Authorized Function Homomorphic Signature

Homomorphic signature (HS) is a novel primitive that allows an agency to carry out arbitrary (polynomial time) computation f on the signed data (m) over right arrow and accordingly gain a signature sigma(h) for the computation result f ((m) over right arrow) with respect to f on behalf of the data owner (DO). However, since DO lacks control of the agency's behavior, receivers would believe that DO did authenticate the computation result even if the agency misbehaves and applies a function that the DO does not want. To address the problem above, in this paper we introduce a new primitive called authorized function homomorphic signature (AFHS). In AFHS, the agency has to obtain a confidence key sk(f) from DO in order to evaluate a function f on the data (m) over right arrow and to obtain a signature with which one can check whether the agency acts in accordance with DO's instructions. A black-box construction of AFHS based on HS is given in this paper, and we show that if the underlying primitives are secure, so is our construction under the given security model. Moreover, we provide a somewhat concrete construction that offers stronger security guarantee.