[Theory-Talk] 2016/04/28 Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys

Yu-Chi Chen wycchen at iis.sinica.edu.tw
Tue Apr 26 11:20:34 CST 2016 

​​Topic: *Efficient Unlinkable Sanitizable Signatures from Signatures with
Re-Randomizable Keys*
Speaker: *Mark Simkin** (CISPA, Saarland University, Germany)*
Date: *2016-04-28 (Thu) 10:30 – 12:30*
Location: *Auditorium 106 at IIS new Building, Academia Sinica*

----------------------------------------------------------------------------------------
Abstract:
In a sanitizable signature scheme the signer allows a designated third
party, called the sanitizer, to modify certain parts of the message and
adapt the signature accordingly. Ateniese et al. (ESORICS 2005) introduced
this primitive and proposed five security properties which were formalized
by Brzuska et al.~(PKC 2009). Subsequently, Brzuska et al. (PKC 2010)
suggested an additional security notion, called unlinkability which says
that one cannot link sanitized message-signature pairs of the same
document. Moreover, the authors gave a generic construction based on group
signatures that have a certain structure. However, the special structure
required from the group signature scheme only allows for inefficient
instantiations.

Here, we present the first efficient instantiation of unlinkable
sanitizable signatures. Our construction is based on a novel type of
signature schemes with re-randomizable keys. Intuitively, this property
allows to re-randomize both the signing and the verification key separately
but consistently. This allows us to sign the message with a re-randomized
key and to prove in zero-knowledge that the derived key originates from
either the signer or the sanitizer. We instantiate this generic idea with
Schnorr signatures and efficient Σ-protocols, which we convert into
non-interactive zero-knowledge proofs via the Fiat-Shamir transformation.
Our construction is at least one order of magnitude faster than
instantiating the generic scheme of Brzuska et al. with the most efficient
group signature schemes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.iis.sinica.edu.tw/pipermail/theory-talk-announcement/attachments/20160426/b8882158/attachment.html>

More information about the Theory-talk-announcement mailing list