Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption
نویسندگان
چکیده
Homomorphic signatures (HS) allows the derivation of the signature of the message-function pair (m, g), where m = g(m1, . . . ,mK), given the signatures of each of the input messages mk signed under the same key. Multi-key HS (M-HS) introduced by Fiore et al. (ASIACRYPT’16) further enhances the utility by allowing evaluation of signatures under different keys. While the unforgeability of existing M-HS notions unrealistically assumes that all signers are honest, we consider the setting where an arbitrary number of signers can be corrupted, which is typical in natural applications (e.g., verifiable multi-party computation) of M-HS. Surprisingly, there is a huge gap between M-HS with and without unforgeability under corruption: While the latter can be constructed from standard lattice assumptions (ASIACRYPT’16), we show that the former must rely on non-falsifiable assumptions. Specifically, we propose a generic construction of M-HS with unforgeability under corruption from adaptive zero-knowledge succinct non-interactive arguments of knowledge (ZK-SNARK) (and other standard assumptions), and then show that such M-HS implies adaptive zero-knowledge succinct non-interactive arguments (ZK-SNARG). Our results leave open the pressing question of what level of authenticity can be guaranteed in the multi-key setting under standard assumptions.
منابع مشابه
Efficient Ring Signatures Without Random Oracles
We describe the first efficient ring signature scheme secure, without random oracles, basedon standard assumptions. Our ring signatures are based in bilinear groups. For l members ofa ring our signatures consist of 2l + 2 group elements and require 2l + 3 pairings to verify. Weprove our scheme secure in the strongest security model proposed by Bender, Katz, and Morselli:namely, ...
متن کاملKey-Homomorphic Signatures and Applications to Multiparty Signatures and Non-Interactive Zero-Knowledge
Key-homomorphic properties of cryptographic objects have proven to be useful, both from a theoretical as well as a practical perspective. Important cryptographic objects such as pseudorandom functions or (public key) encryption have been studied previously with respect to key-homomorphisms. Interestingly, however, signature schemes have not been explicitly investigated in this context so far. W...
متن کاملKey-Homomorphic Signatures and Applications to Multiparty Signatures
Key-homomorphic properties of cryptographic objects have proven to be useful, both from a theoretical as well as a practical perspective. Important cryptographic objects such as pseudorandom functions or (public key) encryption have been studied previously with respect to key-homomorphisms. Interestingly, however, signature schemes have not been explicitly investigated in this context so far. W...
متن کاملAdapting Lyubashevsky's Signature Schemes to the Ring Signature Setting
Basing signature schemes on strong lattice problems has been a long standing open issue. Today, two families of lattice-based signature schemes are known: the ones based on the hash-andsign construction of Gentry et al.; and Lyubashevsky’s schemes, which are based on the Fiat-Shamir framework. In this paper we show for the first time how to adapt the schemes of Lyubashevsky to the ring signatur...
متن کاملA Zoo of Homomorphic Signatures: Multi-Key and Key-Homomorphism
Homomorphic signatures (HS) allow evaluation of signed messages by producing a signature on a function of messages signed by the same key. Motivated by the vast potential of applications, we initiate the study of multi-key HS (M-HS) which allows evaluation of signatures under different keys. We also study other multi-key extensions, namely, hierarchical HS (M-HiHS) for delegation of signing pow...
متن کامل