Sanitizable signatures enable a designated party to modify signed documents in a controlled way, while the derived signature still verifies. In this paper, we introduce the notion of non-interactive and public accountability. It allows a third party to determine whether a message-signature pair was issued by the signer or the sanitizer. The original notion of accountability does not satisfy European legal standards, while non-interactive public accountability does. A contradictory security goal

more »

... is the indistinguishability of message-signature pairs from the signer and the sanitizer, a.k.a. transparency. As state-of-the-art schemes often satisfy transparency, they can only achieve a weaker notion of accountability. We show that non-interactive public accountability does not contradict privacy by proving that an existing scheme by Brzuska et al.(BIOSIG '09) satisfies both notions. We then extend the scheme to also satisfy blockwise public accountability. Overall, for e-business applications within the EU, opting for non-interactive public accountability can be preferable over transparency.