Homomorphic Proxy Re-Authenticators and Applications to Verifiable Multi-User Data Aggregation

  • David DerlerEmail author
  • Sebastian Ramacher
  • Daniel Slamanig
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10322)


We introduce the notion of homomorphic proxy re-authenticators, a tool that adds security and verifiability guarantees to multi-user data aggregation scenarios. It allows distinct sources to authenticate their data under their own keys, and a proxy can transform these single signatures or message authentication codes (MACs) to a MAC under a receiver’s key without having access to it. In addition, the proxy can evaluate arithmetic circuits (functions) on the inputs so that the resulting MAC corresponds to the evaluation of the respective function. As the messages authenticated by the sources may represent sensitive information, we also consider hiding them from the proxy and other parties in the system, except from the receiver.

We provide a general model and two modular constructions of our novel primitive, supporting the class of linear functions. On our way, we establish various novel building blocks. Most interestingly, we formally define the notion and present a construction of homomorphic proxy re-encryption, which may be of independent interest. The latter allows users to encrypt messages under their own public keys, and a proxy can re-encrypt them to a receiver’s public key (without knowing any secret key), while also being able to evaluate functions on the ciphertexts. The resulting re-encrypted ciphertext then holds an evaluation of the function on the input messages.



We thank David Nuñez for his valuable comments on a draft of this paper.


  1. 1.
    Abe, M., Hoshino, F., Ohkubo, M.: Design in Type-I, run in Type-III: fast and scalable bilinear-type conversion using integer programming. In: CRYPTO 2016 (2016)Google Scholar
  2. 2.
    Agrawal, S., Boneh, D.: Homomorphic MACs: MAC-based integrity for network coding. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 292–305. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  3. 3.
    Akinyele, J.A., Garman, C., Hohenberger, S.: Automating fast and secure translations from Type-I to Type-III pairing schemes. In: CCS 2015 (2015)Google Scholar
  4. 4.
    Alperin-Sheriff, J., Peikert, C.: Faster bootstrapping with polynomial error. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 297–314. Springer, Heidelberg (2014). CrossRefGoogle Scholar
  5. 5.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)CrossRefzbMATHGoogle Scholar
  6. 6.
    Ateniese, G., Hohenberger, S.: Proxy re-signatures: new definitions, algorithms, and applications. In: CCS 2015 (2005)Google Scholar
  7. 7.
    Ayday, E., Raisaro, J.L., Hubaux, J., Rougemont, J.: Protecting and evaluating genomic privacy in medical tests and personalized medicine. In: WPES 2013 (2013)Google Scholar
  8. 8.
    Backes, M., Fiore, D., Reischuk, R.M.: Verifiable delegation of computation on outsourced data. In: CCS 2013 (2013)Google Scholar
  9. 9.
    Bellare, M., Boldyreva, A., Kurosawa, K., Staddon, J.: Multirecipient encryption schemes: How to save on bandwidth and computation without sacrificing security. IEEE Trans. Inf. Theory 53(11), 3927–3943 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Benhamouda, F., Joye, M., Libert, B.: A new framework for privacy-preserving aggregation of time-series data. ACM Trans. Inf. Syst. Secur. 18(3), 21 (2016)CrossRefGoogle Scholar
  11. 11.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). Google Scholar
  12. 12.
    Blazy, O., Bultel, X., Lafourcade, P.: Two secure anonymous proxy-based data storages. In: SECRYPT, pp. 251–258 (2016)Google Scholar
  13. 13.
    Boneh, D., Freeman, D., Katz, J., Waters, B.: Signing a linear subspace: signature schemes for network coding. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 68–87. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  14. 14.
    Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  15. 15.
    Borceaa, C., Guptaa, A.B.D., Polyakova, Y., Rohloffa, K., Ryana, G.: Picador: End-to-end encrypted publish-subscribe information distribution with proxy re-encryption. Future Gener. Comp. Syst. 62, 119–127 (2016)CrossRefGoogle Scholar
  16. 16.
    Canard, S., Devigne, J.: Highly privacy-protecting data sharing in a tree structure. Future Gener. Comp. Syst. 62, 119–127 (2016)CrossRefGoogle Scholar
  17. 17.
    Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: CCS, pp. 185–194 (2007)Google Scholar
  18. 18.
    Castelluccia, C., Chan, A.C.F., Mykletun, E., Tsudik, G.: Efficient and provably secure aggregation of encrypted data in wireless sensor networks. ACM Trans. Sen. Netw. 5(3) (2009)Google Scholar
  19. 19.
    Catalano, D.: Homomorphic signatures and message authentication codes. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 514–519. Springer, Cham (2014). Google Scholar
  20. 20.
    Catalano, D., Fiore, D.: Using linearly-homomorphic encryption to evaluate degree-2 functions on encrypted data. In: CCS 2015 (2015)Google Scholar
  21. 21.
    Catalano, D., Fiore, D., Warinschi, B.: Homomorphic signatures with efficient verification for polynomial functions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 371–389. Springer, Heidelberg (2014). CrossRefGoogle Scholar
  22. 22.
    Catalano, D., Marcedone, A., Puglisi, O.: Authenticating computation on groups: new homomorphic primitives and applications. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 193–212. Springer, Heidelberg (2014). Google Scholar
  23. 23.
    Chan, T.-H.H., Shi, E., Song, D.: Privacy-preserving stream aggregation with fault tolerance. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 200–214. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  24. 24.
    Danezis, G., Livshits, B.: Towards ensuring client-side computational integrity. In: CCSW 2011 (2011)Google Scholar
  25. 25.
    Derler, D., Slamanig, D.: Key-homomorphic signatures and applications to multiparty signatures. Cryptology ePrint Archive 2016, 792 (2016)Google Scholar
  26. 26.
    Fiore, D., Mitrokotsa, A., Nizzardo, L., Pagnin, E.: Multi-key homomorphic authenticators. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 499–530. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  27. 27.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009 (2009)Google Scholar
  28. 28.
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  29. 29.
    Günther, F., Manulis, M., Peter, A.: Privacy-enhanced participatory sensing with collusion resistance and data aggregation. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 321–336. Springer, Cham (2014). Google Scholar
  30. 30.
    Ivan, A., Dodis, Y.: Proxy cryptography revisited. In: NDSS 2003 (2003)Google Scholar
  31. 31.
    Joye, M., Libert, B.: A scalable scheme for privacy-preserving aggregation of time-series data. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 111–125. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  32. 32.
    Lai, J., Deng, R.H., Pang, H., Weng, J.: Verifiable computation on outsourced encrypted data. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 273–291. Springer, Cham (2014). Google Scholar
  33. 33.
    Lai, R.W.F., Tai, R.K.H., Wong, H.W.H., Chow, S.S.M.: A zoo of homomorphic signatures: Multi-key and key-homomorphism. Cryptology ePrint Archive, Report 2016/834 (2016)Google Scholar
  34. 34.
    Leontiadis, I., Elkhiyaoui, K., Molva, R.: Private and dynamic time-series data aggregation with trust relaxation. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 305–320. Springer, Cham (2014). Google Scholar
  35. 35.
    Leontiadis, I., Elkhiyaoui, K., Önen, M., Molva, R.: PUDA – privacy and unforgeability for data aggregation. In: Reiter, M., Naccache, D. (eds.) CANS 2015. LNCS, vol. 9476, pp. 3–18. Springer, Cham (2015). CrossRefGoogle Scholar
  36. 36.
    Li, Q., Cao, G.: Efficient privacy-preserving stream aggregation in mobile sensing with low aggregation error. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 60–81. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  37. 37.
    Li, Q., Cao, G., Porta, T.F.L.: Efficient and privacy-aware data aggregation in mobile sensing. IEEE Trans. Dep. Sec. Comput. 11(2), 115–129 (2014)CrossRefGoogle Scholar
  38. 38.
    Libert, B., Vergnaud, D.: Multi-use unidirectional proxy re-signatures. In: CCS 2008 (2008)Google Scholar
  39. 39.
    Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. IEEE Trans. Inf. Theory 57(3), 1786–1802 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  40. 40.
    Ma, C., Li, J., Ouyang, W.: A homomorphic proxy re-encryption from lattices. In: Chen, L., Han, J. (eds.) ProvSec 2016. LNCS, vol. 10005, pp. 353–372. Springer, Cham (2016). Google Scholar
  41. 41.
    Nuñez, D., Agudo, I.: BlindIdM: a privacy-preserving approach for identity management as a service. Int. J. Inf. Sec. 13(2), 199–215 (2014)CrossRefGoogle Scholar
  42. 42.
    Nuñez, D., Agudo, I., Lopez, J.: Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services. In: CloudCom, pp. 241–248 (2012)Google Scholar
  43. 43.
    Nuñez, D., Agudo, I., Lopez, J.: A parametric family of attack models for proxy re-encryption. In: CSF, pp. 290–301 (2015)Google Scholar
  44. 44.
    Nuñez, D., Agudo, I., Lopez, J.: On the application of generic CCA-secure transformations to proxy re-encryption. Secur. Commun. Netw. 9(12), 1769–1785 (2016)CrossRefGoogle Scholar
  45. 45.
    Rastogi, V., Nath, S.: Differentially private aggregation of distributed time-series with transformation and encryption. In: SIGMOD 2010 (2010)Google Scholar
  46. 46.
    Shi, E., Chan, T.H.H., Rieffel, E.G., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: NDSS 2011 (2011)Google Scholar
  47. 47.
    Slamanig, D., Stranacher, K., Zwattendorfer, B.: User-centric identity as a service-architecture for eIDs with selective attribute disclosure. In: SACMAT, pp. 153–164 (2014)Google Scholar
  48. 48.
    Walfish, M., Blumberg, A.J.: Verifying computations without reexecuting them. Commun. ACM 58(2), 74–84 (2015)CrossRefGoogle Scholar
  49. 49.
    Xu, P., Xu, J., Wang, W., Jin, H., Susilo, W., Zou, D.: Generally hybrid proxy re-encryption: a secure data sharing among cryptographic clouds. In: AsiaCCS, pp. 913–918 (2016)Google Scholar
  50. 50.
    Zwattendorfer, B., Slamanig, D., Stranacher, K., Hörandner, F.: A federated cloud identity broker-model for enhanced privacy via proxy re-encryption. In: De Decker, B., Zúquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 92–103. Springer, Heidelberg (2014). Google Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  • David Derler
    • 1
    Email author
  • Sebastian Ramacher
    • 1
  • Daniel Slamanig
    • 2
  1. 1.IAIK, Graz University of TechnologyGrazAustria
  2. 2.AIT Austrian Institute of TechnologyViennaAustria

Personalised recommendations