Homomorphic encryption for multiplications and pairing evaluation

Abstract

We propose a generic approach to design homomorphic encryption schemes, which extends Gjøsteen's framework. From this generic method, we deduce a new homomorphic encryption scheme in a composite-order subgroup of points of an elliptic curve which admits a pairing e: G x G → G t. This scheme has some interesting theoretical and practical properties: it allows an arbitrary number of multiplications in the groups G and G t, as well as a pairing evaluation on the underlying plaintexts. We prove the semantic security under chosen plaintext attack of our scheme under a generalized subgroup membership assumption, and we also prove that it cannot achieve ind-cca1 security. We eventually propose an original application to shared decryption. On the theoretical side, this scheme is an example of cryptosystem which can be naturally implemented with groups of prime order, as the homomorphic properties require only a projecting pairing using Freeman's terminology. However the application to shared decryption also relies on the fact that the pairing is cancelling and therefore does not survive this conversion. © 2012 Springer-Verlag.