# On Extended Sanitizable Signature Schemes

@inproceedings{Canard2010OnES, title={On Extended Sanitizable Signature Schemes}, author={S{\'e}bastien Canard and Amandine Jambert}, booktitle={CT-RSA}, year={2010} }

Sanitizable signature schemes allow a semi-trusted entity to modify some specific portions of a signed message while keeping a valid signature of the original off-line signer. In this paper, we give a new secure sanitizable signature scheme which is, to the best of our knowledge, the most efficient construction with such a high level of security. We also enhance the Brzuska et al. model on sanitizable signature schemes by adding new features. We thus model the way to limit the set of possible…

## 60 Citations

Sanitizable Signatures Reconsidered

- Computer ScienceIEICE Trans. Fundam. Electron. Commun. Comput. Sci.
- 2011

This work presents a new approach to constructing sanitizable signatures with constant overhead for signing and verification, irrespective of the number of submessages, both in computational cost and in signature size.

Fully-Secure and Practical Sanitizable Signatures

- Computer Science, MathematicsInscrypt
- 2010

A stronger security model based on Brzuska et al.'s model and a fullysecure construction based on both BrzUSka etAl.'s and Canard et al.'s constructions are presented, much more practical than prior ones.

Sanitizable Signatures with Several Signers and Sanitizers

- Computer ScienceAFRICACRYPT
- 2012

This paper formalizes the concept of sanitizable signatures with n signers and m sanitizers, taking into account recent models (for 1 signer and 1 sanitizer) on the subject.

Provably Security Identity-based Sanitizable Signature Scheme Without Random Oracles

- Computer ScienceJ. Softw.
- 2011

This paper presents an identity-based sanitizable signature scheme without random oracles (in the standard model) using bilinear pairing and security analysis shows that the proposed scheme satisfies all the security requirements.

Scope of Security Properties of Sanitizable Signatures Revisited

- Computer Science, Mathematics2013 International Conference on Availability, Reliability and Security
- 2013

This work allows for accountability for sanitizable signatures with transparency on the block-level, and derives a provably secure construction that achieves efficient group-level non-interactive public accountability.

Efficient Sanitizable Signatures Without Random Oracles

- Computer ScienceESORICS
- 2016

Generic constructions of sanitizable signatures, unlinkable or not, are based on building blocks with specially crafted features which efficient (standard model) instantiations are absent.

Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures

- Computer ScienceACISP
- 2017

The notion of invisible sanitizable signatures that hides from an outsider which parts of a message are admissible does not consider dishonest signers, and their signer-accountability definition does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message by exploiting the malleability of the signature itself.

Stronger Security for Sanitizable Signatures

- Computer ScienceDPM/QASA@ESORICS
- 2015

This work identifies some of these use-cases, closes this gap by introducing stronger definitions, and shows how to alter an existing construction to meet the desired security level.

Efficient Unlinkable Sanitizable Signatures from Signatures with Re-randomizable Keys

- Computer Science, MathematicsPublic Key Cryptography
- 2015

This work presents the first efficient instantiation of unlinkable sanitizable signatures, based on a novel type of signature schemes with re-randomizable keys, and instantiates this generic idea with Schnorr signatures and efficient $$varSigma $$Σ-protocols, which are converted into non-interactive zero-knowledge proofs via the Fiat-Shamir transformation.

Efficient Invisible and Unlinkable Sanitizable Signatures

- Computer Science, MathematicsPublic Key Cryptography
- 2019

This work constructs (non-accountable) invisible and unlinkable sanitizable signatures from signatures on equivalence classes and other basic primitives and puts forth a generic transformation using verifiable ring signatures to turn any non- accountable sanitized signature into an accountable one while preserving all other properties.

## References

SHOWING 1-10 OF 14 REFERENCES

Sanitizable Signatures Revisited

- Computer ScienceCANS
- 2008

This paper presents the first concrete construction of sanitizable signatures which is proven secure in the standard model and summarizes different properties in the literature and gives some generic conversions between them.

TrapdoorSanitizable Signatures and Their Application to Content Protection

- Computer Science, MathematicsACNS
- 2008

This paper formally introduces trapdoor sanitizable signatures, a concept that allows a designated entity to modify some specific parts of a signed message and to produce a new signature of the resulting message without any interaction with the original signer.

Sanitizable Signatures

- Computer Science, MathematicsESORICS
- 2005

This work presents constructions for this new primitive, based on standard signature schemes and secure under common cryptographic assumptions, and provides experimental measurements for the implementation of a sanitizable signature scheme and demonstrates its practicality.

Extended Sanitizable Signatures

- Computer ScienceICISC
- 2006

This paper presents several extensions of this paradigm that make sanitizable signatures even more useful, including one that allows the censor to present only a constant number of versions of the sanitized message and another that provides so-called strong transparency.

Security of Sanitizable Signatures Revisited

- Computer SciencePublic Key Cryptography
- 2009

This work revisits the security requirements for sanitizable signatures and, for the first time, presents a comprehensive formal treatment, investigating the relationship of the properties and showing for example that unforgeability follows from accountability.

A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks

- Computer Science, MathematicsSIAM J. Comput.
- 1988

A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.

Accumulators from Bilinear Pairings and Applications

- Computer Science, MathematicsCT-RSA
- 2005

We propose a dynamic accumulator scheme from bilinear pairings and use it to construct an identity-based (ID-based) ring signature scheme with constant-size signatures and to provide membership…

Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials

- Computer Science, MathematicsCRYPTO
- 2002

This work provides a construction of a dynamic accumulator and an efficient zero-knowledge proof of knowledge of an accumulated value, and proves their security under the strong RSA assumption.

An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2008

A new dynamic accumulator scheme based on bilinear maps is proposed and shown how to apply it to the problem of revocation of anonymous credentials, believed to be the first authentication system offering privacy protection suitable for implementation with electronic tokens such as eID cards or drivers' licenses.

Advances in Cryptology — CRYPTO 2002

- Computer Science, MathematicsLecture Notes in Computer Science
- 2002

A new block cipher is defined, the BES, that uses only simple algebraic operations in GF (2) that can be regarded as being identical to the AES with a restricted message space and key space, thus enabling the AES to be realised solely using simple algebraics operations in one fieldGF (2).