Publication Details

Ren, Q., Mu, Y. & Susilo, W. (2007). Mitigating phishing by a new ID-based chameleon hash without key exposure. AusCERT Asia Pacific Information Technology Security Conference Refereed R&D Stream: 6th Conference, AusCERT2007 (pp. 1-13). University of Queensland: University of Queensland.


Chameleon signatures were introduced by Krawczyk and Rabin to provide a non-transferable signature scheme. However, the nontransferability property requires the willingness of the recipient in consequentially exposing a secret key and therefore invalidating all signatures issued to the same recipient’s public key. This notion has been extended by Chen et al. to allow a “key-exposure ” freeness scheme. However, it was concluded that to achieve this key-exposure freeness, one would require a technique called “identity customization”. Therefore, the notion of identity-based chameleon hash function becomes redundant since the identity is always needed in the construction of chameleon hash functions themselves. In this paper, in contrast to the previous construction, we construct an identity-based chameleon hash without key exposure without requiring any identity customization. More importantly, using the framework proposed by Susilo and Mu, we extended our scheme to mitigate phishing. Furthermore, our scheme can be easily extended to multi-party scenario, where a phishing scenario can be mitigate in a mailing list scenario, which is more practical.

Link to publisher version (URL)