Abstract
Cryptographic accumulators are a tool for compact set representation and secure set membership proofs. When an element is added to a set by means of an accumulator, a membership witness is generated. This witness can later be used to prove the membership of the element. Typically, the membership witness has to be synchronized with the accumulator value: it has to be updated every time another element is added to the accumulator, and it cannot be used with outdated accumulator values. However, in many distributed applications (such as blockchain-based public key infrastructures), requiring strict synchronization is prohibitive. We define low update frequency, which means that a witness only needs to be updated a small number of times, and old-accumulator compatibility, which means that a witness can be used with outdated accumulator values. Finally, we propose an accumulator that achieves both of those properties.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The question of whether accumulators updates can be batched, as in our scheme, was first posed by Fazio and Nicolosi [12] in the context of dynamic accumulators, which support deletions. It was answered in the negative by Camacho [6], but only in the context of deletions, and only in the centralized case (when all witnesses are updated by the same entity).
- 2.
Note that we do not address public key updates; see Yakoubov et al. [22] for a discussion of such updates.
- 3.
There also exist universal accumulators [14] which additionally support proofs of non-membership; however, we only consider proofs of membership in this paper.
- 4.
Note that this does not compromise the soundness property of the accumulator, because if \(x\) was not a member of the accumulator at \(t_{a}\), \(w_{t}^{x}\) does not verify with \(a_{t_{a}}\).
References
Au, M.H., Tsang, P.P., Susilo, W., Mu, Y.: Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 295–308. Springer, Heidelberg (2009)
Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)
Benaloh, J.C., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)
Buldas, A., Laud, P., Lipmaa, H.: Accountable certificate management using undeniable attestations. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, CCS 2000, pp. 9–17. ACM, New York (2000)
Buldas, A., Laud, P., Lipmaa, H.: Eliminating counterevidence with applications to accountable certificate management. J. Comput. Secur. 10(3), 273–296 (2002)
Camacho, P.: On the impossibility of batch update for cryptographic accumulators. Cryptology ePrint Archive, Report 2009/612 (2009)
Camacho, P., Hevia, A., Kiwi, M., Opazo, R.: Strong accumulators from collision-resistant hashing. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 471–486. Springer, Heidelberg (2008)
Camenisch, J.L., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)
Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 317–334. USENIX Association, Berkeley (2009)
Damgrd, I., Triandopoulos, N.: Supporting non-membership proofs with bilinear-map accumulators. Cryptology ePrint Archive, Report 2008/538 (2008)
Derler, D., Hanser, C., Slamanig, D.: Revisiting cryptographic accumulators, additional properties and relations to other primitives. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 127–144. Springer, Heidelberg (2015)
Fazio, N., Nicolosi, A.: Cryptographic accumulators: definitions, constructions and applications (2003)
Garman, C., Green, M., Miers, I.: Decentralized anonymous credentials. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014
Li, J., Li, N., Xue, R.: Universal accumulators with efficient nonmembership proofs. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 253–269. Springer, Heidelberg (2007)
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Namecoin. https://www.namecoin.org/
Nguyen, L.: Accumulators from bilinear pairings and applications. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 275–292. Springer, Heidelberg (2005)
Reyzin, L., Yakoubov, S.: Efficient asynchronous accumulators for distributed PKI. Cryptology ePrint Archive, Report 2015/718 (2015). http://eprint.iacr.org/
Sander, T.: Efficient accumulators without trapdoor extended abstract. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 252–262. Springer, Heidelberg (1999)
Slepak, G.: Dnschain + okturtles (2013). http://okturtles.com/other/dnschain_okturtles_overview.pdf
Yakoubov, S., Fromknecht, C., Velicanu, D.: Certcoin: a namecoin based decentralized authentication system (2014)
Acknowledgements
This research is supported, in part, by US NSF grants CNS-1012910, CNS-1012798, and CNS-1422965. Leonid Reyzin gratefully acknowledges the hospitality of IST Austria and École normale supérieure, where part of this work was performed.
The authors would like to thank Dimitris Papadopoulos and Foteini Baldimtsi for their insightful feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Element Addition
A Element Addition
In Figs. 5 and 6, we illustrate a single element addition. Element \(x_{t+1}\) is being added to the accumulator. The depth 0 and depth 1 Merkle trees are both present in the accumulator, so two “carries” occur before \(x_{t+1}\) is successfully added into the Merkle tree of depth 2.
An illustration of an addition operation in our accumulator - part 1.
An illustration of an addition operation in our accumulator - part 2.
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Reyzin, L., Yakoubov, S. (2016). Efficient Asynchronous Accumulators for Distributed PKI. In: Zikas, V., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2016. Lecture Notes in Computer Science(), vol 9841. Springer, Cham. https://doi.org/10.1007/978-3-319-44618-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-44618-9_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44617-2
Online ISBN: 978-3-319-44618-9
eBook Packages: Computer ScienceComputer Science (R0)