Server-aided verification: Theory and practice

Abstract

We introduce the server-aided verification (SAV) concept, which consists in speeding up the verification step of an authentication/signature scheme, by delegating a substantial part of computations to a powerful (but possibly untrusted) server. After giving some motivations for designing SAV protocols, we provide a simple but realistic model, which captures most situations one can meet in practice (note that this model is much more general than the one recently proposed by Hohenberger and Lysyanskaya, who require the server to be made of two softwares which do not communicate with each other [14]). Then, we analyze and prove in this model the security of two existing SAV protocols, namely the Lim-Lee [15] modification of Schnorr scheme [28] and the Girault-Quisquater variant [10] of GPS scheme [7,24]. Finally, we propose a generic method for designing SAV versions of schemes based on bilinear maps, which can be applied to the Boneh-Boyen signature schemes [3], the Zhang-Safavi-Naini-Susilo [32] signature scheme and the Shao-Lu-Cao identification scheme [30]. © International Association for Cryptologic Research 2005.