Homomorphic Signature Schemes

  • Robert Johnson
  • David Molnar
  • Dawn Song
  • David Wagner
Conference paper

DOI: 10.1007/3-540-45760-7_17

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2271)
Cite this paper as:
Johnson R., Molnar D., Song D., Wagner D. (2002) Homomorphic Signature Schemes. In: Preneel B. (eds) Topics in Cryptology — CT-RSA 2002. CT-RSA 2002. Lecture Notes in Computer Science, vol 2271. Springer, Berlin, Heidelberg

Abstract

Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signature systems, motivate the inquiry with example applications, and describe several schemes that are homomorphic with respect to useful binary operations. In particular, we describe a scheme that allows a signature holder to construct the signature on an arbitrarily redacted submessage of the originally signed message. We present another scheme for signing sets that is homomorphic with respect to both union and taking subsets. Finally, we show that any signature scheme that is homomorphic with respect to integer addition must be insecure.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Robert Johnson
    • 1
  • David Molnar
    • 2
  • Dawn Song
    • 1
  • David Wagner
    • 1
  1. 1.University of California at BerkeleyBerkeley
  2. 2.ShieldIPUSA

Personalised recommendations