On the Security Notions for Homomorphic Signatures

نویسندگان

  • Dario Catalano
  • Dario Fiore
  • Luca Nizzardo
چکیده

Homomorphic signature schemes allow anyone to perform computation on signed data in such a way that the correctness of computation’s results is publicly certified. In this work we analyze the security notions for this powerful primitive considered in previous work, with a special focus on adaptive security. Motivated by the complications of existing security models in the adaptive setting, we consider a simpler and (at the same time) stronger security definition inspired to that proposed by Gennaro and Wichs (ASIACRYPT’13) for homomorphic MACs. In addition to strength and simplicity, this definition has the advantage to enable the adoption of homomorphic signatures in dynamic data outsourcing scenarios, such as delegation of computation on data streams. Then, since no existing homomorphic signature satisfies this stronger notion, our main technical contribution are general compilers which turn a homomorphic signature scheme secure under a weak definition into one secure under the new stronger notion. Our compilers are totally generic with respect to the underlying scheme. Moreover, they preserve two important properties of homomorphic signatures: context-hiding (i.e. signatures on computation’s output do not reveal information about the input) and efficient verification (i.e. verifying a signature against a program P can be made faster, in an amortized, asymptotic sense, than recomputing P from scratch).

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Computing on Authenticated Data: New Privacy Definitions and Constructions

Homomorphic signatures are primitives that allow for public computations on authenticated data. At TCC 2012, Ahn et al. defined a framework and security notions for such systems. For a predicate P , their notion of P -homomorphic signature makes it possible, given signatures on a message set M , to publicly derive a signature on any message m′ such that P (M,m′) = 1. Beyond unforgeability, Ahn ...

متن کامل

Special Issue: Advances in Security for Communication Networks

The success of the Internet and of communication networks in general, opened new intriguing challenges for protocol designers. Consider, for example, the classic notion of “secure computation” introduced and achieved in the seminal works of Yao and of Goldreich, Micali and Wigderson. While such a notion considers only the stand-alone setting, where parties are connected to each other but isolat...

متن کامل

Key-Homomorphic Signatures and Applications to Multiparty Signatures

Key-homomorphic properties of cryptographic objects have proven to be useful, both from a theoretical as well as a practical perspective. Important cryptographic objects such as pseudorandom functions or (public key) encryption have been studied previously with respect to key-homomorphisms. Interestingly, however, signature schemes have not been explicitly investigated in this context so far. W...

متن کامل

Key-Homomorphic Signatures and Applications to Multiparty Signatures and Non-Interactive Zero-Knowledge

Key-homomorphic properties of cryptographic objects have proven to be useful, both from a theoretical as well as a practical perspective. Important cryptographic objects such as pseudorandom functions or (public key) encryption have been studied previously with respect to key-homomorphisms. Interestingly, however, signature schemes have not been explicitly investigated in this context so far. W...

متن کامل

Improved Security for Linearly Homomorphic Signatures: A Generic Framework

We propose a general framework that converts (ordinary) signature schemes having certain properties into linearly homomorphic signature schemes, i.e., schemes that allow authentication of linear functions on signed data. The security of the homomorphic scheme follows from the same computational assumption as is used to prove security of the underlying signature scheme. We show that the followin...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2016  شماره 

صفحات  -

تاریخ انتشار 2016