signature=1982ab87dc2679ab32a4cc77dcd4ace3,Randomized Batch Verification of Standard ECDSA Signature...

Abstract

In AfricaCrypt 2012, several algorithms are proposed for the batch verification of ECDSA signatures. In this paper, we propose three randomization methods for these batch-verification algorithms. Our first proposal is based on Montgomery ladders, and the second on computing square-roots in the underlying field. Both these techniques use numeric arithmetic only. Our third proposal exploits symbolic computations leading to a seminumeric algorithm. We theoretically and experimentally establish that for standard ECDSA signatures, our seminumeric randomization algorithm in tandem with the batch-verification algorithm S2′ gives the best speedup over individual verification. If each ECDSA signature contains an extra bit to uniquely identify the correct y-coordinate of the elliptic-curve point appearing in the signature, then the second numeric randomization algorithm followed by the naive batch-verification algorithm N′ yields the best performance gains. We detail our study for NIST prime and Koblitz curves.

KeywordsECDSAElliptic curveKoblitz curveMontgomery ladderSymbolic computationBatch verificationRandomization

This is a preview of subscription content, log in to check access.

PreviewUnable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.References

1.

Karati, S., Das, A., Roychowdhury, D., Bellur, B., Bhattacharya, D., Iyer, A.: Batch verification of ECDSA signatures. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 1–18. Springer, Heidelberg (2012)

2.

Bernstein, D.J., Doumen, J., Lange, T., Oosterwijk, J.-J.: Faster batch forgery identification. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 454–473. Springer, Heidelberg (2012)

3.

Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be improved?: Complexity trade-offs with the digital signature standard. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 77–85. Springer, Heidelberg (1995)

4.

Antipa, A., Brown, D., Gallant, R., Lambert, R., Struik, R., Vanstone, S.: Accelerated verification of ECDSA signatures. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 307–318. Springer, Heidelberg (2006)

5.

Cheon, J.H., Yi, J.H.: Fast batch verification of multiple signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 442–457. Springer, Heidelberg (2007)

6.

Montgomery, P.L.: Speeding up Pollard and elliptic curve methods of factorization. In: Mathematics of Computation, vol. 48(177), pp. 243–264 (1987)

7.

Joye, M.: Security analysis of RSA-type cryptosystems. Phd thesis, UCL Crypto Group, Belgium (1997)

8.

NIST: Recommended elliptic curves for federal government use (1999),

9.

Montgomery, P.L.: Evaluating recurrences of form X

m + n = f(X

m,X

n,X

m − n) via Lucas chains. Microsoft research article, 582 (1992)

10.

Stam, M.: On Montgomery-like representations for elliptic curves over GF(2k). In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 240–253. Springer, Heidelberg (2002)

11.

Stam, M.: Speeding up subgroup cryptosystems. PhD thesis, Technische Universiteit Eindhoven (2003)

12.

Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)

13.

Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)

14.

López, J., Dahab, R.: Fast multiplication on elliptic curves over GF(2m) without precomputation. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 316–327. Springer, Heidelberg (1999)

15.

Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.P.: Parallel scalar multiplication on general elliptic curves over F

p hedged against non-differential side-channel attacks. IACR Cryptology ePrint Archive 2002/007 (2002)

16.

Bernstein, D.J., Lange, T.: Explicit-Formulas Database (2007),

17.

Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography, 2nd edn. Chapman & Hall/CRC (2012)

18.

Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer-Verlag New York, Inc., Secaucus (2003)

19.

PARI Group: PARI/GP home (2008),

20.

Lange, T.: A note on López-Dahab coordinates. IACR Cryptology ePrint Archive 2004/323 (2004)

21.

Solinas, J.A.: Improved algorithms for arithmetic on anomalous binary curves. Technical report, Originally presented in Advances in Cryptography, Crypto 1997 (1997)Copyright information

© Springer International Publishing Switzerland 2014Authors and Affiliations

Sabyasachi Karati1

Abhijit Das1

Dipanwita Roychoudhury11.Department of Computer Science and EngineeringIITKharagpurIndia