Lenient/Strict Batch Verification in Several Groups

Batch verification is a useful tool in verifying a large number of cryptographic items all at one time. It is especially effective in verifying predicates based on modular exponentiation. In some cases, however, the items can be incorrect although they pass batch verification together. Such leniency can be eliminated by checking the domain of each item in advance. With this in mind, we investigate if the strict batch verification can remain more effective than separate verification. In this paper, we estimate the efficiency of such strict batch verification in several types of groups, a prime subgroup of ZZp with special/random prime p and prime subgroups defined on elliptic curves over Fp, F2m and Fpm, which are often used in DL-based cryptographic primitives. Our analysis concludes that the efficiency differs greatly depending on the choice of the group and parameters determined by the verifying predicate. Furthermore, we even show that there are some cases where batch verification, regardless of strictness, loses its computational advantage.

[1]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[2]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[3]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[4]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[5]  Masayuki Abe,et al.  Universally Verifiable Mix-net with Verification Work Indendent of the Number of Mix-servers , 1998, EUROCRYPT.

[6]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[7]  Sung-Ming Yen,et al.  Improved Digital Signature Algorithm , 1995, IEEE Trans. Computers.

[8]  Colin Boyd,et al.  Attacking and Repairing Batch Verification Schemes , 2000, ASIACRYPT.

[9]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[10]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[11]  Masayuki Abe,et al.  Remarks on Mix-Network Based on Permutation Networks , 2001, Public Key Cryptography.

[12]  David M'Raïhi,et al.  Can D.S.A. be Improved? Complexity Trade-Offs with the Digital Signature Standard , 1994, EUROCRYPT.

[13]  Sung-Ming Yen,et al.  Improved Digital Signature Suitable for Batch Verification , 1995, IEEE Trans. Computers.

[14]  Kunio Kobayashi,et al.  Fast Elliptic Curve Algorithm Combining Frobenius Map and Table Reference to Adapt to Higher Characteristic , 1999, EUROCRYPT.

[15]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[16]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.