Skip to main content
SpringerLink
Log in

Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems

  • Published:
Algorithmica Aims and scope Submit manuscript

Abstract

Following in the spirit of data structure and algorithm correctness checking, authenticated data structures provide cryptographic proofs that their answers are as accurate as the author intended, even if the data structure is being controlled by a remote untrusted host.

In this paper we present efficient techniques for authenticating data structures that represent graphs and collections of geometric objects. We use a data-querying model where a data structure maintained by a trusted source is mirrored at distributed untrusted servers, called responders, with the responders answering queries made by users: when a user queries a responder, along with the answer to the issued query, he receives a cryptographic proof that allows the verification of the answer trusting only a short statement (digest) signed by the source.

We introduce the path hash accumulator, a new primitive based on cryptographic hashing for efficiently authenticating various properties of structured data represented as paths, including any decomposable query over sequences of elements. We show how to employ our primitive to authenticate queries about properties of paths in graphs and search queries on multi-catalogs. This allows the design of new, efficient authenticated data structures for fundamental problems on networks, such as path and connectivity queries over graphs, and complex queries on two-dimensional geometric objects, such as intersection and containment queries. By building on our new primitive we achieve efficiency and modularity: our schemes can be easily analyzed in terms of complexity and security and are simple to implement. Our work has applications to the authentication of network management systems and geographic information systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation. In: Advances in Cryptology—CRYPTO. LNCS, vol. 1462, pp. 137–152. Springer, Berlin (1998)

    Google Scholar 

  2. Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Proc. Inf. Security Conf. LNCS, vol. 2200, pp. 379–393. Springer, Berlin (2001)

    Google Scholar 

  3. Atallah, M.J., Cho, Y., Kundu, A.: Efficient data authentication in an environment of untrusted third-party distributors. In: Proc. Int. Conf. on Data Eng., pp. 696–704. IEEE Press, New York (2008)

    Google Scholar 

  4. Baric, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Advances in Cryptology—EUROCRYPT. LNCS, vol. 1233, pp. 480–494. Springer, Berlin (1997)

    Google Scholar 

  5. Benaloh, J., de Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In: Advances in Cryptology—EUROCRYPT. LNCS, vol. 765, pp. 274–285. Springer, Berlin (1993)

    Google Scholar 

  6. Bent, S.W., Sleator, D.D., Tarjan, R.E.: Biased search trees. SIAM J. Comput. 14, 545–568 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  7. Bertino, E., Carminati, B., Ferrari, E., Thuraisingham, B., Gupta, A.: Selective and authentic third-party distribution of XML documents. IEEE Trans. Knowl. Data Eng. 16(10), 1263–1278 (2004)

    Article  Google Scholar 

  8. Blum, M., Kannan, S.: Designing programs that check their work. J. ACM 42(1), 269–291 (1995)

    Article  MATH  Google Scholar 

  9. Bright, J.D., Sullivan, G.: Checking mergeable priority queues. In: Digest Symp. on Fault-Tolerant Comput., pp. 144–153. IEEE Press, New York (1994)

    Google Scholar 

  10. Bright, J.D., Sullivan, G.: On-line error monitoring for several data structures. In: Digest Symp. on Fault-Tolerant Comput., pp. 392–401. IEEE Press, New York (1995)

    Chapter  Google Scholar 

  11. Bright, J.D., Sullivan, G., Masson, G.M.: Checking the integrity of trees. In: Digest Symp. on Fault-Tolerant Comput., pp. 402–411. IEEE Press, New York (1995)

    Chapter  Google Scholar 

  12. Buldas, A., Laud, P., Lipmaa, H.: Eliminating counterevidence with applications to accountable certificate management. J. Comput. Secur. 10(3), 273–296 (2002)

    Google Scholar 

  13. Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Advances in Cryptology—CRYPTO. LNCS, vol. 2442. Springer, Berlin (2002)

    Google Scholar 

  14. Chazelle, B., Guibas, L.J.: Fractional cascading: I. A data structuring technique. Algorithmica 1(3), 133–162 (1986)

    Article  MATH  MathSciNet  Google Scholar 

  15. Chazelle, B., Guibas, L.J.: Fractional cascading: II. Applications. Algorithmica 1, 163–191 (1986)

    Article  MATH  MathSciNet  Google Scholar 

  16. Cohen, R.F., Tamassia, R.: Combine and conquer. Algorithmica 18, 342–362 (1997)

    Article  MathSciNet  Google Scholar 

  17. Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic data publication over the Internet. J. Comput. Secur. 11(3), 291–314 (2003)

    Google Scholar 

  18. Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G., Stubblebine, S.: Flexible authentication of XML documents. J. Comput. Secur. 6, 841–864 (2004)

    Google Scholar 

  19. Devillers, O., Liotta, G., Preparata, F.P., Tamassia, R.: Checking the convexity of polytopes and the planarity of subdivisions. Comput. Geom. Theory Appl. 11, 187–208 (1998)

    MATH  MathSciNet  Google Scholar 

  20. Di Battista, G., Liotta, G.: Upward planarity checking: “Faces are more than polygons”. In: Whitesides, S.H. (ed.) Proc. Graph Drawing. LNCS, vol. 1547, pp. 72–86. Springer, Berlin (1998)

    Chapter  Google Scholar 

  21. Di Battista, G., Palazzi, B.: Authenticated relational tables and authenticated skip lists. In: Proc. IFIP Conf. on Database Security. LNCS, vol. 4602, pp. 31–46. Springer, Berlin (2007)

    Google Scholar 

  22. Di Battista, G., Tamassia, R.: On-line maintenance of triconnected components with SPQR-trees. Algorithmica 15, 302–318 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  23. Eppstein, D., Italiano, G.F., Tamassia, R., Tarjan, R.E., Westbrook, J., Yung, M.: Maintenance of a minimum spanning forest in a dynamic plane graph. J. Algorithms 13(1), 33–54 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  24. Finkler, U., Mehlhorn, K.: Checking priority queues. In: Proc. Symp. on Discrete Algorithms, pp. 901–902. SIAM, Philadelphia (1999)

    Google Scholar 

  25. Gassko, I., Gemmell, P.S., MacKenzie, P.: Efficient and fresh certification. In: Proc. Int. Conf. on Pract. and Theory in Public Key Cryptography. LNCS, vol. 1751, pp. 342–353. Springer, Berlin (2000)

    Google Scholar 

  26. Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  27. Goodrich, M.T., Tamassia, R.: Efficient authenticated dictionaries with skip lists and commutative hashing. Technical report, Johns Hopkins Information Security Institute (2000). Available from http://www.cs.brown.edu/cgc/stms/papers/hashskip.pdf

  28. Goodrich, M.T., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proc. DARPA Inf. Survivability Conf. and Exposition, vol. 2, pp. 68–82 (2001)

  29. Goodrich, M.T., Tamassia, R., Hasic, J.: An efficient dynamic and distributed cryptographic accumulator. In: Proc. Inf. Security Conf. LNCS, vol. 2433, pp. 372–388. Springer, Berlin (2002)

    Google Scholar 

  30. Goodrich, M.T., Tamassia, R., Triandopoulos, N., Cohen, R.: Authenticated data structures for graph and geometric searching. In: Proc. RSA Conf., Cryptographers’ Track. LNCS, vol. 2612, pp. 295–313. Springer, Berlin (2003)

    Google Scholar 

  31. Goodrich, M.T., Papamanthou, C., Tamassia, R.: On the cost of persistence and authentication in skip lists. In: Proc. Int. Workshop on Experimental Algorithms. LNCS, vol. 4525, pp. 94–107. Springer, Berlin (2007)

    Google Scholar 

  32. Goodrich, M.T., Papamanthou, C., Tamassia, R., Triandopoulos, N.: Athos: Efficient authentication of outsourced file systems. In: Proc. Inf. Security Conf. LNCS, vol. 5222, pp. 80–96. Springer, Berlin (2008)

    Google Scholar 

  33. Goodrich, M.T., Tamassia, R., Triandopoulos, N.: Super-efficient verification of dynamic outsourced databases. In: Proc. RSA Conf., Cryptographers’ Track. LNCS, vol. 4964, pp. 407–424. Springer, Berlin (2008)

    Google Scholar 

  34. Heitzmann, A., Palazzi, B., Papamanthou, C., Tamassia, R.: Efficient integrity checking of untrusted network storage. In: Proc. Int. Workshop on Storage Security and Survivability, pp. 43–54. ACM, New York (2008)

    Chapter  Google Scholar 

  35. King, V.: A simpler minimum spanning tree verification algorithm. In: Proc. Int. Workshop on Algorithms and Data Structures. LNCS, vol. 955, pp. 440–448. Springer, Berlin (1995)

    Google Scholar 

  36. Kocher, P.C.: On certificate revocation and validation. In: Proc. Int. Conf. on Financial Cryptography. LNCS, vol. 1465, pp. 172–177. Springer, Berlin (1998)

    Google Scholar 

  37. Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Dynamic authenticated index structures for outsourced databases. In: Proc. Int. Conf. on Management of Data, pp. 121–132. ACM, New York (2006)

    Google Scholar 

  38. Li, J., Li, N., Xue, R.: Universal accumulators with efficient nonmembership proofs. In: Proc. Int. Conf. on Applied Cryptography and Network Security. LNCS, vol. 4521, pp. 253–269. Springer, Berlin (2007)

    Chapter  Google Scholar 

  39. Maniatis, P., Baker, M.: Secure history preservation through timeline entanglement. In: Proc. USENIX Security Symp., pp. 297–312. USENIX (2002)

  40. Martel, C., Nuckolls, G., Devanbu, P., Gertz, M., Kwong, A., Stubblebine, S.G.: A general model for authenticated data structures. Algorithmica 39(1), 21–41 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  41. Mehlhorn, K., Näher, S.: Dynamic fractional cascading. Algorithmica 5(1–4), 215–241 (1990)

    Article  MATH  MathSciNet  Google Scholar 

  42. Mehlhorn, K., Näher, S.: LEDA: A Platform for Combinatorial and Geometric Computing. Cambridge University Press, Cambridge (2000)

    Google Scholar 

  43. Mehlhorn, K., Näher, S., Seel, M., Seidel, R., Schilz, T., Schirra, S., Uhrig, C.: Checking geometric programs or verification of geometric structures. Comput. Geom. Theory Appl. 12(1–2), 85–103 (1999)

    MATH  Google Scholar 

  44. Merkle, R.C.: A certified digital signature. In: Advances in Cryptology—CRYPTO. LNCS, vol. 435, pp. 218–238. Springer, Berlin (1989)

    Google Scholar 

  45. Micali, S., Rabin, M., Kilian, J.: Zero-Knowledge sets. In: Proc. Symp. on Foundations of Computer Science, pp. 80–91. IEEE Press, New York (2003)

    Google Scholar 

  46. Naor, M., Nissim, K.: Certificate revocation and certificate update. In: Proc. USENIX Security Symp., pp. 217–228. USENIX (1998)

  47. Narasimha, M., Tsudik, G.: Authentication of outsourced databases using signature aggregation and chaining. In: Proc. Int. Conf. on Database Systems for Advanced Applications. LNCS, vol. 3882, pp. 420–436. Springer, Berlin (2006)

    Chapter  Google Scholar 

  48. Nguyen, L.: Accumulators from bilinear pairings and applications. In: Proc. RSA Conf., Cryptographers’ Track. LNCS, vol. 3376, pp. 275–292. Springer, Berlin (2005)

    Google Scholar 

  49. Nuckolls, G.: Verified query results from hybrid authentication trees. In: Proc. IFIP Conf. on Database Security. LNCS, vol. 3654, pp. 84–98. Springer, Berlin (2005)

    Google Scholar 

  50. Ostrovsky, R., Rackoff, C., Smith, A.: Efficient consistency proofs for generalized queries on a committed database. In: Proc. Int. Colloquium on Automata, Languages and Programming. LNCS, vol. 3142, pp. 1041–1053. Springer, Berlin (2004)

    Chapter  Google Scholar 

  51. Pang, H., Jain, A., Ramamritham, K., Tan, K.-L.: Verifying completeness of relational query results in data publishing. In: Proc. Int. Conf. on Management of Data, pp. 407–418. ACM, New York (2005)

    Google Scholar 

  52. Papamanthou, C., Tamassia, R.: Time and space efficient algorithms for two-party authenticated data structures. In: Proc. Int. Conf. on Inf. and Commun. Security. LNCS, vol. 4861, pp. 1–15. Springer, Berlin (2007)

    Google Scholar 

  53. Papamanthou, C., Tamassia, R., Triandopoulos, N.: Authenticated hash tables. In: Proc. Conf. on Comput. and Commun. Security, pp. 437–448. ACM, New York (2008)

    Chapter  Google Scholar 

  54. Pugh, W.: Skip lists: a probabilistic alternative to balanced trees. Commun. ACM 33(6), 668–676 (1990)

    Article  MathSciNet  Google Scholar 

  55. Sleator, D.D., Tarjan, R.E.: A data structure for dynamic trees. J. Comput. Syst. Sci. 26(3), 362–381 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  56. Sullivan, G.F., Masson, G.M.: Certification trails for data structures. In: Digest Symp. on Fault-Tolerant Comput., pp. 240–247. IEEE Press, New York (1991)

    Google Scholar 

  57. Sullivan, G.F., Wilson, D.S., Masson, G.M.: Certification of computational results. IEEE Trans. Comput. 44(7), 833–847 (1995)

    Article  MATH  Google Scholar 

  58. Tamassia, R.: Authenticated data structures. In: Proc. European Symp. on Algorithms. LNCS, vol. 2832, pp. 2–5. Springer, Berlin (2003)

    Google Scholar 

  59. Tamassia, R., Triandopoulos, N.: Computational bounds on hierarchical data processing with applications to information security. In: Proc. Int. Colloquium on Automata, Languages and Programming. LNCS, vol. 3580, pp. 153–165. Springer, Berlin (2005)

    Chapter  Google Scholar 

  60. Tamassia, R., Triandopoulos, N.: Certification and authentication of data structures (2007). Manuscript. Available at http://www.cs.brown.edu/cgc/stms/papers/cads.pdf

  61. Tamassia, R., Triandopoulos, N.: Efficient content authentication in peer-to-peer networks. In: Proc. Int. Conf. on Applied Cryptography and Network Security. LNCS, vol. 4521, pp. 354–372. Springer, Berlin (2007)

    Chapter  Google Scholar 

  62. Tarjan, R.E.: Data Structures and Network Algorithms. CBMS-NSF Regional Conference Series in Applied Mathematics, vol. 44. SIAM, Philadelphia (1983)

    Google Scholar 

  63. Westbrook, J., Tarjan, R.E.: Maintaining bridge-connected and biconnected components on-line. Algorithmica 7, 433–464 (1992)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California, Irvine, CA, 92697, USA

    Michael T. Goodrich

  2. Department of Computer Science, Brown University, Providence, RI, 02912, USA

    Roberto Tamassia

  3. Department of Computer Science, Boston University, Boston, MA, 02215, USA

    Nikos Triandopoulos

Authors
  1. Michael T. Goodrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roberto Tamassia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nikos Triandopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikos Triandopoulos.

Additional information

A preliminary version of this paper [30] was presented at the 2003 RSA Conference (Cryptographers’ Track).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Goodrich, M.T., Tamassia, R. & Triandopoulos, N. Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems. Algorithmica 60, 505–552 (2011). https://doi.org/10.1007/s00453-009-9355-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00453-009-9355-7

Keywords

Search

Navigation