Improving Authenticated Dynamic Dictionaries, with Applications to Cryptocurrencies

  • Leonid Reyzin
  • Dmitry Meshkov
  • Alexander Chepurnoy
  • Sasha Ivanov
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10322)

Abstract

We improve the design and implementation of two-party and three-party authenticated dynamic dictionaries and apply these dictionaries to cryptocurrency ledgers.

A public ledger (blockchain) in a cryptocurrency needs to be easily verifiable. However, maintaining a data structure of all account balances, in order to verify whether a transaction is valid, can be quite burdensome: a verifier who does not have the large amount of RAM required for the data structure will perform slowly because of the need to continually access secondary storage. We demonstrate experimentally that authenticated dynamic dictionaries can considerably reduce verifier load. On the other hand, per-transaction proofs generated by authenticated dictionaries increase the size of the blockchain, which motivates us to find a solution with most compact proofs.

Our improvements to the design of authenticated dictionaries reduce proof size and speed up verification by 1.4–2.5 times, making them better suited for the cryptocurrency application. We further show that proofs for multiple transactions in a single block can compressed together, reducing their total length by approximately an additional factor of 2.

We simulate blockchain verification, and show that our verifier can be about 20 times faster than a disk-bound verifier under a realistic transaction load.

This is a preview of subscription content, log in to check access.

Notes

Acknowledgements

We thank Andrew Miller for helpful and detailed explanations of his work [MHKS14], for running his code to get us comparison data, and for comments on our draft. We thank Peter Todd and Pieter Wuille for fascinating discussions.

References

  1. [AGT01]
    Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 379–393. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45439-X_26 CrossRefGoogle Scholar
  2. [ANWOW13]
    Aumasson, J.-P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: BLAKE2: simpler, smaller, fast as MD5. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 119–135. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38980-1_8 CrossRefGoogle Scholar
  3. [AVL62]
    Adel’son-Vel’skii and Landis. An algorithm for the organization of information. Dokladi Akademia Nauk SSSR, 146(2), : English translation in Soviet Math. Doklady 3(1962), 1259–1263 (1962)Google Scholar
  4. [BDL+12]
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptographic Eng. 2(2), 77–89 (2012). https://ed25519.cr.yp.to/ CrossRefMATHGoogle Scholar
  5. [BEG+91]
    Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: 32nd Annual Symposium on Foundations of Computer Science, San Juan, Puerto Rico, 1–4 October 1991, pp. 90–99. IEEE Computer Society (1991). Later appears as [?], which is available at http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.29.2991
  6. [BGM16]
    Bentov, I., Gabizon, A., Mizrahi, A.: Cryptocurrencies without proof of work. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 142–157. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53357-4_10 CrossRefGoogle Scholar
  7. [BGV11]
    Benabbas, S., Gennaro, R., Vahlis, Y.: Verifiable delegation of computation over large datasets. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 111–131. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_7 CrossRefGoogle Scholar
  8. [BP07]
    Di Battista, G., Palazzi, B.: Authenticated relational tables and authenticated skip lists. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 31–46. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73538-0_3 CrossRefGoogle Scholar
  9. [But16]
    Buterin, V.: Transaction spam attack: Next steps (2016). https://blog.ethereum.org/2016/09/22/transaction-spam-attack-next-steps/
  10. [CDE+16]
    Croman, K., Decker, C., Eyal, I., Gencer, A.E., Juels, A., Kosba, A., Miller, A., Saxena, P., Shi, E., Gün, E.: On scaling decentralized blockchains. In: Proceedings of 3rd Workshop on Bitcoin and Blockchain Research (2016)Google Scholar
  11. [CF13]
    Catalano, D., Fiore, D.: Vector commitments and their applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 55–72. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36362-7_5 CrossRefGoogle Scholar
  12. [CLH+15]
    Chen, X., Li, J., Huang, X., Ma, J., Lou, W.: New publicly verifiable databases with efficient updates. IEEE Trans. Dependable Sec. Comput. 12(5), 546–556 (2015)CrossRefGoogle Scholar
  13. [CLW+16]
    Chen, X., Li, J., Weng, J., Ma, J., Lou, W.: Verifiable computation over large database with incremental updates. IEEE Trans. Comput. 65(10), 3184–3195 (2016)MathSciNetCrossRefMATHGoogle Scholar
  14. [cod]
    Implementation of authenticated data structures within scorex. https://github.com/input-output-hk/scrypto/
  15. [CW11]
    Crosby, S.A., Wallach, D.S.: Authenticated dictionaries: real-world costs and trade-offs. ACM Trans. Inf. Syst. Secur. 14(2), 17 (2011). http://tamperevident.cs.rice.edu/Storage.html CrossRefGoogle Scholar
  16. [DJ07]
    Dean, B.C., Jones, Z.H.: Exploring the duality between skip lists and binary search trees. In: John, D., Kerr, S.N. (eds.) Proceedings of the 45th Annual Southeast Regional Conference, 2007, Winston-Salem, North Carolina, USA, 23–24 March 2007, pp. 395–399. ACM (2007). https://people.cs.clemson.edu/~bcdean/skip_bst.pdf
  17. [DW13]
    Decker, C., Wattenhofer, R.: Information propagation in the bitcoin network. In: IEEE P2P 2013 Proceedings, pp. 1–10. IEEE (2013)Google Scholar
  18. [EK13]
    Etemad, M., Küpçü, A.: Database outsourcing with hierarchical authenticated data structures. In: Lee, H.-S., Han, D.-G. (eds.) ICISC 2013. LNCS, vol. 8565, pp. 381–399. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-12160-4_23 Google Scholar
  19. [GA]
    Gailly, J.-L., Adler, M.: gzip. http://www.gzip.org/
  20. [GPT07]
    Goodrich, M.T., Papamanthou, C., Tamassia, R.: On the cost of persistence and authentication in skip lists. In: Demetrescu, C. (ed.) WEA 2007. LNCS, vol. 4525, pp. 94–107. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-72845-0_8 CrossRefGoogle Scholar
  21. [GPTT08]
    Goodrich, M.T., Papamanthou, C., Tamassia, R., Triandopoulos, N.: Athos: efficient authentication of outsourced file systems. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 80–96. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85886-7_6 CrossRefGoogle Scholar
  22. [GS78]
    Guibas, L.J., Sedgewick, R.: A dichromatic framework for balanced trees. In: 19th Annual Symposium on Foundations of Computer Science, Ann Arbor, Michigan, USA, 16–18 October 1978, pp. 8–21. IEEE Computer Society (1978). http://professor.ufabc.edu.br/~jesus.mena/courses/mc3305-2q-2015/AED2-13-redblack-paper.pdf
  23. [GSTW03]
    Goodrich, M.T., Shin, M., Tamassia, R., Winsborough, W.H.: Authenticated dictionaries for fresh attribute credentials. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 332–347. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-44875-6_24 CrossRefGoogle Scholar
  24. [GT00]
    Goodrich, M.T., Tamassia, R.: Efficient authenticated dictionaries with skip lists and commutative hashing. Technical report, Johns Hopkins Information Security Institute (2000). http://cs.brown.edu/cgc/stms/papers/hashskip.pdf
  25. [GTS01]
    Goodrich, M.T., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. Presented in Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX II) (2001). http://cs.brown.edu/cgc/stms/papers/discex2001.pdf
  26. [HPPT08]
    Heitzmann, A., Palazzi, B., Papamanthou, C., Tamassia, R.: Efficient integrity checking of untrusted network storage. In: Kim, Y., Yurcik, W. (eds.) Proceedings of the 2008 ACM Workshop On Storage Security and Survivability, StorageSS 2008, Alexandria, VA, USA, 31 October 2008, pp. 43–54. ACM (2008). http://www.ece.umd.edu/~cpap/published/alex-ber-cpap-rt-08b.pdf
  27. [KKR+16]
    Kiayias, A., Konstantinou, I., Russell, A., David, B., Oliynykov, R.: A provably secure proof-of-stake blockchain protocol. Cryptology ePrint Archive, Report 2016/889 (2016). http://eprint.iacr.org/2016/889
  28. [Knu98]
    Knuth, D.: The Art of Computer Programming: Volume 3: Sorting and Searching. Addison-Wesley, 2nd edition (1998)Google Scholar
  29. [Kwo16]
    Kwon, J.: Tendermint go-merkle (2016). https://github.com/tendermint/go-merkle
  30. [Lop]
    Lopp, J.: Unspent transactions outputs in Bitcoin. http://statoshi.info/dashboard/db/unspent-transaction-output-set. Accessed 7 Nov 2016
  31. [Mer89]
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_21 CrossRefGoogle Scholar
  32. [MHKS14]
    Miller, A., Hicks, M., Katz, J., Shi, E.: Authenticated data structures, generically. In: Jagannathan, S., Sewell, P. (eds.) The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2014, San Diego, CA, USA, 20–21 January 2014, pp. 411–424. ACM (2014). http://amiller.github.io/lambda-auth/paper.html
  33. [Mil12]
    Miller, A.: Storing UTXOs in a balanced Merkle tree (zero-trust nodes with O(1)-storage) (2012). https://bitcointalk.org/index.php?topic=101734.msg1117428
  34. [Mil16]
    Miller, A.: Private communication (2016)Google Scholar
  35. [MND+04]
    Martel, C.U., Nuckolls, G., Devanbu, P.T., Gertz, M., Kwong, A., Stubblebine, S.G.: A general model for authenticated data structures. Algorithmica 39(1), 21–41 (2004). http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.75.3658 MathSciNetCrossRefMATHGoogle Scholar
  36. [MR98]
    Martínez, C., Roura, S.: Randomized binary search trees. J. ACM 45(2), 288–323 (1998). http://citeseer.ist.psu.edu/viewdoc/summary?doi=10.1.1.17.243 MathSciNetCrossRefMATHGoogle Scholar
  37. [MWMS16]
    Miao, M., Wang, J., Ma, J., Susilo, W.: Publicly verifiable databases with efficient insertion/deletion operations. J. Comput. Syst. Sci. (2016). http://dx.doi.org/10.1016/j.jcss.2016.07.005. To appear in print
  38. [Nak08]
    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf
  39. [NN00]
    Naor, M., Nissim, K.: Certificate revocation and certificate update. IEEE J. Sel. Areas Commun. 18(4), 561–570 (2000). http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.41.7072 CrossRefGoogle Scholar
  40. [nxt]
    The Nxt cryptocurrency. https://nxt.org/
  41. [Pap11]
    Papamanthou, C.: Cryptography for efficiency: new directions in authenticated data structures. Ph.D. thesis, Brown University (2011). http://www.ece.umd.edu/ cpap/published/theses/cpap-phd.pdf
  42. [Par15]
    Parker, L.: The decline in bitcoin full nodes (2015). http://bravenewcoin.com/news/the-decline-in-bitcoins-full-nodes/
  43. [Pfa02]
    Pfaff, B.: GNU libavl 2.0.2 (2002). http://adtinfo.org/libavl.html/index.html
  44. [PT07]
    Papamanthou, C., Tamassia, R.: Time and space efficient algorithms for two-party authenticated data structures. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 1–15. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77048-0_1 CrossRefGoogle Scholar
  45. [PTT16]
    Papamanthou, C., Tamassia, R., Triandopoulos, N.: Authenticated hash tables based on cryptographic accumulators. Algorithmica 74(2), 664–712 (2016)MathSciNetCrossRefMATHGoogle Scholar
  46. [Pug90]
    Pugh, W.: Skip lists: a probabilistic alternative to balanced trees. Commun. ACM 33(6), 668–676 (1990). http://citeseer.ist.psu.edu/viewdoc/summary?doi=10.1.1.15.9072 CrossRefGoogle Scholar
  47. [RMCI16]
    Reyzin, L., Meshkov, D., Chepurnoy, A., Ivanov, S.: Improving authenticated dynamic dictionaries, with applications to cryptocurrencies. Technical report 2016/994, IACR Cryptology ePrint Archive (2016). http://eprint.iacr.org/2016/994
  48. [SA96]
    Seidel, R., Aragon, C.R.: Randomized search trees. Algorithmica 16(4/5), 464–497 (1996). https://faculty.washington.edu/aragon/pubs/rst96.pdf MathSciNetCrossRefMATHGoogle Scholar
  49. [sca]
    The Scala programming language. http://www.scala-lang.org/
  50. [Sed08]
    Sedgewick, R.: Left-leaning red-black trees (2008). http://www.cs.princeton.edu/ rs/talks/LLRB/LLRB.pdf
  51. [tbp]
  52. [Tea16]
    The Go Ethereum Team. Official golang implementation of the ethereum protocol (2016). http://geth.ethereum.org/
  53. [Tod16]
    Todd, P.: Making UTXO set growth irrelevant with low-latency delayed TXO commitments (2016). https://petertodd.org/2016/delayed-txo-commitments
  54. [Wei06]
    Weiss, M.A.: Data Structures and Algorithm Analysis in Java, 2nd edn. Prentice Hall, Pearson (2006)Google Scholar
  55. [Whi15]
    White, B.: A theory for lightweight cryptocurrency ledgers (2015). http://qeditas.org/lightcrypto.pdf. (see also code at https://github.com/bitemyapp/ledgertheory)
  56. [Wik13]
    Bitcoin Wiki. CVE-2013-2293: New DoS vulnerability by forcing continuous hard disk seek/read activity (2013). https://en.bitcoin.it/wiki/CVE-2013-2293
  57. [Woo14]
    Wood, G.: Ethereum: A secure decentralised generalised transaction ledger (2014). http://gavwood.com/Paper.pdf

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  • Leonid Reyzin
    • 1
    • 3
  • Dmitry Meshkov
    • 2
  • Alexander Chepurnoy
    • 2
  • Sasha Ivanov
    • 3
  1. 1.Boston UniversityBostonUSA
  2. 2.IOHK ResearchSestroretskRussia
  3. 3.Waves PlatformMoscowRussian Federation

Personalised recommendations