skip to main content
research-article

Authenticated Dictionaries: Real-World Costs and Trade-Offs

Published:01 September 2011Publication History
Skip Abstract Section

Abstract

Authenticated dictionaries are a widely discussed paradigm to enable verifiable integrity for data storage on untrusted servers, such as today’s widely used “cloud computing” resources, allowing a server to provide a “proof,” typically in the form of a slice through a cryptographic data structure, that the results of any given query are the correct answer, including that the absence of a query result is correct. Persistent authenticated dictionaries (PADs) further allow queries against older versions of the structure. This research presents implementations of a variety of different PAD algorithms, some based on Merkle tree-style data structures and others based on individually signed “tuple” statements (with and without RSA accumulators). We present system throughput benchmarks, indicating costs in terms of time, storage, and bandwidth as well as considering how much money would be required given standard cloud computing costs. We conclude that Merkle tree PADs are preferable in cases with frequent updates, while tuple-based PADs are preferable with higher query rates. For Merkle tree PADs, red-black trees outperform treaps and skiplists. Applying Sarnak-Tarjan’s versioned node strategy, with a cache of old hashes at every node, to red-black trees yields the fastest Merkle tree PAD implementation, notably using half the memory of the more commonly used mutation-free path copying strategy. For tuple PADs, although we designed and implemented an algorithm using RSA accumulators that offers constant update size, constant storage per update, constant proof size, and sublinear computation per update, we found that RSA accumulators are so expensive that they are never worthwhile. We find that other optimizations in the literature for tuple PADs are more cost-effective.

References

  1. Adelson-Velskii, G. and Landis, E. M. 1962. An algorithm for the organization of information. Proc. USSR Acad. Sci. 146, 263--266.Google ScholarGoogle Scholar
  2. Anagnostopoulos, A., Goodrich, M. T., and Tamassia, R. 2001. Persistent authenticated dictionaries and their applications. In Proceedings of the International Conference on Information Security (ISC). 379--393. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Anderson, A. and Ottmann, T. 1991. Faster uniquely represented dictionaries. In Proceedings of the 32nd Annual Symposium on Foundations of Computer Science (SFCS). 642--649. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Aragon, C. R. and Seidel, R. G. 1989. Randomized search trees. In Proceedings of the 30th Annual Symposium on Foundations of Computer Science (SFCS). 540--545. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Bagwell, P. 2002. Fast functional lists, hash-lists, deques and variable length arrays. In Proceedings of the 14th International Workshop on Implementation of Functional Languages. 34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bari, N. and Pfitzmann, B. 1997. Collision-free accumulators and fail-stop signature schemes without trees. In Proceedings of EuroCrypt. 480--494. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Benaloh, J. and de Mare, M. 1993. One-way accumulators: A decentralized alternative to digital signatures. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology (EuroCrypt’93). 274--285. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Blelloch, G. E. and Reid-Miller, M. 1998. Fast set operations using treaps. In Proceedings of the 10th Annual ACM Symposium on Parallel Algorithms and Architectures (SPAA). 16--26. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Brodal, G. S. 1996. Partially persistent data structures of bounded degree with constant update time. Nordic J. Comput. 3, 3, 238--255. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Camenisch, J. and Lysyanskaya, A. 2002. Dynamic accumulators and application to efficient revocation of anonymous credentials. In Proceedings of CRYPTO’02. 61--76. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Camenisch, J., Kohlweiss, M., and Soriente, C. 2009. An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography (PKC’09). 481--500. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Cohen, B. 2003. Incentives build robustness in BitTorrent. Tech. rep., bittorrent.org.Google ScholarGoogle Scholar
  13. Crosby, S. A. and Wallach, D. S. 2009. Super-efficient aggregating history-independent persistent authenticated dictionaries. In Proceedings of ESORICS’09. 671--688. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Freudenthal, E., Herrera, D., Gutstein, S., Spring, R., and Longpre, L. 2007. Fern: An updatable authenticated dictionary suitable for distributed caching. In Computer Network Security. Communications in Computer and Information Science, vol. 1, Springer, Berlin, 141--146.Google ScholarGoogle Scholar
  15. Fu, K., Kaashoek, M. F., and Mazières, D. 2002. Fast and secure distributed read-only file system. ACM Trans. Comput. Syst. 20, 1, 1--24. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Gassend, B., Suh, G., Clarke, D., Dijk, M., and Devadas, S. 2003. Caches and hash trees for efficient memory integrity verification. In Proceedings of the 9th International Symposium on High Performance Computer Architecture (HPCA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Goodrich, M., Tamassia, R., and Schwerin, A. 2001. Implementation of an authenticated dictionary with skip lists and commutative hashing. In Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX II). 68--82.Google ScholarGoogle Scholar
  18. Goodrich, M. T., Tamassia, R., and Hasic, J. 2002. An efficient dynamic and distributed cryptographic accumulator. In Proceedings of the 5th International Conference on Information Security (ISC). 372--388. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Goodrich, M. T., Papamanthou, C., Tamassia, R., and Triandopoulos, N. 2008. Athos: Efficient authentication of outsourced file systems. In Proceedings of the 11th International Conference on Information Security (ISC). 80--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Gray, J. and Putzolu, F. 1987. The 5 minute rule for trading memory for disc accesses and the 10 byte rule for trading memory for cpu time. SIGMOD Rec. 16, 3, 395--398. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Guibas, L. J. and Sedgewick, R. 1978. A dichromatic framework for balanced trees. In Proceedings of the 19th Annual Symposium on Foundations of Computer Science (SFCS). 8--21. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Heitzmann, A., Palazzi, B., Papamanthou, C., and Tamassia, R. 2008. Efficient integrity checking of untrusted network storage. In Proceedings of the 4th ACM International Workshop on Storage Security and Survivability. 43--54. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Kaplan, H. 2001. Persistent data structures. In Handbook on Data Structures and Applications, D. Mehta and S. Sahni, Eds. CRC Press.Google ScholarGoogle Scholar
  24. Kocher, P. C. 1998. On certificate revocation and validation. In Proceedings of the International Conference on Financial Cryptography (FC’98). 172--177. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Li, J., Krohn, M., Mazières, D., and Shasha, D. 2004. Secure untrusted data repository (SUNDR). In Proceedings of the USENIX Symposium on Operating Systems Design & Implementation (OSDI). Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Li, J., Li, N., and Xue, R. 2007. Universal accumulators with efficient nonmembership proofs. In Proceedings of the 5th International Conference on Applied Cryptography and Network Security (ACNS). 253--269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Merkle, R. C. 1989. A certified digital signature. In Proceedings of CRYPTO’89. 218--238. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Micali, S. 1996. Efficient certificate revocation. Tech. rep. TM-542b, Massachusetts Institute of Technology, Cambridge, MA. http://www.ncstrl.org:8900/ncstrl/servlet/search?formname=detail\&id=oai%%3Ancstrlh%3Amitai%3AMIT-LCS%2F%2FMIT%2FLCS%2FTM-542b. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Micciancio, D. 1997. Oblivious data structures: Applications to cryptography. In Proceedings of the 29th Annual ACM Symposium on Theory of Computing (STOC). 456--464. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Muthitacharoen, A., Morris, R., Gil, T., and Chen, B. 2002. Ivy: A read/write peer-to-peer file system. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI’02). Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Naccache, D., M’Raihi, D., Vaudenay, S., and Raphaeli, D. 1994. Can DSA be improved? Complexity trade-offs with the digital signature standard. In Proceedings of EuroCrypt. 77--85.Google ScholarGoogle Scholar
  32. Naor, M. and Nissim, K. 1998. Certificate revocation and certificate update. In Proceedings of the USENIX Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Naor, M. and Teague, V. 2001. Anti-presistence: history independent data structures. In Proceedings of the 33rd Annual ACM Symposium on Theory of Computing (STOC). 492--501. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Nguyen, L. 2005. Accumulators from bilinear pairings and applications. In Proceedings of the RSA Conference (CT-RSA). Cryptographers’ Track. 275--292. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. NIST Special Publication 800-57. 2007. Recommendation for Key Management --- Part 1: General. National Institute for Standards and Technology.Google ScholarGoogle Scholar
  36. Okasaki, C. 1999. Purely Functional Data Structures. Cambridge University Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Papamanthou, C., Tamassia, R., and Triandopoulos, N. 2008. Authenticated hash tables. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’08). 437--448. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Peterson, Z. N. J., Burns, R., Ateniese, G., and Bono, S. 2007. Design and implementation of verifiable audit trails for a versioning file system. In Proceedings of the USENIX Conference on File and Storage Technologies. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Pugh, W. 1989. Skip lists: A probabilistic alternative to balanced trees. In Proceedings of the Workshop on Algorithms and Data Structures. 437--449. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Rabin, M. O. 1980. Probabilistic algorithm for testing primality. J. Numb. Theor. 12, 1, 128--138.Google ScholarGoogle ScholarCross RefCross Ref
  41. Rogers, B., Chhabra, S., Prvulovic, M., and Solihin, Y. 2007. Using address independent seed encryption and bonsai merkle trees to make secure processors os- and performance-friendly. In Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture. 183--196. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Sandler, D. R., Derr, K., and Wallach, D. S. 2008. VoteBox: A tamper-evident, verifiable electronic voting system. In Proceedings of the 17th USENIX Security Symposium (Security’08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Sarnak, N. and Tarjan, R. E. 1986. Planar point location using persistent search trees. Comm. ACM 29, 7, 669--679. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Shapiro, J. S. and Vanderburgh, J. 2002. Access and integrity control in a public-access, high-assurance configuration management system. In Proceedings of the USENIX Security Symposium. 109--120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Williams, P., Sion, R., and Shasha, D. 2009. The blind stone tablet: Outsourcing durability. In Proceedings of the 16th Annual Network and Distributed Systems Security Symposium (NDSS).Google ScholarGoogle Scholar

Index Terms

  1. Authenticated Dictionaries: Real-World Costs and Trade-Offs

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                Full Access

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!