Abstract. Sanitizable signatures are a variant of signatures which allow a single, and signer-defined, sanitizer to modify signed messages
in a controlled way without invalidating the respective signature. They
turned out to be a versatile primitive, proven by different variants and
extensions, e.g., allowing multiple sanitizers or adding new sanitizers
one-by-one. However, existing constructions are very restricted regarding
their flexibility in specifying potential sanitizers. We propose a different
and more powerful approach: Instead of using sanitizers’ public keys
directly, we assign attributes to them. Sanitizing is then based on policies,
i.e., access structures defined over attributes. A sanitizer can sanitize,
if, and only if, it holds a secret key to attributes satisfying the policy
associated to a signature, while offering full-scale accountability.
