Parallelizable Authentication Trees

  • W. Eric Hall
  • Charanjit S. Jutla
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3897)


We define a new authentication tree in the symmetric key setting, which has the same computational time, storage and security parameters as the well known Merkle authentication tree, but which unlike the latter, allows for all the cryptographic operations required for an update to be performed in parallel. As in Merkle authentication trees, the cryptographic operations required for verification can also be parallelized. In particular, we show a provably secure scheme for incremental MAC with partial authentication secure against substitution and replay attacks, which on total data of size 2 n blocks, and given n cryptographic engines, can compute incremental MACs and perform individual block authentication with a critical path of only one cryptographic operation


Leaf Node Critical Path Replay Attack Message Authentication Code Auxiliary Data 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellare, M., Guerin, R., Rogaway, P.: XOR mACs: New methods for message authentication using finite pseudorandom functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 15–28. Springer, Heidelberg (1995)Google Scholar
  2. 2.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental Cryptography with Applications to Virus Protection. In: Proc. STOC 1995 (1995)Google Scholar
  3. 3.
    Black, J., Rogaway, P.: A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 384. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Blum, M., Evans, W., Gemmell, P., Kannan, S., Naor, M.: Checking the Correctness of Memories. Algorithmica 12, 223–244 (1994)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Carter, J., Wegman, M.: Universal Classes of Hash Functions. JCSS 18, 143–154 (1979)MathSciNetMATHGoogle Scholar
  6. 6.
    Gligor, V.D., Donescu, P.: eXtended Electronic Code Book MAC,
  7. 7.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4) (1986)Google Scholar
  8. 8.
    Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)Google Scholar
  9. 9.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  10. 10.
    Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 529. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Luby, M.: Pseudorandomness and Cryptographic Applications. Princeton Computer Science Notes. Princeton Univ. Press, Princeton (1996)MATHGoogle Scholar
  13. 13.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • W. Eric Hall
    • 1
  • Charanjit S. Jutla
    • 1
  1. 1.IBM T.J. Watson Research CenterYorktown HeightsUSA

Personalised recommendations