Batch Diffie-Hellman Key Agreement Systems and their Application to Portable Communications

Beller, M.J.; Yacobi, Yacov

doi:10.1007/3-540-47555-9_19

Cited by 6 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover squaring is generally more efficient than multiplication [5,10]. 3 From Table 2, we can see that our test is expected to be about 2 ∼ 3 times faster than the small exponent test as n grows.…”

Section: Basic Sparse Exponent Testmentioning

confidence: 88%

See 1 more Smart Citation

Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations

Cheon

Lee

2006

IEEE Trans. Comput.

View full text Add to dashboard Cite

Abstract. Modular exponentiation in an abelian group is one of the most frequently used mathematical primitives in modern cryptography. Batch verification is to verify many exponentiations simultaneously. We propose two fast batch verification algorithms. The first one makes use of exponents with small weight, called sparse exponents, which is asymptotically 10 times faster than the individual verification and twice faster than the previous works without security loss. The second one is applied only to elliptic curves defined over small finite fields. Using sparse Frobenius expansion with small integer coefficients, we propose a complex exponent test which is four times faster than the previous works. For example, each exponentiation in one batch requires asymptotically 9 elliptic curve additions in some elliptic curves for 2 80 security.

show abstract

Section: Basic Sparse Exponent Testmentioning

confidence: 88%

“…He introduced an algorithm to obtain two exponentiations by one full exponentiation and several small exponentiations. More techniques on batch computations can be found in [3,12].…”

Section: Introductionmentioning

confidence: 99%

Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations

Cheon

Lee

2006

IEEE Trans. Comput.

View full text Add to dashboard Cite

show abstract

“…To illustrate the point assume that the DCV verifier is used to identify bad signatures by running the test V e (x) defined by Equation (2). Given a batch instance x = ((m 1 , s 1 ), .…”

Section: Stopping Case: If the Instance Consists Of N = 1 Signature mentioning

confidence: 99%

Identification of Bad Signatures in Batches

Pastuszak

Michatek

Pieprzyk

et al. 2000

Public Key Cryptography

View full text Add to dashboard Cite

Abstract. The paper addresses the problem of bad signature identification in batch verification of digital signatures. The number of generic tests necessary to identify all bad signatures in a batch instance, is used to measure the efficiency of verifiers. The divide-and-conquer verifier DCVα(x, n) is defined. The verifier identifies all bad signatures in a batch instance x of the length n by repeatedly splitting the input into α sub-instances. Its properties are investigated. In particular, probability distributions for the number of generic tests necessary to identify one, two and three bad signatures, are derived. The average numbers of GT tests necessary to identify bad signatures ranging from 1 to 16 are obtained from computer simulation. Further, a Hamming verifier (HV) is defined which allows to identify a single bad signature in a batch of the length n = 2 k − 1 using k + 2 tests. HV is generalised into the two-layer Hamming verifier (2HV). Given a batch instance of the length 2 k − 2, the 2HV verifier identifies a single bad signature using k + 2 tests and two bad signatures in expense of 3k + 3 tests. The work is concluded by comments about a general model for verification codes identifying t bad signatures and the design of verifiers using combinatorial structures.

show abstract

“…Batch verification, which has been in development for many years, is one of the tools that has been frequently evaluated for these purposes, as it helps shorten the time needed for the verification of multiple signatures. In the last two decades, various researchers have discussed batch verification [27,134,173,132,84], and we summarize their contributions below.…”

Section: Prior Researchmentioning

confidence: 99%

Efficient group signature and identity-based signature schemes

Cui¹

View full text Add to dashboard Cite

This thesis introduces a group signature scheme based on RSA and some identitybased signature schemes based on the bilinear pairings over elliptic curves. A practical group signature scheme is proposed with the introduction of a trusted third party called security mediator. The length of group signatures generated by the proposed scheme is shorter at the security level of 1024 bits than Boneh-Boyen-Shacham scheme. It is suitable for those applications which require short signatures. The implementation of the new group signature scheme is very simple and just requires modulo exponentiations. A new identity-based signature (IBS) schemes is developed which are proven secure in the random oracle model. The security of IBS using random oracles relies on Generalized k-CAA which is an extension version of k-CAA. The experimental results show that the proposed IBS scheme in the random oracle model is the fastest one compared to the published IBS schemes from the bilinear pairings at low security levels. We also investigate methods of building non-supersingular elliptic curves suitable for pairing-based cryptosystems and find a useful property of the Frobenius trace for such curves. Based on this property, some non-supersingular elliptic curves can be built. Batch verification is a very efficient method for speeding up multiple signa-ATTENTION: The Singapore Copyright Act applies to the use of this document. Nanyang Technological University Library iii ture verification. We investigate batch verification of the proposed IBS scheme in the random oracle model. The experimental results exhibit excellent performance in terms of the time for verification of multiple signatures and the implementation complexity. The security analysis shows that batch verification of the proposed IBS scheme is unforgeable under an adaptive chosen message and identity attack. Based on the proposed IBS scheme in the random oracle model, two new signature schemes with special features are developed: identity-based blind signature (IBBS) scheme and identity-based chameleon signature (IBCS) scheme. The security analysis illustrates that the new IBBS and IBCS are provably secure. The performance comparison shows that the efficiency of both new signature schemes is improved compared to the Zhang-Kim IBBS scheme and Zhang-Naini-Susilo IBCS scheme.

show abstract

Batch Diffie-Hellman Key Agreement Systems and their Application to Portable Communications

Cited by 6 publications

References 7 publications

Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations

Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations

Identification of Bad Signatures in Batches

Efficient group signature and identity-based signature schemes

Contact Info

Product

Resources

About