Secure Accumulators from Euclidean Rings without Trusted Setup

Cryptographic accumulators are well-known to be useful in many situations. However, the most efficient accumulator (the RSA accumulator) it is not secure against a certificate authority who has herself selected the RSA modulus n. We generalize previous work and define the root accumulator in modules over Euclidean rings. We prove that the root accumulator is secure under two different pairs of assumptions on the module family and on the used hash function. Finally, we propose a new instantiation of the root accumulator, based on class groups of imaginary quadratic order, that combines the best properties of previous solutions. It has short (non)membership proofs like the RSA accumulator, and at the same time it is secure against a malicious certificate authority. Up to this point, this seems to be the only unique application of class groups of imaginary quadratic orders, and we hope that this paper will motivate more research on cryptography in the said groups.