Cryptographic Accumulators for Authenticated Hash Tables
نویسندگان
چکیده
Hash tables are fundamental data structures that optimally answer membership queries. Suppose a client stores n elements in a hash table that is outsourced at a remote server. Authenticating the hash table functionality, i.e., verifying the correctness of queries answered by the server and ensuring the integrity of the stored data, is crucial because the server, lying outside the administrative control of the client, can be malicious. We design efficient and secure protocols for optimally authenticating (non-)membership queries on hash tables, using cryptographic accumulators as our basic security primitive and applying them in a novel hierarchical way over the stored data. We provide the first construction for authenticating a hash table with constant query cost and sublinear update cost, strictly improving upon previous methods. Our first solution, based on the RSA accumulator, allows the server to provide a proof of integrity of the answer to a membership query in constant time and supports updates in O (nǫ log n) time for any fixed constant 0 < ǫ < 1, yet keeping the communication and verification costs constant. It also lends itself to a scheme that achieves different trade-offs—namely, constant update time and O(nǫ) query time. Our second solution uses an accumulator that is based on bilinear pairings to achieve O(nǫ) update time at the server while keeping all other complexities constant. Both schemes apply to two concrete data authentication models and an experimental evaluation shows good scalability. A preliminary version of this work was presented at the 15th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, 2008. Department of Computer Science, Brown University. Email: [email protected]. Department of Computer Science, Brown University. Email: [email protected]. Department of Computer Science, Boston University and Department of Computer Science, Brown University. Email: [email protected]. Research performed primarily while the author was with the Department of Computer Science at Aarhus University, Denmark.
منابع مشابه
A New Ring-Based SPHF and PAKE Protocol On Ideal Lattices
emph{ Smooth Projective Hash Functions } ( SPHFs ) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, emph { Password - Based Authenticated Key Exchange } ( PAKE ) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based ...
متن کاملEfficient Content Authentication over Distributed Hash Tables
We study a new model for data authentication over peer-to-peer storage networks, where data is stored, queried and authenticated in a totally distributed fashion. The model captures the security requirements of emerging distributed computing applications. We present an efficient implementation of a distributed Merkle tree, which realizes a Merkle tree over a peer-to-peer network, thus extending...
متن کاملRevisiting Cryptographic Accumulators, Additional Properties and Relations to Other Primitives
Cryptographic accumulators allow to accumulate a finite set of values into a single succinct accumulator. For every accumulated value, one can efficiently compute a witness, which certifies its membership in the accumulator. However, it is computationally infeasible to find a witness for any nonaccumulated value. Since their introduction, various accumulator schemes for numerous practical appli...
متن کاملAuthenticated Diffie–Hellman key agreement protocol using a single cryptographic assumption
In modern communication systems, a popular way of providing authentication in an authenticated Diffie–Hellman key agreement protocol is to sign the result of a one-way hash function (such as MD5) of a Diffie–Hellman public key. The security of such a protocol is based on the weakest of all the cryptographic assumptions of the algorithms involved: Diffie–Hellman key distribution, digital signatu...
متن کاملReal-World Performance of Cryptographic Accumulators
Cryptographic accumulators have often been proposed for use in security protocols, and the theoretical runtimes of algorithms using them have been shown to be reasonably efficient, but their performance in the real world has rarely been measured. In this paper I analyze the performance differences between two cryptographic accumulator constructions, RSA accumulators and bilinear-map accumulator...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009