Cryptology ePrint Archive: Report 2015/826

Programmable Hash Functions go Private:Constructions and Applications to (Homomorphic) Signatures with Shorter Public Keys

Dario Catalano and Dario Fiore and Luca Nizzardo

Abstract: We introduce the notion of asymmetric programmable hash functions (APHFs, for short), which adapts Programmable Hash Functions, introduced by Hofheinz and Kiltz at Crypto 2008, with two main differences. First, an APHF works over bilinear groups, and it is asymmetric in the sense that, while only {\em secretly} computable, it admits an isomorphic copy which is publicly computable. Second, in addition to the usual programmability, APHFs may have an alternative property that we call programmable pseudorandomness. In a nutshell, this property states that it is possible to embed a pseudorandom value as part of the function's output, akin to a random oracle. In spite of the apparent limitation of being only secretly computable, APHFs turn out to be surprisingly powerful objects. We show that they can be used to generically implement both regular and linearly-homomorphic signature schemes in a simple and elegant way. More importantly, when instantiating these generic constructions with our concrete realizations of APHFs, we obtain: (1) the first linearly-homomorphic signature (in the standard model) whose public key is sub-linear in both the dataset size and the dimension of the signed vectors; (2) short signatures (in the standard model) whose public key is shorter than those by Hofheinz-Jager-Kiltz from Asiacrypt 2011, and essentially the same as those by Yamada, Hannoka, Kunihiro, (CT-RSA 2012).

Category / Keywords: Public-Key Cryptography, Programmable Hash Functions, Digital Signatures, Homomorphic Signatures

Original Publication (with major differences): IACR-CRYPTO-2015

Date: received 25 Aug 2015, last revised 16 May 2016

Contact author: luca nizzardo at imdea org

Available format(s): PDF | BibTeX Citation

Version: 20160516:152305 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]