Key Generation. Each user () runs the following CSA.Key algorithm to get a public key pair |
and a secret key . |
CSA.Key: Given , , and , output a public key pair and a secret key by |
performing following steps: |
(1) perform GHV.Key to get and , |
(2) choose a uniformly random matrix . |
Encryption. Each user () runs the following CSA.Enc algorithm to get a ciphertext pair . |
CSA.Enc: Given a public key pair and a plaintext , output a ciphertext pair |
by performing following steps: |
(1) choose at random, |
(2) compute , |
(3) choose a uniformly random vector , |
(4) choose Gaussian error vectors and , |
(5) compute , |
(6) compute . |
Aggregation. aggregates ciphertext pairs generated under distinct public key pairs by |
performing the following CSA.Agg. |
CSA.Agg: Given ciphertext pairs where , output , and by performing following |
steps: |
(1) Let where is the number of elements in , |
(2) . |
re-Aggregation. Each user () can run the following CSA.reAgg algorithm to get a |
re-aggregated ciphertext. |
CSA.reAgg: Given an aggregated ciphertext , a ciphertext , a public key pair , |
a secret key , and a public key of , output by performing following steps: |
(1) perform GHV.Dec to get , |
(2) compute , |
(3) choose a uniformly random vector , |
(4) choose a Gaussian error vector , |
(5) compute . |
dec-Aggregation. gives an aggregated ciphertext to , and a ciphertext and a public key |
of to each user , respectively. Let , then the receiver obtains |
by performing following steps: |
(1) Each user in turn, |
(a) computes = CSA.reAgg, |
(b) sends to the next user . |
(2) computes = CSA.reAgg and sends to . |
(3) performs GHV.Dec to get . |