Chameleon hashes without key exposure based on factoring

Chameleon hash is the main primitive to construct a chameleon signature scheme which provides nonrepudiation and non-transferability simultaneously. However, the initial chameleon hash schemes suffer from the key exposure problem: non-transferability is based on an unsound assumption that the designated receiver is willing to abuse his private key regardless of its exposure. Recently, several key-exposure- free chameleon hashes have been constructed based on RSA assumption and SDH (strong Diffie-Hellman) assumption. In this paper, we propose a factoring-based chameleon hash scheme which is proven to enjoy all advantages of the previous schemes. In order to support it, we propose a variant Rabin signature scheme which is proven secure against a new type of attack in the random oracle model.