Homomorphic Witness Encryption from Indistinguishable Obfuscation

Abstract

Witness encryption (WE) is a new encryption paradigm that allows encrypting a message using the instance of a particular NP problem, and someone who knows a solution to this problem (i.e., a witness) can effectively decrypt the ciphertext. Traditional witness encryption is built from multi-linear encodings. In this work, we put forth the concept of homomorphic witness encryption (HWE), where one can evaluate functions over ciphertexts of the same instance without decrypting them, i.e., one can manipulate a set of ciphertexts with messages (m1, ⋯, mn) to obtain the evaluation of f(m1, ⋯, mn), for any function f. We declare that such homomorphic witness encryption schemes can be generically constructed from indistinguishable obfuscation (iO ) for any classes of functions. Then we propose an instantiate of multiplicative homomorphic witness encryption (MHWE) using an iO, homomorphic encryption for NP problems such as Subset-Sum and a batch-processed GS-proof system, which enables us to evaluate multiplication operations over ciphertext. Furthermore, we give the security and efficiency of our candidate schemes.