Streaming Authenticated Data Structures

Papamanthou, Charalampos; Shi, Elaine; Tamassia, Roberto; Yi, Ke

doi:10.1007/978-3-642-38348-9_22

Cited by 68 publications

(58 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The reason for that is that our homomorphic checksum construction is designed for performance. In comparison, publicly verifiable homomorphic checksums (e.g., lattice-based ones [19] or RSA-based ones [5]) are not as efficient practice.…”

Section: Intuitionmentioning

confidence: 99%

Practical dynamic proofs of retrievability

Shi

Stefanov

Papamanthou

2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

Self Cite

152

135

View full text Add to dashboard Cite

Proofs of Retrievability (PoR), proposed by Juels and Kaliski in 2007, enable a client to store n file blocks with a cloud server so that later the server can prove possession of all the data in a very efficient manner (i.e., with constant computation and bandwidth). Although many efficient PoR schemes for static data have been constructed, only two dynamic PoR schemes exist. The scheme by Stefanov et al. (ACSAC 2012) uses a large of amount of client storage and has a large audit cost. The scheme by Cash et al. (EUROCRYPT 2013) is mostly of theoretical interest, as it employs Oblivious RAM (ORAM) as a black box, leading to increased practical overhead (e.g., it requires about 300 times more bandwidth than our construction).We propose a dynamic PoR scheme with constant client storage whose bandwidth cost is comparable to a Merkle hash tree, thus being very practical. Our construction outperforms the constructions of Stefanov et al. and Cash et al., both in theory and in practice. Specifically, for n outsourced blocks of β bits each, writing a block requires β + O(λ log n) bandwidth and O(β log n) server computation (λ is the security parameter). Audits are also very efficient, requiring β + O(λ 2 log n) bandwidth. We also show how to make our scheme publicly verifiable, providing the first dynamic PoR scheme with such a property. We finally provide a very efficient implementation of our scheme.

show abstract

Section: Intuitionmentioning

confidence: 99%

Practical dynamic proofs of retrievability

Shi

Stefanov

Papamanthou

2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

Self Cite

152

135

View full text Add to dashboard Cite

show abstract

“…We note that range query is not to be confused with range proof [8] where the goal is to prove that the committed value lies in a specified integer range without revealing it. Authenticated data structures (ADS) [14,21,35,36,38,42] are often set in the three party model with a trusted owner, a trusted client and a malicious server; the owner outsources the data to the server and later the client interacts with the server to run queries on the data. The security requirement of such constructions is data authenticity for the client against the server.…”

Section: Related Workmentioning

confidence: 99%

Efficient Verifiable Range and Closest Point Queries in Zero-Knowledge

Ghosh

Ohrimenko

Tamassia

2016

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

Abstract:We present an efficient method for answering one-dimensional range and closest-point queries in a verifiable and privacy-preserving manner. We consider a model where a data owner outsources a dataset of keyvalue pairs to a server, who answers range and closestpoint queries issued by a client and provides proofs of the answers. The client verifies the correctness of the answers while learning nothing about the dataset besides the answers to the current and previous queries. Our work yields for the first time a zero-knowledge privacy assurance to authenticated range and closest-point queries. Previous work leaked the size of the dataset and used an inefficient proof protocol. Our construction is based on hierarchical identity-based encryption. We prove its security and analyze its efficiency both theoretically and with experiments on synthetic and real data (Enron email and Boston taxi datasets).

show abstract

“…As shown in [52], these bounds are optimal for hash-based methods. Variations of this approach and extensions to other types of queries have also been investigated (e.g., [9,13,21,25,28,42,53]). Solutions for authenticated membership queries using one-way accumulators were introduced by Benaloh and de Mare [5].…”

Section: Related Workmentioning

confidence: 99%

“…Developing secure protocols for hash tables that authenticate (non-)membership queries in constant time has been a long-standing open problem [36]. Using collisionresistant hashing and Merkle's tree construction [33] to produce the set digest, (non-)membership queries in sets can be authenticated with logarithmic costs (e.g., [6,23,36,42,43,53]). One can achieve complexities better than logarithmic by using alternative cryptographic primitives.…”

Section: Introductionmentioning

confidence: 99%

Authenticated Hash Tables Based on Cryptographic Accumulators

2015

Self Cite

View full text Add to dashboard Cite

Suppose a client stores n elements in a hash table that is outsourced to an untrusted server. We address the problem of authenticating the hash table operations, where the goal is to design protocols capable of verifying the correctness of queries and updates performed by the server, thus ensuring the integrity of the remotely stored data across its entire update history. Solutions to this authentication problem allow the client to gain trust in the operations performed by a faulty or even malicious server that lies outside the administrative control of the client. We present two novel schemes that implement an authenticated hash table. An authenticated hash table exports the basic hash-table functionality for maintaining a dynamic set of elements, A preliminary version of this paper [44] was presented at the 15th 123 Algorithmica coupled with the ability to provide short cryptographic proofs that a given element is a member or not of the current set. By employing efficient algorithmic constructs and cryptographic accumulators as the core security primitive, our schemes provide constant proof size, constant verification time and sublinear query or update time, strictly improving upon previous approaches. Specifically, in our first scheme which is based on the RSA accumulator, the server is able to construct a (non-)membership proof in constant time and perform updates in O (n log n) time for any fixed constant 0 < < 1. A variation of this scheme achieves a different trade-off, offering constant update time and O(n ) query time. Our second scheme uses an accumulator based on bilinear pairings to achieve O(n ) update time at the server while keeping all other complexities constant. A variation of this scheme achieves O(n log n) time for queries and constant update time. An experimental evaluation of both solutions shows their practicality.

show abstract

Streaming Authenticated Data Structures

Cited by 68 publications

References 43 publications

Practical dynamic proofs of retrievability

Practical dynamic proofs of retrievability

Efficient Verifiable Range and Closest Point Queries in Zero-Knowledge

Authenticated Hash Tables Based on Cryptographic Accumulators

Contact Info

Product

Resources

About