We address the problem of speeding up group computations in cryptography using a single untrusted computational resource. We analyze the security of two efficient protocols for securely outsourcing (multi-)exponentiations. We show that the schemes do not achieve the claimed security guarantees and we present practical polynomial-time attacks on the delegation protocols which allow the untrusted helper to recover part (or the whole) of the device’s secret inputs. We then provide simple constructions for outsourcing group exponentiations in different settings (e.g. public/secret, fixed/variable bases and public/secret exponents). Finally, we prove that our attacks are unavoidable if one wants to use a single untrusted computational resource and to limit the computational cost of the limited device to a constant number of (generic) group operations. In particular, we show that our constructions are actually optimal in terms of operations in the underlying group.

中文翻译：

---

私下将幂运算外包给单个服务器：密码分析和优化构造

我们使用单个不受信任的计算资源解决了在密码学中加速组计算的问题。我们分析了用于安全外包（多）幂运算的两种有效协议的安全性。我们表明这些方案没有实现声称的安全保证，并且我们对委托协议提出了实用的多项式时间攻击，允许不受信任的助手恢复部分（或全部）设备的秘密输入。然后，我们为不同设置（例如公共/秘密、固定/可变基数和公共/秘密指数）中的外包群幂提供了简单的构造。最后，我们证明如果想要使用单个不受信任的计算资源并将有限设备的计算成本限制为恒定数量的（通用）组操作，我们的攻击是不可避免的。