Sanitizable signatures: How to partially delegate control for authenticated data

Sanitizable signatures have been introduced by Ateniese et al. (ESORICS 2005) and allow an authorized party, the sanitizer, to modify a predetermined part of a signed message without invalidating the signature. Brzuska et al. (PKC 2009) gave the first comprehensive formal treatment of the five security properties for such schemes. These are unforgeability, immutability, privacy, transparency and accountability. They also provide a modification of the sanitizable signature scheme proposed by Ateniese et al. such that it provably satisfies all security requirement. Unfortunately, their scheme comes with rather large signature sizes and produces computational overhead that increases with the number of admissible modifications. In this paper we show that by sacrificing the transparency property -thus allowing to distinguish whether a message has been sanitized or not- we can obtain a sanitizable signature scheme that is still provably secure concerning the other aforementioned properties but significantly more efficient. We propose a construction that is based solely on regular signature schemes, produces short signatures and only adds a small computational overhead.