International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Key-Exposure Free Chameleon Hashing and Signatures Based on Discrete Logarithm Systems

Xiaofeng Chen
Fangguo Zhang
Haibo Tian
Baodian Wei
Kwangjo Kim
Search ePrint
Search Google
Abstract: Chameleon signatures are based on well established hash-and-sign paradigm, where a \emph{chameleon hash function} is used to compute the cryptographic message digest. Chameleon signatures simultaneously provide the properties of non-repudiation and non-transferability for the signed message. However, the initial constructions of chameleon signatures suffer from the problem of key exposure: the signature forgery results in the signer recovering the recipient's trapdoor information, $i.e.,$ the private key. This creates a strong disincentive for the recipient to forge signatures, partially undermining the concept of non-transferability. Recently, some specific constructions of key-exposure free chameleon hashing are presented, based on RSA or pairings, using the idea of ``Customized Identities". In this paper, we propose the first key-exposure free chameleon hash scheme based on discrete logarithm systems, without using the gap Diffile-Hellman groups. Moreover, one distinguished advantage of the resulting chameleon signature scheme is that the property of ``message hiding" or ``message recovery" can be achieved freely by the signer. Another main contribution in this paper is that we propose the first identity-based chameleon hash scheme without key exposure, which gives a positive answer for the open problem introduced by Ateniese and de Mederious in 2004.
  title={Key-Exposure Free Chameleon Hashing and Signatures Based on Discrete Logarithm Systems},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / Chameleon hashing, Gap Diffie-Hellman group, Key exposure},
  note={ 14260 received 16 Jan 2009},
  author={Xiaofeng Chen and Fangguo Zhang and Haibo Tian and Baodian Wei and Kwangjo Kim},