This work resolves a long-standing open problem in cryptography—constructing secure homomorphic signatures over semigroups—first posed in 2002. We present the first computationally efficient, compact, and tightly secure homomorphic signature scheme for arbitrary finite semigroups, with a rigorous security proof under the standard Short Integer Solution (SIS) assumption on lattices. The scheme supports arbitrary combinations of signatures under semigroup operations while guaranteeing functional correctness. Furthermore, we extend it to linear semigroup homomorphic signatures, incorporating privacy-preserving mechanisms such as signature randomization and unlinkability. Unlike prior homomorphic signature schemes restricted to groups—requiring invertibility—our construction operates over general semigroups, thus eliminating the need for inverses. This breakthrough establishes the first efficient, secure, and privacy-aware homomorphic signature framework for non-invertible algebraic structures, enabling authenticated computation over broader classes of algebraic objects and opening a new paradigm for cryptographic authentication in semigroup-based settings.

In 2002, Johnson et al. posed an open problem at the Cryptographers' Track of the RSA Conference: how to construct a secure homomorphic signature on a semigroup, rather than on a group. In this paper, we introduce, for the first time, a semigroup-homomorphic signature scheme. Under certain conditions, we prove that the security of this scheme is based on the hardness of the Short Integer Solution (SIS) problem and is tightly secure. Furthermore, we extend it to a linear semigroup-homomorphic signature scheme over lattices, and this scheme can also ensure privacy.