Attribute-based signature (ABS) uses a set of attributes to replace user’s identity to achieve anonymity, which can provide data integrity, authentication and non-repudiation, and the fine-grained access control function. In attribute-based signature scheme, the signature generated by the original signer can be publicly verified by anyone to ensure the authenticity and validity of the signature. However, in some specific application scenarios, such as electronic voting, electronic bidding or software sales license, the original signer only wants the signature to be verified by the designated verifier to prevent the malicious spread of the digital signature. Even if the designated verifier discloses its secret information, he/she cannot make other people believe the original signer’s signature behavior. In addition, the signature message may contain some sensitive information, for example, in e-health, e-finance, or e-government. The signature message also contains some personal privacy records, business transaction secrets or secret government information. It will lead to privacy leakage if we do not perform desensitization operation, which brings great security risks to individuals and society. The idea of strong-designated verifier signature is that only the designated verifier can verify validity of the signature, and other users can not verify validity of the signature, because the designated verifier can also generate a valid signature by using its secret key. A sanitizable signature is a method that can make the sensitive information be modified or deleted by the sanitizer to generate a sanitizable message. The sanitizer can still generate a valid signature without the signer’s secret key. Therefore, sanitizable signature scheme can protect the privacy of the user. It is challenging problem for the existing ABS scheme to solve privacy leakage and the malicious spread of the signature. In order to address above problems, we propose an attributebased sanitizable signature scheme with strong designated verifier (ABSSSDV), which prevents the signature from being spread maliciously and protects the privacy of users by hiding the sensitive information in the message. The proposed scheme uses a set of attributes to replace the real identity of the user, which is anonymous to protect the privacy of the user’s identity. The proposed scheme avoids data privacy leakage by desensitizing messages and protects the security of sensitive information. At the same time, the authenticity and validity of the signature can only be verified by the designated verifier. Even if the designated verifier exposes its secret information, it cannot make the other people judge whether the signature is generated by the original signer because the designated verifier can also produce a legal signature. Therefore, the proposed scheme achieves the goal of controlling the malicious dissemination of digital signature/copyright. We prove that the proposed scheme is existentially unforgeable against adaptive chosen message attack and immutable in the standard model. The security of our scheme is reduced to the bilinear Diffie-Hellman (BDH) problem assumption. Finally, based on the virtual machine Ubuntu 18.4, the proposed scheme is implemented under the framework of Charm0.5. The experimental analysis shows that the proposed scheme is feasible. Therefore, it can be applied to electronic voting, electronic bidding or software sales licensing applications and so on. © 2023 Science Press. All rights reserved.
