Abstract
Cryptographic voting protocols often rely on methods that require a large number of modular exponentiations. Corresponding performance bottlenecks may appear both on the server and the client side. Applying existing optimization techniques is often mentioned and recommended in the literature, but their potential has never been analyzed in depth. In this paper, we investigate existing algorithms for computing fixed-base exponentiations and product exponentiations. Both of them appear frequently in voting protocols. We also explore the potential of applying small-exponent techniques. It turns out that using these techniques in combination, the overall computation time can be reduced by two or more orders of magnitude.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Exponentiations in groups such as elliptic curves, where the potential of applying the same type of optimizations is exactly the same, are less frequently used in voting protocols. Here we focus on multiplicative groups of integers modulo p, but our theoretical results are all applicable to the general case.
- 2.
There are multiple reasons for working with short exponents. In certain applications of some cryptographic schemes, a much smaller subgroup \(\mathbb {G}_q\subset \mathbb {Z}^*_p\) is sufficient. To resist against the best available DL algorithms, the minimal bit length of q in such cases is \(2\lambda \), where \(\lambda \) denotes the security strength, for example \(|q|=224\) for \(\lambda =112\). Corresponding exponents \(e\in \mathbb {Z}_q\) are then inherently restricted to |q| bits. In larger groups, smaller exponents are sometimes selected on purpose, for example in the case of a challenge \(c\in \mathbb {Z}_{2^\lambda }\) in a zero-knowledge proof or in systems relying on the short-exponent discrete logarithm (DLSE) assumption, in which short exponents \(e\in \mathbb {Z}_{2^{2\lambda }}\) deliver the same provable security under a slightly stronger intractability assumption. For example, using the ElGamal encryption scheme with short randomizations has been proven IND-CPA secure under the DLSE assumption [7].
- 3.
The precomputation of HAC 14.82, HAC 14.83, and HAC 14.85 gets much faster for a small base. For values such as \(b=2\) or \(b=4\), multiplication during precomputation corresponds to shifting the bits a few positions to the left (modulo p), which is obviously much faster than regular multiplications. In such a case, our theoretical analysis based on counting modular multiplications gets inaccurate.
- 4.
Using the same testbed, we performed further experiments on different platforms such as tablet computers and mobile phones. We obtained very similar test results on all platforms, but for reasons of brevity, we do not include them in our discussion.
- 5.
We were surprised to observe that MiniGMP compiled into WASM does not provide an important advantage over pure JavaScript. We have no explanation for this, but from the tests that we conducted, we can exclude that this is due to some communication overhead between WASM and JavaScript. By passing exactly the same amount of data from JavaScript to WASM, we observed that computing n modexps in a single call is almost exactly n times more expensive than computing a single modexp.
References
Baird, L.C.: Big Integer Library by Leemon. https://github.com/Evgenus/BigInt
Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast exponentiation with precomputation. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_18
Giry, D.: Cryptographic Key Length Recommendation. https://www.keylength.com
Granlund, T.: The GNU Multiple Precision Arithmetic Library - Edition 6.1.2 (2016). https://gmplib.org
Haenni, R., Locher, P., Koenig, R., Dubuis, E.: Pseudo-code algorithms for verifiable re-encryption mix-nets. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 370–384. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_23
Indutny, F.: BigNum in Pure Javascript. https://github.com/indutny/bn.js
Koshiba, T., Kurosawa, K.: Short exponent Diffie-Hellman problems. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 173–186. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_13
Lee, P.J., Lim, C.H.: Method for exponentiation in a public-key cryptosystem. United States Patent No. 5999627, December 1999
Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_11
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Möller, N.: Mini-GMP - A Minimalistic Implementation of a GNU GMP Subset. https://godoc.org/modernc.org/minigmp
Perlitch, A.: JSBN - Javascript Big Number. https://github.com/andyperlitch/jsbn
Terelius, B., Wikström, D.: Proofs of restricted shuffles. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 100–113. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12678-9_7
Wikström, D.: A commitment-consistent proof of a shuffle. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 407–421. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02620-1_28
Wikström, D.: User Manual for the Verificatum Mix-Net - VMN Version 3.0.3. Verificatum AB, Stockholm, Sweden (2018)
Wikström, D.: GMP Modular Exponentiation Extension. https://github.com/verificatum/verificatum-gmpmee
Wikström, D.: Verificatum JavaScript Cryptography Library. https://github.com/verificatum/verificatum-vjsc
Wu, T.: RSA and ECC in JavaScript. http://www-cs-students.stanford.edu/~tjw/jsbn
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 International Financial Cryptography Association
About this paper
Cite this paper
Haenni, R., Locher, P., Gailly, N. (2020). Improving the Performance of Cryptographic Voting Protocols. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P., Sala, M. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11599. Springer, Cham. https://doi.org/10.1007/978-3-030-43725-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-43725-1_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43724-4
Online ISBN: 978-3-030-43725-1
eBook Packages: Computer ScienceComputer Science (R0)