Batch Blind Signatures on Elliptic Curves

  • Yang Sun
  • Qianhong Wu
  • Bo Qin
  • Yujue Wang
  • Jianwei Liu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)


Blind signature is a fundamental tool in electronic cash. In most existing blind signature schemes, both the signer and the verifier need to take expensive modular exponentiations. This situation is deteriorated in significant monetary transactions in which a large number of (multi-)exponentiations need to be calculated. This paper proposes batch blind signature to reduce the computation overheads at both the signer and the verifier sides in blind signatures on elliptical curves. To this end, we first propose a batch multi-exponentiation algorithm that allows a batch of multi-base exponentiations on elliptic curves to be processed simultaneously. We next apply our batch multi-exponentiation algorithm to speed up the Okamoto-Schnorr blind signature scheme in both the signing and the verification procedures. Specifically, the proposed algorithm is exploited for generating blind signatures so that multiple messages can be signed in a batch for sake of saving computation costs. The algorithm is further employed in the verification process, which gives a different batch signature verification approach from the existing batch verification algorithm. An attracting feature of our approach is that, unlike existing batch verification signature approach, our approach does distinguish all valid signatures from a batch purported signatures (of correct and erroneous ones). This is desirable in e-cash systems where a signature represents certain value of e-cash and any valid signature should not passed up. The experimental results show that, compared with acceleration with existing simultaneous exponentiation algorithm, our batch approach is about 55% and 45% more efficient in generating and verifying blind signatures, respectively.


Modular exponentiation Batch exponentiation Batch signature Blind signature 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agnew, G.B., Mullin, R.C., Vanstone, S.A.: Fast Exponentiation in GF(2n). In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 251–255. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  2. 2.
    Arno, S., Wheeler, F.S.: Signed Digit Representations of Minimal Hamming Weight. IEEE Transactions on Computers 42(8), 1007–1010 (1993)CrossRefGoogle Scholar
  3. 3.
    Avanzi, R.M.: On multi-exponentiation in cryptography. Cryptology ePrint Archive, Report 2002/154 (2002)Google Scholar
  4. 4.
    Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Bos, J.N.E., Coster, M.J.: Addition Chain Heuristics. In: Brassard, G. (ed.) Advances in Cryptology–CRYPTO 1989. LNCS, vol. 435, pp. 400–407. Springer, Heidelberg (1990)Google Scholar
  6. 6.
    Brickell, E.F., Gordon, D.M., McCurley, K.S., Wilson, D.B.: Fast Exponentiation with Precomputation (Extended Abstract). In: Rueppel, R.A. (ed.) Advances in Cryptology–EUROCRYPT 1992. LNCS, vol. 658, pp. 200–207. Springer, Heidelberg (1993)Google Scholar
  7. 7.
    Camenisch, J., Hohenberger, S., Pedersen, M.Ø.: Batch Verification of Short Signatures. Journal of Cryptology 25(4), 723–747 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Chaum, D.: Blind Signatures for Untraceable Payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology–CRYPTO 1982, pp. 199–203. Springer US (1983)Google Scholar
  9. 9.
    Cheon, J.H., Kim, Y., Yoon, H.: A New ID-based Signature with Batch Verification. Cryptology ePrint Archive, Report 2004/131 (2004)Google Scholar
  10. 10.
    Chung, B., Hur, J., Kim, H., Hong, S.M., Yoon, H.: Improved batch exponentiation. Information Processing Letters 109(15), 832–837 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Dimitrov, V.S., Jullien, G.A., Miller, W.C.: Complexity and fast algorithms for multiexponentiations. IEEE Transactions on Computers 49(2), 141–147 (2000)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Downey, P., Leong, B., Sethi, R.: Computing sequences with addition chains. SIAM Journal on Computing 10(3), 638–646 (1981)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In: Blakely, G.R., Chaum, D. (eds.) Advances in Cryptology–CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)Google Scholar
  14. 14.
    Ferrara, A.L., Green, M., Hohenberger, S., Pedersen, M.Ø.: Practical Short Signature Batch Verification. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 309–324. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Gordon, D.M.: A survey of fast exponentiation methods. Journal of Algorithms 27(1), 129–146 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Hong, S.-M., Oh, S.-Y., Yoon, H.: New Modular Multiplication Algorithms for Fast Modular Exponentiation. In: Maurer, U.M. (ed.) Advances in Cryptology–EUROCRYPT 1996. LNCS, vol. 1070, pp. 166–177. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Joye, M., Yen, S.M.: Optimal left-to-right binary signed-digit recoding. IEEE Transactions on Computers 49(7), 740–748 (2000)CrossRefzbMATHGoogle Scholar
  18. 18.
    Knuth, D.E.: The Art of Computer Programming–Volume 2: Seminumerical Algorithms. Addison-Wesley Professional (2014)Google Scholar
  19. 19.
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Li, C.T., Hwang, M.S., Chu, Y.P.: A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Computer Communications 31(12), 2803–2814 (2008)CrossRefGoogle Scholar
  21. 21.
    Lim, C.H., Lee, P.J.: More Flexible Exponentiation with Precomputation. In: Desmedt, Y.G. (ed.) Advances in Cryptology–CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)Google Scholar
  22. 22.
    Lou, D.C., Lai, J.C., Wu, C.L., Chang, T.J.: An efficient montgomery exponentiation algorithm by using signed-digit-recoding and folding techniques. Applied Mathematics and Computation 185(1), 31–44 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Möller, B.: Algorithms for multi-exponentiation. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 165–180. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    M’Raïhi, D., Naccache, D.: Batch Exponentiation: A Fast DLP-based Signature Generation Strategy. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security, CCS 1996, pp. 58–61. ACM, New York (1996)Google Scholar
  27. 27.
    Okamoto, T.: Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  28. 28.
    Pippenger, N.: On the evaluation of powers and monomials. SIAM Journal on Computing 9(2), 230–250 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    de Rooij, P.: Efficient exponentiation using precomputation and vector addition chains. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 389–399. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  30. 30.
    Solinas, J.: Low-weight binary representations for pairs of integers. Tech. rep., CORR 2001-41, Department of C&O, University of Waterloo (2001)Google Scholar
  31. 31.
    Stinson, D.R.: Some Observations on Parallel Algorithms for Fast Exponentiation in GF(2^n). SIAM Journal on Computing 19(4), 711–717 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Wang, Y., Wu, Q., Wong, D.S., Qin, B., Chow, S.S.M., Liu, Z., Tan, X.: Securely Outsourcing Exponentiations with Single Untrusted Program for Cloud Storage. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 326–343. Springer, Heidelberg (2014)Google Scholar
  33. 33.
    Yen, S.M., Laih, C.S., Lenstra, A.K.: Multi-exponentiation (cryptographic protocols). Computers and Digital Techniques 141(6), 325–326 (1994)CrossRefzbMATHGoogle Scholar
  34. 34.
    Zhang, C., Lu, R., Lin, X., Ho, P.-H., Shen, X.: An efficient identity-based batch verification scheme for vehicular sensor networks. In: The 27th Conference on Computer Communications on INFOCOM 2008, pp. 816–824. IEEE (April 2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Yang Sun
    • 1
    • 2
    • 3
  • Qianhong Wu
    • 1
    • 3
  • Bo Qin
    • 4
    • 2
  • Yujue Wang
    • 5
  • Jianwei Liu
    • 6
    • 1
  1. 1.School of Electronics and Information EngineeringBeihang UniversityBeihangChina
  2. 2.State Key Laboratory of Integrated Services NetworksXidian UniversityXidianChina
  3. 3.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  4. 4.Key Laboratory of Data Engineering and Knowledge Engineering (Renmin University of China) Ministry of Education, School of InformationRenmin University of ChinaRenminChina
  5. 5.School of ComputerWuhan UniversityWuhanChina
  6. 6.The Academy of Satellite ApplicationBeijingChina

Personalised recommendations