The Extensible Authentication Protocol (EAP) framework aims to realize a flexible authentication for wireless networks. However, a full EAP authentication needs several round trips between a mobile node and the EAP server, and hence is unacceptable in a process of handoff authentication because of inefficient performance. Considering the advantage of the identity-based cryptography, it is attractive to realize handoff authentication efficiently in the identity-based setting. In this work, we propose a new identity-based handoff authentication scheme in which a special double-trapdoor chameleon hash function is used. Compared with the existing identity-based handoff authentication construction, the main advantage of the proposed scheme eliminates the assumption that the private key generator is fully trusted. Besides, the detailed security analysis shows that the proposed scheme not only satisfies robust security properties but also enjoys desirable efficiency for the real-world applications. Copyright © 2013 John Wiley & Sons, Ltd.