Chameleon Hashes Without Key Exposure Based on Factoring

Chameleon hash is the main primitive to construct a chameleon signaturescheme which provides non-repudiation and non-transferabilitysimultaneously. However, the initial chameleon hash schemes suffer fromthe key exposure problem: non-transferability is based on an unsoundassumption that the designated receiver is willing to abuse his privatekey regardless of its exposure. Recently, several key-exposure-freechameleon hashes have been constructed based on RSA assumption and SDH(strong Diffie-Hellman) assumption. In this paper, we propose afactoring-based chameleon hash scheme which is proven to enjoy alladvantages of the previous schemes. In order to support it, we propose avariant Rabin signature scheme which is proven secure against a new typeof attack in the random oracle model.