On Fast Verification of Hash Chains

  • Dae Hyun Yum
  • Jin Seok Kim
  • Pil Joong Lee
  • Sung Je Hong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5985)


A hash chain H for a hash function hash(·) is a sequence of hash values 〈x n , x n − 1,..., x 0 〉, where x 0 is a secret value, x i is generated by x i  = hash(x i − 1) for 1 ≤ i ≤ n, and x n is a public value. Hash values of H are disclosed gradually from x n − 1 to x 0. The correctness of a disclosed hash value x i can be verified by checking the equation \(x_n \stackrel{?}{=} {\mathsf{hash}}^{n-i}(x_i)\). To speed up the verification, Fischlin introduced a check-bit scheme at CT-RSA 2004. The basic idea of the check-bit scheme is to output some extra information cb, called a check-bit vector, in addition to the public value x n , which allows each verifier to perform only a fraction of the original work according to his or her own security level. We revisit the Fischlin’s check-bit scheme and show that the length of the check-bit vector cb can be reduced nearly by half. The reduced length of cb is close to the theoretic lower bound.


Hash chain progressive verification check-bit scheme 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.J., Manifavas, C., Sutherland, C.: Netcard - a practical electronic-cash system. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 49–57. Springer, Heidelberg (1997)Google Scholar
  2. 2.
    Rivest, R.L., Shamir, A.: Payword and micromint: Two simple micropayment schemes. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 69–87. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Haller, N.: The s/key one-time password system. RFC 1760, Internet Engineering Task Force (1995)Google Scholar
  4. 4.
    Perrig, A., Canetti, R., Song, D.X., Tygar, J.D.: Efficient and secure source authentication for multicast. In: NDSS 2001, The Internet Society (2001)Google Scholar
  5. 5.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.X.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73. IEEE Computer Society, Los Alamitos (2000)Google Scholar
  6. 6.
    Hu, Y.C., Perrig, A., Johnson, D.B.: Ariadne: A secure on-demand routing protocol for ad hoc networks. Wireless Networks 11(1-2), 21–38 (2005)CrossRefGoogle Scholar
  7. 7.
    Stubblebine, S.G., Syverson, P.F.: Fair on-line auctions without special trusted parties. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 230–240. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Coppersmith, D., Jakobsson, M.: Almost optimal hash sequence traversal. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 102–119. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Jakobsson, M.: Fractal hash sequence representation and traversal. In: IEEE International Symposium on Information Theory, pp. 437–444. IEEE, Los Alamitos (2002)Google Scholar
  10. 10.
    Kim, S.R.: Improved scalable hash chain traversal. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 86–95. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Sella, Y.: On the computation-storage trade-offs of hash chain traversal. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 270–285. Springer, Heidelberg (2003)Google Scholar
  12. 12.
    Yum, D.H., Seo, J.W., Eom, S., Lee, P.J.: Single-layer fractal hash chain traversal with almost optimal complexity. In: Fischlin, M. (ed.) Topics in Cryptology – CT-RSA 2009. LNCS, vol. 5473, pp. 325–339. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Fischlin, M.: Fast verification of hash chains. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 339–352. Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Fischlin, M.: Progressive verification: The case of message authentication. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 416–429. Springer, Heidelberg (2003)Google Scholar
  15. 15.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Dae Hyun Yum
    • 1
  • Jin Seok Kim
    • 2
  • Pil Joong Lee
    • 1
  • Sung Je Hong
    • 2
  1. 1.Information Security Lab, POSTECHRepublic of Korea
  2. 2.High Performance Computing Lab, POSTECHRepublic of Korea

Personalised recommendations