Abstract
Modern web applications using advanced cryptographic methods may need to calculate a large number of modular exponentiations. Performing such calculations in the web browser efficiently is a known problem. We propose a solution to this problem based on outsourcing the computational effort to untrusted exponentiation servers. We present several efficient outsourcing protocols for different settings and a practical implementation consisting of a JavaScript client library and a server application. Compared to browser-only computation, our solution improves the overall computation time by an order of magnitude.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The Web Cryptography API offers operations for Diffie-Hellman key exchanges and DSA signatures, but currently only elliptic curves are supported. Therefore, we do not see a way of exploiting this interface for computing modular exponentiations.
- 2.
We expect significant performance improvements in libraries making use of the recently introduced WebAssembly technology for web browsers.
- 3.
Requiring two non-colluding servers is admittedly a strong assumption. We believe that this assumption can be justified, if adequate organizational measures are put in place. Otherwise, we suggest extending our protocols to three or more servers or considering the one-server protocols from [3].
- 4.
famodulus is a combination of the Latin words famulus (servant) and modulus (measure), i.e., famodulus is a servant for modular exponentiation calculations.
- 5.
All three components have been released as open-source software under the MIT license, see https://github.com/mainini/famodulus.
- 6.
- 7.
See https://nodejs.org.
- 8.
- 9.
- 10.
- 11.
See https://gmplib.org.
- 12.
- 13.
- 14.
In all our experiments, we selected the smallest prime modulus p of the corresponding bit length. Base and exponent were picked at random from \(\mathbb {Z}^*_p\) and \(\mathbb {Z}_{p-1}\), respectively.
References
Cavallo, B., Di Crescenzo, G., Kahrobaei, D., Shpilrain, V.: Efficient and secure delegation of group exponentiation to a single server. In: Mangard, S., Schaumont, P. (eds.) RFIDSec 2015. LNCS, vol. 9440, pp. 156–173. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24837-0_10
Chen, X., Li, J., Ma, J., Tang, Q., Lou, W.: New algorithms for secure outsourcing of modular exponentiations. IEEE Trans. Parallel Distrib. Syst. 25(9), 2386–2396 (2014)
Chevalier, C., Laguillaumie, F., Vergnaud, D.: Privately outsourcing exponentiation to a single server: cryptanalysis and optimal constructions. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part I. LNCS, vol. 9878, pp. 261–278. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_13
Fielding, R.T.: Architectural Styles and the Design of Network-Based Software Architectures. Ph.D. thesis, University of California, Irvine, USA (2000)
Galindo, D., Guasch, S., PuiggalÃ, J.: 2015 Neuchâtel’s cast-as-intended verification mechanism. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22270-7_1
Haenni, R., Koenig, R.E., Dubuis, E.: Cast-as-intended verification in electronic elections based on oblivious transfer. In: Krimmer, R., et al. (eds.) E-Vote-ID 2016. LNCS, vol. 10141, pp. 73–91. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52240-1_5
Hohenberger, S., Lysyanskaya, A.: How to securely outsource cryptographic computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_15
Kiraz, M.S., Uzunkol, O.: Efficient and verifiable algorithms for secure outsourcing of cryptographic computations. Int. J. Inf. Secur. 15(5), 519–537 (2016)
Locher, P., Haenni, R.: Verifiable internet elections with everlasting privacy and minimal trust. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 74–91. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22270-7_5
Ma, X., Li, J., Zhang, F.: Outsourcing computation of modular exponentiations in cloud computing. Cluster Comput. 16(4), 787–796 (2013)
Mainini, P.: Efficient and Secure Outsourcing of Modular Exponentiation. Bachelor thesis, Bern University of Applied Sciences, Biel, Switzerland (2017)
Ye, J., Chen, X., Ma, J.: An improved algorithm for secure outsourcing of modular exponentiations. In: 29th International Conference on Advanced Information Networking and Applications Workshops, AINA 2015, Gwangju, Korea, pp. 73–76 (2015)
Acknowledgment
We thank the anonymous reviewers for their thorough reviews. We appreciated their valuable comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 International Financial Cryptography Association
About this paper
Cite this paper
Mainini, P., Haenni, R. (2019). Outsourcing Modular Exponentiation in Cryptographic Web Applications. In: Zohar, A., et al. Financial Cryptography and Data Security. FC 2018. Lecture Notes in Computer Science(), vol 10958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-58820-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-662-58820-8_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-58819-2
Online ISBN: 978-3-662-58820-8
eBook Packages: Computer ScienceComputer Science (R0)