Batch exponentiation: a fast DLP-based signature generation strategy
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Improved Digital Signature Suitable for Batch Verification
IEEE Transactions on Computers
ICICS '99 Proceedings of the Second International Conference on Information and Communication Security
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
RSA-Based Undeniable Signatures
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
How to Prove That a Committed Number Is Prime
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
On the Design of RSA with Short Secret Exponent
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Batch Diffie-Hellmam key agreement systems and their application to portable communications
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Proving in zero-knowledge that a number is the product of two safe primes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Spending Offline Divisible Coins with Combining Capability
INDOCRYPT '02 Proceedings of the Third International Conference on Cryptology: Progress in Cryptology
Lenient/Strict Batch Verification in Several Groups
ISC '01 Proceedings of the 4th International Conference on Information Security
Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations
IEEE Transactions on Computers
Batch Verification of Short Signatures
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Identification of Multiple Invalid Signatures in Pairing-Based Batched Signatures
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Efficient Vote Validity Check in Homomorphic Electronic Voting
Information Security and Cryptology --- ICISC 2008
Batch ZK Proof and Verification of OR Logic
Information Security and Cryptology
A DAA scheme using batch proof and verification
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Group testing and batch verification
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
A DAA scheme requiring less TPM resources
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Batch verifications with ID-Based signatures
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
A (corrected) DAA scheme using batch proof and verification
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 2012 ACM conference on Computer and communications security
Batch verification suitable for efficiently verifying a limited number of signatures
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Batch verification can provide large computational savings when several signatures, or other constructs, are verified together. Several batch verification algorithms have been published in recent years, in particular for both DSA-type and RSA signatures. We describe new attacks on several of these published schemes. A general weakness is explained which applies to almost all known batch verifiers for discrete logarithm based signature schemes. It is shown how this weakness can be eliminated given extra properties about the underlying group structure. A new general batch verifier for exponentiation in any cyclic group is also described as well as a batch verifier for modified RSA signatures.