Efficient chameleon hash functions in the enhanced collision resistant model

Abstract Chameleon hash functions are collision resistant when only the hashing keys of the functions are known. In particular, without the knowledge of the secret information, the chameleon hash function is merely like a regular cryptographic hash function, where it is hard to find collisions. However anyone who has trapdoor keys can efficiently generate pre-images for the chameleon hash function. In some applications, such as redactable blockchains, unfortunately the existing properties do not suffice and we need more features. Actually, it is required that without knowing the trapdoor keys, nobody can compute collisions, even if he can see collisions for arbitrary hash functions. In 2017, Ateniese et al. introduced the notion of chameleon hash functions in the enhanced collision resistant model and proposed a construction in the standard model satifying the features. To date, efficient constructions of this kind of chameleon hash functions remain as an open research problem. In this paper, we answer this problem affirmatively by presenting efficient constructions of the chameleon hash function satisfying the enhanced collision resistance. The contributions of this work are twofold. First, we show the weakness of previous work. Then, we proceed with proposing new schemes with more efficiency. Technically, we present a new chameleon hash function in the basic model and based on simple assumptions. This chameleon hash function is well compatible with Groth-Sahai proof systems and the Cramer-Shoup encryption schemes, and can be used as a stepping stone to construct an efficient chameleon hash function in the enhanced collision resistant model. Moreover, we show our basic chameleon hash can be combined with optimal ZK-SNARKs of Groth and Maller that leads to shorter sizes for chameleon hash function in the enhanced collision resistant model.

[1]  Kwangjo Kim,et al.  Discrete logarithm based chameleon hashing and signatures without key exposure , 2011, Comput. Electr. Eng..

[2]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[3]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[4]  Payman Mohassel,et al.  One-Time Signatures and Chameleon Hash Functions , 2010, Selected Areas in Cryptography.

[5]  Fangguo Zhang,et al.  Comments and Improvements on Key-Exposure Free Chameleon Hashing Based on Factoring , 2010, Inscrypt.

[6]  Mohsen Guizani,et al.  A lightweight privacy-preserving protocol using chameleon hashing for secure vehicular communications , 2012, 2012 IEEE Wireless Communications and Networking Conference (WCNC).

[7]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[8]  Song Guo,et al.  Chameleon Hashing for Secure and Privacy-Preserving Vehicular Communications , 2014, IEEE Transactions on Parallel and Distributed Systems.

[9]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[10]  Eike Kiltz,et al.  Tightly-Secure Signatures from Chameleon Hash Functions , 2015, Public Key Cryptography.

[11]  Kwangjo Kim,et al.  Chameleon Hashing Without Key Exposure , 2004, ISC.

[12]  Giuseppe Ateniese,et al.  Identity-Based Chameleon Hash and Applications , 2004, Financial Cryptography.

[13]  Daniel Slamanig,et al.  Chameleon-Hashes with Ephemeral Trapdoors And Applications to Invisible Sanitizable Signatures , 2017, IACR Cryptol. ePrint Arch..

[14]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[15]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[16]  Yi Mu,et al.  Efficient Generic On-Line/Off-Line Signatures Without Key Exposure , 2007, ACNS.

[17]  Jens Groth,et al.  Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs , 2017, IACR Cryptol. ePrint Arch..

[18]  Jin Li,et al.  Identity-based chameleon hashing and signatures without key exposure , 2014, Inf. Sci..

[19]  Daniel Slamanig,et al.  Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based , 2019, NDSS.

[20]  Gene Tsudik,et al.  Sanitizable Signatures , 2005, ESORICS.

[21]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[22]  Yuan Zhou,et al.  Fully-Secure and Practical Sanitizable Signatures , 2010, Inscrypt.

[23]  Dennis Hofheinz,et al.  All-But-Many Lossy Trapdoor Functions , 2012, EUROCRYPT.

[24]  Daniel Slamanig,et al.  Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications , 2018, AFRICACRYPT.

[25]  Rui Zhang,et al.  Tweaking TBE/IBE to PKE Transforms with Chameleon Hash Functions , 2007, ACNS.

[26]  Giuseppe Ateniese,et al.  Redactable Blockchain – or – Rewriting History in Bitcoin and Friends , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[27]  Efficient chameleon hashing-based privacy-preserving auditing in cloud storage , 2015, Cluster Computing.

[28]  Kwangjo Kim,et al.  Identity-Based Chameleon Hash Scheme without Key Exposure , 2010, ACISP.

[29]  Mihir Bellare,et al.  A Characterization of Chameleon Hash Functions and New, Efficient Designs , 2014, Journal of Cryptology.

[30]  Yi Mu,et al.  Deniable Ring Authentication Revisited , 2004, ACNS.

[31]  Giuseppe Ateniese,et al.  On the Key Exposure Problem in Chameleon Hashes , 2004, SCN.

[32]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[33]  Emmanuel Bresson,et al.  Off-line/on-line signatures revisited: a general unifying paradigm, efficient threshold variants and experimental results , 2013, International Journal of Information Security.

[34]  Robert H. Deng,et al.  Variations of Diffie-Hellman Problem , 2003, ICICS.

[35]  Yunlei Zhao,et al.  Hierarchical Identity-Based Chameleon Hash and Its Applications , 2011, ACNS.

[36]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[37]  Mukesh Singhal,et al.  Efficient proxy signatures based on trapdoor hash functions , 2010, IET Inf. Secur..

[38]  Jorge Luis Villar,et al.  An Algebraic Framework for Diffie–Hellman Assumptions , 2015, Journal of Cryptology.

[39]  Ron Steinfeld,et al.  Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures , 2004, Public Key Cryptography.