Towards Append-Only Authenticated Dictionaries. Vivek Bhupatiraju, CS-PRIMES 2017

Transcription

1 Towards Append-Only Authenticated Dictionaries Vivek Bhupatiraju, CS-PRIMES 27

2 Public-key Cryptography PK M e(m, PK SK

3 Secure Channels - Having secure channels is becoming more and more necessary - Many of these systems based around public-key cryptography - Essential to accurately distribute and access these public-keys - Let s use a directory!

4 3 Directory sends Robert PK J 2 Directory Directory stores PK J under John s name John publishes his public key, PK J Robert MS R e(ms R, PK J John PK J + SK J 4 5 Robert encrypts MS R with PK J John decrypts with SK J => MS R

5 3 Directory sends Robert PK M 2 Directory John publishes his public key, PK J Directory stores PK M under John s name, sends PK J to Mark Robert MS R e(ms R, PK M Mark e(ms R, PK J John PK J + SK J Robert encrypts Mark now knows MS R with PK M MS R - no secrecy John decrypts with SK J => MS R

6 Detecting Impersonation! (NON-MEMBERSHIP Directory Needs to check that directory is not hiding a PK M under his name John = PK J Alin = PK A 2 Sends cryptographic proof that this IS the case John PK J + SK J

7 Detecting Impersonation! (CONSISTENCY Directory John = PK MJ Needs to check that directory is not hiding a PK M under his name Alin = PK A 2 Sends cryptographic proof that this IS the case John PK J + SK J

8 Detecting Impersonation! (MEMBERSHIP Sends Robert PK M when he asks for John s PK Directory Robert MS R 2 Asks for proof that PK M is in the directory under John s name John = PK J Alin = PK A

9 Append-Only Dictionaries (Key-value pairs - NON-MEMBERSHIP - Proof that no values exist for key n other than the ones in the tree - CONSISTENCY - Proof that all data in version i of the dictionary is also in version j of the dictionary, where i j - MEMBERSHIP - Proof that (n, v n is in dictionary

10 Attempts at a Full AAD == number of key-value pairs in AAD / Server Membership Non-membership Consistency History Tree Prefix Tree Quadratic Prefix Forest

11 Merkle Tree H(L + R = Ω (Merkle Root H(H(A H(B = L H(H(C H(D = R H(A H(B H(C H(D A = (a, v a B = (b, v b C = (c, v c D = (d, v d

12 History Tree - Just a merkle tree that grows as key-value pairs are added to it (a, v a (b, v b (a, v a (b, v b (c, v c (a, v a (b, v b (c, v c (d, v d

13 History Tree (MEMBERSHIP Merkle Root: Ω o =? Ω c Space/Time Complexity (a, v a (b, v b (c, v c (d, v d

14 History Tree (NON-MEMBERSHIP Space/Time Complexity (j, v j (a, v a (j, v j (k, v k

15 History Tree (CONSISTENCY Space/Time Complexity: (a, v a (b, v b (a, v a (b, v b (c, v c (d, v d version i version j

16 Prefix Tree Tree defined by hashes: HASH( a = HASH( b = HASH( c = b a HASH( d = Also a merkle tree! c a - Each node is a hash of its children d b

17 Prefix Tree (MEMBERSHIP Space/Time Complexity (c, v c (a, v a (d, v d (b, v b

18 Prefix Tree (NON-MEMBERSHIP HASH( e = Space/Time Complexity (c, v c (a, v a (d, v d (b, v b

19 Prefix Tree (CONSISTENCY - Server has to send all key-value pairs added between versions OR membership proofs - Both linear in complexity, O(m

20 Quadratic Prefix Forest a tree of size n 2 c a d b U of Forest, Size U 2 of Forest, Size 4 U n of Forest, Size n 2

21 Quadratic Prefix Forest - Say there are trees in the forest - If there are total key-value pairs

22 Q Prefix Forests (MEMBERSHIP a c a tree of size n 2 d b # of Trees: Space / Time Complexity:

23 Q Prefix Forests (NON-MEMBERSHIP a c a tree of size n 2 d b # of Trees: Space / Time Complexity:

24 Q Prefix Forests (CONSISTENCY - Keep each of the Merkle roots of each prefix tree in a larger history tree - Merkle roots of each prefix tree should never change - Can check (via membership proofs the roots of the prefix tree against those stored in the history tree - Space/time complexity of

25 Q Prefix Forests (USABILITY - Each tree s size is a square number - At m =,, - Next tree will need ~, new key-value pairs - Sacrificing usability for better complexities in other operations

26 Future Work - Algebraic Hashing - H(a, b = L * a + R * b - Bilinear Accumulators - Accumulating sets into small digests - Incorporating NON-MEMBERSHIP into history trees - Coding up trees to test viability - Exploring new data structures

27 Acknowledgements I would like to thank: - Alin Tomescu, my mentor - Srini Devadas, coordinator of CS-PRIMES - My parents and family - MIT-PRIMES program

28 Thank you! Ask me questions!