Abstract
We consider the effect of combining the key computation step in particular key agreement protocols, such as ECMQV and static-DH, with verifying particular elliptic curve equations, such as those related to ECDSA signature verification. In particular, we show that one can securely combine ECDSA signature verification and ECMQV and static-ECDH key computations, resulting in significant performance improvements, due to saving on doubling operations and exploiting multiple point multiplication strategies. Rough estimates (for non-Koblitz curves) suggest that the incremental cost of ECDSA signature verification, when combined with ECDH key agreement, improves by a factor 2.3× compared to performing the ECDSA signature verification separately and by a factor 1.7×, when the latter is computed using the accelerated ECDSA signature verification technique described in [3]. Moreover, the total cost of combined ECDSA signature verification and ECDH key agreement improves by 1.4×, when compared to performing these computations separately (and by 1.2×, if accelerated ECDSA signature verification techniques are used). This challenges the conventional wisdom that with ECC-based signature schemes, signature verification is always considerably slower than signature generation and slower than RSA signature verification. These results suggest that the efficiency advantage one once enjoyed using RSA-based certificates with ECC-based key agreement schemes may be no more: one might as well use an ECC-only scheme using ECDSA-based certificates. Results apply to all prime curves standardized by NIST, the NSA ‘Suite B’ curves, and the so-called Brainpool curves.
Chapter PDF
References
ANSI X9.62-1998. Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). American National Standard for Financial Services. American Bankers Association (January 7, 1999)
ANSI X9.63-2001. Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography. American National Standard for Financial Services. American Bankers Association (November 20, 2001)
Antipa, A., Brown, D.R., Gallant, R., Lambert, R., Struik, R., Vanstone, S.A.: Accelerated Verification of ECDSA Signatures. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 307–318. Springer, Heidelberg (2006)
Bellare, M., Garay, J.A., Rabin, T.: Fast Batch Verification for Modular Exponentiation and Digital Signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)
Bernstein, D.J., Birkner, P., Lange, T., Peters, C.: Twisted Edwards Curves. International Association for Cryptologic Research, IACR e/Print 2008-013
Cao, T., Lin, D., Xue, R.: Security Analysis of Some Batch Verifying Signatures from Pairings. International Journal of Network Security 3(2), 138–143 (2006)
Cheon, J.H., Lee, D.H.: Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations. International Association for Cryptologic Research, ePrint 2005/276 (2005)
Diffie, W., Hellmann, M.E.: New Directions in Cryptography. IEEE. Trans. Inform. Theory IT-22, 644–654 (1976)
FIPS Pub 186-3. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186-3. US Department of Commerce/National Institute of Standards and Technology, Gaithersburg, Maryland, USA (February 2009), Includes change notice (October 5, 2001)
Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, New York (2003)
Johnson, D.J., Menezes, A.J., Vanstone, S.A.: The Elliptic Curve Digital Signature Algorithm (ECDSA). International Journal of Information Security 1, 36–63 (2001)
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger Security for Authenticated Key Exchange. International Association for Cryptologic Research, ePrint 2006/073 (2006)
Longa, P., Gebotys, C.: Efficient Techniques for High-Speed Elliptic Curve Cryptography. International Association for Cryptologic Research, IACR e/Print 2010-315
Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An Efficient Protocol for Authenticated Key Agreement. Centre for Applied Cryptographic Research, Corr 1998-05, University of Waterloo, Ontario, Canada (1998)
NIST Pub 800-56a. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised). NIST Special Publication 800-56A. US Department of Commerce/National Institute of Standards and Technology, Springfield, Virginia (March 8, 2007)
NIST Pub 800-57. Recommendation for Key Management – Part 1: General (Revised), NIST Special Publication 800-57. US Department of Commerce/National Institute of Standards and Technology, Springfield, Virginia (March 8, 2007)
Proos, J.: Joint Sparse Forms and Generating Zero Columns when Combing. Centre for Applied Cryptographic Research, Corr 2003-23, University of Waterloo, Ontario, Canada (2003)
Solinas, J.: Low-Weight Binary Representations for Pairs of Integers. Centre for Applied Cryptographic Research, Corr 2001-41, University of Waterloo, Ontario, Canada (2001)
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Struik, R. (2011). Batch Computations Revisited: Combining Key Computations and Batch Verifications. In: Biryukov, A., Gong, G., Stinson, D.R. (eds) Selected Areas in Cryptography. SAC 2010. Lecture Notes in Computer Science, vol 6544. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19574-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-19574-7_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19573-0
Online ISBN: 978-3-642-19574-7
eBook Packages: Computer ScienceComputer Science (R0)