Single-Layer Fractal Hash Chain Traversal with Almost Optimal Complexity

  • Dae Hyun Yum
  • Jae Woo Seo
  • Sungwook Eom
  • Pil Joong Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5473)


We study the problem of traversing a hash chain with dynamic helper points (called pebbles). Basically, two kinds of algorithms for this problem are known to date. Jakobsson algorithm is a single-layer fractal algorithm with the computational cost of ⌈logn ⌉ (hash evaluations per chain link) and ⌈logn ⌉ pebbles. Coppersmith-Jakobsson algorithm is a complicated double-layer fractal algorithm that improves efficiency at the expense of simplicity; with a complex movement pattern and some extra pebbles, it reduces the computational cost by half. Specifically, Coppersmith-Jakobsson algorithm requires \(\lfloor \frac{1}{2}\log n \rfloor\) hash evaluations per chain link and ⌈logn ⌉ + ⌈log(logn + 1) ⌉ pebbles, which attains an almost optimal complexity. We introduce a new hash chain traversal algorithm that achieves both simplicity and efficiency. While our algorithm is based on the simple single-layer fractal structure of the Jakobsson algorithm, it reduces the computational cost by half without using extra pebbles; specifically, \(\lceil \frac{1}{2}\log n \rceil\) hash evaluations per chain link and ⌈logn ⌉ pebbles are needed.


Hash Function Canonical Form Chain Link Output Link Tree Traversal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.J., Manifavas, C., Sutherland, C.: Netcard - a practical electronic-cash system. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 49–57. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  2. 2.
    Berman, P., Karpinski, M., Nekrich, Y.: Optimal trade-off for merkle tree traversal. Theor. Comput. Sci. 372(1), 26–36 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Coppersmith, D., Jakobsson, M.: Almost optimal hash sequence traversal. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 102–119. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Fischlin, M.: Fast verification of hash chains. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 339–352. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Haller, N.: The s/key one-time password system. RFC 1760. Internet Engineering Task Force (1995)Google Scholar
  6. 6.
    Hu, Y.-C., Jakobsson, M., Perrig, A.: Efficient constructions for one-way hash chains. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 423–441. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Hu, Y.-C., Perrig, A., Johnson, D.B.: Ariadne: A secure on-demand routing protocol for ad hoc networks. Wireless Networks 11(1-2), 21–38 (2005)CrossRefGoogle Scholar
  8. 8.
    Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 332–354. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Jakobsson, M.: Fractal hash sequence representation and traversal. In: IEEE International Symposium on Information Theory, pp. 437–444. IEEE, Los Alamitos (2002); also available at Cryptology ePrint Archive, Report 2002/001, CrossRefGoogle Scholar
  10. 10.
    Jakobsson, M., Leighton, T., Micali, S., Szydlo, M.: Fractal merkle tree representation and traversal. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 314–326. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Kim, S.-R.: Improved scalable hash chain traversal. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 86–95. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Perrig, A., Canetti, R., Song, D.X., Tygar, J.D.: Efficient and secure source authentication for multicast. In: NDSS 2001. The Internet Society (2001)Google Scholar
  13. 13.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.X.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73. IEEE Computer Society, Los Alamitos (2000)Google Scholar
  14. 14.
    Rivest, R.L., Shamir, A.: Payword and micromint: Two simple micropayment schemes. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 69–87. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  15. 15.
    Sella, Y.: On the computation-storage trade-offs of hash chain traversal. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 270–285. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Stubblebine, S.G., Syverson, P.F.: Fair on-line auctions without special trusted parties. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 230–240. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Szydlo, M.: Merkle tree traversal in log space and time. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 541–554. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Dae Hyun Yum
    • 1
  • Jae Woo Seo
    • 1
  • Sungwook Eom
    • 1
  • Pil Joong Lee
    • 1
  1. 1.Information Security Lab.EEE, POSTECH, PohangKyungbukRepublic of Korea

Personalised recommendations