Semigroup-homomorphic Signature
Heng Guo, Kun Tian, Fengxia Liu, Zhiyong Zheng
TL;DR
The paper resolves the open problem of constructing secure semigroup-homomorphic signatures by introducing the first such scheme and a lattice-based linear extension. Security is established through tight reductions to the Short Integer Solution problem $SIS_{q,\\beta}$, supported by trapdoor lattices and discrete Gaussian sampling. The work also provides a privacy-preserving linear variant and discusses open challenges, including fixed-length signatures, alternative semigroups, standard EUF-CMA, and fully homomorphic signatures. Overall, it lays foundational work for semigroup-homomorphic cryptography and suggests several avenues for future research.
Abstract
In 2002, Johnson et al. posed an open problem at the Cryptographers' Track of the RSA Conference: how to construct a secure homomorphic signature on a semigroup, rather than on a group. In this paper, we introduce, for the first time, a semigroup-homomorphic signature scheme. Under certain conditions, we prove that the security of this scheme is based on the hardness of the Short Integer Solution (SIS) problem and is tightly secure. Furthermore, we extend it to a linear semigroup-homomorphic signature scheme over lattices, and this scheme can also ensure privacy.