Chameleon-Hashes with Ephemeral Trapdoors

And Applications to Invisible Sanitizable Signatures
  • Jan CamenischEmail author
  • David Derler
  • Stephan Krenn
  • Henrich C. Pöhls
  • Kai Samelin
  • Daniel Slamanig
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10175)


A chameleon-hash function is a hash function that involves a trapdoor the knowledge of which allows one to find arbitrary collisions in the domain of the function. In this paper, we introduce the notion of chameleon-hash functions with ephemeral trapdoors. Such hash functions feature additional, i.e., ephemeral, trapdoors which are chosen by the party computing a hash value. The holder of the main trapdoor is then unable to find a second pre-image of a hash value unless also provided with the ephemeral trapdoor used to compute the hash value. We present a formal security model for this new primitive as well as provably secure instantiations. The first instantiation is a generic black-box construction from any secure chameleon-hash function. We further provide three direct constructions based on standard assumptions. Our new primitive has some appealing use-cases, including a solution to the long-standing open problem of invisible sanitizable signatures, which we also present.


Hash Function Signature Scheme Full Version Message Space Collision Resistance 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We are grateful to the anonymous reviewers of PKC 2017 for providing valuable comments and suggestions that helped to significantly improve the presentation of the paper.


  1. 1.
    Abe, M., Gennaro, R., Kurosawa, K.: Tag-kem/dem: a new framework for hybrid encryption. J. cryptology 21(1), 97–130 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Ahn, J.H., Boneh, D., Camenisch, J., Hohenberger, S., Shelat, A., Waters, B.: Computing on authenticated data. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 1–20. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28914-9_1 CrossRefGoogle Scholar
  3. 3.
    Alsouri, S., Dagdelen, Ö., Katzenbeisser, S.: Group-based attestation: enhancing privacy and management in remote attestation. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) Trust 2010. LNCS, vol. 6101, pp. 63–77. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13869-0_5 CrossRefGoogle Scholar
  4. 4.
    Ateniese, G., Chou, D.H., Medeiros, B., Tsudik, G.: Sanitizable signatures. In: Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005). doi: 10.1007/11555827_10 CrossRefGoogle Scholar
  5. 5.
    Ateniese, G., Magri, B., Venturi, D., Andrade, E.R.: Redactable blockchain - or - rewriting history in bitcoin and friends. IACR Cryptology ePrint Archive, 757 (2016)Google Scholar
  6. 6.
    Ateniese, G., Medeiros, B.: Identity-based chameleon hash and applications. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 164–180. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-27809-2_19 CrossRefGoogle Scholar
  7. 7.
    Ateniese, G., Medeiros, B.: On the key exposure problem in Chameleon hashes. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 165–179. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30598-9_12 CrossRefGoogle Scholar
  8. 8.
    Bao, F., Deng, R.H., Ding, X., Lai, J., Zhao, Y.: Hierarchical identity-based chameleon hash and its applications. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 201–219. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21554-4_12 CrossRefGoogle Scholar
  9. 9.
    Bellare, M., Ristov, T.: A characterization of chameleon hash functions and new, efficient designs. J. Cryptology 27(4), 799–823 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Bilzhause, A., Huber, M., Pöhls, H.C., Samelin, K.: Cryptographically Enforced Four-Eyes Principle. In: ARES, pp. 760–767 (2016)Google Scholar
  11. 11.
    Blazy, O., Kakvi, S.A., Kiltz, E., Pan, J.: Tightly-secure signatures from Chameleon hash functions. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 256–279. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46447-2_12 Google Scholar
  12. 12.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Bresson, E., Catalano, D., Gennaro, R.: Improved on-line/off-line threshold signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 217–232. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-71677-8_15 CrossRefGoogle Scholar
  14. 14.
    Brzuska, C., Busch, H., Dagdelen, O., Fischlin, M., Franz, M., Katzenbeisser, S., Manulis, M., Onete, C., Peter, A., Poettering, B., Schröder, D.: Redactable signatures for tree-structured data: definitions and constructions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 87–104. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13708-2_6 CrossRefGoogle Scholar
  15. 15.
    Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., Volk, F.: Security of sanitizable signatures revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00468-1_18 CrossRefGoogle Scholar
  16. 16.
    Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Sanitizable signatures: How to partially delegate control for authenticated data. In: BIOSIG, pp. 117–128 (2009)Google Scholar
  17. 17.
    Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Unlinkability of sanitizable signatures. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 444–461. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13013-7_26 CrossRefGoogle Scholar
  18. 18.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Non-interactive public accountability for sanitizable signatures. In: Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 178–193. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40012-4_12 CrossRefGoogle Scholar
  19. 19.
    Brzuska, C., Pöhls, H.C., Samelin, K.: Efficient and perfectly unlinkable sanitizable signatures without group signatures. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 12–30. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-53997-8_2 CrossRefGoogle Scholar
  20. 20.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997). doi: 10.1007/BFb0052252 CrossRefGoogle Scholar
  21. 21.
    Canard, S., Jambert, A.: On extended sanitizable signature schemes. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 179–194. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-11925-5_13 CrossRefGoogle Scholar
  22. 22.
    Canard, S., Jambert, A., Lescuyer, R.: Sanitizable signatures with several signers and sanitizers. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 35–52. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31410-0_3 CrossRefGoogle Scholar
  23. 23.
    Canard, S., Laguillaumie, F., Milhau, M.: Trapdoor sanitizable signatures and their application to content protection. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 258–276. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-68914-0_16 CrossRefGoogle Scholar
  24. 24.
    Canard, S., Lescuyer, R.: Protecting privacy by sanitizing personal data: a new approach to anonymous credentials. In: ASIACCS, pp. 381–392 (2013)Google Scholar
  25. 25.
    Catalano, D., Raimondo, M., Fiore, D., Gennaro, R.: Off-line/on-line signatures: theoretical aspects and experimental results. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 101–120. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78440-1_7 CrossRefGoogle Scholar
  26. 26.
    Chen, X., Tian, H., Zhang, F., Ding, Y.: Comments and improvements on key-exposure free Chameleon hashing based on factoring. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 415–426. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21518-6_29 CrossRefGoogle Scholar
  27. 27.
    Chen, X., Zhang, F., Susilo, W., Mu, Y.: Efficient generic on-line/off-line signatures without key exposure. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 18–30. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72738-5_2 CrossRefGoogle Scholar
  28. 28.
    Demirel, D., Derler, D., Hanser, C., Pöhls, H.C., Slamanig, D., Traverso, G.: PRISMACLOUD D4.4: overview of functional and malleable signature schemes. Technical report, H2020 Prismacloud (2015).
  29. 29.
    Derler, D., Hanser, C., Pöhls, H.C., Slamanig, D.: Towards authenticity and privacy preserving accountable workflows. In: Aspinall, D., Camenisch, J., Hansen, M., Fischer-Hübner, S., Raab, C. (eds.) Privacy and Identity 2015. IAICT, vol. 476, pp. 170–186. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-41763-9_12 CrossRefGoogle Scholar
  30. 30.
    Derler, D., Hanser, C., Slamanig, D.: Blank digital signatures: optimization and practical experiences. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity 2014. IAICT, vol. 457, pp. 201–215. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-18621-4_14 CrossRefGoogle Scholar
  31. 31.
    Derler, D., Slamanig, D.: Rethinking privacy for extended sanitizable signatures and a black-box construction of strongly private schemes. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 455–474. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-26059-4_25 Google Scholar
  32. 32.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. J. Cryptology 9(1), 35–67 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    Fehr, V., Fischlin, M.: Sanitizable signcryption: Sanitization over encrypted data (full version). IACR Cryptology ePrint Archive, report 2015/765 (2015)Google Scholar
  34. 34.
    Fischlin, M.: Trapdoor commitment schemes and their applications. Ph.D. thesis, University of Frankfurt (2001)Google Scholar
  35. 35.
    Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schröder, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 301–330. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49384-7_12 CrossRefGoogle Scholar
  36. 36.
    Gao, W., Li, F., Wang, X.: Chameleon hash without key exposure based on Schnorr signature. Comput. Stand. Interfaces 31(2), 282–285 (2009)CrossRefGoogle Scholar
  37. 37.
    Gao, W., Wang, X., Xie, D.: Chameleon hashes without key exposure based on factoring. J. Comput. Sci. Technol. 22(1), 109–113 (2007)CrossRefGoogle Scholar
  38. 38.
    Ghosh, E., Goodrich, M.T., Ohrimenko, O., Tamassia, R.: Fully-dynamic verifiable zero-knowledge order queries for network data. ePrint 2015, 283 (2015)Google Scholar
  39. 39.
    Ghosh, E., Ohrimenko, O., Tamassia, R.: Zero-knowledge authenticated order queries and order statistics on a list. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 149–171. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-28166-7_8 CrossRefGoogle Scholar
  40. 40.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
    Gong, J., Qian, H., Zhou, Y.: Fully-secure and practical sanitizable signatures. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 300–317. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21518-6_21 CrossRefGoogle Scholar
  42. 42.
    Hanser, C., Slamanig, D.: Blank digital signatures. In: ASIACCS, pp. 95–106 (2013)Google Scholar
  43. 43.
    Hanzlik, L., Kutyłowski, M., Yung, M.: Hard invalidation of electronic signatures. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 421–436. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-17533-1_29 CrossRefGoogle Scholar
  44. 44.
    Hohenberger, S., Waters, B.: Short and stateless signatures from the RSA assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_38 CrossRefGoogle Scholar
  45. 45.
    Höhne, F., Pöhls, H.C., Samelin, K.: Rechtsfolgen editierbarer signaturen. Datenschutz und Datensicherheit 36(7), 485–491 (2012)CrossRefGoogle Scholar
  46. 46.
    Klonowski, M., Lauks, A.: Extended sanitizable signatures. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 343–355. Springer, Heidelberg (2006). doi: 10.1007/11927587_28 CrossRefGoogle Scholar
  47. 47.
    Krawczyk, H., Rabin, T.: Chameleon Hashing and Signatures. In: NDSS, pp. 143–154 (2000)Google Scholar
  48. 48.
    Krenn, S., Samelin, K., Sommer, D.: Stronger security for sanitizable signatures. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA 2015. LNCS, vol. 9481, pp. 100–117. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-29883-2_7 CrossRefGoogle Scholar
  49. 49.
    Lai, R.W.F., Zhang, T., Chow, S.S.M., Schröder, D.: Efficient sanitizable signatures without random oracles. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 363–380. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-45744-4_18 CrossRefGoogle Scholar
  50. 50.
    de Meer, H., Pöhls, H.C., Posegga, J., Samelin, K.: Scope of security properties of sanitizable signatures revisited. In: ARES, pp. 188–197 (2013)Google Scholar
  51. 51.
    Meer, H., Pöhls, H.C., Posegga, J., Samelin, K.: On the relation between redactable and sanitizable signature schemes. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS 2014. LNCS, vol. 8364, pp. 113–130. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-04897-0_8 CrossRefGoogle Scholar
  52. 52.
    Mohassel, P.: One-time signatures and chameleon hash functions. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 302–319. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19574-7_21 CrossRefGoogle Scholar
  53. 53.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). doi: 10.1007/3-540-46766-1_9 Google Scholar
  54. 54.
    Pöhls, H.C., Peters, S., Samelin, K., Posegga, J., Meer, H.: Malleable signatures for resource constrained platforms. In: Cavallaro, L., Gollmann, D. (eds.) WISTP 2013. LNCS, vol. 7886, pp. 18–33. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38530-8_2 CrossRefGoogle Scholar
  55. 55.
    Pöhls, H.C., Samelin, K.: Accountable redactable signatures. In: ARES, pp. 60–69 (2015)Google Scholar
  56. 56.
    Pöhls, H.C., Samelin, K., Posegga, J.: Sanitizable signatures in XML signature — performance, mixing properties, and revisiting the property of transparency. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 166–182. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21554-4_10 CrossRefGoogle Scholar
  57. 57.
    Ren, Q., Mu, Y., Susilo, W.: Mitigating Phishing by a new id-based Chameleon hash without key exposure. In: AusCERT, pp. 1–13 (2007)Google Scholar
  58. 58.
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_21 CrossRefGoogle Scholar
  59. 59.
    Yum, D.H., Seo, J.W., Lee, P.J.: Trapdoor sanitizable signatures made easy. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 53–68. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13708-2_4 CrossRefGoogle Scholar
  60. 60.
    Zhang, F., Safavi-naini, R., Susilo, W.: Id-based Chameleon hashes from bilinear pairings. IACR Cryptology ePrint Archive 2003, 208 (2003)Google Scholar
  61. 61.
    Zhang, R.: Tweaking TBE/IBE to PKE transforms with Chameleon hash functions. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 323–339. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72738-5_21 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Jan Camenisch
    • 1
    Email author
  • David Derler
    • 2
  • Stephan Krenn
    • 3
  • Henrich C. Pöhls
    • 4
  • Kai Samelin
    • 1
    • 5
  • Daniel Slamanig
    • 2
  1. 1.IBM Research – ZurichRüschlikonSwitzerland
  2. 2.IAIK, Graz University of TechnologyGrazAustria
  3. 3.AIT Austrian Institute of Technology GmbHViennaAustria
  4. 4.ISL & Chair of IT-Security, University of PassauPassauGermany
  5. 5.TU DarmstadtDarmstadtGermany

Personalised recommendations