Verifiable Privacy-Preserving Data Aggregation Protocols

Satoshi YASUDA  Yoshihiro KOSEKI  Yusuke SAKAI  Fuyuki KITAGAWA  Yutaka KAWAI  Goichiro HANAOKA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E103-A   No.1   pp.183-194
Publication Date: 2020/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.2019CIP0024
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
homomorphic encryption,  verifiable homomorphic encryption,  SXDH,  

Full Text: PDF(1.8MB)>>
Buy this Article

Homomorphic encryption allows computation over encrypted data, and can be used for delegating computation: data providers encrypt their data and send them to an aggregator, who can then perform computation over the encrypted data on behalf of a client, without the underlying data being exposed to the aggregator. However, since the aggregator is merely a third party, it may be malicious, and in particular, may submit an incorrect aggregation result to the receiver. Ohara et al. (APKC2014) studied secure aggregation of time-series data while enabling the correctness of aggregation to be verified. However, they only provided a concrete construction in the smart metering system and only gave an intuitive argument of security. In this paper, we define verifiable homomorphic encryption (VHE) which generalizes their scheme, and introduce formal security definitions. Further, we formally prove that Ohara et al.'s VHE scheme satisfies our proposed security definitions.