Fully Collision-Resistant Chameleon-Hashes from Simpler and Post-quantum Assumptions

Chameleon-hashes are collision-resistant hash-functions parametrized by a public key. If the corresponding secret key is known, arbitrary collisions for the hash can be found. Recently, Derler et al. (PKC '20) introduced the notion of fully collision-resistant chameleonhashes. Full collision-resistance requires the intractability of nding collisions, even with full-adaptive access to a collisionnding oracle. Their construction combines simulation-sound extractable (SSE) NIZKs with perfectly correct IND-CPA secure public-key encryption (PKE) schemes. We show that, instead of perfectly correct PKE, non-interactive commitment schemes are su cient. For the rst time, this gives rise to e cient instantiations from plausible post-quantum assumptions and thus candidates of chameleon-hashes with strong collision-resistance guarantees and long-term security guarantees. On the more theoretical side, our results relax the requirement to not being dependent on public-key encryption.

[1]  Ron Steinfeld,et al.  Universal Designated-Verifier Signatures , 2003, ASIACRYPT.

[2]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[3]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[4]  Yi Mu,et al.  Efficient Generic On-Line/Off-Line Signatures Without Key Exposure , 2007, ACNS.

[5]  Hugo Krawczyk,et al.  Chameleon Signatures , 2000, NDSS.

[6]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[7]  Stephan Krenn,et al.  Commitments and Efficient Zero-Knowledge Proofs from Learning Parity with Noise , 2012, ASIACRYPT.

[8]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[9]  Markulf Kohlweiss,et al.  On the Non-malleability of the Fiat-Shamir Transform , 2012, INDOCRYPT.

[10]  Mihir Bellare,et al.  A Characterization of Chameleon Hash Functions and New, Efficient Designs , 2014, Journal of Cryptology.

[11]  Jonathan Katz,et al.  Applied Cryptography and Network Security, 5th International Conference, ACNS 2007, Zhuhai, China, June 5-8, 2007, Proceedings , 2007, ACNS.

[12]  Serge Fehr,et al.  Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model , 2019, IACR Cryptol. ePrint Arch..

[13]  Giuseppe Ateniese,et al.  Identity-Based Chameleon Hash and Applications , 2004, Financial Cryptography.

[14]  Ke Huang,et al.  EVA: Efficient Versatile Auditing Scheme for IoT-Based Datamarket in Jointcloud , 2020, IEEE Internet of Things Journal.

[15]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[16]  Daniel Slamanig,et al.  Policy-Based Sanitizable Signatures , 2020, IACR Cryptol. ePrint Arch..

[17]  Rui Zhang,et al.  Tweaking TBE/IBE to PKE Transforms with Chameleon Hash Functions , 2007, ACNS.

[18]  Giuseppe Ateniese,et al.  Redactable Blockchain – or – Rewriting History in Bitcoin and Friends , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  Mark Zhandry,et al.  Revisiting Post-Quantum Fiat-Shamir , 2019, IACR Cryptol. ePrint Arch..

[20]  Daniel Slamanig,et al.  Key-homomorphic signatures: definitions and applications to multiparty signatures and non-interactive zero-knowledge , 2018, Designs, Codes and Cryptography.

[21]  Daniel Slamanig,et al.  Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications , 2018, AFRICACRYPT.

[22]  Giuseppe Ateniese,et al.  On the Key Exposure Problem in Chameleon Hashes , 2004, SCN.

[23]  Florian Volk,et al.  Security of Sanitizable Signatures Revisited , 2009, Public Key Cryptography.

[24]  Ryo Nishimaki,et al.  Tagged One-Time Signatures: Tight Security and Optimal Tag Size , 2013, Public Key Cryptography.

[25]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[26]  Krzysztof Pietrzak,et al.  Cryptography from Learning Parity with Noise , 2012, SOFSEM.

[27]  Yunlei Zhao,et al.  Hierarchical Identity-Based Chameleon Hash and Its Applications , 2011, ACNS.

[28]  Manuel Blum,et al.  Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[29]  Daniel Slamanig,et al.  Highly-Efficient Fully-Anonymous Dynamic Group Signatures , 2018, AsiaCCS.

[30]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[31]  Payman Mohassel,et al.  One-Time Signatures and Chameleon Hash Functions , 2010, Selected Areas in Cryptography.

[32]  Daniel Slamanig,et al.  Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based , 2019, NDSS.

[33]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[34]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[35]  Daniel Slamanig,et al.  Practical Strongly Invisible and Strongly Accountable Sanitizable Signatures , 2017, ACISP.

[36]  Stephan Krenn,et al.  Efficient Zero-Knowledge Proofs for Commitments from Learning with Errors over Rings , 2015, ESORICS.

[37]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[38]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[39]  Daniel Slamanig,et al.  Chameleon-Hashes with Ephemeral Trapdoors And Applications to Invisible Sanitizable Signatures , 2017, IACR Cryptol. ePrint Arch..

[40]  Gene Tsudik,et al.  Sanitizable Signatures , 2005, ESORICS.

[41]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[42]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[43]  Eike Kiltz,et al.  Tightly-Secure Signatures from Chameleon Hash Functions , 2015, Public Key Cryptography.

[44]  Serge Fehr,et al.  The Measure-and-Reprogram Technique 2.0: Multi-Round Fiat-Shamir and More , 2020, IACR Cryptol. ePrint Arch..

[45]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[46]  Mihir Bellare,et al.  Hash Functions from Sigma Protocols and Improvements to VSH , 2008, ASIACRYPT.

[47]  Daniel Slamanig,et al.  Bringing Order to Chaos: The Case of Collision-Resistant Chameleon-Hashes , 2020, IACR Cryptol. ePrint Arch..