Advertisement

Fast batch verification for modular exponentiation and digital signatures

  • Mihir Bellare
  • Juan A. Garay
  • Tal Rabin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)

Abstract

Many tasks in cryptography (e.g., digital signature verification) call for verification of a basic operation like modular exponentiation in some group: given (g, x, y) check that gx = y. This is typically done by re-computing gx and checking we get y. We would like to do it differently, and faster.

The approach we use is batching. Focusing first on the basic modular exponentiation operation, we provide some probabilistic batch verifiers, or tests, that verify a sequence of modular exponentiations significantly faster than the naive re-computation method. This yields speedups for several verification tasks that involve modular exponentiations.

Focusing specifically on digital signatures, we then suggest a weaker notion of (batch) verification which we call “screening.” It seems useful for many usages of signatures, and has the advantage that it can be done very fast; in particular, we show how to screen a sequence of RSA signatures at the cost of one RSA verification plus hashing.

Keywords

Signature Scheme Random Oracle Security Parameter Modular Exponentiation Signature Verification 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    M. Bellare, J. Garay and T. Rabin. Distributed pseudo-random bit generators— a new way to speed-up shared coin tossing. Proceedings Fifteenth Annual Symposium on Principles of Distributed Computing, ACM, 1996.Google Scholar
  2. 2.
    M. Bellare, J. Garay and T. Rabin. Fast batch verification for modular expo-nentiation and digital signatures. Full version of this paper, available via http:// www-cse.ucsd.edu/users/mihir, 1998.Google Scholar
  3. 3.
    M. Bellare, J. Garay and T. Rabin. Batch verification with applications to cryptography and checking (Invited Paper), Latin American Theoretical INfor-matics 98 (LATIN '98) Proceedings, LNCS Vol. 1830, C. Lucchesi and A. Moura eds., Springer-Verlag, 1998.Google Scholar
  4. 4.
    M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. First ACM Conference on Computer and Communi-cations Security, ACM, 1994.Google Scholar
  5. 5.
    M. Bellare and P. Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. Advances in Cryptology — Eurocrypt 96 Proceedings, LNCS Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.Google Scholar
  6. 6.
    M. Beller and Y. Yacobi. Batch Diffie-Hellman key agreement systems and their application to portable communications. Advances in CryptologyEuro-crypt 92 Proceedings, LNCS Vol. 658, R. Rueppel ed., Springer-Verlag, 1992.Google Scholar
  7. 7.
    M. Blum and S. Kannan. Designing programs that check their work. Proceed-ings of the 21st Annual Symposium on the Theory of Computing, ACM, 1989.Google Scholar
  8. 8.
    J. Bos and M. Coster. Addition chain heuristics. Advances in Cryptology — Crypto 89 Proceedings, LNCS Vol. 435, G. Brassard ed., Springer-Verlag, 1989.Google Scholar
  9. 9.
    B. Brickell, D. Gordon, K. McCurley and D. Wilson. Fast exponentiation with precomputation. Advances in Cryptology — Eurocrypt 92 Proceedings, LNCS Vol. 658, R. Rueppel ed., Springer-Verlag, 1992.Google Scholar
  10. 10.
    E. Brickell, P. Lee and Y. Yacobi. Secure audio teleconference. Advances in Cryptology — Crypto 87 Proceedings, LNCS Vol. 293, C. Pomerance ed., Springer-Verlag, 1987.Google Scholar
  11. 11.
    A. Fiat. Batch RSA. Journal of Cryptology, Vol. 10, No. 2, 1997, pp. 75–88.zbMATHCrossRefGoogle Scholar
  12. 12.
    National Institute for Standards and Technology. Digital Signature Standard (DSS). Federal Register, Vol. 56, No. 169, August 30, 1991.Google Scholar
  13. 13.
    C. Lim and P. Lee. More flexible exponentiation with precomputation. Advances in Cryptology — Crypto 94 Proceedings, LNCS Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.Google Scholar
  14. 14.
    D. M'RaÏhi and D. Naccache. Batch exponentiation — A fast DLP based signa-ture generation strategy. 3rd ACM Conference on Computer and Communications Security, ACM, 1996.Google Scholar
  15. 15.
    D. Naccache, D. M'RaÏhi, S. Vaudenay and D. Raphaeli. Can D.S.A be improved? Complexity trade-offs with the digital signature standard. Advances in CryptologyEurocrypt 94 Proceedings, LNCS Vol. 950, A. De Santis ed., Springer-Verlag, 1994.Google Scholar
  16. 16.
    P. de Rooij. Efficient exponentiation using precomputation and vector addi-tion chains. Advances in Cryptology — Eurocrypt 94 Proceedings, LNCS Vol. 950, A. De Santis ed., Springer-Verlag, 1994.Google Scholar
  17. 17.
    R. Rubinfeld. Batch Checking with applications to linear functions. Information Processing Letters, Vol 42, 1992, pp. 77–80.zbMATHCrossRefGoogle Scholar
  18. 18.
    J. Sauerbrey and A. Dietel. Resource requirements for the application of ad-dition chains modulo exponentiation. Advances in Cryptology — Eurocrypt 92 Proceedings, LNCS Vol. 658, R. Rueppel ed., Springer-Verlag, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Juan A. Garay
    • 2
  • Tal Rabin
    • 2
  1. 1.Dept. of Computer Science & EngineeringUniversity of California at San DiegoLa JollaUSA
  2. 2.IBM T.J. Watson Research CenterYorktown HeightsUSA

Personalised recommendations