Advertisement

Efficient Invisible and Unlinkable Sanitizable Signatures

  • Xavier BultelEmail author
  • Pascal Lafourcade
  • Russell W. F. Lai
  • Giulio Malavolta
  • Dominique Schröder
  • Sri Aravinda Krishnan Thyagarajan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11442)

Abstract

Sanitizable signatures allow designated parties (the sanitizers) to apply arbitrary modifications to some restricted parts of signed messages. A secure scheme should not only be unforgeable, but also protect privacy and hold both the signer and the sanitizer accountable. Two important security properties that are seemingly difficult to achieve simultaneously and efficiently are invisibility and unlinkability. While invisibility ensures that the admissible modifications are hidden from external parties, unlinkability says that sanitized signatures cannot be linked to their sources. Achieving both properties simultaneously is crucial for applications where sensitive personal data is signed with respect to data-dependent admissible modifications. The existence of an efficient construction achieving both properties was recently posed as an open question by Camenisch et al. (PKC’17). In this work, we propose a solution to this problem with a two-step construction. First, we construct (non-accountable) invisible and unlinkable sanitizable signatures from signatures on equivalence classes and other basic primitives. Second, we put forth a generic transformation using verifiable ring signatures to turn any non-accountable sanitizable signature into an accountable one while preserving all other properties. When instantiating in the generic group and random oracle model, the efficiency of our construction is comparable to that of prior constructions, while providing stronger security guarantees.

Notes

Acknowledgments

This work is a result of the collaborative research project PROMISE (16KIS0763) by the German Federal Ministry of Education and Research (BMBF). FAU authors were also supported by the German research foundation (DFG) through the collaborative research center 1223, and by the state of Bavaria at the Nuremberg Campus of Technology (NCT). NCT is a research cooperation between the Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) and the Technische Hochschule Nürnberg Georg Simon Ohm (THN).

References

  1. 1.
    Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable signatures. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005).  https://doi.org/10.1007/11555827_10CrossRefGoogle Scholar
  2. 2.
    Beck, M.T., et al.: Practical strongly invisible and strongly accountable sanitizable signatures. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017, Part I. LNCS, vol. 10342, pp. 437–452. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-60055-0_23CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_14CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_30CrossRefGoogle Scholar
  5. 5.
    Brzuska, C., et al.: Redactable signatures for tree-structured data: definitions and constructions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 87–104. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13708-2_6CrossRefGoogle Scholar
  6. 6.
    Brzuska, C., et al.: Security of sanitizable signatures revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00468-1_18CrossRefGoogle Scholar
  7. 7.
    Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Unlinkability of sanitizable signatures. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 444–461. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13013-7_26CrossRefGoogle Scholar
  8. 8.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40012-4_12CrossRefzbMATHGoogle Scholar
  9. 9.
    Bultel, X., Lafourcade, P.: Unlinkable and strongly accountable sanitizable signatures from verifiable ring signatures. In: Capkun, S., Chow, S.S.M. (eds.) CANS 2017. LNCS, vol. 11261, pp. 203–226. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-02641-7_10CrossRefGoogle Scholar
  10. 10.
    Camenisch, J., Derler, D., Krenn, S., Pöhls, H.C., Samelin, K., Slamanig, D.: Chameleon-hashes with ephemeral trapdoors. In: Fehr, S. (ed.) PKC 2017, Part II. LNCS, vol. 10175, pp. 152–182. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54388-7_6CrossRefGoogle Scholar
  11. 11.
    Canard, S., Jambert, A.: On extended sanitizable signature schemes. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 179–194. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-11925-5_13CrossRefGoogle Scholar
  12. 12.
    Canard, S., Jambert, A., Lescuyer, R.: Sanitizable signatures with several signers and sanitizers. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 35–52. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-31410-0_3CrossRefGoogle Scholar
  13. 13.
    Derler, D., Pöhls, H.C., Samelin, K., Slamanig, D.: A general framework for redactable signatures and new constructions. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 3–19. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-30840-1_1CrossRefzbMATHGoogle Scholar
  14. 14.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  15. 15.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985).  https://doi.org/10.1007/3-540-39568-7_2CrossRefGoogle Scholar
  16. 16.
    Fischlin, M., Harasser, P.: Invisible sanitizable signatures and public-key encryption are equivalent. Cryptology ePrint Archive, Report 2018/337 (2018). https://eprint.iacr.org/2018/337
  17. 17.
    Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schröder, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016, Part I. LNCS, vol. 9614, pp. 301–330. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49384-7_12CrossRefGoogle Scholar
  18. 18.
    Franklin, M., Zhang, H.: A framework for unique ring signatures. Cryptology ePrint Archive, Report 2012/577 (2012). http://eprint.iacr.org/2012/577
  19. 19.
    Fuchsbauer, G., Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and constant-size anonymous credentials, February 2018Google Scholar
  20. 20.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Fujisaki, E., Suzuki, K.: Traceable ring signature. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 181–200. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-71677-8_13CrossRefGoogle Scholar
  22. 22.
    Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 491–511. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_26CrossRefGoogle Scholar
  23. 23.
    Johnson, R., Walsh, L., Lamb, M.: Homomorphic signatures for digital photographs. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 141–157. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-27576-0_12CrossRefGoogle Scholar
  24. 24.
    Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 244–262. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45760-7_17CrossRefGoogle Scholar
  25. 25.
    Krenn, S., Samelin, K., Sommer, D.: Stronger security for sanitizable signatures. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA-2015. LNCS, vol. 9481, pp. 100–117. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-29883-2_7CrossRefGoogle Scholar
  26. 26.
    Lai, R.W.F., Zhang, T., Chow, S.S.M., Schröder, D.: Efficient sanitizable signatures without random oracles. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part I. LNCS, vol. 9878, pp. 363–380. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45744-4_18CrossRefGoogle Scholar
  27. 27.
    Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups (extended abstract). In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-27800-9_28CrossRefGoogle Scholar
  28. 28.
    Lu, J., Wang, X.: Verifiable ring signature (2003)Google Scholar
  29. 29.
    Miyazaki, K., Hanaoka, G., Imai, H.: Invisibly sanitizable digital signature scheme. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 91, 392–402 (2008)CrossRefGoogle Scholar
  30. 30.
    Okamoto, T., Tada, M., Okamoto, E.: Extended proxy signatures for smart cards. In: Mambo, M., Zheng, Y. (eds.) ISW 1999. LNCS, vol. 1729, pp. 247–258. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-47790-X_21CrossRefGoogle Scholar
  31. 31.
    Pöhls, H.C., Samelin, K.: On updatable redactable signatures. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 457–475. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-07536-5_27CrossRefGoogle Scholar
  32. 32.
    Shim, K.-A.: An identity-based proxy signature scheme from pairings. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 60–71. Springer, Heidelberg (2006).  https://doi.org/10.1007/11935308_5CrossRefGoogle Scholar
  33. 33.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-69053-0_18CrossRefGoogle Scholar
  34. 34.
    Wang, H., Pieprzyk, J.: Efficient one-time proxy signatures. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 507–522. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-40061-5_32CrossRefGoogle Scholar
  35. 35.
    Xu, S., Yung, M.: Accountable ring signatures: a smart card approach. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications VI. IFIPAICT, vol. 153, pp. 271–286. Springer, Boston (2004).  https://doi.org/10.1007/1-4020-8147-2_18CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Xavier Bultel
    • 1
    Email author
  • Pascal Lafourcade
    • 2
  • Russell W. F. Lai
    • 3
  • Giulio Malavolta
    • 3
  • Dominique Schröder
    • 3
  • Sri Aravinda Krishnan Thyagarajan
    • 3
  1. 1.Univ Rennes, CNRS, IRISARennesFrance
  2. 2.University Clermont Auvergne, LIMOSClermont-FerrandFrance
  3. 3.Friedrich-Alexander University Erlangen-NürnbergErlangenGermany

Personalised recommendations