European Symposium on Research in Computer Security

Computer Security -- ESORICS 2015 pp 622-641

Balloon: A Forward-Secure Append-Only Persistent Authenticated Data Structure

Conference paper

DOI: 10.1007/978-3-319-24177-7_31

Volume 9327 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Pulls T., Peeters R. (2015) Balloon: A Forward-Secure Append-Only Persistent Authenticated Data Structure. In: Pernul G., Y A Ryan P., Weippl E. (eds) Computer Security -- ESORICS 2015. Lecture Notes in Computer Science, vol 9327. Springer, Cham


We present Balloon, a forward-secure append-only persistent authenticated data structure. Balloon is designed for an initially trusted author that generates events to be stored in a data structure (the Balloon) kept by an untrusted server, and clients that query this server for events intended for them based on keys and snapshots. The data structure is persistent such that clients can query keys for the current or past versions of the data structure based upon snapshots, which are generated by the author as new events are inserted. The data structure is authenticated in the sense that the server can verifiably prove all operations with respect to snapshots created by the author. No event inserted into the data structure prior to the compromise of the author can be modified or deleted without detection due to Balloon being publicly verifiable. Balloon supports efficient (non-)membership proofs and verifiable inserts by the author, enabling the author to verify the correctness of inserts without having to store a copy of the Balloon. We formally define and prove that Balloon is a secure authenticated data structure.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Mathematics and Computer ScienceKarlstad UniversityKarlstadSweden
  2. 2.ESAT/COSIC and iMindsKU LeuvenLeuvenBelgium