Sum It Up: Verifiable Additive Homomorphic Secret Sharing

In many situations, clients (e.g., researchers, companies, hospitals) need to outsource joint computations based on joint inputs to external cloud servers in order to provide useful results. Often clients want to guarantee that the results are correct and thus, an output that can be publicly verified is required. However, important security and privacy challenges are raised, since clients may hold sensitive information and the cloud servers can be untrusted. Our goal is to allow the clients to protect their secret data, while providing public verifiability i.e., everyone should be able to verify the correctness of the computed result. In this paper, we propose three concrete constructions of verifiable additive homomorphic secret sharing (VAHSS) to solve this problem. Our instantiations combine an additive homomorphic secret sharing (HSS) scheme, which relies on Shamir's secret sharing scheme over a finite field F, for computing the sum of the clients' secret inputs, and three different methods for achieving public verifiability. More precisely, we employ: (i) homomorphic collision-resistant hash functions; (ii) linear homomorphic signatures; as well as (iii) a threshold RSA signature scheme. In all three cases we provide a detailed correctness, security and verifiability analysis and discuss their efficiency.