International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Chameleon Hashing without Key Exposure

Xiaofeng Chen
Fangguo Zhang
Kwangjo Kim
Search ePrint
Search Google
Abstract: Chameleon signatures are based on well established hash-and-sign paradigm, where a \emph{chameleon hash function} is used to compute the cryptographic message digest. Chameleon signatures simultaneously provide the properties of non-repudiation and non-transferability for the signed message, $i.e.,$ the designated recipient is capable of verifying the validity of the signature, but cannot disclose the contents of the signed information to convince any third party without the signer's consent. One disadvantage of the initial chameleon signature scheme is that signature forgery results in the signer recovering the recipient's trapdoor information, $i.e.,$ private key. Therefore, the signer can use this information to deny \emph{other} signatures given to the recipient. This creates a strong disincentive for the recipient to forge signatures, partially undermining the concept of non-transferability. In this paper, we firstly propose a chameleon hashing scheme in the gap Diffie-Hellman group to solve the problem of key exposure. We can prove that the recipient's trapdoor information will never be compromised under the assumption of Computation Diffie-Hellman Problem (CDHP) is intractable. Moreover, we use the proposed chameleon hashing scheme to design a chameleon signature scheme.
  title={Chameleon Hashing without Key Exposure},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / Chameleon hashing, Gap Diffie-Hellman group, Key exposure, Digital signatures.},
  note={ 12461 received 12 Feb 2004},
  author={Xiaofeng Chen and Fangguo Zhang and Kwangjo Kim},