Attacking and Repairing Batch Verification Schemes

Boyd, Colin; Pavlovski, Christopher J.

doi:10.1007/3-540-44448-3_5

Cited by 57 publications

(71 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We list a few examples, but omit details since the techniques in this work will apply to any scheme with batch verification. RSA* is an RSA-variant with batch verification presented by Boyd and Pavlovski [6]. DSA** is a signature scheme based on DSA, given by Naccache et al [27], which uses the small exponents test from [4].…”

Section: Definition 11 ([8])mentioning

confidence: 99%

Group Testing and Batch Verification

Zaverucha

Stinson

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We observe that finding invalid signatures in batches of signatures that fail batch verification is an instance of the classical group testing problem. We present and compare new sequential and parallel algorithms for finding invalid signatures based on group testing algorithms. Of the five new algorithms, three show improved performance for many parameter choices, and the performance gains are especially notable when multiple processors are available.

show abstract

Section: Definition 11 ([8])mentioning

confidence: 99%

Group Testing and Batch Verification

Zaverucha

Stinson

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In 1995 Laih and Yen proposed a new method for batch verification of DSA and RSA signatures [29], but the RSA batch verifier was broken five years later by Boyd and Pavlovski [6]. In 1998 Harn presented two batch verification techniques for DSA and RSA [22,23] but both were later broken [6,25,26].…”

Section: Batch Verification Overviewmentioning

confidence: 99%

“…In 1998 Harn presented two batch verification techniques for DSA and RSA [22,23] but both were later broken [6,25,26]. The same year, Bellare, Garay and Rabin took the first systematic look at batch verification [2] and presented three generic methods for batching modular exponentiations, called the random subset test, the small exponents test and the bucket test which are similar to the ideas from [35,29].…”

Section: Batch Verification Overviewmentioning

confidence: 99%

“…They showed how to apply these methods to batch verification of DSA signatures and also introduced a weaker form of batch verification called screening. In 2000 some attacks against different batch verification schemes, mostly ones based on the small exponents test and related tests, were published [6]. These attacks do not invalidate the proof of security for the small exponents test, but rather show how the small exponents test is often used in a wrong way.…”

Section: Batch Verification Overviewmentioning

confidence: 99%

See 1 more Smart Citation

Batch Verification of Short Signatures

Camenisch

Hohenberger

Pedersen

2007

Lecture Notes in Computer Science

111

View full text Add to dashboard Cite

Abstract. With computer networks spreading into a variety of new environments, the need to authenticate and secure communication grows. Many of these new environments have particular requirements on the applicable cryptographic primitives. For instance, several applications require that communication overhead be small and that many messages be processed at the same time. In this paper we consider the suitability of public key signatures in the latter scenario. That is, we consider signatures that are 1) short and 2) where many signatures from (possibly) different signers on (possibly) different messages can be verified quickly.We propose the first batch verifier for messages from many (certified) signers without random oracles and with a verification time where the dominant operation is independent of the number of signatures to verify. We further propose a new signature scheme with very short signatures, for which batch verification for many signers is also highly efficient. Prior work focused almost exclusively on batching signatures from the same signer. Combining our new signatures with the best known techniques for batching certificates from the same authority, we get a fast batch verifier for certificates and messages combined. Although our new signature scheme has some restrictions, it is the only solution, to our knowledge, that is a candidate for some pervasive communication applications.

show abstract

“…Batch verification, which is firstly introduced by Naccache et al [40], is used to verify multiple signatures simultaneously consuming less time than verifying total individual signatures. Successive research results have achieved improvements in terms of efficiency and security [1,3,4,5,8,9,21,27,51]. There also have been researches for batch signature schemes [22,42,53] and batch generation of exponentiations [10,39].…”

Section: Introductionmentioning

confidence: 99%