Non-Interactive Public Accountability for Sanitizable Signatures
Sanitizable signatures enable a designated party to modify signed documents in a controlled way, while the derived signature still verifies. In this paper, the authors introduce the notion of non-interactive and public accountability. It allows a third party to determine whether a message-signature pair was issued by the signer or the sanitizer. The original notion of accountability does not satisfy European legal standards, while non-interactive public accountability does. A contradictory security goal is the indistinguishability of message-signature pairs from the signer and the sanitizer, a.k.a. transparency. As state-of-the-art schemes often satisfy transparency, they can only achieve a weaker notion of accountability.