Advertisement

Fully Collision-Resistant Chameleon-Hashes from Simpler and Post-quantum Assumptions

Conference paper
  • 278 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12238)

Abstract

Chameleon-hashes are collision-resistant hash-functions parametrized by a public key. If the corresponding secret key is known, arbitrary collisions for the hash can be found. Recently, Derler et al. (PKC ’20) introduced the notion of fully collision-resistant chameleon-hashes. Full collision-resistance requires the intractability of finding collisions, even with full-adaptive access to a collision-finding oracle. Their construction combines simulation-sound extractable (SSE) NIZKs with perfectly correct IND-CPA secure public-key encryption (PKE) schemes. We show that, instead of perfectly correct PKE, non-interactive commitment schemes are sufficient. For the first time, this gives rise to efficient instantiations from plausible post-quantum assumptions and thus candidates of chameleon-hashes with strong collision-resistance guarantees and long-term security guarantees. On the more theoretical side, our results relax the requirement to not being dependent on public-key encryption.

Notes

Acknowledgements

This work was supported by the European Union H2020 Programme under grant agreement n\(\circ \)830929 (CyberSec4Europe), the H2020 ECSEL Joint Undertaking under grant agreement n\(\circ \)783119 (SECREDAS), and by the Austrian Science Fund (FWF) and netidee SCIENCE under grant agreement P31621-N38 (PROFET).

References

  1. 1.
    Abe, M., David, B., Kohlweiss, M., Nishimaki, R., Ohkubo, M.: Tagged one-time signatures: tight security and optimal tag size. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 312–331. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36362-7_20CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable signatures. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005).  https://doi.org/10.1007/11555827_10CrossRefGoogle Scholar
  3. 3.
    Ateniese, G., Magri, B., Venturi, D., Andrade, E.R.: Redactable blockchain - or - rewriting history in bitcoin and friends. In: EuroS&P, pp. 111–126 (2017)Google Scholar
  4. 4.
    Ateniese, G., de Medeiros, B.: Identity-based Chameleon Hash and applications. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 164–180. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-27809-2_19CrossRefGoogle Scholar
  5. 5.
    Ateniese, G., de Medeiros, B.: On the key exposure problem in Chameleon Hashes. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 165–179. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30598-9_12CrossRefzbMATHGoogle Scholar
  6. 6.
    Bao, F., Deng, R.H., Ding, X., Lai, J., Zhao, Y.: Hierarchical identity-based Chameleon Hash and its applications. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 201–219. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21554-4_12CrossRefGoogle Scholar
  7. 7.
    Beck, M.T., et al.: Practical strongly invisible and strongly accountable sanitizable signatures. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 437–452. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-60055-0_23CrossRefGoogle Scholar
  8. 8.
    Bellare, M., Ristov, T.: Hash functions from sigma protocols and improvements to VSH. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 125–142. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89255-7_9CrossRefGoogle Scholar
  9. 9.
    Bellare, M., Ristov, T.: A characterization of Chameleon Hash functions and new, efficient designs. J. Cryptol. 27(4), 799–823 (2014)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Benhamouda, F., Krenn, S., Lyubashevsky, V., Pietrzak, K.: Efficient zero-knowledge proofs for commitments from learning with errors over rings. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 305–325. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-24174-6_16CrossRefGoogle Scholar
  11. 11.
    Blazy, O., Kakvi, S.A., Kiltz, E., Pan, J.: Tightly-secure signatures from Chameleon Hash functions. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 256–279. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_12CrossRefGoogle Scholar
  12. 12.
    Blum, M.: Coin flipping by telephone. In: Crypto, pp. 11–15 (1981)Google Scholar
  13. 13.
    Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random Oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_3CrossRefzbMATHGoogle Scholar
  14. 14.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Brzuska, C., et al.: Security of sanitizable signatures revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00468-1_18CrossRefGoogle Scholar
  16. 16.
    Beck, M.T., et al.: Practical strongly invisible and strongly accountable sanitizable signatures. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 437–452. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-60055-0_23CrossRefGoogle Scholar
  17. 17.
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_27CrossRefGoogle Scholar
  18. 18.
    Chen, X., Zhang, F., Susilo, W., Mu, Y.: Efficient generic on-line/off-line signatures without key exposure. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 18–30. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-72738-5_2CrossRefGoogle Scholar
  19. 19.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48658-5_19CrossRefGoogle Scholar
  20. 20.
    Derler, D., Samelin, K., Slamanig, D.: Bringing order to chaos: the case of collision-resistant Chameleon-Hashes. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12110, pp. 462–492. Springer, Cham (2020).  https://doi.org/10.1007/978-3-030-45374-9_16CrossRefGoogle Scholar
  21. 21.
    Derler, D., Samelin, K., Slamanig, D., Striecks, C.: Fine-grained and controlled rewriting in blockchains: Chameleon-hashing gone attribute-based. In: NDSS (2019)Google Scholar
  22. 22.
    Derler, D., Slamanig, D.: Key-homomorphic signatures: definitions and applications to multiparty signatures and non-interactive zero-knowledge. Des. Codes Crypt. 87(6), 1373–1413 (2018).  https://doi.org/10.1007/s10623-018-0535-9MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Derler, D., Slamanig, D.: Highly-efficient fully-anonymous dynamic group signatures. In: AsiaCCS, pp. 551–565 (2018)Google Scholar
  24. 24.
    Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Efficient public-key cryptography in the presence of key leakage. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 613–631. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_35CrossRefzbMATHGoogle Scholar
  25. 25.
    Don, J., Fehr, S., Majenz, C.: The measure-and-reprogram technique 2.0: Multi-round Fiat-Shamir and more. Cryptology ePrint Archive, Report 2020/282 (2020). https://eprint.iacr.org/2020/282
  26. 26.
    Don, J., Fehr, S., Majenz, C., Schaffner, C.: Security of the Fiat-Shamir transformation in the quantum random-oracle model. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 356–383. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-26951-7_13CrossRefzbMATHGoogle Scholar
  27. 27.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. J. Cryptol. 9(1), 35–67 (1996).  https://doi.org/10.1007/BF02254791MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Faust, S., Kohlweiss, M., Marson, G.A., Venturi, D.: On the non-malleability of the Fiat-Shamir transform. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 60–79. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34931-7_5CrossRefGoogle Scholar
  29. 29.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_12CrossRefGoogle Scholar
  30. 30.
    Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444–459. Springer, Heidelberg (2006).  https://doi.org/10.1007/11935230_29CrossRefGoogle Scholar
  31. 31.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_24CrossRefGoogle Scholar
  32. 32.
    Hohenberger, S., Waters, B.: Short and stateless signatures from the RSA assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_38CrossRefGoogle Scholar
  33. 33.
    Huang, K., Zhang, X., Mu, Y., Rezaeibagha, F., Wang, X., Li, J., Xia, Q., Qin, J.: EVA: efficient versatile auditing scheme for iot-based datamarket in jointcloud. IEEE Internet Things J. 7(2), 882–892 (2020)CrossRefGoogle Scholar
  34. 34.
    Jain, A., Krenn, S., Pietrzak, K., Tentes, A.: Commitments and efficient zero-knowledge proofs from learning parity with noise. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 663–680. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34961-4_40CrossRefGoogle Scholar
  35. 35.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS, pp. 143–154 (2000)Google Scholar
  36. 36.
    Krenn, S., Pöhls, H.C., Samelin, K., Slamanig, D.: Chameleon-Hashes with dual long-term trapdoors and their applications. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 11–32. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-89339-6_2CrossRefGoogle Scholar
  37. 37.
    Liu, Q., Zhandry, M.: Revisiting post-quantum Fiat-Shamir. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 326–355. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-26951-7_12CrossRefGoogle Scholar
  38. 38.
    Mohassel, P.: One-time signatures and Chameleon Hash functions. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 302–319. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19574-7_21CrossRefGoogle Scholar
  39. 39.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992).  https://doi.org/10.1007/3-540-46766-1_9CrossRefGoogle Scholar
  40. 40.
    Pietrzak, K.: Cryptography from learning parity with noise. In: Bieliková, M., Friedrich, G., Gottlob, G., Katzenbeisser, S., Turán, G. (eds.) SOFSEM 2012. LNCS, vol. 7147, pp. 99–114. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-27660-6_9CrossRefGoogle Scholar
  41. 41.
    Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: FOCS, pp. 543–553 (1999)Google Scholar
  42. 42.
    Samelin, K., Slamanig, D.: Policy-based sanitizable signatures. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 538–563. Springer, Cham (2020).  https://doi.org/10.1007/978-3-030-40186-3_23CrossRefGoogle Scholar
  43. 43.
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_21CrossRefGoogle Scholar
  44. 44.
    Steinfeld, R., Bull, L., Wang, H., Pieprzyk, J.: Universal designated-verifier signatures. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 523–542. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-40061-5_33CrossRefGoogle Scholar
  45. 45.
    Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_2CrossRefGoogle Scholar
  46. 46.
    Zhang, R.: Tweaking TBE/IBE to PKE transforms with Chameleon Hash functions. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 323–339. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-72738-5_21CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.DFINITYZurichSwitzerland
  2. 2.AIT Austrian Institute of TechnologyViennaAustria
  3. 3.IndependentLandshutGermany

Personalised recommendations