Batch RSA

  • Amos Fiat
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 435)


Number theoretic cryptographic algorithms are all based upon modular mul- tiplication modulo some composite or prime. Some security parameter n is set (the length of the composite or prime). Cryptographic functions such as digi- tal signature or key exchange require O(n) or O(√n) modular multiplications ([DH, RSA, R, E, GMR, FS], etc.).

This paper proposes a variant of the RSA scheme which requires only polylog(n) (O(log2 n)) modular multiplications per RSA operation. Inherent to the scheme is the idea of batching, i.e., performing several encryption or signature operations simultaneously. In practice, the new variant effectively performs several modular exponentiations at the cost of a single modular ex- ponentiation. This leads to a very fast RSA-like scheme whenever RSA is to be performed at some central site or when pure-RSA encryption (vs. hybrid encryption) is to be performed.

An important feature of the new scheme is a practical scheme that isolates the private key from the system, irrespective of the size of the system, the number of sites, or the number of private operations that need be performed.


Signature Scheme Batch Size Security Parameter Modular Multiplication Modular Exponentiation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AFK]
    Abadi, M., Feigenbaum, J., and Kilian, J., On Hiding Information from an Oracle, Proceedings of the 19th Annual ACM Symposium on Theory of Computing.Google Scholar
  2. [AGCS]
    Alexi, W., Chor, B., Goldreich, O., and Schnorr, C.P., RSA and Rabin Functions: Certain Parts are as Hard as the Whole, SIAM J. Comput., April, 1988.Google Scholar
  3. [AHU]
    Aho, A.V., Hopcroft J.E., and Ullman, J.D., The Design and Analysis of Computer Algorithms, Addison-Wesley, 1974.Google Scholar
  4. [B]
    Blum, M., Personal communication.Google Scholar
  5. [BM]
    Blum, M. and Micali, S., How to generate Cryptographically Strong Sequences of Pseudo-Random Bits, SIAM J. Comp., 13, 1984.Google Scholar
  6. [BG]
    Blum, M. and Goldwasser, S., An Efficient Probabilistic Public Key Encryption Scheme which Hides all Partial Information, Proceedings of Crypto’ 84.Google Scholar
  7. [CFN]
    Chaum, D., Fiat, A., and Naor, M., Untraceable Electronic Cash, Proceedings of Crypto’ 88.Google Scholar
  8. [DH]
    Diffie, W. and Hellman, M.E., New Directions in Cryptography, IEEE Trans. on Information Theory, Vol IT-22, 1976.Google Scholar
  9. [E]
    El Gamal, T., A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Transactions on Information Theory, Vol IT-31, 1985.Google Scholar
  10. [FS]
    Fiat, A., and Shamir, A., How to Prove Yourself: Practical Solutions to Identification and Signature Problems, Proceedings of Crypto’ 86.Google Scholar
  11. [GMR]
    Goldwasser, S., S. Micali, and R.L. Rivest, A Secure Digital Signature Scheme, SIAM J. Comput., April, 1988.Google Scholar
  12. [H]
    Håstad, J., On using RSA with Low Exponent in a Public Key Network, Proceedings of Crypto’ 85.Google Scholar
  13. [K]
    Knuth, D., The Art of Computer Programming, vol. 2: Seminumerical Algorithms, 2nd ed., Addison-Wesley, 1981.Google Scholar
  14. [MS]
    Micali, S., and Schnorr, C.P., Efficient, Perfect Random Number Generators, proceedings of Crypto’ 88.Google Scholar
  15. [QC]
    Quisquater, J.-J. and Couvreur, C, Fast decipherment algorithm for RSA public-key cryptosystem, Electronic letters, vol. 18, 1982, pp. 905–907.CrossRefGoogle Scholar
  16. [R]
    Rabin, M.O., Digitalized signatures, in Foundations of Secure Computation, Academic Press, NY, 1978.Google Scholar
  17. [RSA]
    Rivest, R.L., Shamir, A. and Adleman, L., A Method for Obtaining Digital Signatures and Public Key Cryptosystems, Comm. ACM, Vol. 21, No. 2, 1978.Google Scholar
  18. [S]
    Shamir, A., On the Generation of Cryptographically Strong Pseudorandom Sequences, ACM Trans. on Computer Systems, Vol. 1, No. 1, 1983.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Amos Fiat
    • 1
  1. 1.Department of Computer ScienceTel-Aviv UniversityTel-AvivIsrael

Personalised recommendations