Paper 2014/463

(Leveled) Fully Homomorphic Signatures from Lattices

Sergey Gorbunov and Vinod Vaikuntanathan

Abstract

In a homomorphic signature scheme, given a vector of signatures $\vec{\sigma}$ corresponding to a dataset of messages $\vec{\mu}$, there is a {\it public} algorithm that allows to derive a signature $\sigma'$ for message $\mu'=f(\vec{\mu})$ for any function $f$. Given the tuple $(\sigma', \mu', f)$ anyone can {\it publicly} verify the result of the computation of function $f$. Along with the standard notion of unforgeability for signatures, the security of homomorphic signatures guarantees that no adversary is able to make a forgery $\sigma^*$ for $\mu^* \neq f(\vec{\mu})$. We construct the first homomorphic signature scheme for evaluating arbitrary functions. In our scheme, the public parameters and the size of the resulting signature grows polynomially with the depth of the circuit representation of $f$. Our scheme is secure in the standard model assuming hardness of finding {\it Small Integer Solutions} in hard lattices. Furthermore, our construction has asymptotically fast verification which immediately leads to a new solution for verifiable outsourcing with pre-processing phase. Previous state of the art constructions were limited to evaluating polynomials of constant degree, secure in random oracle model without asymptotically fast verification.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
homomorphic signatureslatticesSIShomomorphic trapdoor functions
Contact author(s)
sergeyg @ mit edu
History
2014-07-06: last of 2 revisions
2014-06-17: received
See all versions
Short URL
https://ia.cr/2014/463
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/463,
      author = {Sergey Gorbunov and Vinod Vaikuntanathan},
      title = {(Leveled) Fully Homomorphic Signatures from Lattices},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/463},
      year = {2014},
      url = {https://eprint.iacr.org/2014/463}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.