Formal Treatment of Verifiable Privacy-Preserving Data-Aggregation Protocols.

Homomorphic encryption allows computation over encrypted data and can be used for delegating computation: data providers encrypt their data and send them to an aggregator, and then the aggregator performs computation for a receiver with the data kept secret. However, since the aggregator is merely the third party, it may be malicious, and particularly may submit a result of incorrect aggregation to the receiver. Ohara et al. (APKC2014) studied secure aggregation of time-series data while enabling the correctness of aggregation to be verified. However, they only provided a concrete construction in the smart metering system and only gave an intuitive argument of security. In this paper, we give general syntax of their scheme as verifiable homomorphic encryption (VHE) and introduce formal security definitions. Further, we formally prove that Ohara et al.’s VHE scheme satisfies our proposed security definitions.