Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications

  • Stephan KrennEmail author
  • Henrich C. Pöhls
  • Kai Samelin
  • Daniel Slamanig
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10831)


A chameleon-hash behaves likes a standard collision-resistant hash function for outsiders. If, however, a trapdoor is known, arbitrary collisions can be found. Chameleon-hashes with ephemeral trapdoors (\(\mathsf {CHET}\); Camenisch et al., PKC 17) allow prohibiting that the holder of the long-term trapdoor can find collisions by introducing a second, ephemeral, trapdoor. However, this ephemeral trapdoor is required to be chosen freshly for each hash.

We extend these ideas and introduce the notion of chameleon-hashes with dual long-term trapdoors (\(\mathsf {CHDLTT}\)). Here, the second trapdoor is not chosen freshly for each new hash; Rather, the hashing party can decide if it wants to generate a fresh second trapdoor or use an existing one. This primitive generalizes \(\mathsf {CHET}\)s, extends their applicability and enables some appealing new use-cases, including three-party sanitizable signatures, group-level selectively revocable signatures and break-the-glass signatures. We present two provably secure constructions and an implementation which demonstrates that this extended primitive is efficient enough for use in practice.


  1. 1.
    Alsouri, S., Dagdelen, Ö., Katzenbeisser, S.: Group-based attestation: enhancing privacy and management in remote attestation. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) Trust 2010. LNCS, vol. 6101, pp. 63–77. Springer, Heidelberg (2010). Scholar
  2. 2.
    Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable signatures. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005). Scholar
  3. 3.
    Ateniese, G., Magri, B., Venturi, D., Andrade, E.R.: Redactable blockchain - or - rewriting history in bitcoin and friends. In: EuroS&P, pp. 111–126 (2017)Google Scholar
  4. 4.
    Ateniese, G., de Medeiros, B.: Identity-based Chameleon hash and applications. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 164–180. Springer, Heidelberg (2004). Scholar
  5. 5.
    Ateniese, G., de Medeiros, B.: On the key exposure problem in Chameleon hashes. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 165–179. Springer, Heidelberg (2005). Scholar
  6. 6.
    Bao, F., Deng, R.H., Ding, X., Lai, J., Zhao, Y.: Hierarchical identity-based Chameleon hash and its applications. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 201–219. Springer, Heidelberg (2011). Scholar
  7. 7.
    Beck, M.T., Camenisch, J., Derler, D., Krenn, S., Pöhls, H.C., Samelin, K., Slamanig, D.: Practical strongly invisible and strongly accountable sanitizable signatures. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 437–452. Springer, Cham (2017). Scholar
  8. 8.
    Beck, M.T., Krenn, S., Preiss, F.-S., Samelin, K.: Practical signing-right revocation. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 21–39. Springer, Cham (2016). Scholar
  9. 9.
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptol. 16(3), 185–215 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Bellare, M., Ristov, T.: A characterization of Chameleon hash functions and new, efficient designs. J. Cryptol. 27(4), 799–823 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS, pp. 62–73, New York, NY, USA (1993)Google Scholar
  12. 12.
    Bilzhause, A., Huber, M., Pöhls, H.C., Samelin, K.: Cryptographically enforced four-eyes principle. In: ARES, pp. 760–767 (2016)Google Scholar
  13. 13.
    Bilzhause, A., Pöhls, H.C., Samelin, K.: Position paper: The past, present, and future of sanitizable and redactable signatures. In: ARES, pp. 87:1–87:9 (2017)Google Scholar
  14. 14.
    Blazy, O., Kakvi, S.A., Kiltz, E., Pan, J.: Tightly-secure signatures from chameleon hash functions. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 256–279. Springer, Heidelberg (2015). Scholar
  15. 15.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.: A method for fast revocation of public key certificates and security capabilities. In: USENIX (2001)Google Scholar
  16. 16.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., Volk, F.: Security of sanitizable signatures revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009). Scholar
  18. 18.
    Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Sanitizable signatures: how to partially delegate control for authenticated data. In: BIOSIG, pp. 117–128 (2009)Google Scholar
  19. 19.
    Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Unlinkability of sanitizable signatures. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 444–461. Springer, Heidelberg (2010). Scholar
  20. 20.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013). Scholar
  21. 21.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Efficient and perfectly unlinkable sanitizable signatures without group signatures. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 12–30. Springer, Heidelberg (2014). Scholar
  22. 22.
    Camenisch, J., Derler, D., Krenn, S., Pöhls, H.C., Samelin, K., Slamanig, D.: Chameleon-hashes with ephemeral trapdoors. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 152–182. Springer, Heidelberg (2017). Scholar
  23. 23.
    Camenisch, J., Lehmann, A., Neven, G., Samelin, K.: Virtual smart cards: how to sign with a password and a server. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 353–371. Springer, Cham (2016). Scholar
  24. 24.
    Canard, S., Jambert, A.: On extended sanitizable signature schemes. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 179–194. Springer, Heidelberg (2010). Scholar
  25. 25.
    Canard, S., Jambert, A., Lescuyer, R.: Sanitizable signatures with several signers and sanitizers. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 35–52. Springer, Heidelberg (2012). Scholar
  26. 26.
    Chen, X., Tian, H., Zhang, F., Ding, Y.: Comments and improvements on key-exposure free chameleon hashing based on factoring. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 415–426. Springer, Heidelberg (2011). Scholar
  27. 27.
    Chen, X., Zhang, F., Kim, K.: Chameleon hashing without key exposure. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 87–98. Springer, Heidelberg (2004). Scholar
  28. 28.
    Chen, X., Zhang, F., Susilo, W., Mu, Y.: Efficient generic on-line/off-line signatures without key exposure. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 18–30. Springer, Heidelberg (2007). Scholar
  29. 29.
    Chen, X., Zhang, F., Susilo, W., Tian, H., Li, J., Kim, K.: Identity-based Chameleon hash scheme without key exposure. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 200–215. Springer, Heidelberg (2010). Scholar
  30. 30.
    Damgård, I., Haagh, H., Orlandi, C.: Access control encryption: enforcing information flow with cryptography. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 547–576. Springer, Heidelberg (2016). Scholar
  31. 31.
    Demirel, D., Derler, D., Hanser, C., Pöhls, H.C., Slamanig, D., Traverso, G.: PRISMACLOUD D4.4: overview of functional and malleable signature schemes. Technical report, H2020 Prismacloud (2015).
  32. 32.
    Derler, D., Slamanig, D.: Rethinking privacy for extended sanitizable signatures and a black-box construction of strongly private schemes. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 455–474. Springer, Cham (2015). Scholar
  33. 33.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. J. Cryptol. 9(1), 35–67 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Fehr, V., Fischlin, M.: Sanitizable signcryption: sanitization over encrypted data (full version). IACR Cryptology ePrint Archive, Report 2015/765 (2015)Google Scholar
  35. 35.
    Ferreira, A., Cruz-Correia, R., Antunes, L., Farinha, P., Oliveira-Palhares, E., Chadwick, D.W., Costa-Pereira, A.: How to break access control in a controlled manner. In: 19th IEEE Symposium on Computer-Based Medical Systems (CBMS 2006), pp. 847–854 (2006)Google Scholar
  36. 36.
    Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schröder, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 301–330. Springer, Heidelberg (2016). Scholar
  37. 37.
    Frädrich, C., Pöhls, H.C., Popp, W., Rakotondravony, N., Samelin, K.: Integrity and authenticity protection with selective disclosure control in the cloud & IoT. In: Lam, K.Y., Chi, C.H., Qing, S. (eds.) ICICS. LNCS, pp. 197–213. Springer, Cham (2016). Scholar
  38. 38.
    Gao, W., Li, F., Wang, X.: Chameleon hash without key exposure based on Schnorr signature. Comput. Stand. Interfaces 31(2), 282–285 (2009)CrossRefGoogle Scholar
  39. 39.
    Gao, W., Wang, X., Xie, D.: Chameleon hashes without key exposure based on factoring. J. Comput. Sci. Technol. 22(1), 109–113 (2007)CrossRefGoogle Scholar
  40. 40.
    Gong, J., Qian, H., Zhou, Y.: Fully-secure and practical sanitizable signatures. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 300–317. Springer, Heidelberg (2011). Scholar
  41. 41.
    Hanser, C., Slamanig, D.: Blank digital signatures. In: ASIACCS (2013)Google Scholar
  42. 42.
    Hanzlik, L., Kutyłowski, M., Yung, M.: Hard invalidation of electronic signatures. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 421–436. Springer, Cham (2015). Scholar
  43. 43.
    Hohenberger, S., Waters, B.: Short and stateless signatures from the RSA assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670. Springer, Heidelberg (2009). Scholar
  44. 44.
    Höhne, F., Pöhls, H.C., Samelin, K.: Rechtsfolgen editierbarer signaturen. Datenschutz Datensicherheit 36(7), 485–491 (2012)CrossRefGoogle Scholar
  45. 45.
    Klonowski, M., Lauks, A.: Extended sanitizable signatures. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 343–355. Springer, Heidelberg (2006). Scholar
  46. 46.
    Krawczyk, H., Rabin, T.: Chameleon hashing and signatures. In: NDSS (2000)Google Scholar
  47. 47.
    Krenn, S., Samelin, K., Sommer, D.: Stronger security for sanitizable signatures. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2015. LNCS, vol. 9481, pp. 100–117. Springer, Cham (2016). Scholar
  48. 48.
    Lai, R.W.F., Zhang, T., Chow, S.S.M., Schröder, D.: Efficient sanitizable signatures without random oracles. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 363–380. Springer, Cham (2016). Scholar
  49. 49.
    de Meer, H., Pöhls, H.C., Posegga, J., Samelin, K.: On the relation between redactable and sanitizable signature schemes. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS 2014. LNCS, vol. 8364, pp. 113–130. Springer, Cham (2014). Scholar
  50. 50.
    Mohassel, P.: One-time signatures and Chameleon hash functions. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 302–319. Springer, Heidelberg (2011). Scholar
  51. 51.
    Pöhls, H.C.: Contingency revisited: secure construction and legal implications of verifiably weak integrity. In: Fernández-Gago, C., Martinelli, F., Pearson, S., Agudo, I. (eds.) IFIPTM 2013. IAICT, vol. 401, pp. 136–150. Springer, Heidelberg (2013). Scholar
  52. 52.
    Pöhls, H.C., Peters, S., Samelin, K., Posegga, J., de Meer, H.: Malleable signatures for resource constrained platforms. In: Cavallaro, L., Gollmann, D. (eds.) WISTP 2013. LNCS, vol. 7886, pp. 18–33. Springer, Heidelberg (2013). Scholar
  53. 53.
    Pöhls, H.C., Samelin, K.: Accountable redactable signatures. In: ARES (2015)Google Scholar
  54. 54.
    Pöhls, H.C., Samelin, K., Posegga, J.: Sanitizable signatures in XML signature — performance, mixing properties, and revisiting the property of transparency. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 166–182. Springer, Heidelberg (2011). Scholar
  55. 55.
    Ren, Q., Mu, Y., Susilo, W.: Mitigating Phishing by a new ID-based Chameleon hash without key exposure. In: AusCERT, pp. 1–13 (2007)Google Scholar
  56. 56.
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001). Scholar
  57. 57.
    Zhang, F., Safavi-naini, R., Susilo, W.: Id-based chameleon hashes from bilinear pairings. IACR Cryptol. ePrint Archive 2003, 208 (2003)Google Scholar
  58. 58.
    Zhang, R.: Tweaking TBE/IBE to PKE transforms with Chameleon hash functions. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 323–339. Springer, Heidelberg (2007). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Stephan Krenn
    • 1
    Email author
  • Henrich C. Pöhls
    • 2
  • Kai Samelin
    • 3
  • Daniel Slamanig
    • 1
  1. 1.AIT Austrian Institute of Technology GmbHViennaAustria
  2. 2.ISL & Chair of IT-SecurityUniversity of PassauPassauGermany
  3. 3.TU DarmstadtDarmstadtGermany

Personalised recommendations