Paper 2008/015

Practical Short Signature Batch Verification

Anna Lisa Ferrara, Matthew Green, Susan Hohenberger, and Michael Østergaard Pedersen


In many applications, it is desirable to work with signatures that are both short, and yet where many messages from different signers be verified very quickly. RSA signatures satisfy the latter condition, but are generally thousands of bits in length. Recent developments in pairing-based cryptography produced a number of short signatures which provide equivalent security in a fraction of the space. Unfortunately, verifying these signatures is computationally intensive due to the expensive pairing operation. In an attempt to simultaneously achieve "short and fast" signatures, Camenisch, Hohenberger and Pedersen (Eurocrypt 2007) showed how to batch verify two pairing-based schemes so that the total number of pairings was independent of the number of signatures to verify. In this work, we present both theoretical and practical contributions. On the theoretical side, we introduce new batch verifiers for a wide variety of regular, identity-based, group, ring and aggregate signature schemes. These are the first constructions for batching group signatures, which answers an open problem of Camenisch et al. On the practical side, we implement each of these algorithms and compare each batching algorithm to doing individual verifications. Our goal is to test whether batching is practical; that is, whether the benefits of removing pairings significantly outweigh the cost of the additional operations required for batching, such as group membership testing, randomness generation, and additional modular exponentiations and multiplications. We experimentally verify that the theoretical results of Camenisch et al. and this work, indeed, provide an efficient, effective approach to verifying multiple signatures from (possibly) different signers.

Available format(s)
Publication info
Published elsewhere. Full version of the CT-RSA 2009 paper
signaturesbatch verification
Contact author(s)
susan @ cs jhu edu
2009-01-21: last of 3 revisions
2008-01-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Anna Lisa Ferrara and Matthew Green and Susan Hohenberger and Michael Østergaard Pedersen},
      title = {Practical Short Signature Batch Verification},
      howpublished = {Cryptology ePrint Archive, Paper 2008/015},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.