2011 Volume E94.A Issue 2 Pages 717-724
A sanitizable signature scheme allows a semi-trusted party, designated by a signer, to modify pre-determined parts of a signed message without interacting with the original signer. To date, many sanitizable signature schemes have been proposed based on various cryptographic techniques. However, previous works are usually built upon the paradigm of dividing a message into submessages and applying a cryptographic primitive to each submessage. This methodology entails the computation time (and often signature length) in linear proportion to the number of sanitizable submessages. We present a new approach to constructing sanitizable signatures with constant overhead for signing and verification, irrespective of the number of submessages, both in computational cost and in signature size.