Identification of Bad Signatures in Batches

  • Jaroslaw Pastuszak
  • Dariusz Michałek
  • Josef Pieprzyk
  • Jennifer Seberry
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1751)


The paper addresses the problem of bad signature identification in batch verification of digital signatures. The number of generic tests necessary to identify all bad signatures in a batch instance, is used to measure the efficiency of verifiers. The divide-and-conquer verifier DCV α (x,n) is defined. The verifier identifies all bad signatures in a batch instance x of the length n by repeatedly splitting the input into α sub-instances. Its properties are investigated. In particular, probability distributions for the number of generic tests necessary to identify one, two and three bad signatures, are derived. The average numbers of GT tests necessary to identify bad signatures ranging from 1 to 16 are obtained from computer simulation. Further, a Hamming verifier (HV) is defined which allows to identify a single bad signature in a batch of the length n=2 k -1 using k+2 tests. HV is generalised into the two-layer Hamming verifier (2HV). Given a batch instance of the length 2 k − 2, the 2HV verifier identifies a single bad signature using k+2 tests and two bad signatures in expense of 3k+3 tests. The work is concluded by comments about a general model for verification codes identifying t bad signatures and the design of verifiers using combinatorial structures.


Generic Test Parity Check Test Versus Parity Check Matrix Combinatorial Design 


  1. 1.
    Bellare, M., Garay, J., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Beller, M., Yacobi, Y.: Batch Diffie-Hellman key agreement systems and their application to portable communications. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 208–220. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  3. 3.
    Berlekamp, E.: Algebraic Coding Theory. McGraw-Hill, New York (1968)MATHGoogle Scholar
  4. 4.
    Coron, J.-S., Naccache, D.: On the security of RSA screening. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 197–203. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Harn, L.: Batch verifying multiple DSA-type digital signatures. Electronics Letters 34(9), 870–871 (1998)CrossRefGoogle Scholar
  6. 6.
    Naccache, D., M’Raihi, D., Vaudenay, S., Raphaeli, D.: Can DSA be improved? complexity trade-offs with the digital signature standard. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 77–85. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  7. 7.
    Street, A.P., Wallis, W.D.: Combinatorics: A First Course. CBRC, Winnipeg (1982)Google Scholar
  8. 8.
    Yen, S., Laih, C.: Improved digital signature suitable for batch certification. IEEE Transactions on Computers 44(7), 957–959 (1995)MATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Jaroslaw Pastuszak
    • 1
  • Dariusz Michałek
    • 1
  • Josef Pieprzyk
    • 2
  • Jennifer Seberry
    • 2
  1. 1.Systems Research InstitutePolish Academy of SciencesWarsawPoland
  2. 2.Centre for Computer Security Research, School of IT and Computer ScienceUniversity of WollongongWollongongAustralia

Personalised recommendations