Advertisement

On the Key Exposure Problem in Chameleon Hashes

  • Giuseppe Ateniese
  • Breno de Medeiros
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3352)

Abstract

Chameleon signatures were introduced by Krawczyk and Rabin, being non-interactive signature schemes that provide non-transferability. However, that first construction employs a chameleon hash that suffers from a key exposure problem: The non-transferability property requires willingness of the recipient in consequentially exposing a secret key, and therefore invalidating all signatures issued to the same recipient’s public key. To address this key-revocation issue, and its attending problems of key redistribution, storage of state information, and greater need for interaction, an identity-based scheme was proposed in [1], while a fully key-exposure free construction, based on the elliptic curves with pairings, appeared later in [7].

Herein we provide several constructions of exposure-free chameleon hash functions based on different cryptographic assumptions, such as the RSA and the discrete logarithm assumptions. One of the schemes is a novel construction that relies on a single trapdoor and therefore may potentially be realized over a large set of cryptographic groups (where the discrete logarithm is hard).

Keywords

Digital signatures undeniable signatures collision-resistant hashing trapdoor commitments chameleon signatures chameleon hashing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ateniese, G., de Medeiros, B.: Identity-based chameleon hash and applications. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 164–180. Springer, Heidelberg (2004), Available online at http://eprint.iacr.org/2003/167/ CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: PSS: Provably secure encoding method for digital signature. IEEE P1363a: Provably secure signatures (1998), http://grouper.ieee.org/groups/1363/p1363a/pssigs.html
  3. 3.
    Boneh, D., Boyen, X.: Short Signatures Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Brassard, G., Chaum, D., Crepeau, C.: Minimum disclosure proofs of knowledge. Journal of Computer an Systems Sciences 37(2), 156–189 (1988)MATHMathSciNetCrossRefGoogle Scholar
  5. 5.
    Catalano, D., Gennaro, R., Howgrave-Graham, N., Nguyen, P.Q.: Paillier’s Cryptosystem Revisited. In: ACM CCS (2001)Google Scholar
  6. 6.
    Chaum, D., Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Chen, X., Zhang, F., Kim, K.: Chameleon hashing without key exposure. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 87–98. Springer, Heidelberg (2004), Available online at, http://eprint.iacr.org/2004/038/ CrossRefGoogle Scholar
  8. 8.
    Damgård, I.: Practical and provable secure release of a secret and exchange of signature. Journal of Cryptology 8, 201–222 (1995)MATHCrossRefGoogle Scholar
  9. 9.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line Digital Signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 263–277. Springer, Heidelberg (1990)Google Scholar
  10. 10.
    Fischlin, M.: Trapdoor commitment schemes and their applications. Ph.D. thesis (2001)Google Scholar
  11. 11.
    Gennaro, R.: Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 220–236. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: Proceedings of NDSS 2000, pp. 143–154 (2000)Google Scholar
  13. 13.
    MacKenzie, P., Yang, K.: On Simulation-Sound Trapdoor Commitments. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 382–400. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Naccache, D., Pointcheval, D., Stern, J.: Twin signatures: an alternative to the hash-and-sign paradigm. In: Proc. of the 8th ACM Conference on Computer and Communication Security (ACM CCS), pp. 20–27. ACM Press, New York (2001)CrossRefGoogle Scholar
  15. 15.
    Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)Google Scholar
  16. 16.
    Paillier, P.: Public key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  17. 17.
    Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–149. Springer, Heidelberg (1992)Google Scholar
  18. 18.
    RSA Labs: RSA Crypt. Std: EMSAPSS – PKCS#1 v2.1., pp. 26–28, 32–37 (2002)Google Scholar
  19. 19.
    RSA Labs: RSA Crypt. Std: EMSAPKCS1-v1_5 - PKCS#1 v2.1. pp. 29–33, 37–38 (2002)Google Scholar
  20. 20.
    Shamir, A., Kalai, Y.: Improved Online/Offline Signature Schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Giuseppe Ateniese
    • 1
  • Breno de Medeiros
    • 2
  1. 1.Information Security Institute and Department of Computer ScienceThe Johns Hopkins University 
  2. 2.Department of Computer ScienceFlorida State University 

Personalised recommendations