Abstract
Following in the spirit of data structure and algorithm correctness checking, authenticated data structures provide cryptographic proofs that their answers are as accurate as the author intended, even if the data structure is being controlled by a remote untrusted host.
In this paper we present efficient techniques for authenticating data structures that represent graphs and collections of geometric objects. We use a data-querying model where a data structure maintained by a trusted source is mirrored at distributed untrusted servers, called responders, with the responders answering queries made by users: when a user queries a responder, along with the answer to the issued query, he receives a cryptographic proof that allows the verification of the answer trusting only a short statement (digest) signed by the source.
We introduce the path hash accumulator, a new primitive based on cryptographic hashing for efficiently authenticating various properties of structured data represented as paths, including any decomposable query over sequences of elements. We show how to employ our primitive to authenticate queries about properties of paths in graphs and search queries on multi-catalogs. This allows the design of new, efficient authenticated data structures for fundamental problems on networks, such as path and connectivity queries over graphs, and complex queries on two-dimensional geometric objects, such as intersection and containment queries. By building on our new primitive we achieve efficiency and modularity: our schemes can be easily analyzed in terms of complexity and security and are simple to implement. Our work has applications to the authentication of network management systems and geographic information systems.
Similar content being viewed by others
References
Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation. In: Advances in Cryptology—CRYPTO. LNCS, vol. 1462, pp. 137–152. Springer, Berlin (1998)
Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Proc. Inf. Security Conf. LNCS, vol. 2200, pp. 379–393. Springer, Berlin (2001)
Atallah, M.J., Cho, Y., Kundu, A.: Efficient data authentication in an environment of untrusted third-party distributors. In: Proc. Int. Conf. on Data Eng., pp. 696–704. IEEE Press, New York (2008)
Baric, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Advances in Cryptology—EUROCRYPT. LNCS, vol. 1233, pp. 480–494. Springer, Berlin (1997)
Benaloh, J., de Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In: Advances in Cryptology—EUROCRYPT. LNCS, vol. 765, pp. 274–285. Springer, Berlin (1993)
Bent, S.W., Sleator, D.D., Tarjan, R.E.: Biased search trees. SIAM J. Comput. 14, 545–568 (1985)
Bertino, E., Carminati, B., Ferrari, E., Thuraisingham, B., Gupta, A.: Selective and authentic third-party distribution of XML documents. IEEE Trans. Knowl. Data Eng. 16(10), 1263–1278 (2004)
Blum, M., Kannan, S.: Designing programs that check their work. J. ACM 42(1), 269–291 (1995)
Bright, J.D., Sullivan, G.: Checking mergeable priority queues. In: Digest Symp. on Fault-Tolerant Comput., pp. 144–153. IEEE Press, New York (1994)
Bright, J.D., Sullivan, G.: On-line error monitoring for several data structures. In: Digest Symp. on Fault-Tolerant Comput., pp. 392–401. IEEE Press, New York (1995)
Bright, J.D., Sullivan, G., Masson, G.M.: Checking the integrity of trees. In: Digest Symp. on Fault-Tolerant Comput., pp. 402–411. IEEE Press, New York (1995)
Buldas, A., Laud, P., Lipmaa, H.: Eliminating counterevidence with applications to accountable certificate management. J. Comput. Secur. 10(3), 273–296 (2002)
Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Advances in Cryptology—CRYPTO. LNCS, vol. 2442. Springer, Berlin (2002)
Chazelle, B., Guibas, L.J.: Fractional cascading: I. A data structuring technique. Algorithmica 1(3), 133–162 (1986)
Chazelle, B., Guibas, L.J.: Fractional cascading: II. Applications. Algorithmica 1, 163–191 (1986)
Cohen, R.F., Tamassia, R.: Combine and conquer. Algorithmica 18, 342–362 (1997)
Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic data publication over the Internet. J. Comput. Secur. 11(3), 291–314 (2003)
Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G., Stubblebine, S.: Flexible authentication of XML documents. J. Comput. Secur. 6, 841–864 (2004)
Devillers, O., Liotta, G., Preparata, F.P., Tamassia, R.: Checking the convexity of polytopes and the planarity of subdivisions. Comput. Geom. Theory Appl. 11, 187–208 (1998)
Di Battista, G., Liotta, G.: Upward planarity checking: “Faces are more than polygons”. In: Whitesides, S.H. (ed.) Proc. Graph Drawing. LNCS, vol. 1547, pp. 72–86. Springer, Berlin (1998)
Di Battista, G., Palazzi, B.: Authenticated relational tables and authenticated skip lists. In: Proc. IFIP Conf. on Database Security. LNCS, vol. 4602, pp. 31–46. Springer, Berlin (2007)
Di Battista, G., Tamassia, R.: On-line maintenance of triconnected components with SPQR-trees. Algorithmica 15, 302–318 (1996)
Eppstein, D., Italiano, G.F., Tamassia, R., Tarjan, R.E., Westbrook, J., Yung, M.: Maintenance of a minimum spanning forest in a dynamic plane graph. J. Algorithms 13(1), 33–54 (1992)
Finkler, U., Mehlhorn, K.: Checking priority queues. In: Proc. Symp. on Discrete Algorithms, pp. 901–902. SIAM, Philadelphia (1999)
Gassko, I., Gemmell, P.S., MacKenzie, P.: Efficient and fresh certification. In: Proc. Int. Conf. on Pract. and Theory in Public Key Cryptography. LNCS, vol. 1751, pp. 342–353. Springer, Berlin (2000)
Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)
Goodrich, M.T., Tamassia, R.: Efficient authenticated dictionaries with skip lists and commutative hashing. Technical report, Johns Hopkins Information Security Institute (2000). Available from http://www.cs.brown.edu/cgc/stms/papers/hashskip.pdf
Goodrich, M.T., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proc. DARPA Inf. Survivability Conf. and Exposition, vol. 2, pp. 68–82 (2001)
Goodrich, M.T., Tamassia, R., Hasic, J.: An efficient dynamic and distributed cryptographic accumulator. In: Proc. Inf. Security Conf. LNCS, vol. 2433, pp. 372–388. Springer, Berlin (2002)
Goodrich, M.T., Tamassia, R., Triandopoulos, N., Cohen, R.: Authenticated data structures for graph and geometric searching. In: Proc. RSA Conf., Cryptographers’ Track. LNCS, vol. 2612, pp. 295–313. Springer, Berlin (2003)
Goodrich, M.T., Papamanthou, C., Tamassia, R.: On the cost of persistence and authentication in skip lists. In: Proc. Int. Workshop on Experimental Algorithms. LNCS, vol. 4525, pp. 94–107. Springer, Berlin (2007)
Goodrich, M.T., Papamanthou, C., Tamassia, R., Triandopoulos, N.: Athos: Efficient authentication of outsourced file systems. In: Proc. Inf. Security Conf. LNCS, vol. 5222, pp. 80–96. Springer, Berlin (2008)
Goodrich, M.T., Tamassia, R., Triandopoulos, N.: Super-efficient verification of dynamic outsourced databases. In: Proc. RSA Conf., Cryptographers’ Track. LNCS, vol. 4964, pp. 407–424. Springer, Berlin (2008)
Heitzmann, A., Palazzi, B., Papamanthou, C., Tamassia, R.: Efficient integrity checking of untrusted network storage. In: Proc. Int. Workshop on Storage Security and Survivability, pp. 43–54. ACM, New York (2008)
King, V.: A simpler minimum spanning tree verification algorithm. In: Proc. Int. Workshop on Algorithms and Data Structures. LNCS, vol. 955, pp. 440–448. Springer, Berlin (1995)
Kocher, P.C.: On certificate revocation and validation. In: Proc. Int. Conf. on Financial Cryptography. LNCS, vol. 1465, pp. 172–177. Springer, Berlin (1998)
Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Dynamic authenticated index structures for outsourced databases. In: Proc. Int. Conf. on Management of Data, pp. 121–132. ACM, New York (2006)
Li, J., Li, N., Xue, R.: Universal accumulators with efficient nonmembership proofs. In: Proc. Int. Conf. on Applied Cryptography and Network Security. LNCS, vol. 4521, pp. 253–269. Springer, Berlin (2007)
Maniatis, P., Baker, M.: Secure history preservation through timeline entanglement. In: Proc. USENIX Security Symp., pp. 297–312. USENIX (2002)
Martel, C., Nuckolls, G., Devanbu, P., Gertz, M., Kwong, A., Stubblebine, S.G.: A general model for authenticated data structures. Algorithmica 39(1), 21–41 (2004)
Mehlhorn, K., Näher, S.: Dynamic fractional cascading. Algorithmica 5(1–4), 215–241 (1990)
Mehlhorn, K., Näher, S.: LEDA: A Platform for Combinatorial and Geometric Computing. Cambridge University Press, Cambridge (2000)
Mehlhorn, K., Näher, S., Seel, M., Seidel, R., Schilz, T., Schirra, S., Uhrig, C.: Checking geometric programs or verification of geometric structures. Comput. Geom. Theory Appl. 12(1–2), 85–103 (1999)
Merkle, R.C.: A certified digital signature. In: Advances in Cryptology—CRYPTO. LNCS, vol. 435, pp. 218–238. Springer, Berlin (1989)
Micali, S., Rabin, M., Kilian, J.: Zero-Knowledge sets. In: Proc. Symp. on Foundations of Computer Science, pp. 80–91. IEEE Press, New York (2003)
Naor, M., Nissim, K.: Certificate revocation and certificate update. In: Proc. USENIX Security Symp., pp. 217–228. USENIX (1998)
Narasimha, M., Tsudik, G.: Authentication of outsourced databases using signature aggregation and chaining. In: Proc. Int. Conf. on Database Systems for Advanced Applications. LNCS, vol. 3882, pp. 420–436. Springer, Berlin (2006)
Nguyen, L.: Accumulators from bilinear pairings and applications. In: Proc. RSA Conf., Cryptographers’ Track. LNCS, vol. 3376, pp. 275–292. Springer, Berlin (2005)
Nuckolls, G.: Verified query results from hybrid authentication trees. In: Proc. IFIP Conf. on Database Security. LNCS, vol. 3654, pp. 84–98. Springer, Berlin (2005)
Ostrovsky, R., Rackoff, C., Smith, A.: Efficient consistency proofs for generalized queries on a committed database. In: Proc. Int. Colloquium on Automata, Languages and Programming. LNCS, vol. 3142, pp. 1041–1053. Springer, Berlin (2004)
Pang, H., Jain, A., Ramamritham, K., Tan, K.-L.: Verifying completeness of relational query results in data publishing. In: Proc. Int. Conf. on Management of Data, pp. 407–418. ACM, New York (2005)
Papamanthou, C., Tamassia, R.: Time and space efficient algorithms for two-party authenticated data structures. In: Proc. Int. Conf. on Inf. and Commun. Security. LNCS, vol. 4861, pp. 1–15. Springer, Berlin (2007)
Papamanthou, C., Tamassia, R., Triandopoulos, N.: Authenticated hash tables. In: Proc. Conf. on Comput. and Commun. Security, pp. 437–448. ACM, New York (2008)
Pugh, W.: Skip lists: a probabilistic alternative to balanced trees. Commun. ACM 33(6), 668–676 (1990)
Sleator, D.D., Tarjan, R.E.: A data structure for dynamic trees. J. Comput. Syst. Sci. 26(3), 362–381 (1983)
Sullivan, G.F., Masson, G.M.: Certification trails for data structures. In: Digest Symp. on Fault-Tolerant Comput., pp. 240–247. IEEE Press, New York (1991)
Sullivan, G.F., Wilson, D.S., Masson, G.M.: Certification of computational results. IEEE Trans. Comput. 44(7), 833–847 (1995)
Tamassia, R.: Authenticated data structures. In: Proc. European Symp. on Algorithms. LNCS, vol. 2832, pp. 2–5. Springer, Berlin (2003)
Tamassia, R., Triandopoulos, N.: Computational bounds on hierarchical data processing with applications to information security. In: Proc. Int. Colloquium on Automata, Languages and Programming. LNCS, vol. 3580, pp. 153–165. Springer, Berlin (2005)
Tamassia, R., Triandopoulos, N.: Certification and authentication of data structures (2007). Manuscript. Available at http://www.cs.brown.edu/cgc/stms/papers/cads.pdf
Tamassia, R., Triandopoulos, N.: Efficient content authentication in peer-to-peer networks. In: Proc. Int. Conf. on Applied Cryptography and Network Security. LNCS, vol. 4521, pp. 354–372. Springer, Berlin (2007)
Tarjan, R.E.: Data Structures and Network Algorithms. CBMS-NSF Regional Conference Series in Applied Mathematics, vol. 44. SIAM, Philadelphia (1983)
Westbrook, J., Tarjan, R.E.: Maintaining bridge-connected and biconnected components on-line. Algorithmica 7, 433–464 (1992)
Author information
Authors and Affiliations
Corresponding author
Additional information
A preliminary version of this paper [30] was presented at the 2003 RSA Conference (Cryptographers’ Track).
Rights and permissions
About this article
Cite this article
Goodrich, M.T., Tamassia, R. & Triandopoulos, N. Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems. Algorithmica 60, 505–552 (2011). https://doi.org/10.1007/s00453-009-9355-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00453-009-9355-7