 (2013)

    Google Scholar 

  32. Höhne, F., Pöhls, H.C., Samelin, K.: Rechtsfolgen editierbarer signaturen. Datenschutz und Datensicherheit 36(7), 485–491 (2012). doi:10.1007/s11623-012-0165-8

    Article  Google Scholar 

  33. Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 244–262. Springer, Heidelberg (2002). doi:10.1007/3-540-45760-7_17

    Chapter  Google Scholar 

  34. Klonowski, M., Lauks, A.: Extended sanitizable signatures. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 343–355. Springer, Heidelberg (2006). doi:10.1007/11927587_28

    Chapter  Google Scholar 

  35. Krenn, S., Samelin, K., Sommer, D.: Stronger security for sanitizable signatures. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2015. LNCS, vol. 9481, pp. 100–117. Springer, Cham (2016). doi:10.1007/978-3-319-29883-2_7

    Chapter  Google Scholar 

  36. de Meer, H., Pöhls, H.C., Posegga, J., Samelin, K.: Scope of security properties of sanitizable signatures revisited. In: ARES, pp. 188–197 (2013)

    Google Scholar 

  37. de Meer, H., Pöhls, H.C., Posegga, J., Samelin, K.: On the relation between redactable and sanitizable signature schemes. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS 2014. LNCS, vol. 8364, pp. 113–130. Springer, Cham (2014). doi:10.1007/978-3-319-04897-0_8

    Chapter  Google Scholar 

  38. Miyazaki, K., Hanaoka, G., Imai, H.: Invisibly sanitizable digital signature scheme. IEICE Trans. 91–A(1), 392–402 (2008)

    Article  Google Scholar 

  39. Pöhls, H.C., Peters, S., Samelin, K., Posegga, J., Meer, H.: Malleable signatures for resource constrained platforms. In: Cavallaro, L., Gollmann, D. (eds.) WISTP 2013. LNCS, vol. 7886, pp. 18–33. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38530-8_2

    Chapter  Google Scholar 

  40. Pöhls, H.C., Samelin, K.: Accountable redactable signatures. In: ARES, pp. 60–69 (2015)

    Google Scholar 

  41. Pöhls, H.C., Samelin, K., Posegga, J.: Sanitizable signatures in XML signature — performance, mixing properties, and revisiting the property of transparency. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 166–182. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21554-4_10

    Chapter  Google Scholar 

  42. Samelin, K., Pöhls, H.C., Bilzhause, A., Posegga, J., Meer, H.: Redactable signatures for independent removal of structure and content. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 17–33. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29101-2_2

    Chapter  Google Scholar 

  43. Steinfeld, R., Bull, L., Zheng, Y.: Content extraction signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285–304. Springer, Heidelberg (2002). doi:10.1007/3-540-45861-1_22

    Chapter  Google Scholar 

  44. Yum, D.H., Seo, J.W., Lee, P.J.: Trapdoor sanitizable signatures made easy. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 53–68. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13708-2_4

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ludwig-Maximilians-Universität München, Munich, Germany

    Michael Till Beck

  2. IBM Research – Zurich, Rüschlikon, Switzerland

    Jan Camenisch & Kai Samelin

  3. IAIK, Graz University of Technology, Graz, Austria

    David Derler & Daniel Slamanig

  4. AIT Austrian Institute of Technology GmbH, Vienna, Austria

    Stephan Krenn

  5. ISL and Chair of IT-Security, University of Passau, Passau, Germany

    Henrich C. Pöhls

  6. TU Darmstadt, Darmstadt, Germany

    Kai Samelin

Authors
  1. Michael Till Beck
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Camenisch
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Derler
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stephan Krenn
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Henrich C. Pöhls
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Kai Samelin
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Daniel Slamanig
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jan Camenisch .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Josef Pieprzyk

  2. Queensland University of Technology, Brisbane, Queensland, Australia

    Suriadi Suriadi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Beck, M.T. et al. (2017). Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10342. Springer, Cham. https://doi.org/10.1007/978-3-319-60055-0_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60055-0_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60054-3

  • Online ISBN: 978-3-319-60055-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation