Results 1 
2 of
2
Computing on authenticated data
 In Theory of Cryptography — TCC 2012, Springer LNCS 7194
, 2012
"... In tandem with recent progress on computing on encrypted data via fully homomorphic encryption, we present a framework for computing on authenticated data via the notion of slightly homomorphic signatures, or Phomomorphic signatures. With such signatures, it is possible for a third party to derive ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
(Show Context)
In tandem with recent progress on computing on encrypted data via fully homomorphic encryption, we present a framework for computing on authenticated data via the notion of slightly homomorphic signatures, or Phomomorphic signatures. With such signatures, it is possible for a third party to derive a signature on the object m ′ from a signature of m as long as P (m, m ′ ) = 1 for some predicate P which captures the “authenticatable relationship ” between m ′ and m. Moreover, a derived signature on m ′ reveals no extra information about the parent m. Our definition is carefully formulated to provide one unified framework for a variety of distinct concepts in this area, including arithmetic, homomorphic, quotable, redactable, transitive signatures and more. It includes being unable to distinguish a derived signature from a fresh one even when given the original signature. The inability to link derived signatures to their original sources prevents some practical privacy and linking attacks, which is a challenge not satisfied by most prior works. Under this strong definition, we then provide generic constructions for all univariate and closed predicates, and specific efficient constructions for a broad class of natural predicates such as quoting, subsets, weighted sums, averages, and Fourier transforms. To our knowledge, these are the first efficient constructions for these predicates (excluding subsets) that provably satisfy this strong security notion. Supported by NSF, DARPA, and AFOSR. Applying to all authors, the views and conclusions contained in this
Rethinking Privacy for Extended Sanitizable Signatures and a BlackBox Construction of Strongly Private Schemes?
"... Abstract. Sanitizable signatures, introduced by Ateniese et al. at ESORICS’05, allow to issue a signature on a message where certain predefined message blocks may later be changed (sanitized) by some dedicated party (the sanitizer) without invalidating the original signature. With sanitizable sign ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Sanitizable signatures, introduced by Ateniese et al. at ESORICS’05, allow to issue a signature on a message where certain predefined message blocks may later be changed (sanitized) by some dedicated party (the sanitizer) without invalidating the original signature. With sanitizable signatures, replacements for modifiable (admissible) message blocks can be chosen arbitrarily by the sanitizer. However, in various scenarios this makes sanitizers too powerful. To reduce the sanitizers power, Klonowski and Lauks at ICISC’06 proposed (among others) an extension that enables the signer to limit the allowed modifications per admissible block to a well defined set each. At CTRSA’10 Canard and Jambert then extended the formal model of Brzuska et al. from PKC’09 to additionally include the aforementioned and other extensions. We, however, observe that the privacy guarantees of their model do not capture privacy in the sense of the original definition of sanitizable signatures. That is, if a scheme is private in this model it is not guaranteed that the sets of allowed modifications remain concealed. To this end, we review a stronger notion of privacy, i.e., (strong) unlinkability (defined by Brzuska et al. at EuroPKI’13), in this context. While unlinkability fixes this problem, no efficient unlinkable scheme supporting the aforementioned extensions exists and it seems to be hard to construct such schemes. As a remedy, in this paper, we propose a notion stronger than privacy, but weaker than unlinkability, which captures privacy in the original sense. Moreover, it allows to easily construct efficient schemes satisfying our notion from secure existing schemes in a blackbox fashion. 1