Security of Sanitizable Signatures Revisited

Sanitizable signature schemes, as defined by Ateniese et al. (ESORICS 2005), allow a signer to partly delegate signing rights to another party, called the sanitizer. That is, the sanitizer is able to modify a predetermined part of the original message such that the integrity and authenticity of the unchanged part is still verifiable. Ateniese et al. identify five security requirements for such schemes (unforgeability, immutability, privacy, transparency and accountability) but do not provide formal specifications for these properties. They also present a scheme that is supposed to satisfy these requirements.

Here we revisit the security requirements for sanitizable signatures and, for the first time, present a comprehensive formal treatment. Besides a full characterization of the requirements we also investigate the relationship of the properties, showing for example that unforgeability follows from accountability. We then provide a full security proof for a modification of the original scheme according to our model.

BibTeX

@inproceedings{BrzFisFreLehPagSchVol09,
  author = {Brzuska, Christina and Fischlin, Marc
  and Freudenreich, Tobias and Lehmann, Anja
  and Page, Marcus and Schelbert, Jakob
  and Schr\"{o}der, Dominique and Volk, Florian},
  title = {Security of Sanitizable Signatures Revisited},
  booktitle = {Irvine: Proceedings of the 12th International
  Conference on Practice and Theory
  in Public Key Cryptography},
  year = {2009},
  isbn = {978-3-642-00467-4},
  pages = {317--336},
  location = {CA},
  doi = {http://dx.doi.org/10.1007/978-3-642-00468-1_18},
  publisher = {Springer-Verlag},
  address = {Berlin, Heidelberg}
}