New algorithms for batch verification of standard ECDSA signatures

Abstract

In this paper, several algorithms for batch verification of ECDSA signatures are studied. The first of these algorithms is based upon the naive idea of taking square roots in the underlying field. In order to improve the efficiency beyond what can be achieved by the naive algorithm, two new algorithms are proposed which replace square-root computations by symbolic manipulations. Experiments carried out on NIST prime curves demonstrate a maximum speedup of above six over individual verification if all the signatures in the batch belong to the same signer, and a maximum speedup of about two if the signatures in the batch belong to different signers, both achieved by a fast variant of the second symbolic-manipulation algorithm. In terms of security, all the studied algorithms are equivalent to standard ECDSA* batch verification. These algorithms are practical only for small (\({\le }8\)) batch sizes. The algorithms are also ported to the NIST Koblitz curves defined over fields of characteristic 2. This appears to be the first reported study on the batch verification of standard ECDSA signatures.