Cryptology ePrint Archive: Report 2004/243
On the Key Exposure Problem in Chameleon Hashes
Giuseppe Ateniese and Breno de Medeiros
Abstract: Chameleon signatures were introduced by Krawczyk and Rabin, being non-interactive signature schemes that provide non-transferability. However, that first construction
employs a chameleon hash that suffers from a key exposure problem:
The non-transferability property requires willingness of the recipient in consequentially exposing a secret key, and therefore invalidating all signatures issued to the same recipient's public key.
To address this key-revocation issue, and its attending problems of key
redistribution, storage of state information, and greater need for interaction,
an identity-based scheme was proposed in [1], while a fully key-exposure free construction, based on the elliptic curves with pairings, appeared later in [7].
Herein we provide several constructions of exposure-free
chameleon hash functions based on different cryptographic assumptions,
such as the RSA and the discrete logarithm assumptions. One of the
schemes is a novel construction that relies on a single trapdoor
and therefore may potentially be realized over a large set of cryptographic
groups (where the discrete logarithm is hard).
Category / Keywords:
Publication Info: Full version of the paper in SCN '04, LNCS of Springer-Verlag, 2004.
Date: received 20 Sep 2004
Contact author: ateniese at cs jhu edu
Available format(s): PDF | BibTeX Citation
Version: 20040922:124107 (All versions of this report)
Short URL: ia.cr/2004/243
[ Cryptology ePrint archive ]