How to Forge Signatures and Be Happy About It

Oct 06, 2004

Abstract

This talk is about chameleon hash functions and their use within digital signature schemes. These peculiar cryptographic hashes can be used to allow certain authorized entities to selectively forge signatures.

But the ability to forge signatures can actually be used for good purposes. For instance, it is possible to build non-transferable signature schemes to ensure that certain signatures on private messages are not sold by insiders to the press or it is possible to allow a censor to sanitize signed messages before releasing them to the public and without involving the original signer.

We will introduce new constructions of chameleon hashes and describe several ways of employing them in some practical protocols.