Paper 2016/1175

On the Security Notions for Homomorphic Signatures

Dario Catalano, Dario Fiore, and Luca Nizzardo


Homomorphic signature schemes allow anyone to perform computation on signed data in such a way that the correctness of computation’s results is publicly certified. In this work we analyze the security notions for this powerful primitive considered in previous work, with a special focus on adaptive security. Motivated by the complications of existing security models in the adaptive setting, we consider a simpler and (at the same time) stronger security definition inspired to that proposed by Gennaro and Wichs (ASIACRYPT’13) for homomorphic MACs. In addition to strength and simplicity, this definition has the advantage to enable the adoption of homomorphic signatures in dynamic data outsourcing scenarios, such as delegation of computation on data streams. Then, since no existing homomorphic signature satisfies this stronger notion, our main technical contribution are general compilers which turn a homomorphic signature scheme secure under a weak definition into one secure under the new stronger notion. Our compilers are totally generic with respect to the underlying scheme. Moreover, they preserve two important properties of homomorphic signatures: context-hiding (i.e. signatures on computation’s output do not reveal information about the input) and efficient verification (i.e. verifying a signature against a program P can be made faster, in an amortized, asymptotic sense, than recomputing P from scratch).

Available format(s)
Public-key cryptography
Publication info
Digital SignaturesHomomorphic SignaturesSecurity Notions
Contact author(s)
luca nizzardo @ imdea org
2016-12-30: received
Short URL
Creative Commons Attribution


      author = {Dario Catalano and Dario Fiore and Luca Nizzardo},
      title = {On the Security Notions for Homomorphic Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1175},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.