Speeding up Exponentiation using an Untrusted Computational Resource

We present protocols for speeding up fixed-base exponentiation and variablebase exponentiation using an untrusted computation resource. In the fixed-base protocols, the base and exponent may be blinded. If the exponent is fixed, the base may be blinded in the variable-base exponentiation protocols. The protocols are the first ones for accelerating exponentiation with the aid of an untrusted resource in arbitrary cyclic groups. We also describe how to use the protocols to construct protocols that do, with the aid of an untrusted resource, exponentiation modular an integer where the modulus is the product of primes with single multiplicity. One application of the protocols is to speed up exponentiation-based verification in discrete log-based signature and credential schemes. For example, the protocols can be applied to speeding up, on small devices, the verification of signatures in DSS, El Gamal, and Schnorr’s signature schemes, and the verification of digital credentials in Brands’ credential system. The protocols use precomputation and we prove that they are unconditionally secure. We analyze the performance of our variable base protocols where the exponentiation is modulo a prime p: the protocols provide an asymptotic speedup of about O(0.24( k log k ) 2 3 ), where k = log p, over the square-and-multiply algorithm, without compromising security.