3 research outputs found
Accountable Trapdoor Sanitizable Signatures
Abstract. Sanitizable signature (SS) allows a signer to partly delegate signing rights to a predeter-mined party, called sanitizer, who can later modify certain designated parts of a message originally signed by the signer and generate a new signature on the sanitized message without interacting with the signer. One of the important security requirements of sanitizable signatures is accountability, which allows the signer to prove, in case of dispute, to a third party that a message was modified by the sanitizer. Trapdoor sanitizable signature (TSS) enables a signer of a message to delegate the power of sanitization to any parties at anytime but at the expense of losing the accountability property. In this paper, we introduce the notion of accountable trapdoor sanitizable signature (ATSS) which lies between SS and TSS. As a building block for constructing ATSS, we also introduce the notion of accountable chameleon hash (ACH), which is an extension of chameleon hash (CH) and might be of independent interest. We propose a concrete construction of ACH and show how to use it to construct an ATSS scheme
Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures
Sanitizable signatures are a variant of digital signatures where a designated party (the sanitizer) can
update admissible parts of a signed message. At PKC’17, Camenisch et al. introduced the notion of invisible
sanitizable signatures that hides from an outsider which parts of a message are admissible. Their security definition of
invisibility, however, does not consider dishonest signers. Along the same lines, their signer-accountability definition
does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message
by exploiting the malleability of the signature itself. Both issues may limit the usefulness of their scheme in certain
applications.
We revise their definitional framework, and present a new construction eliminating these shortcomings. In contrast
to Camenisch et al.’s construction, ours requires only standard building blocks instead of chameleon hashes with
ephemeral trapdoors. This makes this, now even stronger, primitive more attractive for practical use. We underpin
the practical efficiency of our scheme by concrete benchmarks of a prototype implementation