Paper 2017/011

Chameleon-Hashes with Ephemeral Trapdoors And Applications to Invisible Sanitizable Signatures

Jan Camenisch, David Derler, Stephan Krenn, Henrich C. Pöhls, Kai Samelin, and Daniel Slamanig


A chameleon-hash function is a hash function that involves a trapdoor the knowledge of which allows one to find arbitrary collisions in the domain of the function. In this paper, we introduce the notion of chameleon-hash functions with ephemeral trapdoors. Such hash functions feature additional, i.e., ephemeral, trapdoors which are chosen by the party computing a hash value. The holder of the main trapdoor is then unable to find a second pre-image of a hash value unless also provided with the ephemeral trapdoor used to compute the hash value. We present a formal security model for this new primitive as well as provably secure instantiations. The first instantiation is a generic black-box construction from any secure chameleon-hash function. We further provide three direct constructions based on standard assumptions. Our new primitive has some appealing use-cases, including a solution to the long-standing open problem of invisible sanitizable signatures, which we also present.

Note: Fixed a detail in the transparency definition.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2017
chameleon-hash functionstrapdoor commitmentssanitizable signaturesinvisible sanitizable signatures
Contact author(s)
ksa @ zurich ibm com
2017-12-13: last of 2 revisions
2017-01-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and David Derler and Stephan Krenn and Henrich C.  Pöhls and Kai Samelin and Daniel Slamanig},
      title = {Chameleon-Hashes with Ephemeral Trapdoors And Applications to Invisible Sanitizable Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2017/011},
      year = {2017},
      doi = {10.1007/978-3-662-54388-7_6},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.