Oblivious trees a concurrent cryptographic data structure
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Oblivious Trees A Concurrent Cryptographic Data Structure PowerPoint PPT Presentation


  • 97 Views
  • Uploaded on
  • Presentation posted in: General

Oblivious Trees A Concurrent Cryptographic Data Structure. William Strickland Christopher Fontaine [10-12-2011]. Table of Contents. Digital Signatures Incremental Signatures Concerns Early Work Oblivious Trees Obliviousness Implementation Concurrency Goals Challenges

Download Presentation

Oblivious Trees A Concurrent Cryptographic Data Structure

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Oblivious trees a concurrent cryptographic data structure

Oblivious TreesA Concurrent Cryptographic Data Structure

William Strickland

Christopher Fontaine

[10-12-2011]


Table of contents

Table of Contents

  • Digital Signatures

  • Incremental Signatures

    • Concerns

    • Early Work

  • Oblivious Trees

    • Obliviousness

    • Implementation

    • Concurrency

    • Goals

    • Challenges

    • Test Application Domains

  • References

  • Q & A


Digital signatures

Digital Signatures

  • Useful for detecting or preventing forgery and tampering of digital data.

  • Most useful with asymmetric key schemes.

  • Critical to Software distribution, Email, E-commerce.

  • Many algorithms and schemes exist.

  • Any change to the document invalidates the signature, even authorized changes.

  • Can a new valid signature be generated by only processing the updates of the document?


Incremental signatures

Incremental Signatures

  • Potential performance improvements in applications where signatures a repeatedly computed for often changing documents.

  • Signature generation proportional to updates.

  • Signature size and verification difficulty does not grow with repeated updates.

  • Must maintain security and privacy of non-incremental schemes.

  • Security to tampering and forgery.

  • Privacy of revision history.


Incremental concerns

Incremental Concerns

  • Security more complicated with incremental signatures.

  • Security is of foremost concern.

  • Attacker has new avenues to attack observing result of incremental changes.

  • No longer practical to hide which chunks have changed with a fast algorithm.

  • Privacy becomes an issue.

  • No previous versions to be concerned with in non-incremental.

  • Do no wish to leak information about previous edits with signature.

  • Some incremental signature schemes may be secure while still leaking revision history.


Early work

Early Work

  • An early incremental signature scheme presented by Bellare, Goldreich and Goldwasser in 1994 utilized 2-3 trees to provide incremental signatures with proven security.

  • Utilized generic non-incremental signature function as building block.

  • This scheme was later found to leak revision history in by the structure of the tree.

  • Previous state information was leaked solely by the structure of the 2-3 tree.


Obliviousness

Obliviousness

  • An Oblivious data structure is defined as one that reveals no information about what operations have been performed on it.

  • Adding the oblivious property to the 2-3 tree signature scheme would resolve the privacy issues.


Oblivious trees

Oblivious Trees

  • Implementation

    • 2-3 Tree Basis

    • Why?

      • Leaf Nodes at the same level

        • Fast Access to leaves

        • Good probability of a balanced tree

      • Leaf Nodes are in sorted order

        • Easy to locate using only size information


Oblivious trees1

Oblivious Trees

  • Implementation

    • Create

      • O(n)

    • Insert

      • O(log n)

    • Delete

      • O(log n)

  • Key Issues

    • Maintain Obliviousness

    • Maintain Performance


Oblivious trees2

Oblivious Trees

  • CREATE

    • Observation: Structure Reveals History

  • Bottom-up Construction

  • foreach(level i)

    • Traverse nodes from right to left

    • Choose d from {2,3} uniformly at random

      • Or set d to number of nodes left

    • Create a new node with d as its degree

    • Stop when number of nodes created = 1


Oblivious trees3

Oblivious Trees

  • INSERT

    • INSERT(b, i, CREATE(L)) == CREATE(L')

    • Locate the ith leaf

    • Insert new node b

    • Starting from i's parent

      • foreach(level l)

        • Moving from left to right, rebuild the tree in the same manner as CREATE, but with new random coin tosses.


Oblivious trees4

Oblivious Trees

  • DELETE

    • DELETE(i, CREATE(L)) == CREATE(L')

    • Locate the ith leaf

    • Delete the ith leaf

    • Starting from i's parent

      • foreach(level l)

        • Moving from left to right, rebuild the tree in the same manner as CREATE, but with new random coin tosses.


Oblivious tree

Oblivious Tree

R

Root

?

Internal

Nodes

Leaves

L

L

L

L

L

L


Approach to concurrency

Approach to Concurrency

Observations

  • Tree structure is randomized.

  • There is no 'correct' tree structure, so long as the result is a 2-3 tree.

  • Outputting the current signature is akin to a snapshot of the tree.

  • Inserts and deletes only randomize the tree structure to the right of the affected index.


Goals

Goals

  • First known implementation of Oblivious Tree data structure

  • Lock-free implementation of Oblivious Trees

  • Prove lock-free nature of implementation

  • Create representative parallel test application

  • Show improved performance over non-incremental signature schemes in test application


Challenges

Challenges

  • Creating a sequential implementation

  • Refine sequential implementation to be lock-free

  • Exploit randomized structure to enable concurrency

  • Develop test application and test data set

  • Tune hashing function and chunk size


Test application domains

Test Application Domains

  • Signed Source Code Repository

  • Incremental Backup

  • Streaming Security Footage

  • Collaborative Photo/Text Editing


References

References

  • Daniele Micciancio. 1997. Oblivious data structures: applications to cryptography. In Proceedings of the twenty-ninth annual ACM symposium on Theory of computing (STOC '97). ACM, New York, NY, USA, 456-464. DOI=10.1145/258533.258638 http://doi.acm.org/10.1145/258533.258638

  • MihirBellare, OdedGoldreich, and ShafiGoldwasser. 1994. Incremental Cryptography: The Case of Hashing and Signing. In Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '94), YvoDesmedt (Ed.). Springer-Verlag, London, UK, 216-233.

  • QingjiZheng and ShouhuaiXu. 2011. Fair and dynamic proofs of retrievability. In Proceedings of the first ACM conference on Data and application security and privacy (CODASPY '11). ACM, New York, NY, USA, 237-248. DOI=10.1145/1943513.1943546 http://doi.acm.org/10.1145/1943513.1943546

  • MihirBellare and Daniele Micciancio. 1997. A new paradigm for collision-free hashing: incrementality at reduced cost. In Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques (EUROCRYPT'97), Walter Fumy (Ed.). Springer-Verlag, Berlin, Heidelberg, 163-192.


  • Login