Generalizing Homomorphic MACs for Arithmetic Circuits

Catalano, Dario; Fiore, Dario; Gennaro, Rosario; Nizzardo, Luca

doi:10.1007/978-3-642-54631-0_31

Cited by 31 publications

(19 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This result has been proven for homomorphic MACs in [11]. Here we extend it to homomorphic signatures.…”

Section: Proposition 1 ([11]supporting

confidence: 56%

“…Below, we show two simple propositions that allow to overcome this issue for the case of homomorphic signatures whose class of supported functions are arithmetic circuits of degree d, over a finite field of order p such that d/p < 1/2. The first proposition is taken from [11] and provides a way to probabilistically test whether a program is well-defined.…”

Section: Homomorphic Signatures For Multi-labeled Programsmentioning

confidence: 99%

See 1 more Smart Citation

Homomorphic Signatures with Efficient Verification for Polynomial Functions

Catalano

Fiore

Warinschi

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. A homomorphic signature scheme for a class of functions C allows a client to sign and upload elements of some data set D on a server. At any later point, the server can derive a (publicly verifiable) signature that certifies that some y is the result computing some f ∈ C on the basic data set D. This primitive has been formalized by Boneh and Freeman (Eurocrypt 2011) who also proposed the only known construction for the class of multivariate polynomials of fixed degree d ≥ 1. In this paper we construct new homomorphic signature schemes for such functions. Our schemes provide the first alternatives to the one of BonehFreeman, and improve over their solution in three main aspects. First, our schemes do not rely on random oracles. Second, we obtain security in a stronger fully-adaptive model: while the solution of Boneh-Freeman requires the adversary to query messages in a given data set all at once, our schemes can tolerate adversaries that query one message at a time, in a fully-adaptive way. Third, signature verification is more efficient (in an amortized sense) than computing the function from scratch. The latter property opens the way to using homomorphic signatures for publiclyverifiable computation on outsourced data. Our schemes rely on a new assumption on leveled graded encodings which we show to hold in a generic model.

show abstract

“…This result has been proven for homomorphic MACs in [11]. Here we extend it to homomorphic signatures.…”

Section: Proposition 1 ([11]supporting

confidence: 56%

Section: Homomorphic Signatures For Multi-labeled Programsmentioning

confidence: 99%

Homomorphic Signatures with Efficient Verification for Polynomial Functions

Catalano

Fiore

Warinschi

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The proof is an adaptation to the multi-key setting of Proposition 2 in [12]. For completeness we give the proof.…”

Section: Definition 8 (Weak Forgery)mentioning

confidence: 99%

“…12 The algorithm then runs σ ←Sign (sk ∆ id , , m), and uses the non-homomorphic scheme to sign the concatenation of the public key vk ∆ id and the dataset identifier ∆, i.e., σ ∆ id ← NH.Sign(sk…”

Section: From a Single Dataset To Multiple Datasetsmentioning

confidence: 99%

Multi-key Homomorphic Authenticators

Fiore

Mitrokotsa

Nizzardo

et al. 2016

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Homomorphic authenticators (HAs) enable a client to authenticate a large collection of data elements m1, . . . , mt and outsource them, along with the corresponding authenticators, to an untrusted server. At any later point, the server can generate a short authenticator σ f,y vouching for the correctness of the output y of a function f computed on the outsourced data, i.e., y = f (m1, . . . , mt). Recently researchers have focused on HAs as a solution, with minimal communication and interaction, to the problem of delegating computation on outsourced data. The notion of HAs studied so far, however, only supports executions (and proofs of correctness) of computations over data authenticated by a single user. Motivated by realistic scenarios (ubiquitous computing, sensor networks, etc.) in which large datasets include data provided by multiple users, we study the concept of multi-key homomorphic authenticators. In a nutshell, multi-key HAs are like HAs with the extra feature of allowing the holder of public evaluation keys to compute on data authenticated under different secret keys. In this paper, we introduce and formally define multi-key HAs. Secondly, we propose a construction of a multi-key homomorphic signature based on standard lattices and supporting the evaluation of circuits of bounded polynomial depth. Thirdly, we provide a construction of multi-key homomorphic MACs based only on pseudorandom functions and supporting the evaluation of low-degree arithmetic circuits. Albeit being less expressive and only secretly verifiable, the latter construction presents interesting efficiency properties.

show abstract

“…However, the security of the scheme only holds in a setting without verification queries and can completely break down if the attacker has access to a verification oracle allowing him to test whether authentication tags are valid. More recent works [CF13,BFR13,CFGN14] show how to get homomorphic MACs that remain secure in the presence of verification queries, but only for restricted homomorphisms. Currently, the best such schemes allow for the evaluation of polynomials of degree k, where the computational effort grows polynomially with k (but the size of the evaluated authentication tag stays fixed).…”

Section: Related Workmentioning

confidence: 99%

Leveled Fully Homomorphic Signatures from Standard Lattices

Gorbunov

Vaikuntanathan

Wichs

2015

Proceedings of the Forty-Seventh Annual ACM Symposium on Theory of Computing

184

148

View full text Add to dashboard Cite

In a homomorphic signature scheme, a user Alice signs some large dataset x using her secret signing key and uploads the signed data to an untrusted remote server. The server can then run some computation y = f (x) over the signed data and homomorphically derive a short signature σ f,y certifying that y is the correct output of the computation f . Anybody can verify the tuple (f, y, σ f,y ) using Alice's public verification key and become convinced of this fact without having to retrieve the entire underlying data.In this work, we construct the first (leveled) fully homomorphic signature schemes that can evaluate arbitrary circuits over signed data. Only the maximal depth d of the circuits needs to be fixed a-priori at setup, and the size of the evaluated signature grows polynomially in d, but is otherwise independent of the circuit size or the data size. Our solution is based on the hardness of the small integer solution (SIS) problem in standard lattices and satisfies full (adaptive) security. In the standard model, we get a scheme with large public parameters whose size exceeds the total size of a dataset. In the random-oracle model, we get a scheme with short public parameters. In both cases, the schemes can be used to sign many different datasets. The complexity of verifying a signature for a computation f is at least as large as that of computing f , but can be amortized when verifying the same computation over many different datasets. Furthermore, the signatures can be made context-hiding so as not to reveal anything about the data beyond the outcome of the computation.These results offer a significant improvement in capabilities and assumptions over the best prior homomorphic signature schemes, which were limited to evaluating polynomials of constant degree.As a building block of independent interest, we introduce a new notion called homomorphic trapdoor functions (HTDF) which conceptually unites homomorphic encryption and signatures. We construct HTDFs by relying on the techniques developed by Gentry et al. (CRYPTO '13) and Boneh et al. (EUROCRYPT '14) in the contexts of fully homomorphic and attribute-based encryptions. *

show abstract

Generalizing Homomorphic MACs for Arithmetic Circuits

Cited by 31 publications

References 39 publications

Homomorphic Signatures with Efficient Verification for Polynomial Functions

Homomorphic Signatures with Efficient Verification for Polynomial Functions

Multi-key Homomorphic Authenticators

Leveled Fully Homomorphic Signatures from Standard Lattices

Contact Info

Product

Resources

About