Abstract
A sparse Merkle tree is an authenticated data structure based on a perfect Merkle tree of intractable size. It contains a distinct leaf for every possible output from a cryptographic hash function, and can be simulated efficiently because the tree is sparse (i.e., most leaves are empty). We are the first to provide complete, succinct, and recursive definitions of a sparse Merkle tree and related operations. We show that our definitions enable efficient space-time trade-offs for different caching strategies, and that verifiable audit paths can be generated to prove (non-)membership in practically constant time (<4 ms) when using SHA-512/256. This is despite a limited amount of space for the cache—smaller than the size of the underlying data structure being authenticated—and full (concrete) security in the multi-instance setting.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
This bit refers to the depth of a subtree.
- 2.
The height is necessary because the base is ambiguous on left traversal, i.e., it has fixed size and is only updated by setting the appropriate bit on right traversals.
- 3.
Source code available at https://github.com/pylls/gosmt (Apache 2.0).
- 4.
SHA-512 truncated to 256-bit output, resulting in an SMT with \(2^{256}\) leaves [26].
- 5.
The size refers to the nodes of the tree together with the children’s pointers.
References
Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 379–393. Springer, Heidelberg (2001). doi:10.1007/3-540-45439-X_26
Aragon, C.R., Seidel, R.: Randomized search trees. In: FOCS, pp. 540–545 (1989)
Bauer, M.: Proofs of zero knowledge. CoRR cs.CR/0406058 (2004)
Blelloch, G.E., Reid-Miller, M.: Fast set operations using treaps. In: SPAA, pp. 16–26 (1998)
Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. Algorithmica 12(2/3), 225–244 (1994)
Chuat, L., Szalachowski, P., Perrig, A., Laurie, B., Messeri, E.: Efficient gossip protocols for verifying the consistency of certificate logs. In: CNS, pp. 415–423 (2015)
Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. In: USENIX Security Symposium, pp. 29–44 (2003)
Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: USENIX Security Symposium, pp. 317–334 (2009)
Crosby, S.A., Wallach, D.S.: Super-efficient aggregating history-independent persistent authenticated dictionaries. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 671–688. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04444-1_41
Crosby, S.A., Wallach, D.S.: Authenticated dictionaries: real-world costs and trade-offs. ACM TISSEC 14(2), 17:1–17:30 (2011)
Eckersley, P.: How secure is HTTPS today? How often is it attacked? EFF (2011). https://www.eff.org/deeplinks/2011/10/how-secure-https-today
Eijdenberg, A., Laurie, B., Cutter, A.: Verifiable data structures. Google Research (2015). https://github.com/google/trillian/blob/master/docs/VerifiableDataStructures.pdf
Katz, J.: Analysis of a proposed hash-based signature standard (2014). http://cvs.cs.umd.edu/~jkatz/papers/HashBasedSigs.pdf
Kocher, P.C.: On certificate revocation and validation. In: Hirchfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998). doi:10.1007/BFb0055481
Langely, A.: Enhancing digital certificate security. Google Research (2013). https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html
Laurie, B.: Certificate transparency. ACM Queue 12(8), 10–19 (2014)
Laurie, B., Kasper, E.: Revocation transparency. Google Research (2012). http://www.links.org/files/RevocationTransparency.pdf
Laurie, B., Langley, A., Kasper, E.: Certificate transparency. RFC 6962 (2013)
Li, J., Krohn, M.N., Mazières, D., Shasha, D.: Secure untrusted data repository (SUNDR). In: OSDI, pp. 121–136 (2004)
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383–398 (2015)
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). doi:10.1007/3-540-48184-2_32
Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: FOCS, pp. 120–130 (1999)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Naor, M., Nissim, K.: Certificate revocation and certificate update. J-SAC 18(4), 561–570 (2000)
Naor, M., Teague, V.: Anti-persistence: history independent data structures. In: STOC, pp. 492–501 (2001)
NIST: FIPS PUB 180–4: Secure Hash Standard. Federal Information Processing Standards Publication 180–4, U.S. Department of Commerce (2012). http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
Östersjö R.: Sparse Merkle Trees: Definitions and Space-Time Trade-Offs With Applications for Balloon. Bachelor’s Thesis, Karlstad University (2016)
Papamanthou, C., Tamassia, R., Triandopoulos, N.: Optimal verification of operations on dynamic sets. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 91–110. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_6
Prins, R.: DigiNotar certificate authority breach—“operation black tulip". Fox-IT (2011)
Pulls, T., Peeters, R.: Balloon: a forward-secure append-only persistent authenticated data structure. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 622–641. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24177-7_31
Pulls, T., Peeters, R.: Insynd: privacy-preserving transparency logging using balloons. In: ESORICS (2016, to appear)
Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS (2014)
Sarnak, N., Tarjan, R.E.: Planar point location using persistent search trees. Commun. ACM 29(7), 669–679 (1986)
Tamassia, R.: Authenticated data structures. In: Battista, G., Zwick, U. (eds.) ESA 2003. LNCS, vol. 2832, pp. 2–5. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39658-1_2
Yu, J., Cheval, V., Ryan, M.: DTKI: a new formalized PKI with no trusted parties. CoRR abs/1408.1023 (2014)
Acknowledgements
We would like to thank Stefan Lindskog for his valuable feedback. Rasmus Dahlberg and Tobias Pulls have received funding from the HITS research profile funded by the Swedish Knowledge Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Dahlberg, R., Pulls, T., Peeters, R. (2016). Efficient Sparse Merkle Trees. In: Brumley, B., Röning, J. (eds) Secure IT Systems. NordSec 2016. Lecture Notes in Computer Science(), vol 10014. Springer, Cham. https://doi.org/10.1007/978-3-319-47560-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-47560-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47559-2
Online ISBN: 978-3-319-47560-8
eBook Packages: Computer ScienceComputer Science (R0)