## Cryptology ePrint Archive: Report 2012/060

Improved Security for Linearly Homomorphic Signatures: A Generic Framework

David Mandell Freeman

Abstract: We propose a general framework that converts (ordinary) signature schemes having certain properties into linearly homomorphic signature schemes, i.e., schemes that allow authentication of linear functions on signed data. The security of the homomorphic scheme follows from the same computational assumption as is used to prove security of the underlying signature scheme. We show that the following signature schemes have the required properties and thus give rise to secure homomorphic signatures in the standard model:

- The scheme of Waters (Eurocrypt 2005), secure under the computational Diffie-Hellman asumption in bilinear groups.

- The scheme of Boneh and Boyen (Eurocrypt 2004, J. Cryptology 2008), secure under the $q$-strong Diffie-Hellman assumption in bilinear groups.

- The scheme of Gennaro, Halevi, and Rabin (Eurocrypt 1999), secure under the strong RSA assumption.

- The scheme of Hohenberger and Waters (Crypto 2009), secure under the RSA assumption.

Our systems not only allow weaker security assumptions than were previously available for homomorphic signatures in the standard model, but also are secure in a model that allows a stronger adversary than in other proposed schemes. Our framework also leads to efficient linearly homomorphic signatures that are secure against our stronger adversary under weak assumptions (CDH or RSA) in the random oracle model; all previous proofs of security in the random oracle model break down completely when faced with our stronger adversary.

Category / Keywords: public-key cryptography / Homomorphic signatures, standard model, bilinear groups, CDH, RSA

Publication Info: Extended abstract to appear in PKC 2012

Date: received 8 Feb 2012, last revised 9 Mar 2012

Contact author: dfreeman at cs stanford edu

Available format(s): PDF | BibTeX Citation

Note: Revised to incorporate referee feedback.

Short URL: ia.cr/2012/060

[ Cryptology ePrint archive ]