The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Practical Short Signature Batch Verification

Practical Short Signature Batch Verification
Practical Short Signature Batch Verification
In many applications, it is desirable to work with digital signatures that are short, and yet where many messages from different signers be verified very quickly. RSA signatures satisfy the latter condition, but are generally thousands of bits in length. Recent developments in pairing-based cryptography produced a number of “short” signatures which provide equivalent security in a fraction of the space. Unfortunately, verifying these signatures is computationally intensive due to the expensive pairing operation. Toward achieving “short and fast” signatures, Camenisch, Hohenberger and Pedersen (Eurocrypt 2007) showed how to batch verify two pairing-based schemes so that the total number of pairings was independent of the number of signatures to verify. In this work, we present both theoretical and practical contributions. On the theoretical side, we introduce new batch verifiers for a wide variety of regular, identity-based, group, ring and aggregate signature schemes. These are the first constructions for batching group signatures, which answers an open problem of Camenisch et al. On the practical side, we implement each of these algorithms and compare each batching algorithm to doing individual verifications. Our goal is to test whether batching is practical; that is, whether the benefits of removing pairings significantly outweigh the cost of the additional operations required for batching, such as group membership testing, randomness generation, and additional modular exponentiations and multiplications. We experimentally verify that the theoretical results of Camenisch et al. and this work, indeed, provide an efficient, effective approach to verifying multiple signatures from (possibly) different signers.
978-3-642-00861-0
309-324
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Green, Matthew
8a6cd1ac-cb05-49a5-bce0-17bc1912831c
Hohenberger, Susan
b1f3b9b6-b958-46f4-8c1b-0a0c25b6dd98
Pedersen, Michael Østergaard
abbcb31c-6d1f-4081-a982-8a568029ffb6
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Green, Matthew
8a6cd1ac-cb05-49a5-bce0-17bc1912831c
Hohenberger, Susan
b1f3b9b6-b958-46f4-8c1b-0a0c25b6dd98
Pedersen, Michael Østergaard
abbcb31c-6d1f-4081-a982-8a568029ffb6

Ferrara, Anna Lisa, Green, Matthew, Hohenberger, Susan and Pedersen, Michael Østergaard (2009) Practical Short Signature Batch Verification. Topics in Cryptology - The Cryptographers' Track at the RSA Conference, San Francisco, CA, United States. 20 - 24 Apr 2009. pp. 309-324 .

Record type: Conference or Workshop Item (Paper)

Abstract

In many applications, it is desirable to work with digital signatures that are short, and yet where many messages from different signers be verified very quickly. RSA signatures satisfy the latter condition, but are generally thousands of bits in length. Recent developments in pairing-based cryptography produced a number of “short” signatures which provide equivalent security in a fraction of the space. Unfortunately, verifying these signatures is computationally intensive due to the expensive pairing operation. Toward achieving “short and fast” signatures, Camenisch, Hohenberger and Pedersen (Eurocrypt 2007) showed how to batch verify two pairing-based schemes so that the total number of pairings was independent of the number of signatures to verify. In this work, we present both theoretical and practical contributions. On the theoretical side, we introduce new batch verifiers for a wide variety of regular, identity-based, group, ring and aggregate signature schemes. These are the first constructions for batching group signatures, which answers an open problem of Camenisch et al. On the practical side, we implement each of these algorithms and compare each batching algorithm to doing individual verifications. Our goal is to test whether batching is practical; that is, whether the benefits of removing pairings significantly outweigh the cost of the additional operations required for batching, such as group membership testing, randomness generation, and additional modular exponentiations and multiplications. We experimentally verify that the theoretical results of Camenisch et al. and this work, indeed, provide an efficient, effective approach to verifying multiple signatures from (possibly) different signers.

Text
CT-RSA09.pdf - Version of Record
Download (388kB)

More information

Published date: April 2009
Additional Information: Event Dates: April 20-24, 2009
Venue - Dates: Topics in Cryptology - The Cryptographers' Track at the RSA Conference, San Francisco, CA, United States, 2009-04-20 - 2009-04-24
Organisations: Electronic & Software Systems
Learn more about Cyber Physical Systems research

Identifiers

Local EPrints ID: 272477
URI: http://eprints.soton.ac.uk/id/eprint/272477
ISBN: 978-3-642-00861-0
PURE UUID: ff6a29cc-3637-4517-a3c7-03094c88ab6d

Catalogue record

Date deposited: 15 Jun 2011 16:10
Last modified: 14 Mar 2024 10:02

Export record

Contributors

Author: Anna Lisa Ferrara
Author: Matthew Green
Author: Susan Hohenberger
Author: Michael Østergaard Pedersen

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×