Muhammad ElSheikh
University of Waterloo, Waterloo, Canada; National Institute of Standards, Giza, Egypt

İrem Keskinkurt Paksoy
University of Waterloo, Waterloo, Canada

Murat Cenk
Ripple Labs Inc., San Francisco, USA

M. Anwar Hasan
University of Waterloo, Waterloo, Canada

Keywords: Batch Verification, EdDSA, Scalars, Signature, Verification

Abstract

This paper establishes that the extended Euclidean algorithm (EEA) implemented in a division-free manner is faster than the Lagrange algorithm with a similar level of optimization when it comes to halving the size of scalars found in the equations of elliptic curve signature verification. Our implementation results show that our EEA based method achieves roughly 4x speed-up for generating half- size scalars used in EdDSA. For the first time ever, EEA generated half-size scalars are used for verification of individual Ed25519 signatures yielding timing results that outperform ed25519-donna, a highly optimized open source implementation, by 16.12%. We also propose a new randomization method applied with half-size scalars to batch verification of Ed25519 signatures for which we report speed-ups compared to the well-known Bernstein et al. method for batch sizes larger than six, specifically, our method achieves 11.60% improvement for batch size 64.