Randomized batch verification of standard ECDSA signatures

Abstract

In AfricaCrypt 2012, several algorithms are proposed for the batch verification of ECDSA signatures. In this paper, we propose three randomization methods for these batch-verification algorithms. Our first proposal is based on Montgomery ladders, and the second on computing square-roots in the underlying field. Both these techniques use numeric arithmetic only. Our third proposal exploits symbolic computations leading to a seminumeric algorithm.We theoretically and experimentally establish that for standard ECDSA signatures, our seminumeric randomization algorithm in tandem with the batch-verification algorithm S2’gives the best speedup over individual verification. If each ECDSA signature contains an extra bit to uniquely identify the correct y-coordinate of the elliptic-curve point appearing in the signature, then the second numeric randomization algorithm followed by the naive batch-verification algorithm N’yields the best performance gains. We detail our study for NIST prime and Koblitz curves.