In this work, we construct the first leveled fully homomorphic signature schemes that can evaluate arbitrary circuits over signed data, where only the maximal depth $d$ of the circuit needs to be fixed a priori. The size of the evaluated signature grows polynomially in $d$, but is otherwise independent of the circuit size or the data size. Our solutions are based on the hardness of the small integer solution (SIS) problem, which is in turn implied by the worst-case hardness of problems in standard lattices. We get a scheme in the standard model, albeit with large public parameters whose size must exceed the total size of all signed data. In the random-oracle model, we get a scheme with short public parameters. These results offer a significant improvement in capabilities and assumptions over the best prior homomorphic signature scheme due to Boneh and Freeman (Eurocrypt '11).
As a building block of independent interest, we introduce a new notion called homomorphic trapdoor functions (HTDF). We show to how construct homomorphic signatures using HTDFs as a black box. We construct HTDFs based on the SIS problem by relying on a recent technique developed by Boneh et al. (Eurocrypt '14) in the context of attribute based encryption.
Category / Keywords: public-key cryptography / homomorphic signatures Date: received 11 Jun 2014, last revised 30 Oct 2014 Contact author: wichs at ccs neu edu Available format(s): PDF | BibTeX Citation Note: See: http://eprint.iacr.org/2014/897 for an updated version of this work. Version: 20141030:195601 (All versions of this report) Short URL: ia.cr/2014/451 Discussion forum: Show discussion | Start new discussion