Speeding up Exponentiation using an Untrusted Computational Resource

Speeding up Exponentiation using an Untrusted Computational Resource (2003)

Cached

Download Links

[csg.csail.mit.edu]

Other Repositories/Bibliography

DBLP

by Dwaine Clarke , Srinivas Devadas , Marten Van Dijk , Blaise Gassend , G. Edward Suh

Venue:	MEMO 469, MIT CSAIL COMPUTATION STRUCTURES GROUP
Citations:	4 - 0 self

BibTeX

@TECHREPORT{Clarke03speedingup,
    author = {Dwaine Clarke and Srinivas Devadas and Marten Van Dijk and Blaise Gassend and G. Edward Suh},
    title = {Speeding up Exponentiation using an Untrusted Computational Resource},
    institution = {MEMO 469, MIT CSAIL COMPUTATION STRUCTURES GROUP},
    year = {2003}
}

Bookmark

OpenURL

Abstract

We present protocols for speeding up fixed-base exponentiation and variable-base exponentiation using an untrusted computation resource. In the fixed-base protocols, the base and exponent may be blinded. If the exponent is fixed, the base may be blinded in the variable-base exponentiation protocols. The protocols are the first ones for accelerating exponentiation with the aid of an untrusted resource in arbitrary cyclic groups. We also describe how to use the protocols to construct protocols that do, with the aid of an untrusted resource, exponentiation modular an integer where the modulus is the product of primes with single multiplicity. One application of the protocols is to speed up exponentiation-based verification in discrete log-based signature and credential schemes. For example, the protocols can be applied to speeding up, on small devices, the verification of signatures in DSS, El Gamal, and Schnorr’s signature schemes, and the verification of digital credentials in Brands’ credential system. The protocols use precomputation and we prove that they are unconditionally secure. We analyze the performance of our variable base protocols where the exponentiation is modulo a prime p: the protocols provide an asymptotic speedup of about O(0.24 ( k log k) 2 3), where k = log p, over the square-and-multiply algorithm, without compromising security.

Citations

2507	A method for obtaining digital signatures and public-key cryptosystems - Rivest, Shamir, et al.
2057	Handbook of Applied Cryptography - Menezes, Oorschot, et al. - 1997
961	A public key cryptosystem and a signature scheme based on discrete logarithms - ElGamal - 1985
512	Efficient signature generation for smart cards - Schnorr - 1991
356	Blind Signatures for Untraceable Payments - Chaum - 1982
280	Designing programs that check their work - Blum, Kannan - 1995
262	Efficient Identification and Signatures for Smart Cards. CRYPTO - Schnorr - 1989
193	Monte Carlo methods for index computation (mod p - Pollard - 1978
165	A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields, Algorithmic Number Theory - Adleman, DeMarrais, et al. - 1994
113	Cryptanalysis of short RSA secret exponents - Wiener - 1990
91	Tschudin, Towards mobile cryptography, ICSI technical report 97-049 - Sander, F - 1997
85	Cryptanalysis of RSA with private key d less than N 0.292 - Boneh, Durfee - 1999
78	The XTR public key system - Lenstra, Verheul - 2000
72	Fast evaluation of logarithms in fields of characteristic two - Coppersmith - 1984
64	More flexible exponentiation with precomputation - Lim, Lee - 1994
61	Fast exponentiation with precomputation - Brickell, Gordon, et al. - 1992
55	Elliptic curves - Husemöller - 1987
51	Discrete logarithms in GF(p) using the number field sieve - Gordon - 1993
37	Speeding up secret computations with insecure auxiliary devices - Matsumoto, Kato, et al. - 1990
26	Efficient exponentiation using precomputation and vector addition chains - Rooij - 1994
24	Discrete Logarithms: The Past and the Future - Odlyzko - 1999
24	Attacks on Protocols for Server-Aided RSA Computation - Pfitzmann, Waidner - 1993
22	Fast server-aided RSA signatures secure against active attacks - Beguin, Quisquater - 1995
22	Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt ’99 - Durfee, Nguyen - 2000
18	Generating RSA keys on a handheld using an untrusted server - Boneh, Modadugu, et al. - 1977
17	A course in number theory and cryptography, second edition - Koblitz - 1994
17	The Béguin-Quisquater Server-Aided RSA Protocol from Crypto ’95 is not Secure - Nguyen, Stern - 1998
13	Fast server-aided secret computation protocols for modular exponentiation - Kawamura, Shimbo - 1993
12	Attack on Server Assisted Authentication Protocols - Anderson - 1992
12	On the Security of the Schnorr Scheme Using Preprocessing - Rooij - 1992
10	An overview of the XTR public key system - Lenstra, Verheul
9	On Schnorr’s Preprocessing for Digital Signature Schemes - Rooij - 1997
7	Discrete logarithms: the effectiveness of the index calculus method - Denny - 1996
4	Cryptography as a network service - Berson, Dean, et al. - 2001
4	Secure acceleration of DSS signatures using insecure server - Béguin, Quisquater - 1994