Privately Outsourcing Exponentiation to a Single Server: Cryptanalysis and Optimal Constructions

  • Céline Chevalier
  • Fabien Laguillaumie
  • Damien Vergnaud
Conference paper

DOI: 10.1007/978-3-319-45744-4_13

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9878)
Cite this paper as:
Chevalier C., Laguillaumie F., Vergnaud D. (2016) Privately Outsourcing Exponentiation to a Single Server: Cryptanalysis and Optimal Constructions. In: Askoxylakis I., Ioannidis S., Katsikas S., Meadows C. (eds) Computer Security – ESORICS 2016. ESORICS 2016. Lecture Notes in Computer Science, vol 9878. Springer, Cham


We address the problem of speeding up group computations in cryptography using a single untrusted computational resource. We analyze the security of an efficient protocol for securely outsourcing multi-exponentiations proposed at ESORICS 2014. We show that this scheme does not achieve the claimed security guarantees and we present practical polynomial-time attacks on the delegation protocol which allow the untrusted helper to recover part (or the whole) of the device secret inputs. We then provide simple constructions for outsourcing group exponentiations in different settings (e.g. public/secret, fixed/variable bases and public/secret exponents). Finally, we prove that our attacks on the ESORICS 2014 protocol are unavoidable if one wants to use a single untrusted computational resource and to limit the computational cost of the limited device to a constant number of (generic) group operations. In particular, we show that our constructions are actually optimal in terms of operations in the underlying group.

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Céline Chevalier
    • 1
  • Fabien Laguillaumie
    • 2
  • Damien Vergnaud
    • 3
  1. 1.CRED (U. Panthéon–Assas Paris II)ParisFrance
  2. 2.LIP (UCBL, U. Lyon, CNRS, ENS Lyon, INRIA)LyonFrance
  3. 3.DI/ENS (ENS, CNRS, INRIA, PSL)ParisFrance

Personalised recommendations