Linearly Homomorphic Signatures from Lattices

Linearly homomorphic signatures (LHSs) allow any entity to linearly combine a set of signatures and to provide authentication service for the corresponding (combined) data. The public key of the current known LHSs from lattices in the standard model requires $O(l)$ matrices and $O(k)$ vectors, where $l$ is the length of file identifier and $k$ is the maximum data set size that linear functions support. In this paper, we construct two lattice-based LHS schemes with provable security in the standard model and both schemes can authenticate vectors defined over finite field. First, we present a basic LHS scheme satisfying selective security, based on the full-rank difference hash functions. Second, we modify the chameleon hash function constructed by (Cash, D., Hofheinz, D., Kiltz, E. and Peikert, C. (2010) Bonsai Trees, or How to Delegate a Lattice Basis. In Proc. EUROCRYPT 10, Monaco/French Riviera, May 30 to June 3, pp. 523–552. Springer, Berlin) to construct a linearly homomorphic chameleon hash function (LHCHF), which can be applied to all transformations from selectively secure LHS scheme that authenticates vectors defined over finite field $\mathbb{F}_{p}$ ($p=poly(n)$) to fully secure one, except for a new one that authenticates vectors defined over a small field. Starting from LHCFH and the basic scheme as above, we obtain a fully secure LHS scheme. Both schemes can be used to sign multiple files and have relatively short public keys consisting of $O(1)$ matrices and $O(k)$ vectors.

[1]  Longjiang Qu,et al.  On the Security of LWE Cryptosystem against Subversion Attacks , 2020, Comput. J..

[2]  Daniel Slamanig,et al.  Chameleon-Hashes with Ephemeral Trapdoors And Applications to Invisible Sanitizable Signatures , 2017, IACR Cryptol. ePrint Arch..

[3]  Jinyong Chang,et al.  Network Coding Signature Schemes Against Related-Key Attacks in the Random Oracle Model , 2016, ICISC.

[4]  Wenbin Chen,et al.  Lattice-based linearly homomorphic signatures in the standard model , 2016, Theor. Comput. Sci..

[5]  Denise Demirel,et al.  Homomorphic Signature Schemes - A survey , 2016, IACR Cryptol. ePrint Arch..

[6]  Dario Fiore,et al.  Programmable Hash Functions Go Private: Constructions and Applications to (Homomorphic) Signatures with Shorter Public Keys , 2015, CRYPTO.

[7]  Jacob Alperin-Sheriff Short Signatures with Short Public Keys from Homomorphic Trapdoor Functions , 2015, Public Key Cryptography.

[8]  Daniel Wichs,et al.  Leveled Fully Homomorphic Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[9]  Abhi Shelat,et al.  Computing on Authenticated Data , 2012, Journal of Cryptology.

[10]  Tibor Jager,et al.  Confined Guessing: New Signatures From Standard Assumptions , 2014, Journal of Cryptology.

[11]  Yupu Hu,et al.  Lattice-based linearly homomorphic signature scheme over binary field , 2012, Science China Information Sciences.

[12]  Thomas Peters,et al.  Computing on Authenticated Data: New Privacy Definitions and Constructions , 2012, ASIACRYPT.

[13]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[14]  Bogdan Warinschi,et al.  Efficient Network Coding Signatures in the Standard Model , 2012, Public Key Cryptography.

[15]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[16]  Dan Boneh,et al.  Homomorphic Signatures for Polynomial Functions , 2011, EUROCRYPT.

[17]  Nuttapong Attrapadung,et al.  Homomorphic Network Coding Signatures in the Standard Model , 2011, Public Key Cryptography.

[18]  Dan Boneh,et al.  Linearly Homomorphic Signatures over Binary Fields and New Tools for Lattice-Based Signatures , 2011, Public Key Cryptography.

[19]  Chris Peikert,et al.  Generating Shorter Bases for Hard Random Lattices , 2009, Theory of Computing Systems.

[20]  Jung Hee Cheon,et al.  On Homomorphic Signatures for Network Coding , 2010, IEEE Transactions on Computers.

[21]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[22]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[23]  Jonathan Katz,et al.  Secure Network Coding Over the Integers , 2010, IACR Cryptol. ePrint Arch..

[24]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[25]  Yong Guan,et al.  An Efficient Signature-Based Scheme for Securing Network Coding Against Pollution Attacks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[26]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[27]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[28]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[29]  Kamal Jain,et al.  Signatures for Network Coding , 2006, 2006 40th Annual Conference on Information Sciences and Systems.

[30]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[31]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[32]  Shuo-Yen Robert Li,et al.  Linear network coding , 2003, IEEE Trans. Inf. Theory.

[33]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[34]  Shafi Goldwasser,et al.  Complexity of lattice problems , 2002 .

[35]  Rudolf Ahlswede,et al.  Network information flow , 2000, IEEE Trans. Inf. Theory.

[36]  Hugo Krawczyk,et al.  Chameleon Signatures , 2000, NDSS.

[37]  Miklós Ajtai,et al.  Generating Hard Instances of the Short Basis Problem , 1999, ICALP.

[38]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[39]  Yvo Desmedt,et al.  Computer security by redefining what a computer is , 1993, NSPW '92-93.

[40]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.