Paper 2004/038

Chameleon Hashing without Key Exposure

Xiaofeng Chen, Fangguo Zhang, and Kwangjo Kim


Chameleon signatures are based on well established hash-and-sign paradigm, where a \emph{chameleon hash function} is used to compute the cryptographic message digest. Chameleon signatures simultaneously provide the properties of non-repudiation and non-transferability for the signed message, $i.e.,$ the designated recipient is capable of verifying the validity of the signature, but cannot disclose the contents of the signed information to convince any third party without the signer's consent. One disadvantage of the initial chameleon signature scheme is that signature forgery results in the signer recovering the recipient's trapdoor information, $i.e.,$ private key. Therefore, the signer can use this information to deny \emph{other} signatures given to the recipient. This creates a strong disincentive for the recipient to forge signatures, partially undermining the concept of non-transferability. In this paper, we firstly propose a chameleon hashing scheme in the gap Diffie-Hellman group to solve the problem of key exposure. We can prove that the recipient's trapdoor information will never be compromised under the assumption of Computation Diffie-Hellman Problem (CDHP) is intractable. Moreover, we use the proposed chameleon hashing scheme to design a chameleon signature scheme.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Chameleon hashingGap Diffie-Hellman groupKey exposureDigital signatures.
Contact author(s)
crazymount @ icu ac kr
2004-02-16: received
Short URL
Creative Commons Attribution


      author = {Xiaofeng Chen and Fangguo Zhang and Kwangjo Kim},
      title = {Chameleon Hashing without Key Exposure},
      howpublished = {Cryptology ePrint Archive, Paper 2004/038},
      year = {2004},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.