On the Impossibility of Batch Update for Cryptographic Accumulators
نویسندگان
چکیده
A cryptographic accumulator is a scheme where a set of elements is represented by a single short value. This value, along with another value called witness, allows to prove membership into the set. If new values are added or existent values are deleted from the accumulator, then the accumulated value changes and the witnesses need to be updated. In their survey on accumulators [6], Fazio and Nicolosi noted that Camenisch and Lysyanskaya’s construction [3] was such that the time to update a witness after m changes to the accumulated value was proportional to m. They posed the question whether batch update was possible, namely if a cryptographic accumulator where the time to update witnesses is independent from the number of changes in the accumulated set exists. Recently, Wang et al. answered positively by giving a construction for an accumulator with batch update [9, 10]. In this work, we show that the construction is not secure by exhibiting an attack. Moreover, we prove it cannot be fixed. If the accumulated value has been updated m times then the time to update a witness must be at least Ω(m) in the worst case.
منابع مشابه
Revisiting Cryptographic Accumulators, Additional Properties and Relations to Other Primitives
Cryptographic accumulators allow to accumulate a finite set of values into a single succinct accumulator. For every accumulated value, one can efficiently compute a witness, which certifies its membership in the accumulator. However, it is computationally infeasible to find a witness for any nonaccumulated value. Since their introduction, various accumulator schemes for numerous practical appli...
متن کاملCryptographic Accumulators: Definitions, Constructions and Applications
After their first appearance in the cryptographic community ten years ago, cryptographic accumulators have received a discontinuous attention from the researchers of the field. Although occasionally studied, there has been no systematic effort to organize the knowledge of the subject, abstracting away from the unnecessary details of specific proposals, so as to provide a reliable starting point...
متن کاملReal-World Performance of Cryptographic Accumulators
Cryptographic accumulators have often been proposed for use in security protocols, and the theoretical runtimes of algorithms using them have been shown to be reasonably efficient, but their performance in the real world has rarely been measured. In this paper I analyze the performance differences between two cryptographic accumulator constructions, RSA accumulators and bilinear-map accumulator...
متن کاملCryptographic Accumulators for Authenticated Hash Tables
Hash tables are fundamental data structures that optimally answer membership queries. Suppose a client stores n elements in a hash table that is outsourced at a remote server. Authenticating the hash table functionality, i.e., verifying the correctness of queries answered by the server and ensuring the integrity of the stored data, is crucial because the server, lying outside the administrative...
متن کاملDesign of cybernetic metamodel of cryptographic algorithms and ranking of its supporting components using ELECTRE III method
Nowadays, achieving desirable and stable security in networks with national and organizational scope and even in sensitive information systems, should be based on a systematic and comprehensive method and should be done step by step. Cryptography is the most important mechanism for securing information. a cryptographic system consists of three main components: cryptographic algorithms, cryptogr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009