Verifiable Privacy-Preserving Data Aggregation Protocols

抄録

Homomorphic encryption allows computation over encrypted data, and can be used for delegating computation: data providers encrypt their data and send them to an aggregator, who can then perform computation over the encrypted data on behalf of a client, without the underlying data being exposed to the aggregator. However, since the aggregator is merely a third party, it may be malicious, and in particular, may submit an incorrect aggregation result to the receiver. Ohara et al. (APKC2014) studied secure aggregation of time-series data while enabling the correctness of aggregation to be verified. However, they only provided a concrete construction in the smart metering system and only gave an intuitive argument of security. In this paper, we define verifiable homomorphic encryption (VHE) which generalizes their scheme, and introduce formal security definitions. Further, we formally prove that Ohara et al.'s VHE scheme satisfies our proposed security definitions.