Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications


Chameleon-Hashes with Dual Long-Term Trapdoors and Their Applications


Stephan Krenn, Henrich C. Pöhls, Kai Samelin and Daniel Slamanig


A chameleon-hash behaves likes a standard collision-resistant hash function for outsiders. If, however, a trapdoor is known, arbitrary collisions can be found. Chameleon-hashes with ephemeral trapdoors (CHET; Camenisch et al., PKC 17) allow prohibiting that the holder of the long-term trapdoor can find collisions by introducing a second, ephemeral, trapdoor. However, this ephemeral trapdoor is required to be chosen freshly for each hash. We extend these ideas and introduce the notion of chameleon-hashes with dual long-term trapdoors (CHDLTT). Here, the second trapdoor is not chosen freshly for each new hash; Rather, the hashing party can decide if it wants to generate a fresh second trapdoor or use an existing one. This primitive generalizes CHETs, extends their applicability and enables some appealing new use-cases, including three-party sanitizable signatures, group-level selectively revocable signatures and break-the-glass signatures. We present two provably secure constructions and an implementation which demonstrates that this extended primitive is efficient enough for use in practice.


1Oth International Conference on Cryptology, AFRICACRYPT 2018

Place and Date

Marrakesh, Morocco, May 7-9, 2018.