Optimal Trade-Off for Merkle Tree Traversal

  • Piotr Berman
  • Marek Karpinski
  • Yakov Nekrich
Part of the Communications in Computer and Information Science book series (CCIS, volume 3)


In this paper we describe optimal trade-offs between time and space complexity of Merkle tree traversals with their associated authentication paths, improving on the previous results of Jakobsson, Leighton, Micali, and Szydlo (Jakobsson et al., 03) and Szydlo (Szydlo, 04). In particular, we show that our algorithm requires 2 logn/log(3) n hash function computations and storage for less than (logn/log(3) n + 1)loglogn + 2 logn hash values, where n is the number of leaves in the Merkle tree. We also prove that these trade-offs are optimal, i.e. there is no algorithm that requires less than O(logn/logt) time and less than O(tlogn/logt) space for any choice of parameter t ≥ 2.

Our algorithm could be of special use in the case when both time and space are limited.


Identification and Authentication Merkle Trees Public Key Signatures Authentication Path Fractal Tree Traversal Trade-off Amortization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Coppersmith, D., Jakobsson, M.: Almost Optimal Hash Sequence Traversal. Financial Cryptography, 102–119 (2002)Google Scholar
  2. Devanbu, P., Gertz, M., Martel, C., Stublebine, S.G.: Authentic Third Party Data Publication. In: 14th IFIP Workshop on Database Security (2000)Google Scholar
  3. Jakobsson, M.: Fractal Hash Sequence Representation and Traversal. In: ISIT, p. 437 (2002)Google Scholar
  4. Jakobsson, M., Leighton, T., Micali, S., Szydlo, M.: Fractal Merkle Tree Representation and Traversal. In: RSA Cryptographers Track, RSA Security Conference (2003)Google Scholar
  5. Karpinski, M., Nekrich, Y.: A Note on Traversing Skew Merkle Trees, ECCC Report TR04-118Google Scholar
  6. Lipmaa, H.: On Optimal Hash Tree Traversal for Optimal Time Stamping. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 357–371. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. Merkle, R.: Secrecy, Authentication and Public Key Systems. UMI Research Press (1982)Google Scholar
  8. Merkle, R.: A Digital Signature Based on a Conventional Encryption Function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)Google Scholar
  9. Micali, S.: Efficient Certificate Revocation. Technical Report TM-542b, MIT Laboratory for Computer Science (March 22, 1996)Google Scholar
  10. Micali, S., Rabin, M., Kilian, J.: Zero-Knowledge Sets. In: Proc. 44th FOCS, pp. 80–91 (2003)Google Scholar
  11. Perrig, A., Canetti, R., Tygar, D., Song, D.: The TESLA Broadcast Authentication Protocol. Cryptobytes 5, 2–13Google Scholar
  12. Rivest, R., Shamir, A.: PayWord and MicroMint - Two Simple Micropayment Schemes. CryptoBytes 1, 7–11Google Scholar
  13. Szydlo, M.: Merkle Tree Traversal in Log Space and Time. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 541–554. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Piotr Berman
    • 1
  • Marek Karpinski
    • 2
  • Yakov Nekrich
    • 2
  1. 1.Dept.of Computer Science and Engineering, The Pennsylvania State UniversityUSA
  2. 2.Dept. of Computer Science, University of BonnGermany

Personalised recommendations