On Extended Sanitizable Signature Schemes

  title={On Extended Sanitizable Signature Schemes},
  author={S{\'e}bastien Canard and Amandine Jambert},
Sanitizable signature schemes allow a semi-trusted entity to modify some specific portions of a signed message while keeping a valid signature of the original off-line signer. In this paper, we give a new secure sanitizable signature scheme which is, to the best of our knowledge, the most efficient construction with such a high level of security. We also enhance the Brzuska et al. model on sanitizable signature schemes by adding new features. We thus model the way to limit the set of possible… 
Sanitizable Signatures Reconsidered
  • Dae Hyun Yum, P. Lee
  • Computer Science
    IEICE Trans. Fundam. Electron. Commun. Comput. Sci.
  • 2011
This work presents a new approach to constructing sanitizable signatures with constant overhead for signing and verification, irrespective of the number of submessages, both in computational cost and in signature size.
Fully-Secure and Practical Sanitizable Signatures
A stronger security model based on Brzuska et al.'s model and a fullysecure construction based on both BrzUSka etAl.'s and Canard et al.'s constructions are presented, much more practical than prior ones.
Sanitizable Signatures with Several Signers and Sanitizers
This paper formalizes the concept of sanitizable signatures with n signers and m sanitizers, taking into account recent models (for 1 signer and 1 sanitizer) on the subject.
Provably Security Identity-based Sanitizable Signature Scheme Without Random Oracles
This paper presents an identity-based sanitizable signature scheme without random oracles (in the standard model) using bilinear pairing and security analysis shows that the proposed scheme satisfies all the security requirements.
Scope of Security Properties of Sanitizable Signatures Revisited
This work allows for accountability for sanitizable signatures with transparency on the block-level, and derives a provably secure construction that achieves efficient group-level non-interactive public accountability.
Efficient Sanitizable Signatures Without Random Oracles
Generic constructions of sanitizable signatures, unlinkable or not, are based on building blocks with specially crafted features which efficient (standard model) instantiations are absent.
Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures
The notion of invisible sanitizable signatures that hides from an outsider which parts of a message are admissible does not consider dishonest signers, and their signer-accountability definition does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message by exploiting the malleability of the signature itself.
Stronger Security for Sanitizable Signatures
This work identifies some of these use-cases, closes this gap by introducing stronger definitions, and shows how to alter an existing construction to meet the desired security level.
Efficient Invisible and Unlinkable Sanitizable Signatures
This work constructs (non-accountable) invisible and unlinkable sanitizable signatures from signatures on equivalence classes and other basic primitives and puts forth a generic transformation using verifiable ring signatures to turn any non- accountable sanitized signature into an accountable one while preserving all other properties.
Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys
This work presents the first efficient construction of unlinkable sanitizable signatures based on a novel type of signature schemes with re-randomizable keys, and presents an optimized version that is more efficient than the construction suggested in the extended abstract of this work at PKC 2016.


Sanitizable Signatures Revisited
This paper presents the first concrete construction of sanitizable signatures which is proven secure in the standard model and summarizes different properties in the literature and gives some generic conversions between them.
TrapdoorSanitizable Signatures and Their Application to Content Protection
This paper formally introduces trapdoor sanitizable signatures, a concept that allows a designated entity to modify some specific parts of a signed message and to produce a new signature of the resulting message without any interaction with the original signer.
Sanitizable Signatures
This work presents constructions for this new primitive, based on standard signature schemes and secure under common cryptographic assumptions, and provides experimental measurements for the implementation of a sanitizable signature scheme and demonstrates its practicality.
Extended Sanitizable Signatures
This paper presents several extensions of this paradigm that make sanitizable signatures even more useful, including one that allows the censor to present only a constant number of versions of the sanitized message and another that provides so-called strong transparency.
Security of Sanitizable Signatures Revisited
This work revisits the security requirements for sanitizable signatures and, for the first time, presents a comprehensive formal treatment, investigating the relationship of the properties and showing for example that unforgeability follows from accountability.
A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks
A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.
Accumulators from Bilinear Pairings and Applications
  • L. Nguyen
  • Computer Science, Mathematics
  • 2005
We propose a dynamic accumulator scheme from bilinear pairings and use it to construct an identity-based (ID-based) ring signature scheme with constant-size signatures and to provide membership
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
This work provides a construction of a dynamic accumulator and an efficient zero-knowledge proof of knowledge of an accumulated value, and proves their security under the strong RSA assumption.
An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials
A new dynamic accumulator scheme based on bilinear maps is proposed and shown how to apply it to the problem of revocation of anonymous credentials, believed to be the first authentication system offering privacy protection suitable for implementation with electronic tokens such as eID cards or drivers' licenses.
Advances in Cryptology — CRYPTO 2002
  • M. Yung
  • Computer Science, Mathematics
    Lecture Notes in Computer Science
  • 2002
A new block cipher is defined, the BES, that uses only simple algebraic operations in GF (2) that can be regarded as being identical to the AES with a restricted message space and key space, thus enabling the AES to be realised solely using simple algebraics operations in one fieldGF (2).