A key distribution system equivalent to factoring
Journal of Cryptology
On the theory of average case complexity
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A cryptographic library for the Motorola DSP56000
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
The Design and Analysis of Computer Algorithms
The Design and Analysis of Computer Algorithms
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Discrete-Log With Compressible Exponents
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Non-interactive public-key cryptography
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Attacking and Repairing Batch Verification Schemes
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Hi-index | 0.00 |
RSA (Rivest, Shamir and Adleman) is today's most popular public key encryption scheme. Batch-RSA (due to Fiat) is a method to compute many (n/log22(n), where n is the security parameter) RSA decryption operations at a computational cost approaching that of one normal decryption. It requires that all the operations use the same modulus, but distinct, relatively prime in pairs, short, public exponents. A star-like key agreement scheme could use such a system to slash computational complexity at the center. We show a real life example of such a system - secure portable telephony. Unfortunately, in this system Batch-RSA cannot be employed effectively, due to a delay component which arises from the nature of RSA key exchange. We show that mathematical ideas similar to Fiat's can lead to a Batch-Diffie-Hellman key agreement scheme, that does not suffer such delay and is comparable in efficiency to Batch-RSA. We prove that with some precautions, this system is as hard to break as RSA with short public exponent. In practice our method improves processing time at the center by a factor of 6 to 17 when compared to (non-batch) Diffie-Hellman schemes with full-size exponents and moduli in the practical range. Smaller improvements (on the order of 1.6 to 3) are obtainable when compared to a Diffie-Hellman scheme employing abbreviated exponents.