Authenticated data structures, generically

An authenticated data structure (ADS) is a data structure whose operations can be carried out by an untrusted prover, the results of which a verifier can efficiently check as authentic. This is done by having the prover produce a compact proof that the verifier can check along with each operation's result. ADSs thus support outsourcing data maintenance and processing tasks to untrusted servers without loss of integrity. Past work on ADSs has focused on particular data structures (or limited classes of data structures), one at a time, often with support only for particular operations. This paper presents a generic method, using a simple extension to a ML-like functional programming language we call λ• (lambda-auth), with which one can program authenticated operations over any data structure defined by standard type constructors, including recursive types, sums, and products. The programmer writes the data structure largely as usual and it is compiled to code to be run by the prover and verifier. Using a formalization of λ• we prove that all well-typed λ• programs result in code that is secure under the standard cryptographic assumption of collision-resistant hash functions. We have implemented λ• as an extension to the OCaml compiler, and have used it to produce authenticated versions of many interesting data structures including binary search trees, red-black+ trees, skip lists, and more. Performance experiments show that our approach is efficient, giving up little compared to the hand-optimized data structures developed previously.

[1]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[2]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[3]  William Pugh,et al.  Skip Lists: A Probabilistic Alternative to Balanced Trees , 1989, WADS.

[4]  Amr Sabry,et al.  The essence of compiling with continuations , 1993, PLDI '93.

[5]  Karl Crary,et al.  Intensional polymorphism in type-erasure semantics , 1998, ICFP '98.

[6]  Michael Gertz,et al.  Authentic Third-party Data Publication , 2000, DBSec.

[7]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[8]  Michael Gertz,et al.  A General Model for Authentic Data Publication , 2001 .

[9]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[10]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.

[11]  Michael Gertz,et al.  A General Model for Authenticated Data Structures , 2004, Algorithmica.

[12]  Roberto Tamassia,et al.  Authenticated Data Structures , 2003, ESA.

[13]  Marek Karpinski,et al.  Optimal trade-off for merkle tree traversal , 2005, ICETE.

[14]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[15]  Ugo Dal Lago,et al.  An Invariant Cost Model for the Lambda Calculus , 2006, CiE.

[16]  Michael T. Goodrich,et al.  On the Cost of Persistence and Authentication in Skip Lists , 2007, WEA.

[17]  Roberto Tamassia,et al.  Time and Space Efficient Algorithms for Two-Party Authenticated Data Structures , 2007, ICICS.

[18]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[19]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[20]  Feifei Li,et al.  Proof-Infused Streams: Enabling Authentication of Sliding Window Queries On Streams , 2007, VLDB.

[21]  Barak A. Pearlmutter,et al.  First-class nonstandard interpretations by opening closures , 2007, POPL '07.

[22]  Roberto Tamassia,et al.  Authenticated hash tables , 2008, CCS.

[23]  Michael T. Goodrich,et al.  Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems , 2009, Algorithmica.

[24]  Roberto Tamassia,et al.  Optimal Authenticated Data Structures with Multilinear Forms , 2010, Pairing.

[25]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[26]  Roberto Tamassia,et al.  Optimal Verification of Operations on Dynamic Sets , 2011, CRYPTO.

[27]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[28]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[29]  George Danezis,et al.  ZQL: A Compiler for Privacy-Preserving Data Processing , 2013, USENIX Security Symposium.