## Computational bounds on hierarchical data processing with applications to information security (2005)

### Cached

### Download Links

- [www.cs.bu.edu]
- [cs.brown.edu]
- [www.cs.brown.edu]
- [www.cs.brown.edu]
- [cs.brown.edu]
- [www.cs.brown.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | In Proc. Int. Colloquium on Automata, Languages and Programming (ICALP), volume 3580 of LNCS |

Citations: | 18 - 11 self |

### BibTeX

@INPROCEEDINGS{Tamassia05computationalbounds,

author = {Roberto Tamassia and Nikos Triandopoulos},

title = {Computational bounds on hierarchical data processing with applications to information security},

booktitle = {In Proc. Int. Colloquium on Automata, Languages and Programming (ICALP), volume 3580 of LNCS},

year = {2005},

pages = {153--165},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Motivated by the study of algorithmic problems in the domain of information security, in this paper, we study the complexity of a new class of computations over a collection of values associated with a set of n elements. We introduce hierarchical data processing (HDP) problems which involve the computation of a collection of output values from an input set of n elements, where the entire computation is fully described by a directed acyclic graph (DAG). That is, individual computations are performed and intermediate values are processed according to the hierarchy induced by the DAG. We present an Ω(log n) lower bound on various computational cost measures for HDP problems. Essential in our study is an analogy that we draw between the complexities of any HDP problem of size n and searching by comparison in an order set of n elements, which shows an interesting connection between the two problems. In view of the logarithmic lower bounds, we also develop a new randomized DAG scheme for HDP problems that provides close to optimal performance and achieves cost measures with constant factors of the (logarithmic) leading asymptotic term that are close to optimal. Our lower bounds are general, apply to all HDP problems and, along with our new DAG construction, they provide an interesting –as well as useful in the area of algorithm analysis – theoretical framework. We apply our results to two information security problems, data authentication through cryptographic hashing and multicast key distribution using key-graphs and get a unified analysis and treatment for these problems. We show that both problems involve HDP and prove logarithmic lower bounds on their computational and communication costs. In particular, using our new DAG scheme, we present a new efficient authenticated dictionary with improved authentication overhead over previously known schemes. Moreover, through the relation between HDP and searching by comparison, we present a new skip-list version where the expected number of comparisons in a search is 1.25log 2 n + O(1). 1

### Citations

2303 |
The art of computer programming
- Knuth
- 1969
(Show Context)
Citation Context ...n) update, query and sibling costs. Proof. It follows from Lemma 2 and the well-known Ω(log n) lower bound on searching for an element in an ordered sequence in the comparison model (see for instance =-=[22]-=-). Namely, this fundamental result states that any algorithm for finding an element x in a list of n entries, by comparing x to list entries, must perform at least ⌊log n⌋ + 1 comparisons for some inp... |

1909 | Randomized Algorithms
- Motwani, Raghavan
- 1995
(Show Context)
Citation Context ... the search procedures. We note that also in the regular skip-list any search corresponds to a path in a search tree. This tree-like interpretation of skip-lists is known in the literature (e.g., see =-=[27]-=-). Our result provides a new tree-like interpretation of skip-list with closer to optimal search performance. In particular, with respect to the expected number of comparison in a search, the multi-wa... |

461 |
Algorithms in C
- SEDGEWICK
- 1992
(Show Context)
Citation Context ...arameters. Table 1 summarizes the comparison results. For red-black trees, expectation corresponds to the 21saverage search path, which has size c log n for a constant c which is very close to 1 (see =-=[35]-=-), whereas for skip-lists it corresponds to the random skip-list structure. To simplify the comparison, we choose parameter p = 1 2 for the two skip-lists. The multi-way skip-list DAG has better perfo... |

456 | Secure group communications using key graphs
- Wong, Gouda, et al.
- 2002
(Show Context)
Citation Context ...tational time spent for key encryptions and decryptions. Previous Work. Many schemes have been developed for multicast key distribution. We focus on the widely studied key-graph scheme, introduced in =-=[39, 40]-=-, where constructions are presented for key-graphs realized by balanced binary trees such that O(log n) messages are transmitted after an update, where n is the current number of users. Further work h... |

403 |
Non-interactive and informationtheoretic secure verifiable secret sharing
- Pedersen
- 1992
(Show Context)
Citation Context ...sion resistant function. For instance, for hash functions based on block ciphers or on algebraic structures and modular arithmetic (e.g. based on discrete logarithm using Pedersen’s commitment scheme =-=[30]-=-) or custom designed hash function (e.g, SHA-1). Multivariate Hash Functions Let h(x) be a hash function. In order to realize a hashing scheme, we extend h to a multivariate function using string conc... |

348 |
A certi digital signature
- Merkle
- 1990
(Show Context)
Citation Context ...ated by the certificate revocation problem in public key infrastructure and focused on authenticated dictionaries, on which membership queries are performed. The hash tree scheme introduced by Merkle =-=[30, 31]-=- can be used to implement a static authenticated dictionary. A hash tree T for a set S stores cryptographic hashes of the elements of S at the leaves of T and a value at each internal node, which is t... |

334 | Skip lists: a probabilistic alternative to balanced trees
- Pugh
- 1990
(Show Context)
Citation Context ...olds also for protocols that use pseudorandom generators or multiple encryption, as in the model studied in [26]. These results are described in Section 5. 1.4 Skip-Lists The skip-list, introduced in =-=[32, 33]-=-, is an efficient randomized data structure for dictionaries. It is well known that skip-lists correspond to some tree (search) structure, so they constitute an optimal DAG structure for HDP problems.... |

305 |
Protocols for Public Key Cryptosystems
- Merkle
- 1980
(Show Context)
Citation Context ...ated by the certificate revocation problem in public key infrastructure and focused on authenticated dictionaries, on which membership queries are performed. The hash tree scheme introduced by Merkle =-=[30, 31]-=- can be used to implement a static authenticated dictionary. A hash tree T for a set S stores cryptographic hashes of the elements of S at the leaves of T and a value at each internal node, which is t... |

261 | Broadcast Encryption
- Naor, Fiat
- 1994
(Show Context)
Citation Context ...where the number of messages are decreased from 2 log n to log n. Work on issues related to a broader scope of the problem has as follows. Broadcast/multicast encryption was first formally studied in =-=[12]-=-, for the model where all the device keys are dynamic. Generalizations include the use of boolean function minimization techniques in [8] where the number of keys stored at the controller is reduced f... |

206 | Multicast security: A taxonomy and some efficient constructions
- Canetti, Garay, et al.
- 1999
(Show Context)
Citation Context ...seudorandom generator to extract (in a one-way fashion) two new keys from one key and one can perform multiple nested key encryptions. Pseudorandom generators for this problem were first described in =-=[6]-=-, where the number of messages are decreased from 2 log n to log n. Work on issues related to a broader scope of the problem has as follows. Broadcast/multicast encryption was first formally studied i... |

185 | Key establishment in large dynamic groups using one-way function trees
- McGrew, Sherman
- 1998
(Show Context)
Citation Context ...ons to any subset of the group is studied, where the size of the subset is a factor of the running time. Other security aspects of the problem appears in [6, 7, 35, 37, 9]. Multigroups are studied in =-=[12, 29, 24, 40, 16]-=-. Our Results. We show that the multicast key distribution problem using key-graphs is a hierarchical data processing problem. Applying our results from Sections 2 and 3 to this domain: (i) we perform... |

174 | Dynamic accumulators and application to efficient revocation of anonymous credentials
- Camenisch, Lysyanskaya
- 2002
(Show Context)
Citation Context ...stigated in [41]. Prooflets, a scalable architecture for authenticating web content based on authenticated dictionaries, are introduced in [47]. Work related to authenticated data structures includes =-=[5, 10, 15, 25, 26]-=-. Related to ADSs is also recent work on consistency proofs [32, 38] that model data authentication in a more adversarial environment, where the data source is not considered trusted per-se, but they ... |

148 | Certificate Revocation and Certificate Update
- Naor, Nissim
- 1998
(Show Context)
Citation Context ... hash tree uses linear space and has 4sO(log n) proof size, query time and verification time. A dynamic authenticated dictionary based on hash trees that achieves O(log n) update time is described in =-=[28]-=-. A dynamic authenticated dictionary that uses a hierarchical hashing technique over skip-lists is presented in [13]. This data structure also achieves O(log n) proof size, query time, update time and... |

142 | Randomized search trees
- Aragon, Seidel
- 1989
(Show Context)
Citation Context ... search drops from 1.5 to 1.25. Interestingly, multi-way skip-lists have a more explicit tree structure than standard skip-lists, thus in fact, they constitute a new randomized search tree (see, e.g.,=-=[2, 28]-=-). 3.5 Comparison with other Schemes Figure 3: The DAG scheme ∆ that corresponds to an improved version (with respect to the number of comparisons) of standard skip list [43]. We now compare our multi... |

90 |
On Certificate Revocation and Validation
- Kocher
- 1998
(Show Context)
Citation Context ...lists is presented in [17]. This data structure also achieves O(log n) proof size, query time, update time and verification time. Other schemes based on variations of hash trees have been proposed in =-=[4, 13, 23]-=-. The software architecture and implementation of an authenticated dictionary based on skip-lists is presented in [19]. An alternative approach to the design of authenticated dictionary, based on the ... |

80 | Authentic third-party data publication
- Devanbu, Gertz, et al.
- 2000
(Show Context)
Citation Context ...re the user can issue historical queries of the type “was element e in set S at time t”. A first step towards the design of more general authenticated data structures (beyond dictionaries) is made in =-=[11]-=- with the authentication of relational database operations and multidimensional orthogonal range queries. In [27], a general method for designing authenticated data structures using hierarchical hashi... |

76 | Key Management for Secure Internet Multicast using Boolean Function Minimization Techniques
- Chang, Engel, et al.
- 1999
(Show Context)
Citation Context ... Broadcast/multicast encryption was first formally studied in [12], for the model where all the device keys are dynamic. Generalizations include the use of boolean function minimization techniques in =-=[8]-=- where the number of keys stored at the controller is reduced from O(n) to O(log n). In [3] binary hash trees are used to enhance security without deteriorating efficiency and various cases of multica... |

70 | Implementation of an authenticated dictionary with skip lists and commutative hashing
- Goodrich
- 2001
(Show Context)
Citation Context ...ime. Other schemes based on variations of hash trees have been proposed in [4, 13, 23]. The software architecture and implementation of an authenticated dictionary based on skip-lists is presented in =-=[19]-=-. An alternative approach to the design of authenticated dictionary, based on the RSA accumulator, is presented in [18]. This technique achieves constant proof size and verification time and provides ... |

62 | Flexible authentication of XML documents
- Devanbu, Gertz, et al.
(Show Context)
Citation Context ...stigated in [41]. Prooflets, a scalable architecture for authenticating web content based on authenticated dictionaries, are introduced in [47]. Work related to authenticated data structures includes =-=[5, 10, 15, 25, 26]-=-. Related to ADSs is also recent work on consistency proofs [32, 38] that model data authentication in a more adversarial environment, where the data source is not considered trusted per-se, but they ... |

61 | Secure history preservation through timeline entanglement
- Maniatis, Baker
- 2002
(Show Context)
Citation Context ...stigated in [41]. Prooflets, a scalable architecture for authenticating web content based on authenticated dictionaries, are introduced in [47]. Work related to authenticated data structures includes =-=[5, 10, 15, 25, 26]-=-. Related to ADSs is also recent work on consistency proofs [32, 38] that model data authentication in a more adversarial environment, where the data source is not considered trusted per-se, but they ... |

60 |
Lists: A Probabilistic Alternative to Balanced Trees
- Skip
(Show Context)
Citation Context ...olds also for protocols that use pseudorandom generators or multiple encryption, as in the model studied in [26]. These results are described in Section 5. 1.4 Skip-Lists The skip-list, introduced in =-=[32, 33]-=-, is an efficient randomized data structure for dictionaries. It is well known that skip-lists correspond to some tree (search) structure, so they constitute an optimal DAG structure for HDP problems.... |

57 | Persistent authenticated dictionaries and their applications
- Anagnostopoulos, Goodrich, et al.
- 2001
(Show Context)
Citation Context ...[18]. This technique achieves constant proof size and verification time and provides a tradeoff between the query and update times. For example, one can achieve O( √ n) query time and update time. In =-=[1]-=-, the notion of a persistent authenticated dictionary, is introduced, where the user can issue historical queries of the type “was element e in set S at time t”. A first step towards the design of mor... |

51 | Authentic Data Publication over the Internet
- Devanbu, Gertz, et al.
- 2000
(Show Context)
Citation Context ...ionary is introduced, where the user can issue historical queries of the type “was element e in set S at time t”. A first step towards the design of more general ADSs (beyond dictionaries) is made in =-=[8]-=- with the authentication of relational database operations and multidimensional orthogonal range queries. In [22], a general method for designing ADSs using hierarchical hashing over a search graph is... |

50 | A general model for authenticated data structures
- Martel, Nuckolls, et al.
- 2004
(Show Context)
Citation Context .... A first step towards the design of more general ADSs (beyond dictionaries) is made in [8] with the authentication of relational database operations and multidimensional orthogonal range queries. In =-=[22]-=-, a general method for designing ADSs using hierarchical hashing over a search graph is presented. This technique is applied to the design of static ADSs for pattern matching in tries and for orthogon... |

48 | Zero-knowledge sets
- Micali, Rabin, et al.
- 2003
(Show Context)
Citation Context ...tent based on authenticated dictionaries, are introduced in [47]. Work related to authenticated data structures includes [5, 10, 15, 25, 26]. Related to ADSs is also recent work on consistency proofs =-=[32, 38]-=- that model data authentication in a more adversarial environment, where the data source is not considered trusted per-se, but they use significantly more computational resources than ADSs. No previou... |

46 | Authenticated data structures for graph and geometric searching
- Goodrich, Tamassia, et al.
- 2003
(Show Context)
Citation Context ...variety of fundamental search problems on graphs (e.g., path queries and biconnectivity queries) and geometric objects (e.g., point location queries and segment intersection queries) are presented in =-=[20]-=-. This paper also provides a general technique for authenticating data structures that follow the fractional cascading paradigm. A distributed system realizing an authenticated dictionary, is describe... |

41 | A lower bound for multicast key distribution
- Snocyink, Suri, et al.
- 2001
(Show Context)
Citation Context ...rst lower bounds are given for a restricted class of key distribution protocols, where group members have limited memory or the key distribution scheme has a certain structure-preserving property. In =-=[37]-=-, an amortized logarithmic lower bound is presented on the number of messages needed after an update. The authors prove the existence of a series of 2n update operations that cause the transmission of... |

40 | An efficient dynamic and distributed cryptographic accumulator
- Goodrich, Tamassia, et al.
- 2002
(Show Context)
Citation Context ...mplementation of an authenticated dictionary based on skip-lists is presented in [19]. An alternative approach to the design of authenticated dictionary, based on the RSA accumulator, is presented in =-=[18]-=-. This technique achieves constant proof size and verification time and provides a tradeoff between the query and update times. For example, one can achieve O( √ n) query time and update time. In [1],... |

39 | Accountable certificate management using undeniable attestations
- Buldas, Laud, et al.
(Show Context)
Citation Context ...lists is presented in [17]. This data structure also achieves O(log n) proof size, query time, update time and verification time. Other schemes based on variations of hash trees have been proposed in =-=[4, 13, 23]-=-. The software architecture and implementation of an authenticated dictionary based on skip-lists is presented in [19]. An alternative approach to the design of authenticated dictionary, based on the ... |

36 | Efficient tree-based revocation in groups of lowstate devices
- Goodrich, Sun, et al.
(Show Context)
Citation Context ...after an update, where n is the current number of users. Further work has been done on key-graphs based on specific classes of binary trees, such as AVL trees, 2-3 trees and dynamic trees. See, e.g., =-=[21, 16, 44]-=-. In [7], the first lower bounds are given for a restricted class of key distribution protocols, where group members have limited memory or the key distribution scheme has a certain structure-preservi... |

34 | Enabling the archival storage of signed documents
- Maniatis, Baker
- 2002
(Show Context)
Citation Context |

32 |
Cryptography: Theory and Practice, Second Edition
- Stinson
- 2002
(Show Context)
Citation Context ... that collisions (i.e., distinct inputs that hash to same value) are hard to find. We refer to h simply as hash function. Generic constructions of hash functions are modeled by iterative computations =-=[38]-=- based on a compression function f(z, y) that maps a string z of N bits and a string y of B bits to an output string of N bits. The input string x is preprocessed (using a padding rule) into a string ... |

29 | A skip list cookbook
- Pugh
(Show Context)
Citation Context ...olds also for protocols that use pseudorandom generators or multiple encryption, as in the model studied in [26]. These results are described in Section 5. 1.4 Skip-Lists The skip-list, introduced in =-=[32, 33]-=-, is an efficient randomized data structure for dictionaries. It is well known that skip-lists correspond to some tree (search) structure, so they constitute an optimal DAG structure for HDP problems.... |

29 | Eliminating counterevidence with applications to accountable certificate management
- Buldas, Laud, et al.
- 2002
(Show Context)
Citation Context ...ification time are presented in [23] (based on hash trees) and in [1, 11] (base on skip-lists). Other authentication schemes for dictionaries, based on variations of hash trees, have been proposed in =-=[2, 8, 16]-=-. General techniques for hash-based query authentication are presented in [17, 13]. Beyond dictionaries, hashbased ADSs have been developed for relational database operations and multidimensional orth... |

27 | Efficient authenticated dictionaries with skip lists and commutative hashing
- Goodrich, Tamassia
- 2000
(Show Context)
Citation Context ...d dictionary based on hash trees that achieves O(log n) update time is described in [36]. A dynamic authenticated dictionary that uses a hierarchical hashing technique over skip-lists is presented in =-=[17]-=-. This data structure also achieves O(log n) proof size, query time, update time and verification time. Other schemes based on variations of hash trees have been proposed in [4, 13, 23]. The software ... |

26 |
Zero side-effect multicast key management using arbitrarily revealed key sequences
- MARKS
- 1999
(Show Context)
Citation Context ... the device keys are dynamic. Generalizations include the use of boolean function minimization techniques in [8] where the number of keys stored at the controller is reduced from O(n) to O(log n). In =-=[3]-=- binary hash trees are used to enhance security without deteriorating efficiency and various cases of multicasts and updates are discussed. In [40] it is studied how to efficiently restore an off-line... |

26 | Efficient and fresh certification
- Gassko, Gemmell, et al.
- 2000
(Show Context)
Citation Context ...lists is presented in [17]. This data structure also achieves O(log n) proof size, query time, update time and verification time. Other schemes based on variations of hash trees have been proposed in =-=[4, 13, 23]-=-. The software architecture and implementation of an authenticated dictionary based on skip-lists is presented in [19]. An alternative approach to the design of authenticated dictionary, based on the ... |

23 | Randomized Binary Search Trees
- Mart́ınez, Roura
- 1998
(Show Context)
Citation Context ... search drops from 1.5 to 1.25. Interestingly, multi-way skip-lists have a more explicit tree structure than standard skip-lists, thus in fact, they constitute a new randomized search tree (see, e.g.,=-=[2, 28]-=-). 3.5 Comparison with other Schemes Figure 3: The DAG scheme ∆ that corresponds to an improved version (with respect to the number of comparisons) of standard skip list [43]. We now compare our multi... |

21 | Efficient consistency proofs for generalized queries on a committed database
- Ostrovsky, Rackoff, et al.
- 2004
(Show Context)
Citation Context ...r the design of ADSs that follow the fractional cascading paradigm. Work related to ADSs includes [4, 7, 11, 20, 21]. Related to ADSs is also recent work on zero knowledge sets and consistency proofs =-=[25, 29]-=- that model data authentication in a more adversarial environment, where the data source is not considered trusted per-se. These schemes use significantly more computational resources than ADSs. No pr... |

20 | Using AVL trees for fault-tolerant group key management. J Inform Sec 2002; 1: 84-99. Chia-Hung Wang received the B.S
- Rodeh, Birman, et al.
(Show Context)
Citation Context ...after an update, where n is the current number of users. Further work has been done on key-graphs based on specific classes of binary trees, such as AVL trees, 2-3 trees and dynamic trees. See, e.g., =-=[14, 10, 27]-=-. In [5], the first lower bounds are given for a restricted class of key distribution protocols, where group members have limited memory or the key distribution scheme has a certain structure-preservi... |

12 | Optimal communication complexity of generic multicast key distribution
- Micciancio, Panjwani
- 2004
(Show Context)
Citation Context ...update. The authors prove the existence of a series of 2n update operations that cause the transmission of Ω(n log n) messages. Recently, a similar amortized logarithmic lower bound has been shown in =-=[33]-=- for a more general class of key distribution protocols, where one can employ a pseudorandom generator to extract (in a one-way fashion) two new keys from one key and one can perform multiple nested k... |

12 | Authenticating distributed data using web services and xml signatures
- Polivy
- 2002
(Show Context)
Citation Context ...ary and an empirical analysis of its performance in various deployment scenarios are described in [10]. The authentication of distributed data using web services and XML signatures is investigated in =-=[31]-=- and prooflets, a scalable architecture for authenticating web content based on authenticated dictionaries, are introduced in [36]. An alternative approach to the design of authenticated dictionary, b... |

11 | Authenticated dictionaries for fresh attribute credentials
- Goodrich, Shin, et al.
- 2003
(Show Context)
Citation Context |

9 |
RFC 2627 – Key management for multicast: issues and architecture
- Wallner, Harder, et al.
- 1998
(Show Context)
Citation Context ...tational time spent for key encryptions and decryptions. Previous Work. Many schemes have been developed for multicast key distribution. We focus on the widely studied key-graph scheme, introduced in =-=[39, 40]-=-, where constructions are presented for key-graphs realized by balanced binary trees such that O(log n) messages are transmitted after an update, where n is the current number of users. Further work h... |

9 | Trust-preserving set operations
- Morselli, Bhattacharjee, et al.
- 2004
(Show Context)
Citation Context ...design of an authenticated dictionary, based on the RSA accumulator (and not on hierarchical hashing), is presented in [12]. Related work on accumulators appears in [3]. Work related to ADSs includes =-=[6, 9, 22, 1]-=-. Related to ADSs is also recent work on consistency proofs [20, 24] that models data authentication in a more adversarial environment, where the data source is not considered trusted per-se, but the ... |

8 | Algorithms for Dynamic Multicast Key Distribution Trees
- Goshi, Ladner
- 2003
(Show Context)
Citation Context ...after an update, where n is the current number of users. Further work has been done on key-graphs based on specific classes of binary trees, such as AVL trees, 2-3 trees and dynamic trees. See, e.g., =-=[21, 16, 44]-=-. In [7], the first lower bounds are given for a restricted class of key distribution protocols, where group members have limited memory or the key distribution scheme has a certain structure-preservi... |

4 |
Efficient communication - storage tradeoffs for multicast encryption
- Canetti, Malkin, et al.
- 1999
(Show Context)
Citation Context ...where n is the current number of users. Further work has been done on key-graphs based on specific classes of binary trees, such as AVL trees, 2-3 trees and dynamic trees. See, e.g., [21, 16, 44]. In =-=[7]-=-, the first lower bounds are given for a restricted class of key distribution protocols, where group members have limited memory or the key distribution scheme has a certain structure-preserving prope... |

4 |
Efficient Kerberized Multicast in a Practical Distributed Setting
- Crescenzo, Kornievskaia
- 2001
(Show Context)
Citation Context ...group operations. In [12] broadcast transmissions to any subset of the group is studied, where the size of the subset is a factor of the running time. Other security aspects of the problem appears in =-=[6, 7, 35, 37, 9]-=-. Multigroups are studied in [12, 29, 24, 40, 16]. Our Results. We show that the multicast key distribution problem using key-graphs is a hierarchical data processing problem. Applying our results fro... |

4 |
A general model for authentic data publication, 2001. Available from http://www.cs.ucdavis.edu/~devanbu/files/model-paper.pdf
- Martel, Nuckolls, et al.
(Show Context)
Citation Context ... design of more general authenticated data structures (beyond dictionaries) is made in [11] with the authentication of relational database operations and multidimensional orthogonal range queries. In =-=[27]-=-, a general method for designing authenticated data structures using hierarchical hashing over a search graph is presented. This technique is applied to the design of static authenticated data structu... |

4 |
Authenticating Web content with prooflets
- Shin, Straub, et al.
- 2002
(Show Context)
Citation Context ...ributed data using web services and XML signatures is investigated in [31] and prooflets, a scalable architecture for authenticating web content based on authenticated dictionaries, are introduced in =-=[36]-=-. An alternative approach to the design of authenticated dictionary, based on the RSA accumulator, is presented in [14]. This technique achieves constant proof size and verification time and provides ... |