Paper 2018/971

Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications

Stephan Krenn, Henrich C. Pöhls, Kai Samelin, and Daniel Slamanig


A chameleon-hash behaves likes a standard collision-resistant hash function for outsiders. If, however, a trapdoor is known, arbitrary collisions can be found. Chameleon-hashes with ephemeral trapdoors (CHET; Camenisch et al., PKC ’17) allow prohibiting that the holder of the long-term trapdoor can find collisions by introducing a second, ephemeral, trapdoor. However, this ephemeral trapdoor is required to be chosen freshly for each hash. We extend these ideas and introduce the notion of chameleon-hashes with dual long-term trapdoors (CHDLTT). Here, the second trapdoor is not chosen freshly for each new hash; Rather, the hashing party can decide if it wants to generate a fresh second trapdoor or use an existing one. This primitive generalizes CHETs, extends their applicability and enables some appealing new use-cases, including three-party sanitizable signatures, group-level selectively revocable signatures and break-the-glass signatures. We present two provably secure constructions and an implementation which demonstrates that this extended primitive is efficient enough for use in practice.

Note: Fixed typo in title

Available format(s)
Publication info
Published elsewhere. Major revision. AfricaCrypt 2018
digital signaturessanitizable signatureschameleon hashing
Contact author(s)
kaispapers @ gmail com
2018-10-15: revised
2018-10-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Stephan Krenn and Henrich C.  Pöhls and Kai Samelin and Daniel Slamanig},
      title = {Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2018/971},
      year = {2018},
      doi = {10.1007/978-3-319-89339-6_2},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.