Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Modern Cryptography, Lecture 10 Performance Improvements: Fast Arithmetic, Montegomery representation, Batch RSA, Elliptic Curves.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Modern Cryptography, Lecture 10 Performance Improvements: Fast Arithmetic, Montegomery representation, Batch RSA, Elliptic Curves."— Presentation transcript:

1 Introduction to Modern Cryptography, Lecture 10 Performance Improvements: Fast Arithmetic, Montegomery representation, Batch RSA, Elliptic Curves

2 RSA RSA security 2 k : require n bit modulus = k 2 bits RSA Signature generation/decryption: time O(n 3 ) = O(k 6 ) for k bits of security (Simple arithmetic operations) RSA Signature verification/encryption: time O(n 2 ) = O(k 4 ) for an n bit modulus (Simple arithmetic operations)

3 Fiat-Shamir For k bits of security, modulus must be O(k 2 ) bits in length m (or t) must be at least k, Signature generation: O(n 2 k)=O(k 5 ) Signature verification O(n 2 k) = O(k 5 )

4 “ Improving Fiat-Shamir ” Let the public key be only small primes 2, 3, 5, (if quadratic residue) This means that verification now takes time equal to a constant number of full length multiplications (O(n 2 ) = O(k 4 ))

5 Using fast arithmetic If multiplication/division of n bit integers only takes time n log n then we have oRSA signature (decryption): O(n 2 log n) = O(k 4 log k) oFiat-Shamir signature: O(n log(n) k) = O(k 3 log k) oRSA / Fiat-Shamir verification: O(n log n) = O(k 2 log k)

6 Can we do better? Can we do signature generation in less than k operations, say O(log(k)) operations? –Argument (false) if these operations are on public data then no, it would be easy to break the scheme by guessing what these operations are.

7 The trick Combine lots of private operations together Amortize the cost per private operation

8 Batch RSA An RSA variant: –When I send a signed message to Alice, I use one of the roots 3, 5, 7, …, 997 or 2 16 +1, 2 16 +?, 2 16 +??, …, 2 17 +??? (all primes in the range) Thus, to sign m 1 and m 2 I could extract the 3 rd root of hash(m 1 ) and the 5 th root of hash(m 2 )

9 Batch RSA The only expensive operation

10 What is going on? Can this always be done? Yes (on Blackboard) Cost per private operation is now down to O(log n) = O(log k) mutiplications/divisions, i.e., O(k 2 log k) operations per private operation

Download ppt "Introduction to Modern Cryptography, Lecture 10 Performance Improvements: Fast Arithmetic, Montegomery representation, Batch RSA, Elliptic Curves."

Similar presentations

Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
hap8.html#chap8ex5.

hap8.html#chap8ex5.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Introduction to - Cryptography - PKI (Public Key Infrastructure) - Secure Email with PGP (Pretty Good Privacy) Dr.Tech. Göran Pulkkis Arcada Polytechnic.

Introduction to - Cryptography - PKI (Public Key Infrastructure) - Secure with PGP (Pretty Good Privacy) Dr.Tech. Göran Pulkkis Arcada Polytechnic.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)

Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.

Similar presentations

Ads by Google