Scope of Security Properties of Sanitizable Signatures Revisited

Sanitizable signature schemes allow for altering signed data in a signer-controlled way by a semi-trusted third party. This is contrary to standard digital signature schemes, which do not permit any modifications by any party without invalidating the signature. Due to transparency, a strong privacy notion, outsiders cannot see if the signature for a message was created by the signer or by the semi-trusted party. Accountability allows the signer to prove to outsiders if a message was original or touched by the semi-trusted party. Currently, block-level accountability requires to drop transparency. We allow for accountability for sanitizable signatures with transparency on the block-level. Additionally, we generalize the concept of block-level properties to groups. This offers a even more fine-grained control and leads to more efficient schemes. We prove that group-level definitions imply both the block-level and message-level notions. We derive a provably secure construction, achieving our enhanced notions. A further modification of our construction achieves efficient group-level non-interactive public accountability. This construction only requires a constant amount of signature generations to achieve this property. Finally, we have implemented our constructions and the scheme introduced by Brzuska et al. at PKC '09 and provide a detailed performance analysis of our reference implementations.