{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,10]],"date-time":"2026-01-10T01:41:25Z","timestamp":1768009285937,"version":"3.49.0"},"reference-count":19,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2020,9,21]],"date-time":"2020-09-21T00:00:00Z","timestamp":1600646400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Often clients (e.g., sensors, organizations) need to outsource joint computations that are based on some joint inputs to external untrusted servers. These computations often rely on the aggregation of data collected from multiple clients, while the clients want to guarantee that the results are correct and, thus, an output that can be publicly verified is required. However, important security and privacy challenges are raised, since clients may hold sensitive information. In this paper, we propose an approach, called verifiable additive homomorphic secret sharing (VAHSS), to achieve practical and provably secure aggregation of data, while allowing for the clients to protect their secret data and providing public verifiability i.e., everyone should be able to verify the correctness of the computed result. We propose three VAHSS constructions by combining an additive homomorphic secret sharing (HSS) scheme, for computing the sum of the clients\u2019 secret inputs, and three different methods for achieving public verifiability, namely: (i) homomorphic collision-resistant hash functions; (ii) linear homomorphic signatures; as well as (iii) a threshold RSA signature scheme. In all three constructions, we provide a detailed correctness, security, and verifiability analysis and detailed experimental evaluations. Our results demonstrate the efficiency of our proposed constructions, especially from the client side.<\/jats:p>","DOI":"10.3390\/cryptography4030025","type":"journal-article","created":{"date-parts":[[2020,9,21]],"date-time":"2020-09-21T08:18:01Z","timestamp":1600676281000},"page":"25","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Practical and Provably Secure Distributed Aggregation: Verifiable Additive Homomorphic Secret Sharing"],"prefix":"10.3390","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1552-6852","authenticated-orcid":false,"given":"Georgia","family":"Tsaloli","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, Chalmers University of Technology, 41296 Gothenburg, Sweden"}]},{"given":"Gustavo","family":"Banegas","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Chalmers University of Technology, 41296 Gothenburg, Sweden"}]},{"given":"Aikaterini","family":"Mitrokotsa","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Chalmers University of Technology, 41296 Gothenburg, Sweden"}]}],"member":"1968","published-online":{"date-parts":[[2020,9,21]]},"reference":[{"key":"ref_1","unstructured":"Seo, J.H. (2020). Sum It Up: Verifiable Additive Homomorphic Secret Sharing. Information Security and Cryptology\u2014ICISC 2019, Springer International Publishing."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Tsaloli, G., Liang, B., and Mitrokotsa, A. (2018, January 25\u201328). Verifiable Homomorphic Secret Sharing. Proceedings of the 12th International Conference on Provable Security, ProvSec 2018, Jeju, Korea.","DOI":"10.1007\/978-3-030-01446-9_3"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Yao, H., Wang, C., Hai, B., and Zhu, S. (2018, January 12\u201315). Homomorphic Hash and Blockchain Based Authentication Key Exchange Protocol for Strangers. Proceedings of the International Conference on Advanced Cloud and Big Data (CBD), Lanzhou, China.","DOI":"10.1109\/CBD.2018.00051"},{"key":"ref_4","unstructured":"Krohn, M., Freedman, M., and Mazieres, D. (2004, January 12). On-the-fly verification of rateless erasure codes for efficient content distribution. Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, USA."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Sarkar, P., and Iwata, T. (2014). Authenticating Computation on Groups: New Homomorphic Primitives and Applications. Advances in Cryptology\u2014ASIACRYPT 2014, Springer.","DOI":"10.1007\/978-3-662-45611-8"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Preneel, B. (2009). Practical Threshold Signatures with Linear Secret Sharing Schemes. Progress in Cryptology\u2014AFRICACRYPT 2009, Springer.","DOI":"10.1007\/978-3-642-02384-2"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1145\/359168.359176","article-title":"How to share a secret","volume":"22","author":"Shamir","year":"1979","journal-title":"Commun. ACM"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1007\/978-3-319-56614-6_6","article-title":"Group-Based Secure Computation: Optimizing Rounds, Communication, and Computation","volume":"Volume 10211","author":"Boyle","year":"2017","journal-title":"Advances in Cryptology\u2014EUROCRYPT 2017"},{"key":"ref_9","unstructured":"Benaloh, J.C. (1987). Secret sharing homomorphisms: Keeping shares of a secret secret. Conference on the Theory and Application of Cryptographic Techniques, Springer."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1007\/978-3-662-46803-6_12","article-title":"Function Secret Sharing","volume":"Volume 9057","author":"Boyle","year":"2015","journal-title":"Advances in Cryptology\u2014EUROCRYPT 2015"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Boyle, E., Gilboa, N., and Ishai, Y. (2016, January 24\u201328). Function Secret Sharing: Improvements and Extensions. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security\u2014CCS\u201916, Vienna, Austria.","DOI":"10.1145\/2976749.2978429"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Safavi-Naini, R., and Canetti, R. (2012). Multiparty Computation from Somewhat Homomorphic Encryption. Advances in Cryptology\u2014CRYPTO 2012, Springer.","DOI":"10.1007\/978-3-642-32009-5"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Crampton, J., Jajodia, S., and Mayes, K. (2013). Practical Covertly Secure MPC for Dishonest Majority\u2014Or: Breaking the SPDZ Limits. Computer Security\u2014ESORICS 2013, Springer.","DOI":"10.1007\/978-3-642-40203-6"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Canetti, R., and Garay, J.A. (2013). Secure Computation against Adaptive Auxiliary Information. Advances in Cryptology\u2014CRYPTO 2013, Springer.","DOI":"10.1007\/978-3-642-40084-1"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Abdalla, M., and De Prisco, R. (2014). Publicly Auditable Secure Multi-Party Computation. Security and Cryptography for Networks, Springer International Publishing.","DOI":"10.1007\/978-3-319-10879-7"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Fischlin, M., Buchmann, J., and Manulis, M. (2012). Efficient Network Coding Signatures in the Standard Model. Public Key Cryptography\u2014PKC 2012, Springer.","DOI":"10.1007\/978-3-642-30057-8"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Desmedt, Y.G. (1994). Incremental Cryptography: The Case of Hashing and Signing. Advances in Cryptology\u2014CRYPTO \u201994, Springer.","DOI":"10.1007\/3-540-48658-5"},{"key":"ref_18","unstructured":"Matsui, M. (2019). Context Hiding Multi-key Linearly Homomorphic Authenticators. Topics in Cryptology\u2014CT-RSA 2019, Springer International Publishing."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"239","DOI":"10.1147\/rd.62.0239","article-title":"Generalizations of Horner\u2019s rule for polynomial evaluation","volume":"6","author":"Dorn","year":"1962","journal-title":"IBM J. Res. Dev."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/4\/3\/25\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:11:58Z","timestamp":1760177518000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/4\/3\/25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,21]]},"references-count":19,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2020,9]]}},"alternative-id":["cryptography4030025"],"URL":"https:\/\/doi.org\/10.3390\/cryptography4030025","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,9,21]]}}}