Advertisement

Batch Diffie-Hellman Key Agreement Systems and their Application to Portable Communications

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 658)

Abstract

RSA (Rivest, Shamir and Adleman) is today’s most popular public key encryption scheme. Batch-RSA (due to Fiat) is a method to compute many (n/log 2 2 (n), where n is the security parameter) RSA decryption operations at a computational cost approaching that of one normal decryption. It requires that all the operations use the same modulus, but distinct, relatively prime in pairs, short, public exponents. A star-like key agreement scheme could use such a system to slash computational complexity at the center. We show a real life example of such a system — secure portable telephony. Unfortunately, in this system Batch-RSA cannot be employed effectively, due to a delay component which arises from the nature of RSA key exchange. We show that mathematical ideas similar to Fiat’s can lead to a Batch-Diffie-Hellman key agreement scheme, that does not suffer such delay and is comparable in efficiency to Batch-RSA. We prove that with some precautions, this system is as hard to break as RSA with short public exponent. In practice our method improves processing time at the center by a factor of 6 to 17 when compared to (non-batch) Diffie-Hellman schemes with full-size exponents and moduli in the practical range. Smaller improvements (on the order of 1.6 to 3) are obtainable when compared to a Diffie-Hellman scheme employing abbreviated exponents.

Keywords

Batch Size Security Parameter Portable Unit Public Exponent Montgomery Multiplication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [1]
    A.V. Aho, J.E. Hopcroft, and J.D. Ullman, The Design and Analysis of Computer Algorithms, Addison Wesley, 1974.Google Scholar
  2. [2]
    Ben-David, S., Chor, B., Goldreich, O., Luby, M., On the Theory of Average Case Complexity, Proc. STOC 1989, pp. 204–216.Google Scholar
  3. [3]
    M. J. Beller, L. F. Chang, Y. Yacobi, Privacy and Authentication on a Portable Communications System, IEEE Globecom’ 91 Conference Proceedings, Phoenix, December 1991.Google Scholar
  4. [4]
    D. C. Cox, Portable Digital Radio Communications-An Approach to Tether-less Access, IEEE Communications Magazine, Vol. 27, No. 7, July 1989.Google Scholar
  5. [5]
    W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Trans. on Inform. Theory, vol. IT-22, pp. 664–654, Nov. 1976.MathSciNetGoogle Scholar
  6. [6]
    S.R. Dusse and B.S. Kaliski, A Cryptographic Library for the Motorola DSP56000, Advances in Cryptology: Proceedings of Eurocrypt’ 90, I.B. Damgard (Ed.), LNCS 473, Springer Verlag, May 1990, pp. 230–243.Google Scholar
  7. [7]
    A. Fiat: Batch RSA, Proc. Crypto’89, pp 175–185.Google Scholar
  8. [8]
    A.K. Lenstra, Private communication.Google Scholar
  9. [9]
    K.S. McCurley, A key distribution system equivalent to factoring, J. Cryptology, vol. 1, no. 2, 1988.Google Scholar
  10. [10]
    U.M. Maurer and Y. Yacobi Non-interactive Public Key Cryptography Proc. Eurocrypt’91.Google Scholar
  11. [11]
    P.L. Montgomery, Modular Multiplication Without Trial Division, Math of Computation, Vol. 44, 1985, pp. 519–521.zbMATHCrossRefGoogle Scholar
  12. [12]
    J.M. Pollard, Monte Carlo Methods for Index Computation (mod P), Math, Comp. 32 (1978), 918–924.zbMATHCrossRefMathSciNetGoogle Scholar
  13. [13]
    R.L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21, pp. 120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  14. [14]
    Z. Shmuely, Composite Diffie-Hellman public-key generating systems are hard to break, TR 356, CS Dept., Technion, Feb. 1985.Google Scholar
  15. [15]
    Y. Yacobi, A key distribution “paradox”, Proc. CRYPTO’90 Santa Barbara, CA, Aug. 11–15, 1990.Google Scholar
  16. [16]
    Y. Yacobi, Discrete-Log With Compressible Exponents Proc. CRYPTO’90, Santa Barbara, CA, Aug. 11–15, 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Authors and Affiliations

  1. 1.BellcoreUSA

Personalised recommendations