Toward Both Privacy and Efficiency of Homomorphic MACs for Polynomial Functions and Its Applications

Abstract

Abstract Homomorphic message authentication codes (MACs) allow a user to outsource data to an untrusted server and verify the correctness of returned computation results over the outsourced data. Many cloud applications need delegation computations over outsourced data with dual capabilities. On one hand, they need to keep the outsourced data secret such that the server cannot trace and infer any sensitive information from the computation results. On the other hand, the user should be able to efficiently verify the computation results. Unfortunately, the state-of-the-art homomorphic MAC schemes are not so desirable due to either poor privacy or low verification efficiency. In this paper, we first put forward a new cryptographic primitive called privacy-preserving homomorphic MACs (PHMAC) that simultaneously provides data privacy and efficient verification. Then, we present a PHMAC construction capable for the evaluation of polynomials of fixed degree $d\geq 1$, in which the tag does not reveal any information of underlying authenticated data while being verifiable in constant time (in an amortized sense). As an application, we give a generic construction of homomorphic authenticated encryption (HAE) from proposed PHMAC and homomorphic encryption. Benefited from the functionalities of underlying PHMAC scheme, the derived HAE enjoys stronger authenticity and supports larger classes of functions than that of Lai et al. (Verifiable Computation on Outsourced Encrypted Data. In Computer Security—ESORICS 2014—19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7–11, Part I, pp. 273–291. Springer, Berlin). Such HAE enables verifiable delegation computations over growing outsourced encrypted data in an efficient way.