An Oblivious Data Structure and its Applications to Cryptography

We introduce the notion of oblivious data structure, motivated by the use of data structures in cryptography. Informally, an oblivious data structure yields no knowledge about the sequence of operations that have been applied to it other than the nal result of the operations. In particular we de ne oblivious 2-3 trees and update algorithms to insert and delete sequences of contiguous leaves, in such a way that the only information conveyed by an oblivious 2-3 tree is the set of values stored at its leaves. This property is achieved through the use of randomization by the update algorithms. We use oblivious 2-3 trees to solve the open problem of \private" incremental digital signatures raised by Bellare, Goldreich and Goldwasser (1995). A digital signature system is incremental if a document for which a digital signature has been produced can be edited and its digital signature can be e ciently updated to re ect the changes in the document. An incremental signature system is private if the digital signature produced by the system for the nal version of a document that has undergone a sequence of edit operations, does not yield any information on intermediate versions of the document.