Fully Homomorphic Message Authenticators
نویسندگان
چکیده
We define and construct a new primitive called a fully homomorphic message authenticator. With such scheme, anybody can perform arbitrary computations over authenticated data and produce a short tag that authenticates the result of the computation (without knowing the secret key). This tag can be verified using the secret key to ensure that the claimed result is indeed the correct output of the specified computation over previously authenticated data (without knowing the underlying data). For example, Alice can upload authenticated data to “the cloud”, which then performs some specified computations over this data and sends the output to Bob, along with a short tag that convinces Bob of correctness. Alice and Bob only share a secret key, and Bob never needs to know Alice’s underlying data. Our construction relies on fully homomorphic encryption to build fully homomorphic message authenticators.
منابع مشابه
Multi-key Homomorphic Authenticators
Homomorphic authenticators (HAs) enable a client to authenticate a large collection of data elementsm1, . . . ,mt and outsource them, along with the corresponding authenticators, to an untrusted server. At any later point, the server can generate a short authenticator vouching for the correctness of the output y of a function f computed on the outsourced data, i.e., y = f(m1, . . . ,mt). Recent...
متن کاملHomomorphic Proxy Re-Authenticators and Applications to Verifiable Multi-User Data Aggregation
Abstract. We introduce the notion of homomorphic proxy re-authenticators, a tool that adds security and verifiability guarantees to multi-user data aggregation scenarios. It allows distinct sources to authenticate their data under their own keys, and a proxy can transform these single signatures or message authentication codes (MACs) to a MAC under a receiver’s key without having access to it. ...
متن کاملPolynomial evaluation and message authentication
The cryptographic literature contains many provably secure highspeed authenticators. Some authenticators use n multiplications for length-n messages; some authenticators have the advantage of using only about n/2 multiplications. Some authenticators use n variables for length-n messages; some authenticators have the advantage of using only 1 variable. This paper, after reviewing relevant polyno...
متن کاملPractical Homomorphic MACs for Arithmetic Circuits
Homomorphic message authenticators allow the holder of a (public) evaluation key to perform computations over previously authenticated data, in such a way that the produced tag σ can be used to certify the authenticity of the computation. More precisely, a user knowing the secret key sk used to authenticate the original data, can verify that σ authenticates the correct output of the computation...
متن کاملAuthenticating Computation on Groups: New Homomorphic Primitives and Applications
In this paper we introduce new primitives to authenticate computation on data expressed as elements in (cryptographic) groups. As for the case of homomorphic authenticators, our primitives allow to verify the correctness of the computation without having to know of the original data set. More precisely, our contributions are two-fold. First, we introduce the notion of linearly homomorphic authe...
متن کامل