Randomized Batch Verification of Standard ECDSA Signatures

Lecture Notes in Computer Science, 2014

Several batch-verification algorithms for original ECDSA signatures are proposed for the first time in AfricaCrypt 2012. Two of these algorithms are based on the naive idea of taking square roots in the underlying fields, and the others perform symbolic manipulation to verify small batches of ECDSA signatures. In this paper, we use elliptic-curve summation polynomials to design a new ECDSA batch-verification algorithm which is theoretically and experimentally much faster than the symbolic algorithms of AfricaCrypt 2012. Our experiments on NIST prime and Koblitz curves demonstrate that our proposed algorithm increases the optimal batch size from seven to nine. We also mention how our algorithm can be adapted to Edwards curves.

Lecture Notes in Computer Science, 2012

In this paper, we study several algorithms for batch verification of ECDSA signatures. The first of these algorithms is based upon the naive idea of taking square roots in the underlying field. We also propose two new and efficient algorithms which replace square-root computations by symbolic manipulations. Experiments carried out on NIST prime curves demonstrate a maximum speedup of above six over individual verification if all the signatures in the batch belong to the same signer, and a maximum speedup of about two if the signatures in the batch belong to different signers, both achieved by a fast variant of our second symbolic-manipulation algorithm. In terms of security, all the studied algorithms are equivalent to standard ECDSA* batch verification. These algorithms are practical only for small ( 8) batch sizes. To the best of our knowledge, this is the first reported study on the batch verification of original ECDSA signatures.

Sādhanā, 2019

In this paper, we propose an efficient batch verification algorithm for ECDSA Ã (Elliptic Curve Digital Signature Algorithm) Ã signatures. Our scheme is efficient for both single and multiple signers. ECDSA Ã signature is a modified version of ECDSA, which accelerates the verification of ECDSA signature by more than 40%. However, the highlighting feature of our proposed scheme is its efficiency for varied batch sizes. The scheme is resistant to forgery attacks by either signer or intruder. The performance of our scheme remains consistent for higher batch sizes too ( ! 8). Our paper also discusses the possible attacks on ECDSA signatures and also how our scheme is resistant to such attacks.

IACR Cryptol. ePrint Arch., 2012

Randomizers are popularly used to prevent various types of attacks on batch-verification schemes. Recently, several algorithms based upon symbolic computation are proposed for the batch verification of ECDSA signatures. In this article, we demonstrate that the concept of randomizers can be easily embedded in these symbolic-computation algorithms. The performance degradation caused by randomizers is comparable with that associated with ECDSA*.

Selected Areas in Cryptography, 2005

Verification of ECDSA signatures is considerably slower than generation of ECDSA signatures. This paper describes a method that can be used to accelerate verification of ECDSA signatures by more than 40% with virtually no added implementation complexity. The method can also be used to accelerate verification for other ElGamal-like signature algorithms, including DSA.

The Elliptic Curve Digital Signature Algorithm (ECDSA) is an elliptic curve variant of the Digital Signature Algorithm (DSA). It gives cryptographically strong digital signatures making use of Elliptic curve discrete logarithmic problem. It uses arithmetic with much smaller numbers 160/256 bits instead of 1024/2048 bits in RSA and DSA and provides the same level of security. The ECDSA was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard. Many cryptologist have studied security aspects of ECDSA and proposed different variants. In this paper, we discuss a detailed analysis of the original ECDSA and all its available variants in terms of the security level and execution time of all the phases. To the best of our knowledge, this is a unique attempt to juxtapose and compare the ECDSA with all of its variants.

Lecture Notes in Computer Science, 1998

Many tasks in cryptography (e.g., digital signature verification) call for verification of a basic operation like modular exponentiation in some group: given (g, x, y) check that g~ = y. This is typically done by re-computing 9 = and checking we get y. We would like to do it differently, and faster. The approach we use is hatching. Focusing first on the basic modular exponentiation operation, we provide some probabilistic batch verifiers, or tests, that verify a sequence of modular exponentiations significantly faster than the naive re-computation method. This yields speedups for several verification tasks that involve modular exponentiations. Focusing specifically on digital signatures, we then suggest a weaker notion of (batch) verification which we call "screening." It seems useful for many usages of signatures~ and has the advantage that it can be done very fast; in particular, we show how to screen a sequence of RSA signatures at the cost of one RSA verification plus hashing.

Lecture Notes in Computer Science

We propose a practical digital signature scheme based on the elliptic curve modulo n , where n = p 2 q such that p and q are large secret primes. The signature generation speed of our scheme is more than 10 times faster than that of the RSA scheme. Moreover, a pre-processing technique can significan t.ly increase the signature generation speed.

Journal of Computer Science and Technology, 2013

The concept of batch verifying multiple digital signatures is to find a method by which multiple digital signatures can be verified simultaneously in a lower time complexity than separately verifying all the signatures. In this article, we analyze the complexity of the batch verifying schemes defined by Li, Hwang and Chen in 2010, and propose a new batch verifying multiple digital signature scheme, in two variants: one for RSA -by completing the Harn's schema with an identifying illegal signatures algorithm, and the other adapted for a modified Elliptic Curve Digital Signature Algorithm protocol.

DSA and ECDSA are well established standards for digital signature based on the discrete logarithm problem. In this paper we survey known properties, certification issues regarding the public parameters, and security proofs. ECDSA also includes a standard certification scheme for elliptic curve which is assumed to guarantee that the elliptic curve was randomly selected, preventing from any potential malicious choice. In this paper we show how to bypass this scheme and certify any elliptic curve in characteristic two. The prime field case is also studied. Although this does not lead to any attack at this time since all possible malicious choices which are known at this time are specifically checked, this demonstrates that some part of the standard is not well designed. We finally propose a tweak.