On the Security Notions for Homomorphic Signatures

Homomorphic signature schemes allow anyone to perform computation on signed data in such a way that the correctness of computation’s results is publicly certified. In this work we analyze the security notions for this powerful primitive considered in previous work, with a special focus on adaptive security. Motivated by the complications of existing security models in the adaptive setting, we consider a simpler and (at the same time) stronger security definition inspired to that proposed by Gennaro and Wichs (ASIACRYPT’13) for homomorphic MACs. In addition to strength and simplicity, this definition has the advantage to enable the adoption of homomorphic signatures in dynamic data outsourcing scenarios, such as delegation of computation on data streams. Then, since no existing homomorphic signature satisfies this stronger notion, our main technical contribution are general compilers which turn a homomorphic signature scheme secure under a weak definition into one secure under the new stronger notion. Our compilers are totally generic with respect to the underlying scheme. Moreover, they preserve three important properties of homomorphic signatures: composability, context-hiding (i.e. signatures on computation’s output do not reveal information about the input) and efficient verification (i.e. verifying a signature against a program \({\mathcal P}\) can be made faster, in an amortized, asymptotic sense, than recomputing \({\mathcal P}\) from scratch).

[1]  Dario Fiore,et al.  Homomorphic signatures with sublinear public keys via asymmetric programmable hash functions , 2018, Des. Codes Cryptogr..

[2]  Rosario Gennaro,et al.  Fully Homomorphic Message Authenticators , 2013, IACR Cryptol. ePrint Arch..

[3]  Nuttapong Attrapadung,et al.  Homomorphic Network Coding Signatures in the Standard Model , 2011, Public Key Cryptography.

[4]  Markulf Kohlweiss,et al.  Malleable Signatures: New Definitions and Delegatable Anonymous Credentials , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[5]  Daniel Wichs,et al.  Leveled Fully Homomorphic Signatures from Standard Lattices , 2015, IACR Cryptol. ePrint Arch..

[6]  Bogdan Warinschi,et al.  Homomorphic Signatures with Efficient Verification for Polynomial Functions , 2014, CRYPTO.

[7]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[8]  Bogdan Warinschi,et al.  Efficient Network Coding Signatures in the Standard Model , 2012, Public Key Cryptography.

[9]  David Mandell Freeman,et al.  Improved Security for Linearly Homomorphic Signatures: A Generic Framework , 2012, Public Key Cryptography.

[10]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[11]  Rosario Gennaro,et al.  Algebraic (Trapdoor) One-Way Functions and Their Applications , 2013, TCC.

[12]  Rosario Gennaro,et al.  Generalizing Homomorphic MACs for Arithmetic Circuits , 2014, IACR Cryptol. ePrint Arch..

[13]  Dan Boneh,et al.  Linearly Homomorphic Signatures over Binary Fields and New Tools for Lattice-Based Signatures , 2011, Public Key Cryptography.

[14]  Bogdan Warinschi,et al.  Adaptive Pseudo-Free Groups and Applications , 2011, IACR Cryptol. ePrint Arch..

[15]  Refik Molva,et al.  Online-Offline Homomorphic Signatures for Polynomial Functions , 2015, IACR Cryptol. ePrint Arch..

[16]  Thomas Peters,et al.  Computing on Authenticated Data: New Privacy Definitions and Constructions , 2012, ASIACRYPT.

[17]  Dario Fiore,et al.  Programmable Hash Functions Go Private: Constructions and Applications to (Homomorphic) Signatures with Shorter Public Keys , 2015, CRYPTO.

[18]  Thomas Peters,et al.  Efficient Completely Context-Hiding Quotable and Linearly Homomorphic Signatures , 2013, Public Key Cryptography.

[19]  Dan Boneh,et al.  Homomorphic Signatures for Polynomial Functions , 2011, EUROCRYPT.

[20]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[21]  Abhi Shelat,et al.  Computing on Authenticated Data , 2012, TCC.

[22]  Dan Boneh,et al.  Homomorphic MACs: MAC-Based Integrity for Network Coding , 2009, ACNS.

[23]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[24]  Jonathan Katz,et al.  Secure Network Coding Over the Integers , 2010, IACR Cryptol. ePrint Arch..

[25]  Dario Fiore,et al.  Practical Homomorphic MACs for Arithmetic Circuits , 2013, IACR Cryptol. ePrint Arch..

[26]  Yvo Desmedt,et al.  Computer security by redefining what a computer is , 1993, NSPW '92-93.