[Resource Topic] 2017/723: An Equivalence Between Attribute-Based Signatures and Homomorphic Signatures, and New Constructions for Both

Welcome to the resource topic for 2017/723

Title:
An Equivalence Between Attribute-Based Signatures and Homomorphic Signatures, and New Constructions for Both

Authors: Rotem Tsabary

Abstract:

In Attribute-Based Signatures (ABS; first defined by Maji, Prabhakaran and Rosulek, CT-RSA 2011) an authority can generate multiple signing keys, where each key is associated with a constraint f. A key respective to f can sign a message x only if f(x) = 0. The security requirements are unforgeability and key privacy (signatures should not expose the specific signing key used). In Homomorphic Signatures (HS; first defined by Boneh and Freeman, PKC 2011), given a signature for a data-set x, one can evaluate a signature for the pair (f(x),f), for functions f. In context-hiding HS, evaluated signatures do not reveal information about the pre-evaluated signature. In this work we start by showing that these two notions are in fact equivalent. The first implication of this equivalence is a new lattice-based ABS scheme for polynomial-depth circuits, based on the HS construction of Gorbunov, Vaikuntanathan and Wichs (GVW; STOC 2015). We then construct a new ABS candidate from a worst case lattice assumption (SIS), with different parameters. Using our equivalence again, now in the opposite direction, our new ABS implies a new lattice-based HS scheme with different parameter trade-off, compared to the aforementioned GVW.

ePrint: https://eprint.iacr.org/2017/723

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .