International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Identification of Multiple Invalid Signatures in Pairing-based Batched Signatures

Brian J. Matt
Search ePrint
Search Google
Abstract: This paper describes new methods in pairing-based signature schemes for identifying the invalid digital signatures in a batch, after batch verification has failed. These methods efficiently identify non-trivial numbers of invalid signatures in batches of (potentially large) numbers of signatures. Our methods use “divide-and-conquer” search to identify the invalid signatures within a batch, but prune the search tree to substantially reduce the number of pairing computations required. The methods presented in this paper require computing on average O(w) products of pairings to identify w invalid signatures within a batch of size N, compared with the O(w(log2(N/w)+1)) [for w < N/2] that traditional divide-and-conquer methods require. Our methods avoid the problem of exponential growth in expected computational cost that affect earlier proposals which, on average, require computing O(w) products of pairings. We compare the expected performance of our batch verification methods with previously published divide-and-conquer and exponential cost methods for Cha-Cheon identity-based signatures [6]. However, our methods also apply to a number of short signature schemes and as well as to other identity-based signature schemes.
  title={Identification of Multiple Invalid Signatures in Pairing-based Batched Signatures},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / Pairing-based signatures, Identity-based signatures, Batch verification, Short signatures, Wireless networks},
  note={An abridged version of this paper appears in PKC 2009 14301 received 26 Feb 2009, last revised 26 Feb 2009},
  author={Brian J. Matt},