Efficient unlinkable sanitizable signatures from signatures with re‐randomizable keys

Fleischhacker, Nils; Krupp, Johannes; Malavolta, Giulio; Schneider, Jonas; Schröder, Dominique; Simkin, Mark G.

doi:10.1049/iet-ifs.2017.0041

Cited by 8 publications

(11 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This variant of accountability is mutually exclusive with transparency. Several existing works [7,17,29,9] proposed schemes that are both transparent and unlinkable. Recently, Krenn et al [28] propose the "strong" versions of unforgeability, (non-interactive public) accountability, and transparency.…”

Section: Related Workmentioning

confidence: 99%

Efficient Invisible and Unlinkable Sanitizable Signatures

Bultel

Lafourcade

Lai

et al. 2019

Public-Key Cryptography – PKC 2019

Self Cite

View full text Add to dashboard Cite

Sanitizable signatures allow designated parties (the sanitizers) to apply arbitrary modifications to some restricted parts of signed messages. A secure scheme should not only be unforgeable, but also protect privacy and hold both the signer and the sanitizer accountable. Two important security properties that are seemingly difficult to achieve simultaneously and efficiently are invisibility and unlinkability. While invisibility ensures that the admissible modifications are hidden from external parties, unlinkability says that sanitized signatures cannot be linked to their sources. Achieving both properties simultaneously is crucial for applications where sensitive personal data is signed with respect to data-dependent admissible modifications. The existence of an efficient construction achieving both properties was recently posed as an open question by Camenisch et al. (PKC'17). In this work, we propose a solution to this problem with a two-step construction. First, we construct (non-accountable) invisible and unlinkable sanitizable signatures from signatures on equivalence classes and other basic primitives. Second, we put forth a generic transformation using verifiable ring signatures to turn any non-accountable sanitizable signature into an accountable one while preserving all other properties. When instantiating in the generic group and random oracle model, the efficiency of our construction is comparable to that of prior constructions, while providing stronger security guarantees.

show abstract

Section: Related Workmentioning

confidence: 99%

Efficient Invisible and Unlinkable Sanitizable Signatures

Bultel

Lafourcade

Lai

et al. 2019

Public-Key Cryptography – PKC 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…The authors give a generic unlinkable scheme based on group signatures. In 2016, Fleischhacker et al [21] give a more efficient construction based on signatures with re-randomizable keys.…”

Section: Introductionmentioning

confidence: 99%

“…We also design an efficient secure VRS scheme under the DDH assumption in the random oracle model. The definition of accountability for SS given in [8,9,21] considers that the signer can prove the origin of a signature (signer or sanitizer) by using a proof algorithm such that:…”

Section: Introductionmentioning

confidence: 99%

“…Since the scheme of Brzuska et al and GUSS uses group/ring signatures for groups of two users, GUSS is much more practical for an equivalent level of genericity. Fleischhacker et al [21]. This scheme is based on signatures with re-randomizable keys.…”

Section: Introductionmentioning

confidence: 99%

“…As in [21], for the sake of clarity, we do not distinguish between elements of G and elements of Z * p . We consider the best instantiation of the scheme of Fleischhacker et al given in [21]. In Appendix A, we give a detailed complexity evaluation of our schemes.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Unlinkable and Strongly Accountable Sanitizable Signatures from Verifiable Ring Signatures

Bultel

Lafourcade

2018

Cryptology and Network Security

View full text Add to dashboard Cite

An Unlinkable Sanitizable Signature scheme (USS) allows a sanitizer to modify some parts of a signed message in such away that nobody can link the modified signature to the original one. A Verifiable Ring Signature scheme (VRS) allows the users to sign messages anonymously within a group where a user can prove a posteriori to a verifier that it is the author of a given signature. In this paper, we first revisit the notion of VRS: we improve the proof capabilities of the users, we give a complete security model for VRS and we give an efficient and secure scheme called EVeR. Our main contribution is GUSS, a Generic USS based on a VRS scheme and an unforgeable signature scheme. We show that GUSS instantiated with EVeR and Schnorr's signature is twice as efficient as the best USS scheme of the literature. Moreover, we propose a stronger definition of accountability: an USS is accountable when the signer can prove whether a signature is sanitized. We formally define the notion of strong accountability where the sanitizer can also prove the origin of a signature. We show that the notion of strong accountability is important in practice. Finally, we prove the security properties of GUSS (including strong accountability) and EVeR under the Decisional Diffie-Hellman (DDH) assumption in the random oracle model.

show abstract

Quisquis: A New Design for Anonymous Cryptocurrencies

Fauzi

Meiklejohn

Mercer³

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Despite their usage of pseudonyms rather than persistent identifiers, most existing cryptocurrencies do not provide users with any meaningful levels of privacy. This has prompted the creation of privacyenhanced cryptocurrencies such as Monero and Zcash, which are specifically designed to counteract the tracking analysis possible in currencies like Bitcoin. These cryptocurrencies, however, also suffer from some drawbacks: in both Monero and Zcash, the set of potential unspent coins is always growing, which means users cannot store a concise representation of the blockchain. Additionally, Zcash requires a common reference string and the fact that addresses are reused multiple times in Monero has led to attacks to its anonymity. In this paper we propose a new design for anonymous cryptocurrencies, Quisquis, that achieves provably secure notions of anonymity. Quisquis stores a relatively small amount of data, does not require trusted setup, and in Quisquis each address appears on the blockchain at most twice: once when it is generated as output of a transaction, and once when it is spent as input to a transaction. Our result is achieved by combining a DDH-based tool (that we call updatable keys) with efficient zero-knowledge arguments.

show abstract

Efficient unlinkable sanitizable signatures from signatures with re‐randomizable keys

Cited by 8 publications

References 46 publications

Efficient Invisible and Unlinkable Sanitizable Signatures

Efficient Invisible and Unlinkable Sanitizable Signatures

Unlinkable and Strongly Accountable Sanitizable Signatures from Verifiable Ring Signatures

Quisquis: A New Design for Anonymous Cryptocurrencies

Contact Info

Product

Resources

About