[PDF] Top 20 On the Security Notions for Homomorphic Signatures

... adaptive security is important in the case of very large, potentially unbounded, datasets (as in the streaming case) as one cannot assume that the adversary queries the whole ...semi-adaptive security: this ... See full document

... the signatures grow by a poly(m) factor for each level of the circuit, and thus, to size m O(d) where d is the depth of the evaluated ...and security, we must set the modulus q to be larger than this ... See full document

... adaptive security models for homomorphic ...the security proof for the fully adaptive chosen message model presents no difficulty: we do exactly the same as in the chosen dataset ... See full document

... Homomorphic Signatures Beyond ...consider homomorphic signatures beyond linear functions, and propose a general definition of such ...of security in the random-oracle ...construct ... See full document

... the security of a homomorphic signature scheme, we first provide a definition for well defined programs, which we need to define forgeries on these ...their homomorphic properties, these schemes ... See full document

... Luckily, Albrecht et al. [1] proposed a multilinear map based on indistinguisha- bility obfuscation (iO) and proved its security using standard assumptions. With this positive result, the work of Albrecht et al. ... See full document

... constructing homomorphic message authentication (MACs) (private verification) for larger classes of ...fully homomorphic MACs using fully homomorphic ...the security of the scheme only holds ... See full document

... al.’s security model [15]. Very intuitively, a multi-key homomorphic signature scheme is secure if the adversary, who can request to multiple users signatures on mes- sages of its choice, can produce ... See full document

... more security Purpose, we used Homomorphic Encryption Algorithm, Homomorphic authenticators (also denoted as Homomorphic verifiable tags) are basic tools to construct data auditing mechanisms ... See full document

... A homomorphic signature scheme for a class of functions C allows a client to sign and upload elements of some data set D on a ...new homomorphic signature schemes for such ...obtain security in a ... See full document

... Chameleon hash function, related to the notion of non-interactive chameleon commitment schemes, was originally introduced by Brassard et al. [18]. Roughly speaking, a chameleon trapdoor hash func- tion is a ... See full document

... a security model and two generic constructions for decentralized traceable attribute-based ...three security requirements: anonymity, full unforgeability and ... See full document

... proving security without a chameleon ...linearly homomorphic signatures based on q-SDH and strong ...the security model with our stronger ... See full document

... [5] B. Wang, M. Li, S.S. Chow, and H. Li, “Computing Encrypted Cloud Data Efficiently under Multiple Keys,” Proc. IEEE Conf. Comm. and Network Security (CNS ’13), pp. 90-99, 2013. [6] R. Rivest, A. Shamir, and L. ... See full document

... recognises security as a fundamental task of the state, which has appointed many state-financed entities to it, and has created conditions for the functioning of other entities (local government, commercial and ... See full document

... Wang et al. [13] leveraged homomorphic tokens to ensure the correctness of erasure codesbased data distributed on multiple servers. This mechanism is able not only to support dynamic data, but also to identify ... See full document

... The architecture involves three parties: the cloud server, the third party auditor (TPA) and users. There are two types of users in a group: the original user and a number of group users.The original user and group users ... See full document

... FS-PRGs, introduced by Bellare and Yee in [22], are stateful/iterated pseudorandom generators (PRGs) that deterministically derive sequences of fixed-length bit strings from an initial (random) seed. More precisely, in ... See full document

... PS signatures raise concerns in the cryptographic community because they both rely on interactive assumptions that essentially state their EUF-CMA ...precise security assessment is obviously a barrier to a ... See full document

... of security loss dates back to literature on “security- preserving reductions”, formalized originally by Luby in 1996 [Lub96]; early works on security- preserving reductions include Naor and ... See full document