Advertisement

Practical Short Signature Batch Verification

  • Anna Lisa Ferrara
  • Matthew Green
  • Susan Hohenberger
  • Michael Østergaard Pedersen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5473)

Abstract

In many applications, it is desirable to work with signatures that are short, and yet where many messages from different signers be verified very quickly. RSA signatures satisfy the latter condition, but are generally thousands of bits in length. Recent developments in pairing-based cryptography produced a number of “short” signatures which provide equivalent security in a fraction of the space. Unfortunately, verifying these signatures is computationally intensive due to the expensive pairing operation. Toward achieving “short and fast” signatures, Camenisch, Hohenberger and Pedersen (Eurocrypt 2007) showed how to batch verify two pairing-based schemes so that the total number of pairings was independent of the number of signatures to verify.

In this work, we present both theoretical and practical contributions. On the theoretical side, we introduce new batch verifiers for a wide variety of regular, identity-based, group, ring and aggregate signature schemes. These are the first constructions for batching group signatures, which answers an open problem of Camenisch et al. On the practical side, we implement each of these algorithms and compare each batching algorithm to doing individual verifications. Our goal is to test whether batching is practical; that is, whether the benefits of removing pairings significantly outweigh the cost of the additional operations required for batching, such as group membership testing, randomness generation, and additional modular exponentiations and multiplications. We experimentally verify that the theoretical results of Camenisch et al. and this work, indeed, provide an efficient, effective approach to verifying multiple signatures from (possibly) different signers.

Keywords

Signature Scheme Random Oracle Short Signature Aggregate Signature Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Car 2 Car: Communication consortium, http://car-to-car.org
  2. 2.
    SeVeCom: Security on the road, http://www.sevecom.org
  3. 3.
    Raya, M., Hubaux, J.-P.: Securing vehicular ad hoc networks. J. of Computer Security 15, 39–68 (2007)CrossRefGoogle Scholar
  4. 4.
    Gennaro, R., Rohatgi, P.: How to sign digital streams. Inf. Comput. 165(1), 100–116 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Lysyanskaya, A., Tamassia, R., Triandopoulos, N.: Multicast authentication in fully adversarial networks. In: IEEE Security and Privacy, pp. 241–253 (2004)Google Scholar
  6. 6.
    Perrig, A., Canetti, R., Song, D.X., Tygar, J.D.: Efficient and secure source authentication for multicast. In: NDSS 2001, The Internet Society (2001)Google Scholar
  7. 7.
    Monnerat, J., Vaudenay, S.: Undeniable signatures based on characters: How to sign with one bit. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 69–85. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Monnerat, J., Vaudenay, S.: Short 2-move undeniable signatures. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 19–36. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: CCS, pp. 168–177 (2004)Google Scholar
  12. 12.
    Chow, S.S.M., Yiu, S.-M., Hui, L.C.K.: Efficient identity based ring signature. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 499–512. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Boyen, X.: Mesh signatures. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 210–227. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Camenisch, J.L., Hohenberger, S., Pedersen, M.Ø.: Batch verification of short signatures. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 246–263. Springer, Heidelberg (2007), http://eprint.iacr.org/2007/172 CrossRefGoogle Scholar
  15. 15.
    Law, L., Matt, B.J.: Finding invalid signatures in pairing-based batches. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 34–53. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Ferrara, A.L., Green, M., Hohenberger, S., Pedersen, M.Ø.: Practical short signature batch verification, Cryptology ePrint Archive: Report 2008/015 (2008)Google Scholar
  17. 17.
    Chen, L., Cheng, Z., Smart, N.: Identity-based key agreement protocols from pairings, Cryptology ePrint Archive: Report 2006/199 (2006)Google Scholar
  18. 18.
    Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  19. 19.
    Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Naccache, D.: Secure and practical identity-based encryption, Cryptology ePrint Archive: Report 2005/369 (2005)Google Scholar
  22. 22.
    Chatterjee, S., Sarkar, P.: Trading time for space: Towards an efficient IBE scheme with short(er) public parameters in the standard model. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 424–440. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Chatterjee, S., Sarkar, P.: HIBE with short public parameters without random oracle. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 145–160. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Pastuszak, J., Michatek, D., Pieprzyk, J., Seberry, J.: Identification of bad signatures in batches. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 28–45. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  26. 26.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. Journal of Cryptology 17(4), 297–319 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)Google Scholar
  28. 28.
    Boyen, X., Waters, B.: Compact group signatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 427–444. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    Shao, Z.: Enhanced aggregate signatures from pairings. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 140–149. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Scott, M.: Multiprecision Integer and Rational Arithmetic C/C++ Library (MIRACL). Published by Shamus Software Ltd. (October 2007), http://www.shamus.ie/
  32. 32.
    Page, D., Smart, N., Vercauteren, F.: A comparison of MNT curves and supersingular curves. Applicable Algebra in Eng. Com. and Comp. 17(5), 379–392 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    Adida, B., Chau, D., Hohenberger, S., Rivest, R.L.: Lightweight email signatures (Extended abstract). In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 288–302. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Anna Lisa Ferrara
    • 1
  • Matthew Green
    • 2
  • Susan Hohenberger
    • 3
  • Michael Østergaard Pedersen
    • 4
  1. 1.University of Illinois at Urbana-ChampaignUSA
  2. 2.Independent Security EvaluatorsUSA
  3. 3.Johns Hopkins UniversityUSA
  4. 4.Lenio A/SUSA

Personalised recommendations