1. INTRODUCTION

The Chameleon signatures, introduced by Krawczyk and Rabin [6], are based on well established hash-and-sign paradigm, where a chameleon hash function is used to compute the cryptographic message digest. A chameleon hash function is a trapdoor one-way hash function, which prevents everyone except the holder of the trapdoor information from computing the collisions for a randomly given input. Chameleon signatures simultaneously provide non-repudiation and non-transferability for the signed message as undeniable signatures [5] do, but the former allows for simpler and more efficient realization than the latter. In particular, chameleon signatures are non-interactive and less complicated.

One limitation of the original chameleon signature scheme is that signature forgery results in the signer recovering the recipient's trapdoor information, i:e the private key. The signer then can use this information to deny other signatures given to the recipient. Ateniese and de Mederious [1] firstly addressed the key exposure problem of chameleon hashing and introduced the idea of identity-based chameleon hashing to solve this problem.

Due to the distinguishing property of identity-based system, the signer can sign a message to an intended recipient, without having to first retrieve the recipient's certificate. Moreover, the signer uses a different public key (corresponding a different private key) for each transaction with a recipient, so that signature forgery only results in the signer recovering the trapdoor information associated to a single transaction. Therefore, the signer will not be capable of denying signatures on any message in other transactions. We argue that this idea only provides a partial solution for the problem of key exposure since the recipient's public key is changed for each transaction. Chen et al. [3] proposed the first full construction of a key-exposure free chameleon hash function in the gap DiffieHellman (GDH) groups with bilinear pairings. Ateniese and de Mederious [2] then presented three key-exposure free chameleon hash schemes, two based on the RSA assumption, as well as a new construction based on pairings. Interestingly Chan et al.[4] again proposed an id-based chameleon hash scheme. It was key exposure free and bilinear pairing was used in it. Recently, Zhan et al. [7] first propose an identity-based chameleon hash scheme without key exposure based on the RSA assumption.

Now in this paper we revisit the Zhan et al.[7] design in order to propose a new id based Chameleon hash scheme which is key exposure free and used RSA assumption but using two integer for of the scheme.

Our Contribution:

In this paper, we give a methods of the two random integer used and give the extension methods the Id based chameleon hashing scheme.

Organization In this paper organized as follows:

we describe the preliminaries of RSA and chameleon hashing in 2, and Yang Zhan, Xiaofeng Chen, Haibo Tian, Yumin Wang chameleon hashing scheme in introduce section 3, section 4 descried the our scheme and conclusion in section 5.

2. Preliminaries:

We review some fundamental backgrounds required in this paper, namely RSA assumption and Chameleon hashing with security model on which our scheme may been based.

RSA Problem:

Given an RSA public key (n, e) and a string.

C = M ^e(mod n), to compute M.

RSA Signature:

The signature S for a message M or H(M), with H a hash or redundancy function and private key (n, d) to obtain S by exponentiation:

(mod n) or S = H(M )^d(mod n)

To verify a signature S, the public key of the signer, the exponentiation and check that the message M or H(M) is recovered :

M = S^e(mod n) or H(M ) = S^e(mod n) .

RSA Assumption:

This is the RSA assumption introduced in 1978 by Rivest, Shamir, Adleman. This assumption uses a generator algorithm to generate an instance of the problem, similar to factoring’s .let n = pq be the product of two primes p, q is large prime and random prime integer e > 2 is prime to the order ϕ(n) = (p -1)(q -1) of the multiplicative residues modulo n. he secret key d is computed such that ed = 1 mod ϕ (n). The public key is (n, e).

Chameleon hashing:

A chameleon hashing function is a trapdoor collision resistant hash function, which is associated with a key pair (sk ,pk). Anyone who knows the public key pk can eﬃciently compute the hash value for each input. However, there exists no eﬃcient algorithm for anyone except the holder of the secret key sk, called a trapdoor, to ﬁnd collisions for every given input.

3. Zhan et al. Chameleon hashing

In this section, we introduce Zhan, Chen, Tian, Wang ,Id- based key exposure free Chameleon hashing based on the RSA assumption [7] , ﬁrst is basic chameleon hashing scheme which consists of the following eﬃcient algorithms.

Setup: Let t and k be security parameters. Let n = pq be the product of two primes p, q .A random prime integer e > 2^t is relatively prime to the order ϕ(n) = (p-1)(q -1) of the multiplicative residues modulo n. The secret key d is computed such that ed = 1 mod ϕ(n). The master public key of PKG is (n, e) and the corresponding master trapdoor is (p, q, d).

Extract: Let be a secure hash and encode scheme, mapping arbitrary strings to integers less than n. Given an identity information ID, and an integer l > 0, the septic trapdoor is extracted as mod n, where .

Hash: On input the hash key ID, a message m, chooses a random integer . given chameleon hash function is deﬁned as

H = Hash(ID, m, r) = mod n.

UForge: For any valid hash value H, the algorithm F can be used to compute a string r’ with the trapdoor key SID as follows:

mod n

Note that Hash (ID, m’, r’) = = = Hash(ID, m, r). Therefore, the forgery is successful.

Second is full chameleon hashing scheme which consists of the following eﬃcient algorithms.

Setup: Let t and k be security parameters. Let n = pq be the product of two primes . A random prime integer e > 2^tis relatively prime to the order ϕ(n) = (p -1)(q -1) of the multiplicative residues modulo n. The secret key d is computed such that ed = 1 mod ϕ(n) . The master public key of PKG is (n, e) and the corresponding master trapdoor is (p, q, d).

Extract: be a secure hash and encode scheme, mapping arbitrary strings to integers less than n. Given an integer l > 0 , the speciﬁc trapdoor is extracted as mod n, where the customized identity is .

Hash: On input the hash key and , a message m, chooses a random integer , an index i such that . given the chameleon hash function is deﬁned as = mod n.

UForge: For any valid hash value H, the algorithm F can be used to compute a string r’ with the trapdoor key SID as follows: Note that

Hash(ID,m,r,i)= =

Therefore, the forgery is successful.

4. The New Identity based Key exposure Free Chameleon Hashing Based on the RSA Assumption

We described the basic chameleon hashing scheme and refer to [7] for more information. Setup, Extract, Hash, UForge are as follows

Scheme 1.

Setup: The security parameters are the same as that of Zhan, Chen, Tian, Wang chameleon hash scheme.

Extract: Let be a secure hash and encode scheme, mapping arbitrary strings to integers less than n. An identity information ID, and we construct the positive integer is ” ” the speciﬁc trapdoor is extracted as mod n, where

Hash: On input the hash key ID, a message m and random string and we choose the random bit . It is viewed as a part of the input of the chameleon hash scheme. Our proposed chameleon hash function is deﬁned as.

UForge: For any valid hash value H, the algorithm F can be used to compute a string r’with the trapdoor key SID as follows:

and

Hash(ID, m, r, x). Therefore, the forgery is successful.

Scheme 2.our construct of the full chameleon hashing scheme and refer to

[7] for more information .Setup ,Extract ,Hash ,UForge are as follows

Setup: The security parameters are the same as that of Zhan, Chen, Tian,Wang chameleon hash scheme.

Extract: Let : be a secure hash and encode scheme, mapping arbitrary strings to integers less than n. An the speciﬁc trapdoor is extracted as mod n , the hash can be computed under a customized identity J ; for instance, J could be the result of applying a hash and encode function C(.) to the identity of the recipient, concatenated with the identity of the signer, plus some transaction identiﬁer :

Hash: On input the hash key IDS and IDR a message m, chooses a random integer and .an index such that . Then we Choose

proposed chameleon hash function is deﬁned as

UForge: For any valid hash value H, the algorithm F can be used to compute a string r’ with the trapdoor key SID as follows

= Therefore, the forgery is successful

4.1 Security scheme

The security scheme for combination of basic chameleon hash and full chameleon hash schemes ,ﬁrst of all the claims (1),(2) and (3) is basic chameleon hashing and full chameleon hashing satisfy claims (1,2,3) and full chameleon hashing described the claims(4) . we have the the following claims

Claims 1:In the random oracle model, the proposed by identitybased chameleon hash scheme is collision resistance against active attackers under the RSA problem is intractable.

Proof Given a collisions, (m, r,x) and (m, r, x) which satisfy

Hash(ID, m, r, x) = Hash(ID, m’, r’, x’) we have that

Let We see the values of prime, i.e. gcd( , e) = 1 Using the EEA for the GCD, one computes α and β such that = 1. B is extracted:

Remark We proposed the scheme is secure then [7],because the collision resistance against active attack ﬁnd the collision value is simple ﬁnd the hashing scheme is depend on random integer ”r” then r r ‘. but our scheme is secure random integer x then the hashing scheme in collision resistance against active attack is not easy because the algorithm depend on random integer x, and

then the secret key B is a secure variant of RSA signature, this scheme is not easy to computable for e collision forgeries for target random integer implies secure variant of RSA signatures on messages of choice.

Claims 2: The proposed chameleon hashing scheme is semantically secure.

Proof The given an identity ID, there is a one to one correspondence between the hash value H and the string r for each message m. Therefore, the conditional probability µ(m|H) = µ(m|(rx)) . Note that m and r are independent variables, the

equation µ(m|H)= µ(m) holds. Then, we can prove that the conditional entropy H[m_|H] equals the entropy H[m] as follows:

Claims 3 : The given by identity based chameleon hash scheme satisﬁes the property of message hiding.

Proof Give a collision (m, r ,x) and (m’, r’, x’) we can compute the trapdoor B similar to theorem 1. Then for any message m’’ a string r’’and using x’’can be

Computed with the trapdoor key B as follows: ⁾.

Claims 4:In the random oracle model, the given identity based chameleon hash scheme is keyexposure free under the assumption that the RSA assumption is intractable.

Proof Note that the recipient could obtain the trapdoor mod n from PKG when necessary, which is viewed as another master trapdoor and can be used to compute other ephemeral higher trapdoors

can compute any lower trapdoor, But the converse does not hold.

Also, even given all the values it is diﬃcult to compute mod n.

Note that it is equivalent to solve the problem: given compute since can be used to compute all . Since B can be viewed as an RSA signature for the message . So, this provides another solution to solve the key exposure under the assumption that the RSA assumption is intractable.

ID based key exposure free chameleon hashing :

the proposed identity based chameleon signature scheme. When dispute occurs, a judge J is involved in the scheme .Let be the signing/ veriﬁcation key pair of S, and, be the trapdoor/hash key pair of R. Given a message m, S randomly chooses an integer and the signature σ for message m is

Given a signature σ, R computes the chameleon hash value = Hash(IDR,L,m,r,x, l2) and veriﬁes the validity of with the veriﬁcation key .

5. CONCLUSION:

In this paper extention of [7] our construction is given by secure chameleon hashing based on RSA and the more eﬃciency algorithm of hashing scheme obtain the positive result.

6. REFERENCES:

1. G. Ateniese and B. de Medeiros. Identity based chameleon hash and applications, FC 2004, Lecture Notes in Computer Science 3110, Springer Verlag, pages 164-180, 2004.

2. G. Ateniese and B. De Medeiros. On the keyexposure problem in chameleon hashes, SCN 2004, Lecture Notes in Computer Science 3352, Springer Verlag, pages 165-179, 2005.

3. X. Chen, F. Zhang, and K. Kim. Chameleon hashing without key exposure, ISC 2004, Lecture Notes in Computer Science 3225, Springer Verlag, pages 87-98, 2004.

4. X. Chen, F. Zhang, H. Tian, and K. Kim. Identitybased chameleon hash scheme without key exposure, ACISP 2010, Lecture Notes in Computer Science 6168, Springer Verlag, pages 200-215, 2010.

5. D. Chaum and H. van Antwerpen. Undeniable signatures, Advances in Cryptology Crypto 1989, Lecture Notes in Computer Science 435, Springer Verlag, pages 212-216, 1989.

6. H. Krawczyk and T. Rabin. Chameleon hashing and signatures, Proc. of NDSS 2000, pages 143-154, 2000.

7. Yang Zhan, Xiaofeng Chen, Haibo Tian, Yumin Wang. Identitybased Keyexposure Free Chameleon Hashing Based on the RSA Assumption, Journal of Computational Information Systems 7:2 350-358,2011.

Received on 20.02.2013 Accepted on 10.03.2013

Research J. Science and Tech 5(3): July- Sept., 2013 page 307-312