Sanitizable Signatures

  • Giuseppe Ateniese
  • Daniel H. Chou
  • Breno de Medeiros
  • Gene Tsudik
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3679)


We introduce the notion of sanitizable signatures that offer many attractive security features for certain current and emerging applications. A sanitizable signature allows authorized semi-trusted censors to modify – in a limited and controlled fashion – parts of a signed message without interacting with the original signer. We present constructions for this new primitive, based on standard signature schemes and secure under common cryptographic assumptions. We also provide experimental measurements for the implementation of a sanitizable signature scheme and demonstrate its practicality.


Signature Scheme Dynamic Source Route Protected Health Information Note Comp Message Block 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ateniese, G., de Medeiros, B.: On the key exposure problem in chameleon hashes. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 165–179. Springer, Heidelberg (2005), Full version: Cryptology ePrint Archive, Report 2004/243
  2. 2.
    Ateniese, G., de Medeiros, B.: Identity-based chameleon hash and applications. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 164–180. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography: The case of hashing and signing. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography with application to virus protection. In: Proc. of the Twenty-Seventh Annual ACM Symposium on Theory of Computing (FOCS 1995), pp. 45–56. ACM Press, New York (1995)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Micciancio, D.: A new paradigm for collision-free hashing: Incrementality at reduced cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Neven, G.: Transitive signatures based on factoring and RSA. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 397–414. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: PSS: Provably secure encoding method for digital signature. IEEE P1363a: Provably secure signatures (1998),
  8. 8.
    Bishop, M., Bhumiratana, B., Crawford, R., Levitt, K.: How to Sanitize Data. In: Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE-2004), Modena, Italy, pp. 217–222 (June 2004)Google Scholar
  9. 9.
    Boyar, J., Chaum, D., Damgård, I.B., Pedersen, T.P.: Convertible undeniable signatures. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 189–205. Springer, Heidelberg (1990)Google Scholar
  10. 10.
    Burmester, M., van Le, T.: Secure communications in Ad-hoc networks. In: Proc. of the 5th IEEE Information Assurance Workshop (IAW 2005), pp. 234–241 (2004)Google Scholar
  11. 11.
  12. 12.
    Chari, S., Rabin, T., Rivest, R.: An efficient signature scheme for route aggregation. Unpublished manuscript (2002),
  13. 13.
    Chaum, D.: Zero-knowledge undeniable signatures. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 458–464. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  14. 14.
    Chaum, D., Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
  15. 15.
    Chaum, D., van Heijst, E., Pfitzmann, B.: Cryptographically strong undeniable signatures, unconditionally secure for the signer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 470–484. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    Chen, X., Zhang, F., Kim, K.: Chameleon hashing without key exposure. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 87–98. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.
    Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991)Google Scholar
  19. 19.
    Hacigümus, H., Iyer, B.R., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. Intern. Conf. Management of Data (ACM SIGMOD 2002), pp. 216–227. ACM Press, New York (2002)CrossRefGoogle Scholar
  20. 20.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (2001)Google Scholar
  21. 21.
    Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and Integrity in Outsourced Databases. In: Proc. of the Network and Distributed System Security Symposium (NDSS 2004), Internet Society (ISOC) Press, p. 10 (2004),
  22. 22.
    Johnson, D., Maltz, D.: Dynamic Source Routing in Ad Hoc Wireless Networks, Mobile Computing (1996)Google Scholar
  23. 23.
    Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) Topics in Cryptology–CT-RSA 2002. LNCS, vol. 2771, pp. 244–262. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (Secure-BGP), IEEE Journal on Selected Areas in Communications (April 2000)Google Scholar
  25. 25.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: Proceedings of the Network and Distributed Systems Security Symposium (NDSS 2000), pp. 143–154 (2000)Google Scholar
  26. 26.
    Micali, S., Rivest, R.: Transitive signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 236–243. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  27. 27.
    Murphy, S.L., Badger, M.R., Wellington, B.: OSPF with digital signatures. Internet Engineering Task Force (IETF) Request for Comments (RFC) 2154 (June 1997)Google Scholar
  28. 28.
    Naccache, D., Pointcheval, D., Stern, J.: Twin signatures: An alternative to the hash-and-sign paradigm. In: Samarati, P. (ed.) Proceedings of the Eighth Annual ACM Conference on Computer and Communications Security, pp. 20–27. ACM Press, New York (2001)CrossRefGoogle Scholar
  29. 29.
    Nyberg, K., Rueppel, R.A.: Message recovery for signature schemes based on the discrete logarithm problem. Designs, Codes, and Cryptography 7(1–2), 61–81 (1996)zbMATHGoogle Scholar
  30. 30.
    Pang, R., Paxson, V.: A High-level Programming Environment for Packet Trace Anonymization and Transformation. In: Proc. ACM SIGCOMM 2003 (2003)Google Scholar
  31. 31.
    Perlman, R.: Network layer protocols with Byzantine robustness. Ph.D. thesis, Dept. of Elect. Eng. and Comp. Sci., Massachusetts Institute of Technology (August 1988)Google Scholar
  32. 32.
    Peuhkuri, M.: A method to compress and anonymize packet traces. In: Proceedings of the ACM SIGCOMM Internet Measurement Workshop (November 2001)Google Scholar
  33. 33.
    Rekhter, Y., Li, T.: Border Gateway Protocol 4 (BGP-4), Internet Engineering Task Force (IETF) Request for Comments (RFC) 1771 (March 1995)Google Scholar
  34. 34.
    Rivest, R.: Two signature schemes. Slides from talk given at Cambridge University, October 17 (2000),
  35. 35.
    RSA Labs: RSA Cryptography Standard: EMSAPSS – PKCS#1 v2.1. (2002)Google Scholar
  36. 36.
    Steinfeld, R., Bull, L., Zheng, Y.: Content extraction signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285–304. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  37. 37.
    Shahandashti, S.F., Salmasizadeh, M., Mohajeri, J.: A provably secure short transitive signature scheme from bilinear group pairs. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 60–76. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  38. 38.
    United States of America Department of Health and Human Services. Standards for Privacy of Individually Identifiable Health Information: Final Rule, Federal Register 67(157), August 14 (2002)Google Scholar
  39. 39.
    Xu, J., Fan, J., Ammar, M., Moon, S.B.: On the design and performance of prefix preserving IP traffic trace anonymization. In: Proceedings of the ACM SIGCOMM Internet Measurement Workshop (November 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Giuseppe Ateniese
    • 1
  • Daniel H. Chou
    • 1
  • Breno de Medeiros
    • 2
  • Gene Tsudik
    • 3
  1. 1.Dept. of Comp. Sci.Johns Hopkins Univ.BaltimoreUSA
  2. 2.Dept. of Comp. Sci.Florida State Univ.TallahasseeUSA
  3. 3.D. Bren Sch. of Inform. and Comp. Sci., Dept. of Comp. Sci.Univ. of CaliforniaIrvineUSA

Personalised recommendations