Notion-wise, our result shows that M-HS can act as a central notion since all its seemingly different extensions are almost all equivalent (except one which assumes collision-resistant hash functions). In particular, this suggests that key-homomorphism and message-homomorphism in signatures are identical in nature. As a sample application, we show that M-KHS implies decentralized attribute-based signatures (D-ABS). Our work also provides the first (leveled) fully KHS and the first (D-)ABS for circuits from standard assumptions.
Surprisingly, there is a huge gap between homomorphism in a single space and in two spaces. Indeed all existing (leveled) fully homomorphic signature schemes support only a single signer. In the multi-space setting, we construct M-HS from the adaptive zero-knowledge succinct non-interactive argument of knowledge (ZK-SNARK) (and other standard assumptions). We also show that two-key HS implies functional signatures. Our study equips the literature with a suite of signature schemes allowing different kinds of flexible evaluations.Category / Keywords: foundations/digital signatures Date: received 29 Aug 2016, last revised 9 Dec 2016 Contact author: russell at ie cuhk edu hk Available format(s): PDF | BibTeX Citation Version: 20161209:194104 (All versions of this report) Short URL: ia.cr/2016/834 Discussion forum: Show discussion | Start new discussion