Delegating a Product of Group Exponentiations with Application to Signature Schemes

Giovanni Di Crescenzo, Matluba Khodjaeva, Delaram Kahrobaei, Vladimir Shpilrain

Research output: Contribution to journalArticlepeer-review


Many public-key cryptosystems and, more generally, cryptographic
protocols, use group exponentiations as important primitive
operations. To expand the applicability of these solutions to computationally
weaker devices, it has been advocated that a computationally
weaker client (i.e., capable of performing a relatively small number of
modular multiplications) delegates such primitive operations to a computationally
stronger server. Important requirements for such delegation protocols include privacy of the client's input exponent and security of the client's output, in the sense of detecting, except for very small probability, any malicious server's attempt to convince the client of an incorrect exponentiation result. Only recently, ecient protocols for the delegation of a xed-based exponentiation, over cyclic and RSA-type groups with certain properties, have been presented and proved to satisfy both requirements.
In this paper we show that a product of many xed-base exponentiations,
over a cyclic groups with certain properties, can be privately and securely
delegated by keeping the client's online number of modular multiplications
only slightly larger than in the delegation of a single exponentiation.
We use this result to show the rst delegations of entire cryptographic
schemes: the well-known digital signature schemes by El-Gamal, Schnorr
and Okamoto, over the q-order subgroup in Zp, for p; q primes, as well
as their variants based on elliptic curves. Previous ecient delegation
results seem limited to the delegation of single algorithms within cryptographic
Original languageEnglish
Pages (from-to)438–459
Number of pages22
JournalJournal of Mathematical Cryptology
Issue number1
Publication statusPublished - 30 Oct 2020

Bibliographical note

© 2020 Di Crescenzo et al.

Cite this