Results 1 
3 of
3
Optimal authenticated data structures with multilinear forms
 PAIRING 2010. LNCS
, 2010
"... Cloud computing and cloud storage are becoming increasingly prevalent. In this paradigm, clients outsource their data and computations to thirdparty service providers. Data integrity in the cloud therefore becomes an important factor for the functionality of these web services. Authenticated data ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
(Show Context)
Cloud computing and cloud storage are becoming increasingly prevalent. In this paradigm, clients outsource their data and computations to thirdparty service providers. Data integrity in the cloud therefore becomes an important factor for the functionality of these web services. Authenticated data structures, implemented with various cryptographic primitives, have been widely studied as a means of providing efficient solutions to data integrity problems (e.g., Merkle trees). In this paper, we introduce a new authenticated dictionary data structure that employs multilinear forms, a cryptographic primitive proposed by Silverberg and Boneh in 2003 [10], the construction of which, however, remains an open problem to date. Our authenticated dictionary is optimal, that is, it does not add any extra asymptotic cost to the plain dictionary data structure, yielding proofs of constant size, i.e., asymptotically equal to the size of the answer, while maintaining other relevant complexities logarithmic. Instead, solutions based on cryptographic hashing (e.g., Merkle trees) require proofs of logarithmic size [40]. Because multilinear forms are not known to exist yet, our result can be viewed from a different angle: if one could prove that optimal authenticated dictionaries cannot exist in the computational model, irrespectively of cryptographic primitives, then our solution would imply that cryptographically interesting multilinear form generators cannot exist as well (i.e., it can be viewed as a reduction). Thus, we provide an alternative avenue towards proving the nonexistence of multilinear form generators in the context of general lower bounds for authenticated data structures [40] and for memory checking [18], a model similar to the authenticated data structures model.
Taking Authenticated Range Queries to Arbitrary Dimensions
"... We study the problem of authenticated multidimensional range queries over outsourced databases, where an owner outsources its database to an untrusted server, which maintains it and answers queries to clients. Previous schemes either scale exponentially in the number of query dimensions, or rely on ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We study the problem of authenticated multidimensional range queries over outsourced databases, where an owner outsources its database to an untrusted server, which maintains it and answers queries to clients. Previous schemes either scale exponentially in the number of query dimensions, or rely on heuristic data structures without provable bounds. Most importantly, existing work requires an exponential, in the database attributes, number of structures to support queries on every possible combination of dimensions in the database. In this paper, we propose the first schemes that (i) scale linearly with the number of dimensions, and (ii) support queries on any set of dimensions with linear in the number of attributes setup cost and storage. We achieve this through an elaborate fusion of novel and existing setoperation subprotocols. We prove the security of our solutions relying on the qStrong Bilinear DiffieHellman assumption, and experimentally confirm their feasibility.
RealWorld Performance of Cryptographic Accumulators
"... Cryptographic accumulators have often been proposed for use in security protocols, and the theoretical runtimes of algorithms using them have been shown to be reasonably efficient, but their performance in the real world has rarely been measured. In this paper I analyze the performance differences b ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Cryptographic accumulators have often been proposed for use in security protocols, and the theoretical runtimes of algorithms using them have been shown to be reasonably efficient, but their performance in the real world has rarely been measured. In this paper I analyze the performance differences between two cryptographic accumulator constructions, RSA accumulators and bilinearmap accumulators, based on a realistic practical implementation in C++. I first discuss the theoretical differences between the constructions and their runtimes, showing that both algorithms present the opportunity for parallel computation. Then I describe an experiment that measures the actual running time of these algorithms on current commodity hardware, and discuss the optimizations I was actually able to make in their code. Finally, I present and analyze the experimental results, which show that the bilinearmap accumulator performs faster than the RSA accumulator in almost all cases, and should be the preferred implementation for practical security systems as long as the size of the set to be accumulated can be given a reasonable upper bound. 1