Generic Construction of Chameleon Hash to Group Elements

—Chameleon hash functions are trapdoor one-way functions with many applications such as chameleon signatures and on-line/off-line signatures. Previous research focused on the concrete constructions based on different assumptions, as well as schemes without the key-exposure problem. In this paper, we consider the structure-preserving schemes where messages, hash value and public keys all consist of elements of a group over which a bilinear map is efficiently computable. This property makes them useful in cryptographic protocols as they can nicely compose with other algebraic tools (like the GrothSahai proof systems). We first propose a concrete structurepreserving chameleon hash from a one-time linearly homomorphic Structure-Preserving Signature (SPS), without the keyexposure free property. Then, we give a generic construction of chameleon hash from any linearly homomorphic SPS satisfying a certain template, and key-exposure freeness can be achieved when full-fledged linearly homomorphic SPS is used.

[1]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[2]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[3]  Christian Hanser,et al.  Structure-Preserving Signatures on Equivalence Classes and their Application to Anonymous Credentials , 2014, IACR Cryptol. ePrint Arch..

[4]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, EUROCRYPT.

[5]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[6]  Moti Yung,et al.  Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions , 2015, CRYPTO.

[7]  Mehdi Tibouchi,et al.  Strongly-optimal structure preserving signatures from Type II pairings: synthesis and lower bounds , 2016, IET Inf. Secur..

[8]  Georg Fuchsbauer,et al.  Automorphic Signatures in Bilinear Groups and an Application to Round-Optimal Blind Signatures , 2009, IACR Cryptol. ePrint Arch..

[9]  Taher ElGamal On Computing Logarithms Over Finite Fields , 1985 .

[10]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[11]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[12]  Moti Yung,et al.  Group Encryption: Non-interactive Realization in the Standard Model , 2009, ASIACRYPT.

[13]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[14]  Jens Groth,et al.  Efficient Fully Structure-Preserving Signatures for Large Messages , 2015, IACR Cryptol. ePrint Arch..

[15]  Jin Li,et al.  Identity-based chameleon hashing and signatures without key exposure , 2014, Inf. Sci..

[16]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[17]  Payman Mohassel,et al.  One-Time Signatures and Chameleon Hash Functions , 2010, Selected Areas in Cryptography.

[18]  Eiichiro Fujisaki,et al.  New Constructions of Efficient Simulation-Sound Commitments Using Encryption and Their Applications , 2012, CT-RSA.

[19]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[20]  Reihaneh Safavi-Naini,et al.  ID-Based Chameleon Hashes from Bilinear Pairings , 2003, IACR Cryptol. ePrint Arch..

[21]  Masayuki Abe,et al.  Signing on Elements in Bilinear Groups for Modular Protocol Design , 2010, IACR Cryptol. ePrint Arch..

[22]  Giuseppe Ateniese,et al.  Identity-Based Chameleon Hash and Applications , 2004, Financial Cryptography.

[23]  Hugo Krawczyk,et al.  Chameleon Hashing and Signatures , 1998, IACR Cryptol. ePrint Arch..

[24]  Mehdi Tibouchi,et al.  Structure-Preserving Signatures from Type II Pairings , 2014, CRYPTO.

[25]  Eike Kiltz,et al.  Structure-Preserving Signatures from Standard Assumptions, Revisited , 2015, CRYPTO.

[26]  Jens Groth,et al.  Separating Short Structure-Preserving Signatures from Non-interactive Assumptions , 2011, ASIACRYPT.

[27]  Giuseppe Ateniese,et al.  On the Key Exposure Problem in Chameleon Hashes , 2004, SCN.

[28]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[29]  Mehdi Tibouchi,et al.  Fully Structure-Preserving Signatures and Shrinking Commitments , 2015, EUROCRYPT.

[30]  Jin Li,et al.  Generic construction for secure and efficient handoff authentication schemes in EAP-based wireless networks , 2014, Comput. Networks.

[31]  Mehdi Tibouchi,et al.  Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures , 2014, IACR Cryptol. ePrint Arch..

[32]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[33]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[34]  Kwangjo Kim,et al.  Chameleon Hashing Without Key Exposure , 2004, ISC.

[35]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[36]  Yvo Desmedt,et al.  Computer security by redefining what a computer is , 1993, NSPW '92-93.

[37]  Jonathan Katz,et al.  Proofs of Storage from Homomorphic Identification Protocols , 2009, ASIACRYPT.