Incremental Multiset Hash Functions and Their Application to Memory Integrity Checking

  • Dwaine Clarke
  • Srinivas Devadas
  • Marten van Dijk
  • Blaise Gassend
  • G. Edward Suh
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2894)


We introduce a new cryptographic tool: multiset hash functions. Unlike standard hash functions which take strings as input, multiset hash functions operate on multisets (or sets). They map multisets of arbitrary finite size to strings (hashes) of fixed length. They are incremental in that, when new members are added to the multiset, the hash can be updated in time proportional to the change. The functions may be multiset-collision resistant in that it is difficult to find two multisets which produce the same hash, or just set-collision resistant in that it is difficult to find a set and a multiset which produce the same hash.

We demonstrate how set-collision resistant multiset hash functions make an existing offline memory integrity checker secure against active adversaries. We improve on this checker such that it can use smaller time stamps without increasing the frequency of checks. The improved checker uses multiset-collision resistant multiset hash functions.


multiset hash functions set-collision resistance multiset-collision resistance incremental cryptography memory integrity checking 


  1. 1.
    Ajtai, M.: Generating hard instances of lattice problems. In: 28th ACM STOC, pp. 99–108 (1996)Google Scholar
  2. 2.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography: The case of hashing and signing. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Bellare, M., Guerin, R., Rogaway, P.: XOR MACs: New methods for message authentication using finite pseudorandom functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)Google Scholar
  4. 4.
    Bellare, M., Micciancio, D.: A new paradigm for collision-free hashing: Incrementality at reduced cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS 1993, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  6. 6.
    Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. Algorithmica 12, 225–244 (1994)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Clarke, D., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: Offline integrity checking of untrusted storage. MIT-LCS-TR-871 (November 2002)Google Scholar
  8. 8.
    Goldreich, O., Goldwasser, S., Halevi, S.: Collision-free hashing from lattice problems. In: Theory of Cryptography Library 96-09 (July 1996)Google Scholar
  9. 9.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33(4), 210–217 (1986)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Naor, J., Naor, M.: Small-bias probability spaces: efficient constructions and applications. In: 22nd ACM STOC, pp. 213–223 (1990)Google Scholar
  11. 11.
    NIST. FIPS PUB 180-1: Secure Hash Standard (April 1995)Google Scholar
  12. 12.
    Rivest, R.: RFC 1321: The MD5 Message-Digest Algorithm (April 1992)Google Scholar
  13. 13.
    Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Aegis: Architecture for tamper-evident and tamper-resistant processing. In: Proceedings of the 17th Int’l Conference on Supercomputing (June 2003)Google Scholar
  14. 14.
    Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: Proceedings of the 36th Int’l Symposium on Microarchitecture (December 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Dwaine Clarke
    • 1
  • Srinivas Devadas
    • 1
  • Marten van Dijk
    • 1
  • Blaise Gassend
    • 1
  • G. Edward Suh
    • 1
  1. 1.MIT Computer Science and Artificial Intelligence Laboratory 

Personalised recommendations