Stronger Security Definition for Sanitizable Signatures


Stephan Krenn (AIT), Kai Samelin (IBM Research -- Zurich and Technical University of Darmstadt), and Dieter Sommer (IBM Research -- Zurich)


Sanitizable signatures schemes ($\SSS$) allow to alter admissible blocks of a signed message by a designated party named the sanitizer. This primitive can be used to remove or alter sensitive data from already signed messages without involvement of the original signer.
Current state-of-the-art security definitions of $\SSS$s only define a "weak" form of security. Namely, the unforgeability, accountability and transparency definitions are not strong enough to be meaningful in certain use-cases. We identify some of these use-cases, close this gap by introducing stronger definitions and show how to alter an existing construction to meet our desired security level. Moreover, we clarify a small yet important detail in the state-of-the-art privacy definition. Our work allows to deploy this primitive in more and different scenarios.


10th DPM International Workshop on Data Privacy Management, DPM 2015 (

Place and Date

Vienna, Austria, September 21st – 22nd, 2015

Publication Reference

Stephan Krenn, Kai Samelin, and Dieter Sommer, "Stronger Security Definition for Sanitizable Signatures", Data Privacy Management - DPM 2015, Vienna, Austria, September 21–22, 2015.


   Author    = {Stephan Krenn and Kai Samelin and Dieter Sommer},
   Title     = {{Stronger Security Definition for Sanitizable Signatures}},
   Booktitle = {Data Privacy Management -- {DPM} 2015, Vienna, Austria},   
   Year      = {2015}, 
   Publisher = {Springer}