Linearly Homomorphic Authenticated Encryption with Provable Correctness and Public Verifiability

Struck, Patrick; Schabhüser, Lucas; Demirel, Denise; Buchmann, Johannes

doi:10.1007/978-3-319-55589-8_10

Cited by 4 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, although the two instantiations of LAEPuV [19,20] are very efficient (since the homomorphic operation on the encrypted message in LAEPuV is a linear function), their security is proved in the random oracle model. On the contrary, the security of our proposed signcryption primitive is proved in the standard model and can be employed for a more general function, that is, for any polynomial size circuit, which leads to sacrificing some efficiency.…”

Section: Related Workmentioning

confidence: 99%

“…The main difference between our homomorphic signcryption and LAEPuV relies on the verification algorithm. More precisely, in LAEPuV [19,20] the verification algorithm is defined as Verifyðvk; id; c; f Þ and requires that the condition Verifyðvk; id; c; f Þ ¼ 1 is equivalent to ∃m; s:t: Decrypt ðsk; id; c; f Þ ¼ m. Such a correctness requirement implies that if the verification is successful, the verifier is convinced that c is an encryption of some message, but without knowing to which message c corresponds to. In contrast, the verification algorithm in our homomorphic signcryption is defined as Verifyðpk; tag; m 0 ; c 0 ; f Þ, which is employed to check the matching of a message m 0 with the corresponding signcryption c 0 .…”

Section: Related Workmentioning

confidence: 99%

“…Catalano et al have also provided an instantiation for LAEPuV in the random oracle model based on Paillier's cryptosystem. Struck et al [20] proposed some improvements on Catalano et al's instantiated scheme by avoiding false negatives during the verification algorithm.…”

Section: Related Workmentioning

confidence: 99%

“…Struck et al. [20] proposed some improvements on Catalano et al.’s instantiated scheme by avoiding false negatives during the verification algorithm.…”

Section: Introductionmentioning

confidence: 99%

“…The main difference between our homomorphic signcryption and LAEPuV relies on the verification algorithm. More precisely, in LAEPuV [19, 20] the verification algorithm is defined as

sans-serifV sans-serife sans-serifr sans-serifi sans-seriff sans-serify (sans-serifv sans-serifk, sans-serifi sans-serifd, c, f)

and requires that the condition

sans-serifV sans-serife sans-serifr sans-serifi sans-seriff sans-serify (sans-serifv sans-serifk, sans-serifi sans-serifd, c, f) = 1

is equivalent to

\exists m, s . t . sans-serifD sans-serife sans-serifc sans-serifr sans-serify sans-serifp sans-serift (sans-serifs sans-serifk, sans-serifi sans-serifd, c, f) = m

. Such a correctness requirement implies that if the verification is successful, the verifier is convinced that c is an encryption of some message, but without knowing to which message c corresponds to.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Homomorphic signcryption with public plaintext‐result checkability

Liang²,

Mitrokotsa

et al. 2021

IET Information Security

View full text Add to dashboard Cite

Signcryption originally proposed by Zheng (CRYPTO 0 97) is a useful cryptographic primitive that provides strong confidentiality and integrity guarantees. This article addresses the question whether it is possible to homomorphically compute arbitrary functions on signcrypted data. The answer is affirmative and a new cryptographic primitive, homomorphic signcryption (HSC) with public plaintext-result checkability is proposed that allows both to evaluate arbitrary functions over signcrypted data and makes it possible for anyone to publicly test whether a given ciphertext is the signcryption of the message under the key. Two notions of message privacy are also investigated: weak message privacy and message privacy depending on whether the original signcryptions used in the evaluation are disclosed or not. More precisely, the contributions are two-fold: (i) two different definitions of HSC with public plaintext-result checkability is provided for arbitrary functions in terms of syntax, unforgeability and message privacy depending on if the homomorphic computation is performed in a private or in a public evaluation setting, (ii) two HSC constructions are proposed: one for a public evaluation setting and another for a private evaluation setting and security is formally proved.This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

“…Struck et al. [20] proposed some improvements on Catalano et al.’s instantiated scheme by avoiding false negatives during the verification algorithm.…”

Section: Introductionmentioning

confidence: 99%

“…The main difference between our homomorphic signcryption and LAEPuV relies on the verification algorithm. More precisely, in LAEPuV [19, 20] the verification algorithm is defined as

sans-serifV sans-serife sans-serifr sans-serifi sans-seriff sans-serify (sans-serifv sans-serifk, sans-serifi sans-serifd, c, f)

and requires that the condition

sans-serifV sans-serife sans-serifr sans-serifi sans-seriff sans-serify (sans-serifv sans-serifk, sans-serifi sans-serifd, c, f) = 1

is equivalent to

\exists m, s . t . sans-serifD sans-serife sans-serifc sans-serifr sans-serify sans-serifp sans-serift (sans-serifs sans-serifk, sans-serifi sans-serifd, c, f) = m

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Homomorphic signcryption with public plaintext‐result checkability

Liang²,

Mitrokotsa

et al. 2021

IET Information Security

View full text Add to dashboard Cite

show abstract

A Linearly Homomorphic Signature Scheme from Weaker Assumptions

Schabhüser

Buchmann

Struck

2017

Cryptography and Coding

View full text Add to dashboard Cite

The International Conference on Cryptography and Coding is the biennial conference of the Institute of Mathematics and its Applications (IMA) on cryptography and coding theory. The conference series has been running for more than three decades and the 16th edition was held December 12-14 at St. Catherine's College, University of Oxford. We received 32 submissions from authors all over the world on a diverse set of topics both in cryptography and coding theory. The Program Committee selected 19 of the submissions for presentation at the conference. The review process was double-blind and rigorous. Each submission was reviewed independently by at least two reviewers in an individual review phase, and subsequently considered by the Program Committee in a discussion phase. Feedback from the reviews and discussions was given to the authors and their revised submissions are included in the proceedings.In addition to the presentations of accepted papers, the conference also featured four keynote talks by internationally leading scientists on their research in the interface of cryptography and coding theory. I am grateful to Daniele Micciancio, Jan Camenisch, Nicolas Sendrier, and Thomas Prest for accepting our invitation and sharing the insights gathered from their exciting research. I am also grateful to Martin Albrecht, who co-chaired a Special Session on Lattice-Based Cryptography Constructions and Architectures, and to the contributing authors, Nina Bindel, Tim Güneysu, Tobias Oder, Francesco Regazzoni, Peter Campbell, and Michael Groves.Running a conference like IMACC requires the effort of many people and many thanks are due. I would like to thank the Steering Committee for their trust and support. I thank the authors for their submissions and the Program Committee and the external reviewers for their effort in selecting the scientific program. Thanks also goes to the IACR for their cooperation and to the H2020 SAFEcrypto project (www.safecrypto.eu) for providing sponsorship. I appreciate the assistance by Anna Kramer, Abier El-Saeidi and Xavier Mathew from Springer in the production of the proceedings. Finally, I am incredibly thankful to conference officer (general chair) Lizzi Lake and her colleagues at the Institute of Mathematics and its Applications for handling all the practical matters of the conference.

show abstract

A Secure Federated Learning framework using Homomorphic Encryption and Verifiable Computing

Madi

Stan

Mayoue

et al. 2021

2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS)

View full text Add to dashboard Cite

In this paper, we present the first Federated Learning (FL) framework which is secure against both confidentiality and integrity threats from the aggregation server, in the case where the resulting model is not disclosed to the latter. We do so by combining Homomorphic Encryption (HE) and Verifiable Computing (VC) techniques in order to perform a Federated Averaging operator directly in the encrypted domain (by means of HE) and produce formal proofs that the operator was correctly applied (by means of VC). Due to the simplicity of the aggregation function, we are able to ground our approach in additive HE techniques which are highly mature in terms of security and decently efficient. We also introduce a number of optimizations which allows to reach practical execution performances on the larger deep learning models end of the spectrum. The paper also provides extensive experimental results on the FEMNIST dataset demonstrating that the approach preserves the quality of the resulting models at the cost of practically meaningful computing and communication overheads, at least in the cross-silo setting for which higher-end machines can be involved on both the client and server sides.

show abstract

Linearly Homomorphic Authenticated Encryption with Provable Correctness and Public Verifiability

Cited by 4 publications

References 18 publications

Homomorphic signcryption with public plaintext‐result checkability

Homomorphic signcryption with public plaintext‐result checkability

A Linearly Homomorphic Signature Scheme from Weaker Assumptions

A Secure Federated Learning framework using Homomorphic Encryption and Verifiable Computing

Contact Info

Product

Resources

About