Homomorphic Signature Schemes

  • Robert Johnson
  • David Molnar
  • Dawn Song
  • David Wagner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2271)

Abstract

Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signature systems, motivate the inquiry with example applications, and describe several schemes that are homomorphic with respect to useful binary operations. In particular, we describe a scheme that allows a signature holder to construct the signature on an arbitrarily redacted submessage of the originally signed message. We present another scheme for signing sets that is homomorphic with respect to both union and taking subsets. Finally, we show that any signature scheme that is homomorphic with respect to integer addition must be insecure.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Niv Ahituv, Yeheskel Lapid, and Seev Neumann. Processing encrypted data. Communications of the ACM, 30(9):777–780, 1987.MATHCrossRefGoogle Scholar
  2. 2.
    Niko Baric and Birgit Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology-EUROCRYPT’ 97, volume 1233 of Lecture Notes in Computer Science, pages 480–494. Springer-Verlag, 1997.Google Scholar
  3. 3.
    M. Bellare, O. Goldreich, and S. Goldwasser. Incremental cryptography: the case of hashing and signing. In Yvo Desmedt, editor, Advances in Cryptology-CRYPTO’ 94, pages 216–233, Berlin, 1994. Springer-Verlag. Lecture Notes in Computer Science Volume 839.Google Scholar
  4. 4.
    M. Bellare, O. Goldreich, and S. Goldwasser. Incremental cryptography with application to virus protection. In FOCS 1995, Berlin, 1995. Springer-Verlag.Google Scholar
  5. 5.
    M. Bellare and P. Rogaway. The exact security of digital signatures-how to sign with RSA and Rabin. In Ueli Maurer, editor, Advances in Cryptology-EUROCRYPT’ 96, pages 399–416, Berlin, 1996. Springer-Verlag. Lecture Notes in Computer Science Volume 1070.Google Scholar
  6. 6.
    Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pages 62–73, Fairfax, 1993.Google Scholar
  7. 7.
    Mihir Bellare and Phillip Rogaway. The exact security of digital signatures-how to sign with RSA and Rabin. In Ueli Maurer, editor, Advances in Cryptology-EUROCRYPT 96, volume 1070 of Lecture Notes in Computer Science. Springer-Verlag, 1996.Google Scholar
  8. 8.
    J Benaloh. Dense probabilistic encryption. In Selected Areas in Cryptography, 1994.Google Scholar
  9. 9.
    J.C. Benaloh and M. de Mare. One-way accumulators: A decentralized alternative to digital signatures. In EUROCRYPT’93, 1993.Google Scholar
  10. 10.
    D. Boneh and R. J. Lipton. Algorithms for black-box fields and their application to cryptography. In Neal Koblitz, editor, Advances in Cryptology-CRYPTO’ 96, pages 283–297, Berlin, 1996. Springer-Verlag. Lecture Notes in Computer Science Volume 1109.CrossRefGoogle Scholar
  11. 11.
    E. F. Brickell and Y. Yacobi. On privacy homomorphisms. In David Chaum and Wyn L. Price, editors, Advances in Cryptology-EUROCRYPT’ 87, pages 117–126, Berlin, 1987. Springer-Verlag. Lecture Notes in Computer Science Volume 304.Google Scholar
  12. 12.
    J. Cohen and M. Fischer. A robust and verifiable cryptographically secure election scheme. In 26th Symposium on the Foundations of Computer Science, 1985.Google Scholar
  13. 13.
    Cramer and Damgard. Zero knowledge proofs for finite field arithmetic-or, can zero knowledge be for free? In Advances in Cryptology-CRYPTO’ 98, Berlin, 1998. Springer-Verlag.Google Scholar
  14. 14.
    J. Feigenbaum and Merritt. Open questions, talk abstracts, and summary of discussions. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science, pages 1–45, 1991.Google Scholar
  15. 15.
    E. Fujisaki, T. Okamoto, and Uchiyama. EPOC: Efficient probabilistic encryption. In Submission to IEEE P1363, 1998.Google Scholar
  16. 16.
    Rosario Gennaro, Shai Halevi, and Tal Rabin. Secure hash-and-sign signatures without the random oracle. In Advances in Cryptology-EUROCRYPT’99, pages 123–139. Springer-Verlag, 1999. Lecture Notes in Computer Science Volume 1592.Google Scholar
  17. 17.
    S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, April 1984.MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Ralph Merkle. Protocols for public key cryptosystems. In Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, April 1980. IEEE Computer Society Press.Google Scholar
  19. 19.
    S. Micali and R. Rivest. Transitive signature schemes. In Topics in Cryptology-CT-RSA 2002, pages 236–243. Springer-Verlag, 2002. Lecture Notes in Computer Science Volume 2271 (This Volume).CrossRefGoogle Scholar
  20. 20.
    D. Naccache and J. Stern. A new public key cryptosystem based on higher residues. In 5th ACM Symposium on Computer and Communications Security, 1998.Google Scholar
  21. 21.
    Goldreich Oded, Shafi Goldwasser, and Silvio Micali. How to construct random functions. Journal of the ACM, 33(4):792–807, October 1986.CrossRefGoogle Scholar
  22. 22.
    P Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology-EUROCRYPT’ 99, volume 1592 of LNCS, 1999.Google Scholar
  23. 23.
    R Peralta and J. Boyar. Short discreet proofs. In Journal of Cryptology, 2000.Google Scholar
  24. 24.
    R. Rivest. Two new signature schemes. Presented at Cambridge seminar; see http://www.cl.cam.ac.uk/Research/Security/seminars/2000/rivest-tss.pdf, 2001.
  25. 25.
    R. Rivest, L. Adleman, and M.L. Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation, pages 169–178. Academic Press, 1978.Google Scholar
  26. 26.
    T. Sander, A Young, and M Yung. Non-interactive cryptocomputing in NC1. In FOCS’ 99, 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Robert Johnson
    • 1
  • David Molnar
    • 2
  • Dawn Song
    • 1
  • David Wagner
    • 1
  1. 1.University of California at BerkeleyBerkeley
  2. 2.ShieldIPUSA

Personalised recommendations