This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations
December 2006 (vol. 55 no. 12)
pp. 1536-1542
Modular exponentiation in an abelian group is one of the most frequently used mathematical primitives in modern cryptography. Batch verification is an algorithm for verifying many exponentiations simultaneously. We propose two fast batch verification algorithms. The first one makes use of exponents of small weight, called sparse exponents, and is asymptotically 10 times faster than individual verification and twice as fast as previous works at the same security level. The second one can only be applied to elliptic curves defined over small finite fields. Using sparse Frobenius expansion with small integer coefficients, we give a complex exponent test which is four times faster than the previous works. For example, each exponentiation in one batch asymptotically requires nine elliptic curve additions on some elliptic curves for 2^{80} security.

[1] E. Brickell, D. Gordon, K. McCurley, and D. Wilson, “Fast Exponentiation with Precomputation,” Proc. Eurocrypt '92, pp.200-207, 1993.
[2] M. Bellare, J. Garay, and T. Rabin, “Fast Batch Verification for Modular Exponentiation and Digital Signatures,” Proc. Eurocrypt '98, pp. 236-250, 1998, http://www-cse.ucsd.edu/usersmihir.
[3] M. Beller and Y. Yacobi, “Batch Diffie-Hellman Key Agreement Systems and Their Application to Portable Communications,” Proc. Eurocrypt '92, pp. 208-220, 1993.
[4] C. Boyd and C. Pavlovski, “Attacking and Repairing Batch Verification Schemes,” Proc. Asiacrypt '00, pp. 58-71, 2000.
[5] M. Brown, D. Hankerson, J. López, and A. Menezes, “Software Implementation of the NIST Elliptic Curves over Primes Fields,” Proc. Cryptographer's Track RSA Conf. '01, pp. 250-265, 2001.
[6] R. Cramer and V. Shoup, “Signature Schemes Based on the Strong RSA Assumptions,” ACM Trans. Information and System Security, vol. 3, no. 3, pp. 161-185, 2000.
[7] Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62, approved 7 Jan. 1999.
[8] A. Fiat, “Batch RSA,” J. Cryptology, vol. 10, no. 2, pp. 75-88, 1997.
[9] L. Guillou and J. Quisquater, “A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory,” Proc. Eurocrypt '88, pp. 123-128, 1988.
[10] D. Hankerson, J. Hernandez, and A. Menezes, “Software Implementation of Elliptic Curve Cryptography over Binary Fields,” Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '00), pp. 1-24, 2000.
[11] A. May, “Computing the RSA Secret Key Is Deterministic Polynomial Time Equivalent to Factoring,” Proc. Crypto '04, pp.213-219, 2004.
[12] D. M'Raithi and D. Naccache, “Batch Exponentiation—A Fast DLP Based Signature Generation Strategy,” Proc. ACM Conf. Computer and Comm. Security, pp. 58-61, 1996.
[13] E. Mykletun, M. Narasimha, and G. Tsudik, “Authentication and Integrity in Outsourced Databases,” Proc. ISOC Symp. Network and Distributed Systems Security (NDSS '04), 2004.
[14] V. Muller, “Fast Multiplication on Elliptic Curves over Small Fields of Characteristic Two,” J. Cryptology, vol. 11, pp. 219-234, 1998.
[15] D. Naccache, D. M'Raithi, S. Vaudenay, and D. Raphaeli, “Can D.S.A. Be Improved? Complexity Trade-Offs with the Digital Signature Standard,” Proc. Eurocrypt '94, pp. 77-85, 1994.
[16] J. Pastuszak, D. Michalek, J. Pieprzyk, and J. Seberry, “Identification of Bad Signatures in Batches,” Proc. Int'l Conf. Theory and Practice of Public Key Cryptography (PKC '00), pp. 28-45, 2000.
[17] J. Solinas, “An Improved Algorithm for Arithmetic on a Family of Elliptic Curves,” Proc. Crypto '97, pp. 357-371, 1997, http://www.cacr.math.uwaterloo.catechreports /.
[18] S. Yen and C. Laih, “Improved Digital Signature Suitable for Batch Veriffication,” IEEE Trans. Computers, vol. 44, no. 7, pp. 957-959, July 1995.

Index Terms:
Batch verification, modular exponentiation, sparse exponent, Frobenius map.
Citation:
Jung Hee Cheon, Dong Hoon Lee, "Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations," IEEE Transactions on Computers, vol. 55, no. 12, pp. 1536-1542, Dec. 2006, doi:10.1109/TC.2006.207
Usage of this product signifies your acceptance of the Terms of Use.