Speeding up exponentiation using an untrusted computational resource

Designs, Codes, and Cryptography

Volumn 39, Issue 2, 2006, Pages 253-273

  Van Dijk, Marten ^a   Clarke, Dwaine ^a   Gassend, Blaise ^a   Suh, G Edward ^a   Devadas, Srinivas ^a  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Exponentiation; Signature verification; Untrusted computation

Indexed keywords

ALGORITHMS; COMPUTATIONAL METHODS; CRYPTOGRAPHY; NETWORK PROTOCOLS;

EXPONENTIATION; IDLE TIME; OFFLINE; OFFLOADING; SIGNATURE VERIFICATION; UNTRUSTED COMPUTATION;

SECURITY OF DATA;

EID: 33645066370     PISSN: 09251022     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10623-005-3710-8     Document Type: Article

References (51)

1. L. M. Adleman and J. DeMarrais, A subexponential algorithm for discrete logarithms over all finite fields. In Advances in Cryptology - Crypto '93 Proceedings, Vol. 773 of LNCS, Springer-Verlag (1994) pp. 147-158.
2. R. J. Anderson, Attack on server assisted authentication protocols. Electronic Letters, Vol. 28, ISSUE 15, (1992), pp. 1473.
3. P. Béguin and J-J. Quisquater, Secure acceleration of DSS signatures using insecure server. In Advances in Cryptology - Asiacrypt '94 Proceedings, Vol. 917 of LNCS. (1994) Springer-Verlag.
4. P. Béguin and J-J. Quisquater, Fast server-aided RSA signatures secure against active attacks. In Advances in Cryptology - Crypto '95 Proceedings, Vol. 963 of LNCS, (1995) Springer-Verlag, pp. 57-69.
5. M. Blaze, High-bandwidth encryption with low-bandwidth smartcards. In Fast Software Encryption (FSE) '96, (1996) pp. 33-40.
6. M. Blaze, J. Feigenbaum and M. Naor, A formal treatment of remotely keyed encryption. In Eurocrypt '98, (1998) pp. 251-265.
7. J. Bløomer and A. May, A generalized wiener attack on RSA. In Public Key Cryptography (PKC) '04, (2004).
8. M. Blum and S. Kannan, Designing programs that check their work. In Proceedings of the 21st Annual Symposium on Theory of Computing, ACM, (1989) pp. 86-97.
9. 0.292. In IEEE Transactions on Information Theory, Vol. 46 ISSUE 4, (2000) pp. 1339-1349.
10. V. Boyko, M. Peinado and R. Venkatesan, Speeding up discrete log and factoring based schemes via precomputations. In Proc. of Eurocrypt '98, Vol. 1403 of LNCS, (1998) pp. 221-232.
11. Stefan Brands, (2002). http://www.credentica.com/technology/overview.pdf.
12. E. Brickell, D. M. Gordon, K. S. McCurley and D. Wilson, Fast exponentiation with precomputation. In Advances in Cryptology - Eurocrypt '92 Proceedings, Vol. 658 of LNCS, (1993) Springer-Verlag, pp. 200-207.
13. J. Burns and C. J. Mitchell, Parameter selection for server-aided RSA computation schemes. IEEE Transactions on Computers, Vol. 43, (1994).
14. D. Chaum, Blind signatures for untraceable payments. In Advances in Cryptology - Crypto '82 Proceedings, (1982) Plenum Press, pp. 199-203.
15. D. Coppersmith, Fast evaluation of logarithms in fields of characteristic two. In IEEE Transactions Information Theory 30, (1984) pp. 587-594.
16. Y. Dodis and J. An, Concealment and its applications to authenticated encryption. In Eurocrypt '03, (2003) pp. 306-323.
17. G. Durfee and P. Nguyen, Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99. In Advances in Cryptology - Asiacrypt 2000 Proceedings, Vol. 1976 of LNCS, (2000) Springer-Verlag, pp. 14-29.
18. T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology - Crypto '84 Proceedings, LNCS, (1985) Springer-Verlag, pp. 10-18.
19. D. Gordon, Discrete logarithms in GF(p) using the number field sieve. In SIAM J. Discrete Math. 6, (1993) pp. 312-323.
20. S. Hohenberger and A. Lysyanskaya, How to securely outsource cryptographic computations. In TOC 2005, (2005).
21. S. Kawamura and A. Shimbo, Fast server-aided secret computation protocols for modular exponentiation. In IEEE Journal on Selected Areas of Communications, volume 11, 1993.
22. Neal Koblitz, A Course in Number Theory and Cryptography, Second Edition. Springer, (1994).
23. C. H. Lim and P. J. Lee, More flexible exponentiation with precomputation. In Advances in Cryptology - Crypto '94 Proceedings, Vol. 839 of LNCS, (1994) Springer-Verlag, pp. 95-107.
24. C. H. Lim and P. J. Lee, Server(prover/signer)-aided verification of identify proofs and signatures. In Advances in Cryptology - EuroCrypt '95 Proceedings, Vol. 921 of LNCS, (1995) Springer-Verlag, pp. 64-78.
25. C. H. Lim and P. J. Lee, Security and performance of server-aided RSA computation protocols. In Advances in Cryptology - Crypto '95 Proceedings, Vol. 963 of LNCS, (1995) Springer-Verlag, pp. 70-83.
26. S. Lucks, On the Security of remotely Keyed Encryption. In Fast Software Encryption (FSE) '97, (1997) pp. 219-229.
27. S. Lucks, Accelerated Remotely Keyed Encryption. In Fast Software Encryption (FSE) '99, (1999) pp. 112-123.
28. T. Matsumoto, H. Imai, C. S. Laih and S. M. Yen, On verifiable implicit asking protocols for RSA computation. In Proc. of Auscrypt '92, (1993) pp. 296-307.
29. T. Matsumoto, K. Kato and H. Imai, Speeding up secret computation with insecure auxiliary devices. In Advances in Cryptology - Crypto '88 Proceedings, Vol. 403 of LNCS, (1989) Springer-Verlag, pp. 497-506.
30. Alfred J. Menezes, Paul C. van Oorschot and Scott A, Vanstone. Handbook of Applied Cryptography. CRC Press, (1996).
31. N. Modadugu, D. Boneh and M. Kim, Generating RSA keys on a handheld using an untrusted server. In Cryptographer's Track RSA Conference, (2000).
32. P. Q. Nguyen and I. E. Shparlinski, On the insecurity of a server-aided RSA protocol. In Proc. of Asiacrypt 2001, Vol. 2248 of LNCS, (2001) pp. 21-35.
33. P. Q. Nguyen, I. E. Shparlinski and J. Stern, Distribution of modular sums and the security of server aided exponentiation. In Proceedings of the Workshop on Comp. Number Theory and Crypt., (1999) pp. 1-16.
34. P. Q. Nguyen and J. Stern, The Béguin-Quisquater Server-Aided RSA Protocol from Crypto '95 is not Secure. In Proc. of Asiacrypt '98, Vol. 1514 of LNCS, (1998) pp. 372-379.
35. NIST. FIPS PUB 186: Digital Signature Standard, May 1994.
36. A. Odlyzko, Discrete logarithms: The past and the future. In Designs, Codes and Cryptography, 19, (2000) pp. 129-145.
37. B. Pfitzmann and M. Waidner, Attacks on protocols for server-aided RSA computation. In Proc. of Eurocrypt '92, Vol. 658 of LNCS, (1993) pp. 153-162.
38. J. M. Pollard, Monte Carlo methods for index computation (mod p). In Mathematics of Computation. 32, (1978) pp. 918-924.
39. J-J. Quisquater and M. De Soete, Speeding up smart card RSA computation with insecure coprocessors. In Proc. Smart Card 2000, (1991) pp. 191-197.
40. R. Rivest, A. Shamir and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, Vol. 21 1978 pp. 120-126.
41. P. de Rooij, On the security of the Schnorr scheme using preprocessing. In Advances in Cryptology - Eurocrypt '91 Proceedings, Vol. 547 of LNCS, (1991) Springer-Verlag, pp. 71-80.
42. P. de Rooij, Efficient exponentiation using precomputation and vector addition chains. In Advances in Cryptology - Eurocrypt '94 Proceedings, Vol. 950 of LNCS, (1995) Springer-Verlag, pp. 389-399.
43. P. de Rooij, On Schnorr's preprocessing for digital signature schemes. Journal of Cryptology, Vol. 10, ISSUE 1, (1997) pp. 1-16.
44. K. Rubin and A. Silverberg, Torus-based cryptography. In Advances in Cryptology - Crypto '03 Proceedings, Vol. 2729 of LNCS, (2003) Springer-Verlag, pp. 349-365.
45. T. Sander and C. Tschudin, Towards mobile cryptography. In IEEE Symposium on Security and Privacy, (1998).
46. O. Schirokauer, D. Weber and Th. F. Denny. Discrete logarithms: the effectiveness of the index calculus method. In Proceedings ANTS II, Vol. 1122 of LNCS. (1996) Springer-Verlag.
47. C. P. Schnorr, Efficient identification and signatures for smart cards. In Advances in Cryptology - Crypto '89 Proceedings, Vol. 435 of LNCS, (1990) Springer-Verlag, pp. 239-252.
48. C. P. Schnorr, Efficient signature generation by smart cards. Journal of Cryptology, Vol. 4, ISSUE 3, (1991) pp. 161-174.
49. Eric R. Verheul and Henk C. A. van Tilborg, Cryptanalysis of 'less short' rsa secret exponents. Applicable Algebra in Engineering, Communication and Computing, Vol. 8, ISSUE 5 (1997) pp. 425-435.
50. A. Weimerskirch and C. Paar, Generalizations of the Karatsuba Algorithm for Efficient Implementations. (2003). http://www.crypto.rurh-uni-bochum.de/ Publikationen/.
51. Michael J. Wiener, Cryptanalysis of short RSA secret exponents (abstract). In IEEE Transactions on Information Theory, Vol. 36, ISSUE 3 (1990) pp. 553-558.