Designs, Codes and Cryptography

, Volume 77, Issue 2–3, pp 441–477 | Cite as

Linearly homomorphic structure-preserving signatures and their applications

  • Benoît Libert
  • Thomas Peters
  • Marc Joye
  • Moti Yung
Article

Abstract

Structure-preserving signatures (SPS) are signature schemes where messages, signatures and public keys all consist of elements of a group over which a bilinear map is efficiently computable. This property makes them useful in cryptographic protocols as they nicely compose with other algebraic tools (like the celebrated Groth–Sahai proof systems). In this paper, we consider SPS systems with homomorphic properties and suggest applications that have not been provided before (in particular, not by employing ordinary SPS). We build linearly homomorphic structure-preserving signatures under simple assumptions and show that the primitive makes it possible to verify the calculations performed by a server on outsourced encrypted data (i.e., combining secure computation and authenticated computation to allow reliable and secure cloud storage and computation, while freeing the client from retaining cleartext storage). Then, we give a generic construction of non-malleable (and actually simulation-sound) commitment from any linearly homomorphic SPS. This notably provides the first constant-size non-malleable commitment to group elements.

Keywords

Structure-preserving cryptography Signatures Homomorphism  Commitment schemes Non-malleability 

Mathematics Subject Classification

94A60 14G50 

References

  1. 1.
    Abe M., Fuchsbauer G., Groth J., Haralambiev K., Ohkubo M.: Structure-preserving signatures and commitments to group elements. In: Advances in Cryptology—Crypto ’10. Lecture Notes in Computer Science, vol. 6223, pp. 209–236. Springer, Berlin (2010).Google Scholar
  2. 2.
    Abe M., Haralambiev K., Ohkubo M.: Signing on elements in bilinear groups for modular protocol design. Cryptology ePrint Archive Report 2010/133 (2010).Google Scholar
  3. 3.
    Abe M., Groth J., Haralambiev K., Ohkubo M.: Optimal structure-preserving signatures in asymmetric bilinear groups. In: Advances in Cryptology—Crypto ’11. Lecture Notes in Computer Science, vol. 6841, pp. 649–666. Springer, Berlin (2011).Google Scholar
  4. 4.
    Abe M., Groth J., Ohkubo M.: Separating short structure-preserving signatures from non-interactive assumptions. In: Advances in Cryptology—ASIACRYPT ’11. Lecture Notes in Computer Science, vol. 7073, pp. 628–646. Springer, Berlin (2011).Google Scholar
  5. 5.
    Abe M., Chase M., David B., Kohlweiss M., Nishimaki R., Ohkubo M.: Constant-size structure-preserving signatures: generic constructions and simple assumptions. In: Advances in Cryptology—ASIACRYPT ’12. Lecture Notes in Computer Science, vol. 7658, pp. 4–24. Springer, Berlin (2012).Google Scholar
  6. 6.
    Abe M., Haralambiev K., Ohkubo M.: Group to group commitments do not shrink. In: Advances in Cryptology—EUROCRYPT ’12. Lecture Notes in Computer Science, vol. 7237, pp. 301–317. Springer, Berlin (2012).Google Scholar
  7. 7.
    Abe M., David B., Kohlweiss M., Nishimaki R., Ohkubo M.: Tagged one-time signatures: tight security and optimal tag size. In: Public-Key Cryptography—PKC ’13. Lecture Notes in Computer Science, vol. 7778, pp. 312–331. Springer, Berlin (2013).Google Scholar
  8. 8.
    Ahn J.-H., Boneh D., Camenisch J., Hohenberger S., Shelat A., Waters B.: Computing on authenticated data. In: Theory of Cryptography—TCC 2012. Lecture Notes in Computer Science, vol. 7194, pp. 1–20. Springer, Berlin (2012).Google Scholar
  9. 9.
    Ateniese G., Burns R., Curtmola R., Herring J., Kissner L., Peterson Z., Song D.: Provable data possession at untrusted stores. In: Proceedings of the ACM Conference on Computer and Communications—ACM-CCS 2007, pp. 598–609. ACM Press, New York (2007).Google Scholar
  10. 10.
    Ateniese G., Kamara S., Katz J.: Proofs of storage from homomorphic identification protocols. In: Advances in Cryptology—ASIACRYPT ’09. Lecture Notes in Computer Science, vol. 5912, pp. 319–333. Springer, Berlin (2009).Google Scholar
  11. 11.
    Attrapadung N., Libert B.: Homomorphic network coding signatures in the standard model. In: Public Key Cryptography—PKC ’11. Lecture Notes in Computer Science, vol. 6571, pp. 17–34. Springer, Berlin (2011).Google Scholar
  12. 12.
    Attrapadung N., Libert B., Peters T.: Computing on authenticated data: new privacy definitions and constructions. In: Advances in Cryptology—ASIACRYPT ’12. Lecture Notes in Computer Science, vol. 7658, pp. 367–385. Springer, Berlin (2012).Google Scholar
  13. 13.
    Attrapadung N., Libert B., Peters T.: Efficient completely context-hiding quotable signatures and linearly homomorphic signatures. In: Public-Key Cryptography—PKC ’13. Lecture Notes in Computer Science, vol. 7778, pp. 367–404. Springer, Berlin (2013).Google Scholar
  14. 14.
    Bellare M., Ristenpart T.: Simulation without the artificial abort: simplified proof and improved concrete security for Waters’ IBE scheme. In: Advances in Cryptology—EUROCRYPT ’09. Lecture Notes in Computer Science, vol. 5479, pp. 407–424. Springer, Berlin (2009).Google Scholar
  15. 15.
    Boneh D., Boyen X.: Short signatures without random oracles. In: Advances in Cryptology—EUROCRYPT ’04. Lecture Notes in Computer Science, vol. 3027, pp. 56–73. Springer, Berlin (2004).Google Scholar
  16. 16.
    Boneh D., Boyen X., Shacham H.: Short group signatures. In: Advances in Cryptology—CRYPTO ’04. Lecture Notes in Computer Science, vol. 3152, pp. 41–55. Springer, Berlin (2004).Google Scholar
  17. 17.
    Boneh D., Freeman D.: Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures. In: Public Key Cryptography—PKC ’11. Lecture Notes in Computer Science, vol. 6571, pp. 1–16. Springer, Berlin (2011).Google Scholar
  18. 18.
    Boneh D., Freeman D.: Homomorphic signatures for polynomial functions. In: Advances in Cryptology—EUROCRYPT ’11. Lecture Notes in Computer Science, vol. 6632, pp. 149–168. Springer, Berlin (2011).Google Scholar
  19. 19.
    Boneh D., Freeman D., Katz J., Waters B.: Signing a linear subspace: signature schemes for network coding. In: Public Key Cryptography—PKC ’09. Lecture Notes in Computer Science, vol. 5443, pp. 68–87. Springer, Berlin (2009).Google Scholar
  20. 20.
    Camenisch J., Gross T., Heydt-Benjamin T.-S.: Rethinking accountable privacy supporting services. In: Digital Identity Management—DIM ’08, pp. 1–8. ACM Press, New York (2008).Google Scholar
  21. 21.
    Camenisch J., Haralambiev K., Kohlweiss M., Lapon J., Naessens V.: Structure preserving CCA secure encryption and applications. In: Advances in Cryptology—ASIACRYPT ’11. Lecture Notes in Computer Science, vol. 7073, pp. 89–106. Springer, Berlin (2011).Google Scholar
  22. 22.
    Camenisch J., Dubovitskaya M., Haralambiev K.: Efficient structure-preserving signature scheme from standard assumptions. In: Security and Cryptography for Networks—SCN 2012. Lecture Notes in Computer Science, vol. 7485, pp. 76–94. Springer, Berlin (2012).Google Scholar
  23. 23.
    Canetti R.: Universally composable security: a new paradigm for cryptographic protocols. In: Foundations of Computer Science—FOCS ’01, pp. 136–145. Springer, Berlin (2001).Google Scholar
  24. 24.
    Canetti R., Fischlin M.: Universally composable commitments. In: Advances in Cryptology—CRYPTO ’01. Lecture Notes in Computer Science, vol. 2139, pp. 19–40. Springer, Berlin (2001).Google Scholar
  25. 25.
    Canetti R., Dodis Y., Pass R., Walfish S.: Universally composable security with global setup. In: Theory of Cryptography—TCC ’07. Lecture Notes in Computer Science, vol. 4392, pp. 61–85. Springer, Berlin (2007).Google Scholar
  26. 26.
    Catalano D., Fiore D., Warinschi B.: Adaptive pseudo-free groups and applications. In: Advances in Cryptology—EUROCRYPT ’11. Lecture Notes in Computer Science, vol. 6632, pp. 207–223. Springer, Berlin (2011).Google Scholar
  27. 27.
    Catalano D., Fiore D., Warinschi B.: Efficient network coding signatures in the standard model. In: Public Key Cryptography—PKC ’12. Lecture Notes in Computer Science, vol. 7293, pp. 680–696. Springer, Berlin (2012).Google Scholar
  28. 28.
    Catalano, D., Marcedone, A., Puglisi, O.: Authenticated computation on groups: new homomorphic primitives and applications. In: Advances in Cryptology—ASIACRYPT ’14. Lecture Notes in Computer Science, vol. 8874, Part II, pp. 193–212. Springer, Berlin (2014).Google Scholar
  29. 29.
    Cathalo J., Libert B., Yung M.: Group encryption: non-interactive realization in the standard model. In: Advances in Cryptology—ASIACRYPT ’09. Lecture Notes in Computer Science, vol. 5912, pp. 179–196. Springer, Berlin (2009).Google Scholar
  30. 30.
    Chase M., Kohlweiss M.: A new hash-and-sign approach and structure-preserving signatures from DLIN. In: Security and Cryptography for Networks—SCN 2012. Lecture Notes in Computer Science, vol. 7485, pp. 131–148. Springer, Berlin (2012).Google Scholar
  31. 31.
    Cramer R., Shoup V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Advances in Cryptology—CRYPTO’98. Lecture Notes in Computer Science, vol. 1462, pp. 13–25. Springer, Berlin (1998).Google Scholar
  32. 32.
    Damgård I., Groth J.: Non-interactive and reusable non-malleable commitment schemes. In: Proceedings of the ACM symposium on Theory of computing—STOC ’03, pp. 426–437. ACM Press, New York (2003).Google Scholar
  33. 33.
    Desmedt Y.: Computer security by redefining what a computer is. In: New Security Paradigms Workshop—NSPW 1993, pp. 160–166. ACM, New York (1993).Google Scholar
  34. 34.
    Di Crescenzo G., Ishai Y., Ostrovsky R.: Non-interactive and non-malleable commitment. In: Proceedings of the Symposium on Theory of Computing—STOC ’98, pp. 141–150. ACM Press, New York (1998).Google Scholar
  35. 35.
    Dodis Y., Shoup V., Walfish S.: Efficient constructions of composable commitments and zero-knowledge proofs. In: Advances in Cryptology—CRYPTO ’08. Lecture Notes in Computer Science, vol. 5157, pp. 21–38. Springer, Berlin (2008).Google Scholar
  36. 36.
    Dolev D., Dwork C., Naor M.: Non-malleable cryptography. In: Proceedings of the Symposium on the Theory of Computing—STOC ’91, pp. 542–552. ACM Press, New York (1991).Google Scholar
  37. 37.
    Fischlin M., Libert B., Manulis M.: Non-interactive and re-usable universally composable string commitments with adaptive security. In: Advances in Cryptology—ASIACRYPT ’11. Lecture Notes in Computer Science, vol. 7073, pp. 468–485. Springer, Berlin (2011).Google Scholar
  38. 38.
    Freeman D.: Improved security for linearly homomorphic signatures: a generic framework. In: Public Key Cryptography—PKC ’12. Lecture Notes in Computer Science, vol. 7293, pp. 697–714. Springer, Berlin (2012).Google Scholar
  39. 39.
    Fuchsbauer G.: Automorphic signatures in bilinear groups and an application to round-optimal blind signatures. Cryptology ePrint Archive Report 2009/320 (2009).Google Scholar
  40. 40.
    Fujisaki E.: New constructions of efficient simulation-sound commitments using encryption and their applications. In: Topics in Cryptology—CT-RSA ’12. Lecture Notes in Computer Science, vol. 7178, pp. 136–155. Springer, Berlin (2012).Google Scholar
  41. 41.
    Garay J., MacKenzie P., Yang K.: Strengthening zero-knowledge protocols using signatures. In: Advances in Cryptology—EUROCRYPT ’03. Lecture Notes in Computer Science, vol. 2656, pp. 177–194. Springer, Berlin (2003).Google Scholar
  42. 42.
    Gennaro R.: Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks. In: Advances in Cryptology—CRYPTO ’04. Lecture Notes in Computer Science, vol. 3152, pp. 220–236. Springer, Berlin (2004).Google Scholar
  43. 43.
    Gennaro R., Micali S.: Independent zero-knowledge sets. In: Proceedings of the International Colloquium on Automata, Languages and Programming—ICALP ’06. Lecture Notes in Computer Science, vol. 4052, pp. 34–45. Springer, Berlin (2006).Google Scholar
  44. 44.
    Gennaro R., Gentry C., Parno B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Advances in Cryptology—CRYPTO 2010. Lecture Notes in Computer Science, vol. 6223, pp. 465–482. Springer, Berlin (2010).Google Scholar
  45. 45.
    Gennaro R., Katz J., Krawczyk H., Rabin T.: Secure network coding over the integers. In: Public Key Cryptography—PKC ’10. Lecture Notes in Computer Science, vol. 6056, pp. 142–160. Springer, Berlin (2010).Google Scholar
  46. 46.
    Groth J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Advances in Cryptology—ASIACRYPT ’06. Lecture Notes in Computer Science, vol. 4284, pp. 444–459. Springer, Berlin (2006).Google Scholar
  47. 47.
    Groth J.: Homomorphic trapdoor commitments to group elements. Cryptology ePrint Archive Report 2009/007 (2009).Google Scholar
  48. 48.
    Groth J.: Efficient zero-knowledge arguments from two-tiered homomorphic commitments. In: Advances in Cryptology—ASIACRYPT ’11. Lecture Notes in Computer Science, vol. 7073, pp. 431–448. Springer, Berlin (2011).Google Scholar
  49. 49.
    Groth J., Ostrovsky R.: Cryptography in the multi-string model. In: Advances in Cryptology—CRYPTO ’07. Lecture Notes in Computer Science, vol. 4622, pp. 323–341. Springer, Berlin (2007).Google Scholar
  50. 50.
    Groth J., Sahai A.: Efficient non-interactive proof systems for bilinear groups. In: Advances in Cryptology—EUROCRYPT. Lecture Notes in Computer Science, vol. 4965, pp. 415–432. Springer, Berlin (2008).Google Scholar
  51. 51.
    Hofheinz D., Jager T.: Tightly secure signatures and public-key encryption. In: Advances in Cryptology—CRYPTO ’12. Lecture Notes in Computer Science, vol. 7417, pp. 590–607. Springer, Berlin (2012).Google Scholar
  52. 52.
    Hofheinz D., Kiltz E.: Programmable hash functions and their applications. In: Advances in Cryptology—CRYPTO ’08. Lecture Notes in Computer Science, vol. 5157, pp. 21–38. Springer, Berlin (2008).Google Scholar
  53. 53.
    Johnson R., Molnar D., Song D., Wagner D.: Homomorphic signature schemes. In: Topics in Cryptology—CT-RSA ’02. Lecture Notes in Computer Science, vol. 2271, pp. 244–262. Springer, Berlin (2002).Google Scholar
  54. 54.
    Jutla C., Roy A.: Shorter quasi-adaptive NIZK proofs for linear subspaces. In: Advances in Cryptology—ASIACRYPT ’13. Lecture Notes in Computer Science, vol. 8269, pp. 1–20. Springer, Berlin (2013). Cryptology ePrint Archive: Report 2013/109.Google Scholar
  55. 55.
    Jutla C., Roy A.: Switching lemma for bilinear tests and constant-size NIZK proofs for linear subspaces. In: Advances in Cryptology—CRYPTO ’14. Lecture Notes in Computer Science, vol. 8617, pp. 295–312. Springer, Berlin (2014).Google Scholar
  56. 56.
    Libert B., Yung M.: Non-interactive CCA2-secure threshold cryptosystems with adaptive security: new framework and constructions. In: Proceedings of the Theory of Cryptography Conference—TCC ’12. Lecture Notes in Computer Science, vol. 7194, pp. 75–93. Springer, Berlin (2012).Google Scholar
  57. 57.
    Libert B., Peters T., Joye M., Yung M.: Linearly homomorphic structure-preserving signatures and their applications. In: Advances in Cryptology—CRYPTO ’13. Lecture Notes in Computer Science, vol. 8043, pp. 289–307. Springer, Berlin (2013).Google Scholar
  58. 58.
    Libert B., Joye M., Yung M.: Born and raised distributively: Fully distributed non-interactive adaptively-secure threshold signatures with short shares. In: Proceedings of the ACM Symposium on Principles of Distributed Computing—PODC ’14, pp. 303–312. ACM Press, New York (2014).Google Scholar
  59. 59.
    Libert B., Joye M., Yung M., Peters T.: Concise multi-challenge cca-secure encryption and signatures with almost tight security. In: Advances in Cryptology—ASIACRYPT ’14. Lecture Notes in Computer Science, Part II, vol. 8874, pp. 1–21. Springer, Berlin (2014).Google Scholar
  60. 60.
    Libert B., Peters T., Joye M., Yung M.: Non-malleability from malleability: Simulation-sound quasi-adaptive NIZK proofs and CCA2-secure encryption from homomorphic signatures. In: Advances in Cryptology—EUROCRYPT ’14. Lecture Notes in Computer Science, vol. 8441, pp. 514–532. Springer, Berlin (2014).Google Scholar
  61. 61.
    MacKenzie P., Yang K.: On simulation-sound trapdoor commitments. In: Advances in Cryptology—EUROCRYPT ’04. Lecture Notes in Computer Science, vol. 3027, pp. 382–400. Springer, Berlin (2004).Google Scholar
  62. 62.
    Malkin T., Teranishi I., Vahlis Y., Yung M.: Signatures resilient to continual leakage on memory and computation. In: Proceedings of the Theory of Cryptography Conference—TCC ’11, pp. 89–106. Springer, Berlin (2011).Google Scholar
  63. 63.
    Naor M., Yung M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the ACM Symposium on Theory of Computing—STOC’ 90, pp. 427–437. ACM Press, New York (1990).Google Scholar
  64. 64.
    Nishimaki R., Fujisaki E., Tanaka K.: A multi-trapdoor commitment scheme from the RSA assumption. In: Proceedings of the Australasian Conference on Information Security and Privacy—ACISP 2010. Lecture Notes in Computer Science, vol. 6168, pp. 182–199. Springer, Berlin (2010).Google Scholar
  65. 65.
    Sakai Y., Emura K., Hanaoka G., Kawai Y., Matsuda T., Omote K.: Group signatures with message-dependent opening. In: Proceedings of the 5th International Conference on Pairing-Based Cryptography—Pairing 2012. Lecture Notes in Computer Science, vol. 7708, pp. 270–294. Springer, Berlin (2013).Google Scholar
  66. 66.
    Shamir A.: Identity-based cryptosystems and signature schemes. In: Advances in Cryptology—Crypto ’84. Lecture Notes in Computer Science, vol. 196, pp. 47–53. Springer, Berlin (1984).Google Scholar
  67. 67.
    Waters B.: Efficient identity-based encryption without random oracles. In: Advances in Cryptology—EUROCRYPT ’05. Lecture Notes in Computer Science, vol. 3494, pp. 114–127. Springer, Berlin (2005).Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Benoît Libert
    • 1
  • Thomas Peters
    • 2
  • Marc Joye
    • 3
  • Moti Yung
    • 4
    • 5
  1. 1.Ecole Normale Supérieure de LyonLyonFrance
  2. 2.Ecole Normale SupérieureParisFrance
  3. 3.TechnicolorLos AltosUSA
  4. 4.Google Inc.New YorkUSA
  5. 5.Columbia UniversityNew YorkUSA

Personalised recommendations