TY - GEN

T1 - Targeted malleability

T2 - 3rd Conference on Innovations in Theoretical Computer Science, ITCS 2012

AU - Boneh, Dan

AU - Segev, Gil

AU - Waters, Brent

PY - 2012

Y1 - 2012

N2 - We put forward the notion of targeted malleability: given a homomorphic encryption scheme, in various scenarios we would like to restrict the homomorphic computations one can perform on encrypted data. We introduce a precise framework, generalizing the foundational notion of non-malleability introduced by Dolev, Dwork, and Naor (SICOMP '00), ensuring that the malleability of a scheme is targeted only at a specific set of "allowable" functions. In this setting we are mainly interested in the efficiency of such schemes as a function of the number of repeated homomorphic operations. Whereas constructing a scheme whose ciphertext grows linearly with the number of such operations is straightforward, obtaining more realistic (or merely non-trivial) length guarantees is significantly more challenging. We present two constructions that transform any homomorphic encryption scheme into one that offers targeted malleability. Our constructions rely on standard cryptographic tools and on succinct non-interactive arguments, which are currently known to exist in the standard model based on variants of the knowledge-of-exponent assumption. The two constructions offer somewhat different efficiency guarantees, each of which may be preferable depending on the underlying building blocks.

AB - We put forward the notion of targeted malleability: given a homomorphic encryption scheme, in various scenarios we would like to restrict the homomorphic computations one can perform on encrypted data. We introduce a precise framework, generalizing the foundational notion of non-malleability introduced by Dolev, Dwork, and Naor (SICOMP '00), ensuring that the malleability of a scheme is targeted only at a specific set of "allowable" functions. In this setting we are mainly interested in the efficiency of such schemes as a function of the number of repeated homomorphic operations. Whereas constructing a scheme whose ciphertext grows linearly with the number of such operations is straightforward, obtaining more realistic (or merely non-trivial) length guarantees is significantly more challenging. We present two constructions that transform any homomorphic encryption scheme into one that offers targeted malleability. Our constructions rely on standard cryptographic tools and on succinct non-interactive arguments, which are currently known to exist in the standard model based on variants of the knowledge-of-exponent assumption. The two constructions offer somewhat different efficiency guarantees, each of which may be preferable depending on the underlying building blocks.

KW - homomorphic encryption

KW - non-malleable encryption

UR - http://www.scopus.com/inward/record.url?scp=84856449144&partnerID=8YFLogxK

U2 - 10.1145/2090236.2090264

DO - 10.1145/2090236.2090264

M3 - Conference contribution

AN - SCOPUS:84856449144

SN - 9781450311151

T3 - ITCS 2012 - Innovations in Theoretical Computer Science Conference

SP - 350

EP - 366

BT - ITCS 2012 - Innovations in Theoretical Computer Science Conference

Y2 - 8 January 2012 through 10 January 2012

ER -