Fast Batch Verification of Multiple Signatures

We propose an efficient batch verification of multiple signatures generated by different signers as well as a single signer. We first introduce a method to generate width-w Non-Adjacent Forms (w-NAFs) uniformly. We then propose a batch verification algorithm of exponentiations using w-NAF exponents, and apply this to batch verification for the modified DSA and ECDSA signatures. The performance analysis shows that our proposed method is asymptotically seven and four times as fast as individual verification in case of a single signer and multiple signers, respectively. Further, the proposed algorithm can be generalized into τ - adic w-NAFs over Koblitz curves and requires asymptotically only six elliptic curve additions per each signature for batch verification of the modified ECDSA signatures by a single singer. Our result is the first one to efficiently verify multiple signatures by multiple signers that can introduce much wider applications.

[1]  Sung-Ming Yen,et al.  Improved Digital Signature Suitable for Batch Verification , 1995, IEEE Trans. Computers.

[2]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[3]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[4]  Ernest F. Brickell,et al.  Fast Exponentiation with Precomputation (Extended Abstract) , 1992, EUROCRYPT.

[5]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[6]  Colin Boyd,et al.  Attacking and Repairing Batch Verification Schemes , 2000, ASIACRYPT.

[7]  Walter M. Lioen,et al.  Factorization of RSA-140 Using the Number Field Sieve , 1999, CRYPTO 1999.

[8]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[9]  Alfred Menezes,et al.  Software Implementation of the NIST Elliptic Curves Over Prime Fields , 2001, CT-RSA.

[10]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[11]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[12]  Douglas R. Stinson,et al.  Minimality and other properties of the width-w nonadjacent form , 2005, Math. Comput..

[13]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[14]  Scott A. Vanstone,et al.  Accelerated Verification of ECDSA Signatures , 2005, Selected Areas in Cryptography.

[15]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[16]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[17]  David M'Raïhi,et al.  Batch exponentiation: a fast DLP-based signature generation strategy , 1996, CCS '96.

[18]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[19]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[20]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[21]  David M'Raïhi,et al.  Can D.S.A. be Improved? Complexity Trade-Offs with the Digital Signature Standard , 1994, EUROCRYPT.

[22]  R. Glowinski,et al.  Computing Methods in Applied Sciences and Engineering , 1974 .

[23]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[24]  Amos Fiat,et al.  Batch RSA , 1989, Journal of Cryptology.

[25]  Jerome A. Solinas An Improved Algorithm for Arithmetic on a Family of Elliptic Curves , 1997, CRYPTO.

[26]  L. Harn Batch verifying multiple DSA-type digital signatures , 1998 .

[27]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[28]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[29]  Dong Hoon Lee,et al.  Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations , 2006, IEEE Transactions on Computers.

[30]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.