Results 1  10
of
14
Homomorphic Signatures with Efficient Verification for Polynomial Functions?
"... Abstract. A homomorphic signature scheme for a class of functions C allows a client to sign and upload elements of some data set D on a server. At any later point, the server can derive a (publicly verifiable) signature that certifies that some y is the result computing some f ∈ C on the basic data ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract. A homomorphic signature scheme for a class of functions C allows a client to sign and upload elements of some data set D on a server. At any later point, the server can derive a (publicly verifiable) signature that certifies that some y is the result computing some f ∈ C on the basic data set D. This primitive has been formalized by Boneh and Freeman (Eurocrypt 2011) who also proposed the only known construction for the class of multivariate polynomials of fixed degree d ≥ 1. In this paper we construct new homomorphic signature schemes for such functions. Our schemes provide the first alternatives to the one of BonehFreeman, and improve over their solution in three main aspects. First, our schemes do not rely on random oracles. Second, we obtain security in a stronger fullyadaptive model: while the solution of BonehFreeman requires the adversary to query messages in a given data set all at once, our schemes can tolerate adversaries that query one message at a time, in a fullyadaptive way. Third, signature verification is more efficient (in an amortized sense) than computing the function from scratch. The latter property opens the way to using homomorphic signatures for publiclyverifiable computation on outsourced data. Our schemes rely on a new assumption on leveled graded encodings which we show to hold in a generic model. 1
TrueSet: Faster Verifiable Set Computations∗
"... Verifiable computation (VC) enables thin clients to efficiently verify the computational results produced by a powerful server. Although VC was initially considered to be mainly of theoretical interest, over the last two years, impressive progress has been made on implementing VC. Specifically, we ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Verifiable computation (VC) enables thin clients to efficiently verify the computational results produced by a powerful server. Although VC was initially considered to be mainly of theoretical interest, over the last two years, impressive progress has been made on implementing VC. Specifically, we now have opensource implementations of VC systems that can handle all classes of computations expressed either as circuits or in the RAM model. However, despite this very encouraging progress, new enhancements in the design and implementation of VC protocols are required in order to achieve truly practical VC for realworld applications. In this work, we show that for functionalities that can be expressed efficiently in terms of set operations (e.g., a subset of SQL queries) VC can be enhanced to become drastically more practical: We present the design and prototype implementation of a novel VC scheme that achieves orders of magnitude speedup in comparison with the state of the art. Specifically, we build and evaluate TrueSet, a system that can verifiably compute any polynomialtime function expressed as a circuit consisting of “set gates ” such as union, intersection, difference and set cardinality. Moreover, TrueSet supports hybrid circuits consisting of both set gates and traditional arithmetic gates. Therefore, it does not lose any of the expressiveness of the previous schemes—this also allows the user to choose the most efficient way to represent different parts of a computation. By expressing set computations as polynomial operations and introducing a novel Quadratic Polynomial Program technique, TrueSet achieves prover performance speedup ranging from 30x to 150x and yields up to 97 % evaluation key size reduction. 1
Efficiently Verifiable Computation on Encrypted Data
"... Abstract. We study the task of efficient verifiable delegation of computation on encrypted data. First, we improve previous definitions in order to tolerate adversaries that learn whether or not clients accept the result of a delegated computation. Then, in this strong model, we show a scheme for ar ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We study the task of efficient verifiable delegation of computation on encrypted data. First, we improve previous definitions in order to tolerate adversaries that learn whether or not clients accept the result of a delegated computation. Then, in this strong model, we show a scheme for arbitrary computations, and we propose highly efficient schemes for delegation of various classes of functions, such as linear combinations, highdegree univariate polynomials, and multivariate quadratic polynomials. Notably, the latter class includes many useful statistics. Using our solution, a client can store a large encrypted dataset with a server, query statistics over this data, and receive encrypted results that can be efficiently verified and decrypted. As a key contribution for the efficiency of our schemes, we develop a novel homomorphic hashing technique that allows us to efficiently authenticate computations, at the same cost as if the data were in the clear, avoiding a 104 overhead, which would occur with a naive approach. We confirm our theoretical analysis with extensive implementation tests that show the practical feasibility of our
Nearly Practical and PrivacyPreserving Proofs on Authenticated Data
"... Abstract. We study the problem of privacypreserving proofs on authenticated data in which a party receives data from a trusted source and is requested to prove statements over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is stil ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. We study the problem of privacypreserving proofs on authenticated data in which a party receives data from a trusted source and is requested to prove statements over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is still assured that the claimed proof is valid. Our work particularly focuses on the challenging requirement that the third party should be able to verify the validity with respect to the specific data authenticated by the source — even without having access to that source. This problem is motivated by various scenarios emerging from several application areas such as wearable computing, smart metering, or general businesstobusiness interactions. Furthermore, these applications also demand any meaningful solution to satisfy additional properties related to usability and scalability. First, third parties should be able to check proofs very efficiently. Second, the trusted source should be independent of the data processor: it simply (and possibly continuously) provides data, e.g., without knowing which statements will be proven. This paper formalizes the above threeparty model, discusses concrete application scenarios, and introduces a new cryptographic primitive for proving NP relations where statements are authenticated by trusted sources. After discussing a generic approach to construct this primitive, we present a more direct and efficient realization that supports generalpurpose NP relations. Our realization significantly
Leveled Fully Homomorphic Signatures from Standard Lattices
, 2014
"... In a homomorphic signature scheme, a user Alice signs some large data x using her secret signing key and stores the signed data on a server. The server can then run some computation y = g(x) on the signed data and homomorphically produce a short signature σg,y. Anybody can verify the signature using ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In a homomorphic signature scheme, a user Alice signs some large data x using her secret signing key and stores the signed data on a server. The server can then run some computation y = g(x) on the signed data and homomorphically produce a short signature σg,y. Anybody can verify the signature using Alice’s public verification key and become convinced that y is the correct output of the computation g over Alice’s data, without needing to have the underlying data itself. In this work, we construct the first leveled fully homomorphic signature schemes that can evaluate arbitrary circuits over signed data, where only the maximal depth d of the circuit needs to be fixed a priori. The size of the evaluated signature grows polynomially in d, but is otherwise independent of the circuit size or the data size. Our solutions are based on the hardness of the small integer solution (SIS) problem, which is in turn implied by the worstcase hardness of problems in standard lattices. We get a scheme in the standard model, albeit with large public parameters whose size must exceed the total size of all signed data. In the randomoracle model, we get a scheme with short public parameters. These results offer a significant improvement in capabilities and assumptions over the best prior homomorphic signature scheme due to Boneh and Freeman (Eurocrypt ’11). As a building block of independent interest, we introduce a new notion called homomorphic trapdoor functions (HTDF). We show to how construct homomorphic signatures using HTDFs as a black box. We construct HTDFs based on the SIS problem by relying on a recent technique developed by Boneh et al. (Eurocrypt ’14) in the context of attribute based encryption. 1
Efficient Secure and Verifiable Outsourcing of Matrix Multiplications
"... With the emergence of cloud computing services, a resourceconstrained client can outsource its computationallyheavy tasks to cloud providers. Because such service providers might not be fully trusted by the client, the need to verify integrity of the returned computation result arises. The ability ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
With the emergence of cloud computing services, a resourceconstrained client can outsource its computationallyheavy tasks to cloud providers. Because such service providers might not be fully trusted by the client, the need to verify integrity of the returned computation result arises. The ability to do so is called verifiable delegation or verifiable outsourcing. Furthermore, the data used in the computation may be sensitive and it is often desired to protect it from the cloud throughout the computation. In this work, we put forward solutions for verifiable outsourcing of matrix multiplications that favorably compare with the state of the art. The cost of verifying the result of computation consists of a single modulo exponentiation and can be further reduced if the cloud is rational. A rational cloud is neither honest nor arbitrarily malicious, but rather economically motivated with the sole purpose of maximizing a monetary reward. Our solutions achieve several desired features such as data protection, public verifiability, and computation chaining. 1
PUDA – Privacy and Unforgeability for Data Aggregation
"... Abstract. Existing work on data collection and analysis for aggregation is mainly focused on confidentiality issues. That is, the untrusted Aggregator learns only the aggregation result without divulging individual data inputs. In this paper we extend the existing models with stronger security requi ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Existing work on data collection and analysis for aggregation is mainly focused on confidentiality issues. That is, the untrusted Aggregator learns only the aggregation result without divulging individual data inputs. In this paper we extend the existing models with stronger security requirements. Apart from the privacy requirements with respect to the individual inputs, we ask for unforgeability for the aggregate result. We first define the new security requirements of the model. We also instantiate a protocol for private and unforgeable aggregation for multiple independent users. I.e, multiple unsynchronized users owing to personal sensitive information without interacting with each other, contribute their values in a secure way: The Aggregator learns the result of a function without learning individual values, and moreover, it constructs a proof that is forwarded to a verifier that will convince the latter for the correctness of the computation. Our protocol is provably secure in the random oracle model. 1
A Framework for Outsourcing of Secure Computation (Draft Version)
"... Abstract We study the problem of how to efficiently outsource a sensitive computation on secret inputs to a number of untrusted workers, under the assumption that at least one worker is honest. In our setting there is a number of clients C1,..., Cn with inputs x1,..., xn. The clients want to delegat ..."
Abstract
 Add to MetaCart
Abstract We study the problem of how to efficiently outsource a sensitive computation on secret inputs to a number of untrusted workers, under the assumption that at least one worker is honest. In our setting there is a number of clients C1,..., Cn with inputs x1,..., xn. The clients want to delegate a secure computation of f(x1,..., xn) to a set of untrusted workers W1,...,Wm. We want do so in such a way that as long at there is at least one honest worker (and everyone else might be actively corrupted) the following holds 1) the privacy of the inputs is preserved 2) the output of the computation is correct (in particular workers cannot change the inputs of honest clients). We propose a solution where the clients ’ work is minimal and the interaction pattern simple (one message to upload inputs, one to receive results), while at the same time reducing the overhead for the workers to a minimum. Our solution is generic and can be instantiated with any underlying reactive MPC protocol where linear operations are “for free”. In contrast previous solutions were less generic and could only be instantiated for specific numbers of clients/workers. 1
USENIX Association 23rd USENIX Security Symposium 765 TRUESET: Faster Verifiable Set Computations∗
, 2014
"... USENIX ..."
(Show Context)
unknown title
"... Abstract—Recent work on proofbased verifiable computation has resulted in built systems that employ tools from complexity theory and cryptography to address a basic problem in systems security: allowing a local computer to outsource the execution of a program while providing the local computer wit ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Recent work on proofbased verifiable computation has resulted in built systems that employ tools from complexity theory and cryptography to address a basic problem in systems security: allowing a local computer to outsource the execution of a program while providing the local computer with a guarantee of integrity and the remote computer with a guarantee of privacy. However, support for programs that use RAM and control flow has been problematic. State of the art systems either restrict the use of these constructs (e.g., requiring static loop bounds), incur sizeable overhead on every step, or pay tremendous costs when the constructs are invoked. This paper describes Buffet, a built system that solves these problems by providing inexpensive “a la carte ” RAM and dynamic control flow. Buffet composes an elegant prior approach to RAM with a novel adaptation of techniques from the compilers literature. Buffet allows the programmer to express programs in an expansive subset of C (disallowing only “goto ” and function pointers), can handle essentially any example in the verifiable computation literature, and achieves the best performance in the area by multiple orders of magnitude. 1