| 摘要 |
An exponentiation method resistant against skipping attacks. A main idea of the present invention is to evaluate, in parallel with the exponentiation such as y = g d , a value based on the exponent, e.g. f = d · 1. These evaluations are performed using the same exponentiation algorithm by "gluing" together the group operations underlying the computation of y and f so that a perturbation to one operation also perturbs the other. This makes it possible to verify that f indeed equals d before returning the result. Also provided are an apparatus (100) and a computer program product (140). |
