Cryptology ePrint Archive: Report 2007/470

Faster Multi-Exponentiation through Caching: Accelerating (EC)DSA Signature Verification

Bodo Möller and Andy Rupp

Abstract: We consider the task of computing power products $\prod_{1 \leq i \leq k} g_i^{e_i}$ ("multi-exponentiation") where base elements $g_2, ..., g_k$ are fixed while $g_1$ is variable between multi-exponentiations but may repeat, and where the exponents are bounded (e.g., in a finite group). We present a new technique that entails two different ways of computing such a result. The first way applies to the first occurrence of any $g_1$ where, besides obtaining the actual result, we create a cache entry based on $g_1$, investing very little memory or time overhead. The second way applies to any multi-exponentiation once such a cache entry exists for the $g_1$ in question: the cache entry provides for a significant speed-up. Our technique is useful for ECDSA or DSA signature verification with common domain parameters and recurring signers.

Category / Keywords: implementation / Efficient implementation, elliptic curve cryptography, ECDSA verification, exponentiation, DSA verification

Date: received 15 Dec 2007, last revised 19 Dec 2007

Contact author: bmoeller at acm org

Available formats: PDF | BibTeX Citation

Version: 20071219:141000 (All versions of this report)

Discussion forum: Show discussion | Start new discussion