Homomorphic Signature Schemes
Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signature systems, motivate the inquiry with example applications, and describe several schemes that are homomorphic with respect to useful binary operations. In particular, we describe a scheme that allows a signature holder to construct the signature on an arbitrarily redacted submessage of the originally signed message. We present another scheme for signing sets that is homomorphic with respect to both union and taking subsets. Finally, we show that any signature scheme that is homomorphic with respect to integer addition must be insecure.
Unable to display preview. Download preview PDF.
- 2.Niko Baric and Birgit Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology-EUROCRYPT’ 97, volume 1233 of Lecture Notes in Computer Science, pages 480–494. Springer-Verlag, 1997.Google Scholar
- 3.M. Bellare, O. Goldreich, and S. Goldwasser. Incremental cryptography: the case of hashing and signing. In Yvo Desmedt, editor, Advances in Cryptology-CRYPTO’ 94, pages 216–233, Berlin, 1994. Springer-Verlag. Lecture Notes in Computer Science Volume 839.Google Scholar
- 4.M. Bellare, O. Goldreich, and S. Goldwasser. Incremental cryptography with application to virus protection. In FOCS 1995, Berlin, 1995. Springer-Verlag.Google Scholar
- 5.M. Bellare and P. Rogaway. The exact security of digital signatures-how to sign with RSA and Rabin. In Ueli Maurer, editor, Advances in Cryptology-EUROCRYPT’ 96, pages 399–416, Berlin, 1996. Springer-Verlag. Lecture Notes in Computer Science Volume 1070.Google Scholar
- 6.Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pages 62–73, Fairfax, 1993.Google Scholar
- 7.Mihir Bellare and Phillip Rogaway. The exact security of digital signatures-how to sign with RSA and Rabin. In Ueli Maurer, editor, Advances in Cryptology-EUROCRYPT 96, volume 1070 of Lecture Notes in Computer Science. Springer-Verlag, 1996.Google Scholar
- 8.J Benaloh. Dense probabilistic encryption. In Selected Areas in Cryptography, 1994.Google Scholar
- 9.J.C. Benaloh and M. de Mare. One-way accumulators: A decentralized alternative to digital signatures. In EUROCRYPT’93, 1993.Google Scholar
- 11.E. F. Brickell and Y. Yacobi. On privacy homomorphisms. In David Chaum and Wyn L. Price, editors, Advances in Cryptology-EUROCRYPT’ 87, pages 117–126, Berlin, 1987. Springer-Verlag. Lecture Notes in Computer Science Volume 304.Google Scholar
- 12.J. Cohen and M. Fischer. A robust and verifiable cryptographically secure election scheme. In 26th Symposium on the Foundations of Computer Science, 1985.Google Scholar
- 13.Cramer and Damgard. Zero knowledge proofs for finite field arithmetic-or, can zero knowledge be for free? In Advances in Cryptology-CRYPTO’ 98, Berlin, 1998. Springer-Verlag.Google Scholar
- 14.J. Feigenbaum and Merritt. Open questions, talk abstracts, and summary of discussions. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science, pages 1–45, 1991.Google Scholar
- 15.E. Fujisaki, T. Okamoto, and Uchiyama. EPOC: Efficient probabilistic encryption. In Submission to IEEE P1363, 1998.Google Scholar
- 16.Rosario Gennaro, Shai Halevi, and Tal Rabin. Secure hash-and-sign signatures without the random oracle. In Advances in Cryptology-EUROCRYPT’99, pages 123–139. Springer-Verlag, 1999. Lecture Notes in Computer Science Volume 1592.Google Scholar
- 18.Ralph Merkle. Protocols for public key cryptosystems. In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, April 1980. IEEE Computer Society Press.Google Scholar
- 20.D. Naccache and J. Stern. A new public key cryptosystem based on higher residues. In 5th ACM Symposium on Computer and Communications Security, 1998.Google Scholar
- 22.P Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology-EUROCRYPT’ 99, volume 1592 of LNCS, 1999.Google Scholar
- 23.R Peralta and J. Boyar. Short discreet proofs. In Journal of Cryptology, 2000.Google Scholar
- 24.R. Rivest. Two new signature schemes. Presented at Cambridge seminar; see http://www.cl.cam.ac.uk/Research/Security/seminars/2000/rivest-tss.pdf, 2001.
- 25.R. Rivest, L. Adleman, and M.L. Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation, pages 169–178. Academic Press, 1978.Google Scholar
- 26.T. Sander, A Young, and M Yung. Non-interactive cryptocomputing in NC1. In FOCS’ 99, 1999.Google Scholar