Cryptology ePrint Archive: Report 2017/086

Homomorphic Proxy Re-Authenticators and Applications to Verifiable Multi-User Data Aggregation

David Derler and Sebastian Ramacher and Daniel Slamanig

Abstract: We introduce the notion of homomorphic proxy re-authenticators, a tool that adds security and verifiability guarantees to multi-user data aggregation scenarios. It allows distinct sources to authenticate their data under their own keys, and a proxy can transform these single signatures or message authentication codes (MACs) to a MAC under a receiver's key without having access to it. In addition, the proxy can evaluate arithmetic circuits (functions) on the inputs so that the resulting MAC corresponds to the evaluation of the respective function. As the messages authenticated by the sources may represent sensitive information, we also consider hiding them from the proxy and other parties in the system, except from the receiver.

We provide a general model and two modular constructions of our novel primitive, supporting the class of linear functions. On our way, we establish various novel building blocks. Most interestingly, we formally define the notion and present a construction of homomorphic proxy re-encryption, which may be of independent interest. The latter allows users to encrypt messages under their own public keys, and a proxy can re-encrypt them to a receiver's public key (without knowing any secret key), while also being able to evaluate functions on the ciphertexts. The resulting re-encrypted ciphertext then holds an evaluation of the function on the input messages.

Category / Keywords: public-key cryptography / data aggregation, verifiable computation, homomorphic encryption, proxy re-encryption, homomorphic signatures, homomorphic MACs, proxy re-authenticators

Original Publication (with major differences): Financial Cryptography and Data Security 2017

Date: received 3 Feb 2017

Contact author: david derler at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20170210:150534 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]