Brzuska C, Fischlin M, Lehmann A, Schröder D (2010)
Publication Language: English
Publication Status: Published
Publication Type: Authored book, Volume of book series
Publication year: 2010
Series: Public Key Cryptography - PKC 2010
Pages Range: 444-461
Event location: Paris
ISBN: 9783642130120
DOI: 10.1007/978-3-642-13013-7_26
Sanitizable signatures allow a designated party, called the sanitizer, to modify parts of signed data such that the immutable parts can still be verified with respect to the original signer. Ateniese et al. (ESORICS 2005) discuss five security properties for such signature schemes: unforgeability, immutability, privacy, transparency and accountability. These notions have been formalized in a recent work by Brzuska et al. (PKC 2009), discussing also the relationships among the security notions. In addition, they prove a modification of the scheme of Ateniese et al. to be secure according to these notions. Here we discuss that a sixth property of sanitizable signature schemes may be desirable: unlinkability. Basically, this property prevents that one can link sanitized message-signature pairs of the same document, thus allowing to deduce combined information about the original document. We show that this notion implies privacy, the inability to recover the original data of sanitized parts, but is not implied by any of the other five notions. We also discuss a scheme based on group signatures meeting all six security properties. © 2010 Springer-Verlag Berlin Heidelberg.
APA:
Brzuska, C., Fischlin, M., Lehmann, A., & Schröder, D. (2010). Unlinkability of sanitizable signatures.
MLA:
Brzuska, Chris, et al. Unlinkability of sanitizable signatures. 2010.
BibTeX: Download