Paper 2004/243

On the Key Exposure Problem in Chameleon Hashes

Giuseppe Ateniese and Breno de Medeiros

Abstract

Chameleon signatures were introduced by Krawczyk and Rabin, being non-interactive signature schemes that provide non-transferability. However, that first construction employs a chameleon hash that suffers from a key exposure problem: The non-transferability property requires willingness of the recipient in consequentially exposing a secret key, and therefore invalidating all signatures issued to the same recipient's public key. To address this key-revocation issue, and its attending problems of key redistribution, storage of state information, and greater need for interaction, an identity-based scheme was proposed in [1], while a fully key-exposure free construction, based on the elliptic curves with pairings, appeared later in [7]. Herein we provide several constructions of exposure-free chameleon hash functions based on different cryptographic assumptions, such as the RSA and the discrete logarithm assumptions. One of the schemes is a novel construction that relies on a single trapdoor and therefore may potentially be realized over a large set of cryptographic groups (where the discrete logarithm is hard).

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Full version of the paper in SCN '04, LNCS of Springer-Verlag, 2004.
Contact author(s)
ateniese @ cs jhu edu
History
2004-09-22: received
Short URL
https://ia.cr/2004/243
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2004/243,
      author = {Giuseppe Ateniese and Breno de Medeiros},
      title = {On the Key Exposure Problem in Chameleon Hashes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2004/243},
      year = {2004},
      url = {https://eprint.iacr.org/2004/243}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.