Linearly Homomorphic Signatures from Lattices

Abstract

AbstractLinearly homomorphic signatures (LHSs) allow any entity to linearly combine a set of signatures and to provide authentication service for the corresponding (combined) data. The public key of the current known LHSs from lattices in the standard model requires $O(l)$ matrices and $O(k)$ vectors, where $l$ is the length of file identifier and $k$ is the maximum data set size that linear functions support. In this paper, we construct two lattice-based LHS schemes with provable security in the standard model and both schemes can authenticate vectors defined over finite field. First, we present a basic LHS scheme satisfying selective security, based on the full-rank difference hash functions. Second, we modify the chameleon hash function constructed by (Cash, D., Hofheinz, D., Kiltz, E. and Peikert, C. (2010) Bonsai Trees, or How to Delegate a Lattice Basis. In Proc. EUROCRYPT 10, Monaco/French Riviera, May 30 to June 3, pp. 523–552. Springer, Berlin) to construct a linearly homomorphic chameleon hash function (LHCHF), which can be applied to all transformations from selectively secure LHS scheme that authenticates vectors defined over finite field $\mathbb{F}_{p}$ ($p=poly(n)$) to fully secure one, except for a new one that authenticates vectors defined over a small field. Starting from LHCFH and the basic scheme as above, we obtain a fully secure LHS scheme. Both schemes can be used to sign multiple files and have relatively short public keys consisting of $O(1)$ matrices and $O(k)$ vectors.