Efficient Sparse Merkle Trees

Caching Strategies and Secure (Non-)Membership Proofs
  • Rasmus DahlbergEmail author
  • Tobias Pulls
  • Roel Peeters
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10014)


A sparse Merkle tree is an authenticated data structure based on a perfect Merkle tree of intractable size. It contains a distinct leaf for every possible output from a cryptographic hash function, and can be simulated efficiently because the tree is sparse (i.e., most leaves are empty). We are the first to provide complete, succinct, and recursive definitions of a sparse Merkle tree and related operations. We show that our definitions enable efficient space-time trade-offs for different caching strategies, and that verifiable audit paths can be generated to prove (non-)membership in practically constant time (<4 ms) when using SHA-512/256. This is despite a limited amount of space for the cache—smaller than the size of the underlying data structure being authenticated—and full (concrete) security in the multi-instance setting.


Hash Function Certificate Authority Cache Strategy Cryptographic Hash Function Empty Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We would like to thank Stefan Lindskog for his valuable feedback. Rasmus Dahlberg and Tobias Pulls have received funding from the HITS research profile funded by the Swedish Knowledge Foundation.


  1. 1.
    Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 379–393. Springer, Heidelberg (2001). doi: 10.1007/3-540-45439-X_26 CrossRefGoogle Scholar
  2. 2.
    Aragon, C.R., Seidel, R.: Randomized search trees. In: FOCS, pp. 540–545 (1989)Google Scholar
  3. 3.
    Bauer, M.: Proofs of zero knowledge. CoRR cs.CR/0406058 (2004)Google Scholar
  4. 4.
    Blelloch, G.E., Reid-Miller, M.: Fast set operations using treaps. In: SPAA, pp. 16–26 (1998)Google Scholar
  5. 5.
    Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. Algorithmica 12(2/3), 225–244 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Chuat, L., Szalachowski, P., Perrig, A., Laurie, B., Messeri, E.: Efficient gossip protocols for verifying the consistency of certificate logs. In: CNS, pp. 415–423 (2015)Google Scholar
  7. 7.
    Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. In: USENIX Security Symposium, pp. 29–44 (2003)Google Scholar
  8. 8.
    Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: USENIX Security Symposium, pp. 317–334 (2009)Google Scholar
  9. 9.
    Crosby, S.A., Wallach, D.S.: Super-efficient aggregating history-independent persistent authenticated dictionaries. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 671–688. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04444-1_41 CrossRefGoogle Scholar
  10. 10.
    Crosby, S.A., Wallach, D.S.: Authenticated dictionaries: real-world costs and trade-offs. ACM TISSEC 14(2), 17:1–17:30 (2011)CrossRefGoogle Scholar
  11. 11.
    Eckersley, P.: How secure is HTTPS today? How often is it attacked? EFF (2011).
  12. 12.
    Eijdenberg, A., Laurie, B., Cutter, A.: Verifiable data structures. Google Research (2015).
  13. 13.
    Katz, J.: Analysis of a proposed hash-based signature standard (2014).
  14. 14.
    Kocher, P.C.: On certificate revocation and validation. In: Hirchfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998). doi: 10.1007/BFb0055481 CrossRefGoogle Scholar
  15. 15.
    Langely, A.: Enhancing digital certificate security. Google Research (2013).
  16. 16.
    Laurie, B.: Certificate transparency. ACM Queue 12(8), 10–19 (2014)CrossRefGoogle Scholar
  17. 17.
    Laurie, B., Kasper, E.: Revocation transparency. Google Research (2012).
  18. 18.
    Laurie, B., Langley, A., Kasper, E.: Certificate transparency. RFC 6962 (2013)Google Scholar
  19. 19.
    Li, J., Krohn, M.N., Mazières, D., Shasha, D.: Secure untrusted data repository (SUNDR). In: OSDI, pp. 121–136 (2004)Google Scholar
  20. 20.
    Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383–398 (2015)Google Scholar
  21. 21.
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). doi: 10.1007/3-540-48184-2_32 Google Scholar
  22. 22.
    Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: FOCS, pp. 120–130 (1999)Google Scholar
  23. 23.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  24. 24.
    Naor, M., Nissim, K.: Certificate revocation and certificate update. J-SAC 18(4), 561–570 (2000)Google Scholar
  25. 25.
    Naor, M., Teague, V.: Anti-persistence: history independent data structures. In: STOC, pp. 492–501 (2001)Google Scholar
  26. 26.
    NIST: FIPS PUB 180–4: Secure Hash Standard. Federal Information Processing Standards Publication 180–4, U.S. Department of Commerce (2012).
  27. 27.
    Östersjö R.: Sparse Merkle Trees: Definitions and Space-Time Trade-Offs With Applications for Balloon. Bachelor’s Thesis, Karlstad University (2016)Google Scholar
  28. 28.
    Papamanthou, C., Tamassia, R., Triandopoulos, N.: Optimal verification of operations on dynamic sets. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 91–110. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_6 CrossRefGoogle Scholar
  29. 29.
    Prins, R.: DigiNotar certificate authority breach—“operation black tulip". Fox-IT (2011)Google Scholar
  30. 30.
    Pulls, T., Peeters, R.: Balloon: a forward-secure append-only persistent authenticated data structure. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 622–641. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-24177-7_31 CrossRefGoogle Scholar
  31. 31.
    Pulls, T., Peeters, R.: Insynd: privacy-preserving transparency logging using balloons. In: ESORICS (2016, to appear)Google Scholar
  32. 32.
    Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS (2014)Google Scholar
  33. 33.
    Sarnak, N., Tarjan, R.E.: Planar point location using persistent search trees. Commun. ACM 29(7), 669–679 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Tamassia, R.: Authenticated data structures. In: Battista, G., Zwick, U. (eds.) ESA 2003. LNCS, vol. 2832, pp. 2–5. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-39658-1_2 CrossRefGoogle Scholar
  35. 35.
    Yu, J., Cheval, V., Ryan, M.: DTKI: a new formalized PKI with no trusted parties. CoRR abs/1408.1023 (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Department of Mathematics and Computer ScienceKarlstad UniversityKarlstadSweden
  2. 2.KU Leuven, ESAT/COSIC and iMindsLeuvenBelgium

Personalised recommendations