Abstract
We present a technique for Merkle tree traversal which requires only logarithmic space and time. For a tree with N leaves, our algorithm computes sequential tree leaves and authentication path data in time 2 log2(N) and space less than 3 log2(N), where the units of computation are hash function evaluations or leaf value computations, and the units of space are the number of node values stored. This result is an asymptotic improvement over all other previous results (for example, measuring cost=space*time). We also prove that the complexity of our algorithm is optimal: There can exist no Merkle tree traversal algorithm which consumes both less than O(log2(N)) space and less than O(log2(N)) time. Our algorithm is especially of practical interest when space efficiency is required.
Chapter PDF
Similar content being viewed by others
References
Coppersmith, D., Jakobsson, M.: Almost Optimal Hash Sequence Traversal. In: Financial Crypto 2002 (2002), Available at http://www.markus-jakobsson.com
Jakobsson, M.: Fractal Hash Sequence Representation and Traversal. In: ISIT 2002, p. 437 (2002), Available at www.markus-jakobsson.com
Jutla, C., Yung, M.: PayTree: Amortized-Signature for Flexible Micropayments. In: 2nd USENIX Workshop on Electronic Commerce, pp. 213–221 (1996)
Lamport, L.: Constructing Digital Signatures from a One Way Function. SRI International Technical Report CSL-98 (October 1979)
Lipmaa, H.: On Optimal Hash Tree Traversal for Interval Time-Stamping. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 357–371. Springer, Heidelberg (2002), Available at www.tcs.hut.fi/~helger/papers/lip02a/
Jakobsson, M., Leighton, T., Micali, S., Szydlo, M.: Fractal Merkle Tree Representation and Traversal. In: RSA Cryptographers Track, RSA Security Conference (2003)
Merkle, R.: Secrecy, Authentication, and Public Key Systems. UMI Research Press (1982); Also appears as a Stanford Ph.D. thesis in 1979 (1979)
Merkle, R.: A Digital Signature Based on a Conventional Encryption Function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)
Micali, S.: Efficient Certificate Revocation. In: RSA Cryptographers Track, RSA Security Conference, and U.S. Patent No. 5,666,416 (1997)
Malkin, T., Micciancio, D., Miner, S.: Efficient Generic Forward-Secure Signatures With An Unbounded Number Of Time Periods. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 400–417. Springer, Heidelberg (2002)
Perrig, A., Canetti, R., Tygar, D., Song, D.: The TESLA Broadcast Authentication Protocol. Cryptobytes 5(2), 2–13 (RSA Laboratories, Summer/Fall 2002), Available at http://www.rsasecurity.com/rsalabs/cryptobytes/
Rivest, R., Shamir, A.: PayWord and MicroMint–Two Simple Micropayment Schemes. CryptoBytes 2(1), 7–11 (RSA Laboratories, Spring 1996), Available at http://www.rsasecurity.com/rsalabs/cryptobytes/
FIPS PUB 180-1, Secure Hash Standard, SHA-1, Available at http://www.itl.nist.gov/fipspubs/fip180-1.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Szydlo, M. (2004). Merkle Tree Traversal in Log Space and Time. In: Cachin, C., Camenisch, J.L. (eds) Advances in Cryptology - EUROCRYPT 2004. EUROCRYPT 2004. Lecture Notes in Computer Science, vol 3027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24676-3_32
Download citation
DOI: https://doi.org/10.1007/978-3-540-24676-3_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21935-4
Online ISBN: 978-3-540-24676-3
eBook Packages: Springer Book Archive