Skip to main content
SpringerLink
Log in
Book cover

Nordic Conference on Secure IT Systems

NordSec 2016: Secure IT Systems pp 199–215Cite as

Efficient Sparse Merkle Trees

Caching Strategies and Secure (Non-)Membership Proofs

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10014))

Abstract

A sparse Merkle tree is an authenticated data structure based on a perfect Merkle tree of intractable size. It contains a distinct leaf for every possible output from a cryptographic hash function, and can be simulated efficiently because the tree is sparse (i.e., most leaves are empty). We are the first to provide complete, succinct, and recursive definitions of a sparse Merkle tree and related operations. We show that our definitions enable efficient space-time trade-offs for different caching strategies, and that verifiable audit paths can be generated to prove (non-)membership in practically constant time (<4 ms) when using SHA-512/256. This is despite a limited amount of space for the cache—smaller than the size of the underlying data structure being authenticated—and full (concrete) security in the multi-instance setting.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    This bit refers to the depth of a subtree.

  2. 2.

    The height is necessary because the base is ambiguous on left traversal, i.e., it has fixed size and is only updated by setting the appropriate bit on right traversals.

  3. 3.

    Source code available at https://github.com/pylls/gosmt (Apache 2.0).

  4. 4.

    SHA-512 truncated to 256-bit output, resulting in an SMT with \(2^{256}\) leaves [26].

  5. 5.

    The size refers to the nodes of the tree together with the children’s pointers.

References

  1. Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 379–393. Springer, Heidelberg (2001). doi:10.1007/3-540-45439-X_26

    Chapter  Google Scholar 

  2. Aragon, C.R., Seidel, R.: Randomized search trees. In: FOCS, pp. 540–545 (1989)

    Google Scholar 

  3. Bauer, M.: Proofs of zero knowledge. CoRR cs.CR/0406058 (2004)

    Google Scholar 

  4. Blelloch, G.E., Reid-Miller, M.: Fast set operations using treaps. In: SPAA, pp. 16–26 (1998)

    Google Scholar 

  5. Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. Algorithmica 12(2/3), 225–244 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  6. Chuat, L., Szalachowski, P., Perrig, A., Laurie, B., Messeri, E.: Efficient gossip protocols for verifying the consistency of certificate logs. In: CNS, pp. 415–423 (2015)

    Google Scholar 

  7. Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. In: USENIX Security Symposium, pp. 29–44 (2003)

    Google Scholar 

  8. Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: USENIX Security Symposium, pp. 317–334 (2009)

    Google Scholar 

  9. Crosby, S.A., Wallach, D.S.: Super-efficient aggregating history-independent persistent authenticated dictionaries. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 671–688. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04444-1_41

    Chapter  Google Scholar 

  10. Crosby, S.A., Wallach, D.S.: Authenticated dictionaries: real-world costs and trade-offs. ACM TISSEC 14(2), 17:1–17:30 (2011)

    Article  Google Scholar 

  11. Eckersley, P.: How secure is HTTPS today? How often is it attacked? EFF (2011). https://www.eff.org/deeplinks/2011/10/how-secure-https-today

  12. Eijdenberg, A., Laurie, B., Cutter, A.: Verifiable data structures. Google Research (2015). https://github.com/google/trillian/blob/master/docs/VerifiableDataStructures.pdf

  13. Katz, J.: Analysis of a proposed hash-based signature standard (2014). http://cvs.cs.umd.edu/~jkatz/papers/HashBasedSigs.pdf

  14. Kocher, P.C.: On certificate revocation and validation. In: Hirchfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998). doi:10.1007/BFb0055481

    Chapter  Google Scholar 

  15. Langely, A.: Enhancing digital certificate security. Google Research (2013). https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html

  16. Laurie, B.: Certificate transparency. ACM Queue 12(8), 10–19 (2014)

    Article  Google Scholar 

  17. Laurie, B., Kasper, E.: Revocation transparency. Google Research (2012). http://www.links.org/files/RevocationTransparency.pdf

  18. Laurie, B., Langley, A., Kasper, E.: Certificate transparency. RFC 6962 (2013)

    Google Scholar 

  19. Li, J., Krohn, M.N., Mazières, D., Shasha, D.: Secure untrusted data repository (SUNDR). In: OSDI, pp. 121–136 (2004)

    Google Scholar 

  20. Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383–398 (2015)

    Google Scholar 

  21. Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). doi:10.1007/3-540-48184-2_32

    Google Scholar 

  22. Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: FOCS, pp. 120–130 (1999)

    Google Scholar 

  23. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

    Google Scholar 

  24. Naor, M., Nissim, K.: Certificate revocation and certificate update. J-SAC 18(4), 561–570 (2000)

    Google Scholar 

  25. Naor, M., Teague, V.: Anti-persistence: history independent data structures. In: STOC, pp. 492–501 (2001)

    Google Scholar 

  26. NIST: FIPS PUB 180–4: Secure Hash Standard. Federal Information Processing Standards Publication 180–4, U.S. Department of Commerce (2012). http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

  27. Östersjö R.: Sparse Merkle Trees: Definitions and Space-Time Trade-Offs With Applications for Balloon. Bachelor’s Thesis, Karlstad University (2016)

    Google Scholar 

  28. Papamanthou, C., Tamassia, R., Triandopoulos, N.: Optimal verification of operations on dynamic sets. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 91–110. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_6

    Chapter  Google Scholar 

  29. Prins, R.: DigiNotar certificate authority breach—“operation black tulip". Fox-IT (2011)

    Google Scholar 

  30. Pulls, T., Peeters, R.: Balloon: a forward-secure append-only persistent authenticated data structure. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 622–641. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24177-7_31

    Chapter  Google Scholar 

  31. Pulls, T., Peeters, R.: Insynd: privacy-preserving transparency logging using balloons. In: ESORICS (2016, to appear)

    Google Scholar 

  32. Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS (2014)

    Google Scholar 

  33. Sarnak, N., Tarjan, R.E.: Planar point location using persistent search trees. Commun. ACM 29(7), 669–679 (1986)

    Article  MathSciNet  MATH  Google Scholar 

  34. Tamassia, R.: Authenticated data structures. In: Battista, G., Zwick, U. (eds.) ESA 2003. LNCS, vol. 2832, pp. 2–5. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39658-1_2

    Chapter  Google Scholar 

  35. Yu, J., Cheval, V., Ryan, M.: DTKI: a new formalized PKI with no trusted parties. CoRR abs/1408.1023 (2014)

    Google Scholar 

Download references

Acknowledgements

We would like to thank Stefan Lindskog for his valuable feedback. Rasmus Dahlberg and Tobias Pulls have received funding from the HITS research profile funded by the Swedish Knowledge Foundation.

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, Karlstad University, Karlstad, Sweden

    Rasmus Dahlberg & Tobias Pulls

  2. KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium

    Roel Peeters

Authors
  1. Rasmus Dahlberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tobias Pulls
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Roel Peeters
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rasmus Dahlberg .

Editor information

Editors and Affiliations

  1. Tampere University of Technology , Tampere, Finland

    Billy Bob Brumley

  2. Computer Science and Eng, University of Oulu, Oulu, Finland

    Juha Röning

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Dahlberg, R., Pulls, T., Peeters, R. (2016). Efficient Sparse Merkle Trees. In: Brumley, B., Röning, J. (eds) Secure IT Systems. NordSec 2016. Lecture Notes in Computer Science(), vol 10014. Springer, Cham. https://doi.org/10.1007/978-3-319-47560-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47560-8_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47559-2

  • Online ISBN: 978-3-319-47560-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation