Authenticating Computation on Groups: New Homomorphic Primitives and Applications
In this paper we introduce new primitives to authenticate computation on data expressed as elements in (cryptographic) groups. As for the case of homomorphic authenticators, our primitives allow to verify the correctness of the computation without having to know of the original data set. More precisely, our contributions are two-fold.
First, we introduce the notion of linearly homomorphic authenticated encryption with public verifiability and show how to instantiate this primitive (in the random oracle model) to support Paillier’s ciphertexts. This immediately yields a very simple and efficient (publicly) verifiable computation mechanism for encrypted (outsourced) data based on Paillier’s cryptosystem.
As a second result, we show how to construct linearly homomorphic signature schemes to sign elements in bilinear groups (LHSG for short). Such type of signatures are very similar to (linearly homomorphic) structure preserving ones, but they allow for more flexibility, as the signature is explicitly allowed to contain components which are not group elements. In this sense our contributions are as follows. First we show a very simple construction of LHSG that is secure against weak random message attack (RMA). Next we give evidence that RMA secure LHSG are interesting on their own right by showing applications in the context of on-line/off-line homomorphic and network coding signatures. This notably provides what seems to be the first instantiations of homomorphic signatures achieving on-line/off-line efficiency trade-offs. Finally, we present a generic transform that converts RMA-secure LHSG into ones that achieve full security guarantees.
KeywordsSignature Scheme Network Code Random Oracle Random Oracle Model Message Space
- 18.Desmedt, Y.: Computer security by redefining what a computer is. NSPW (1993)Google Scholar
- 19.Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. In: 23rd ACM STOC Annual ACM Symposium on Theory of Computing, pp. 542–552. ACM Press (May 1991)Google Scholar
- 22.Garay, J.A., MacKenzie, P.D., Yang, K.: Strengthening zero-knowledge protocols using signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003)Google Scholar
- 27.Joo, C., Yun, A.: Homomorphic authenticated encryption secure against chosen-ciphertext attack. Cryptology ePrint Archive, Report 2013/726 (2013), http://eprint.iacr.org/
- 31.Micali, S.: Cs proofs. In: FOCS, pp. 436–453. IEEE Computer Society (1994)Google Scholar
- 33.Naccache, D., Stern, J.: A new public key cryptosystem based on higher residues. In: ACM CCS 1998 Conference on Computer and Communications Security, pp. 59–66. ACM Press (November 1998)Google Scholar