Batch Verification of ECDSA Signatures

Karati, Sabyasachi; Das, Abhijit; Roychowdhury, Dipanwita; Bellur, Bhargav; Bhattacharya, Debojyoti; Iyer, Aravind

doi:10.1007/978-3-642-31410-0_1

Cited by 19 publications

(12 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This trivial batchverification scheme is obviously secure but also sacrifices all of the speedup reported in [16].…”

Section: On the Importance Of Being Randommentioning

confidence: 99%

“…The paper [16] by Karati, Das, Roychowdhury, Bellur, Bhattacharya, and Iyer, appearing at Africacrypt 2012 earlier this year, proposed a scheme for batch verification of ECDSA signatures. This section shows that the scheme is insecure.…”

Section: On the Importance Of Being Randommentioning

confidence: 99%

“…The batch verification scheme described in [16] verifies signatures (r i , s i ) on messages M i and public keys A i for 1 ≤ i ≤ n by reconstructing R i from r i and checking whether…”

Section: On the Importance Of Being Randommentioning

confidence: 99%

“…The second step is more difficult: it seems to require a square-root computation, and furthermore can at best determine ±y(R i ); in a batch of n signatures one needs to guess as many as 2 n combinations of signs. This implies that the batches need to be chosen small; in [16] the maximum batch size considered is 8. The paper puts the main effort into developing new techniques for computing R i from the x-coordinates in a more efficient manner and reports a good speed-up factor compared to individual verification.…”

Section: On the Importance Of Being Randommentioning

confidence: 99%

See 3 more Smart Citations

Faster Batch Forgery Identification

Bernstein

Doumen

Lange

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Batch signature verification detects whether a batch of signatures contains any forgeries. Batch forgery identification pinpoints the location of each forgery. Existing forgery-identification schemes vary in their strategies for selecting subbatches to verify (individual checks, binary search, combinatorial designs, etc.) and in their strategies for verifying subbatches. This paper exploits synergies between these two levels of strategies, reducing the cost of batch forgery identification for ellipticcurve signatures.

show abstract

“…This trivial batchverification scheme is obviously secure but also sacrifices all of the speedup reported in [16].…”

Section: On the Importance Of Being Randommentioning

confidence: 99%

Section: On the Importance Of Being Randommentioning

confidence: 99%

“…The batch verification scheme described in [16] verifies signatures (r i , s i ) on messages M i and public keys A i for 1 ≤ i ≤ n by reconstructing R i from r i and checking whether…”

Section: On the Importance Of Being Randommentioning

confidence: 99%

Section: On the Importance Of Being Randommentioning

confidence: 99%

See 2 more Smart Citations

Faster Batch Forgery Identification

Bernstein

Doumen

Lange

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…To the best of our knowledge, no generic and practical batch verification scheme for any signature scheme has been proposed; however, we can utilize batch verification schemes for most famous signature schemes. Batch verification schemes for RSA [21] and ECDSA [22] have been proposed. Moreover, batch verification schemes for many pairing-based signature schemes have been proposed in Ref.…”

Section: Appendixmentioning

confidence: 99%

SPaCIS: Secure Payment Protocol for Charging Information over Smart Grid

Kishimoto

Yanai

Okamura

2017

Journal of Information Processing

View full text Add to dashboard Cite

A use of an electric outlet by a consumer forces the outlet manager to pay for the consumer's power usage in current electrical power systems. Even if a consumer uses an outlet managed by another person, one bill for both indoor and outdoor charging information should be required to the consumer in their contract with the utility company. For this purpose, we define a model for the Smart Grid security and propose a Secure Payment Protocol for Charging Information over Smart grid, SPaCIS for short, as a protocol satisfying the model. Our model provides for the unlinkability of consumers as well as for the undeniability and unforgeability of billing information using digital signatures and identity federations. SPaCIS is also efficient in the sense that time complexity is constant relatively to a trivial use such as an individual verification for each signatures, unless a verification error happens. We furthermore evaluate performance of SPaCIS via cryptographic implementation, and simulate SPaCIS in a case that one thousand users generate thirty signatures. Then, we show that SPaCIS with ECDSA can be executed within 6.30 msec for signing and 21.04 msec for verification of signatures, and conclude that SPaCIS is fairly practical.

show abstract