Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures


Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures


Michael Till Beck, Jan Camenisch, David Derler, Stephan Krenn, Henrich C. Pöhls, Kai Samelin and Daniel Slamanig


Sanitizable signatures are a variant of digital signatures where a designated party (the sanitizer) can update admissible parts of a signed message. At PKC’17, Camenisch et al. introduced the notion of invisible sanitizable signatures, which allow one to hide from an outsider which parts of a message are admissible. Their security definition of invisibility, however, does not consider dishonest signers. Along the same lines, their signer- accountability definition does not prevent the signer from falsely accusing the sanitizer of having issued a signature on a sanitized message by exploiting the malleability of the signature itself. Both issues limit the usefulness of their scheme in practical applications.

We revise their definitional framework and present a new construction eliminating these shortcomings. In contrast to Camenisch et al.’s construction, ours requires only standard building blocks instead of chameleon hashes with ephemeral trapdoors. This makes this, now even stronger, primitive more attractive for practical use. We underpin the practical efficiency our scheme by concrete benchmarks of a prototype implementation.


22nd Australasian Conference on Information Security and Privacy (

Place and Date

Auckland, New Zealand, 3-5 July 2017