1 / 18

Oblivious Trees A Concurrent Cryptographic Data Structure

Oblivious Trees A Concurrent Cryptographic Data Structure. William Strickland Christopher Fontaine [10-12-2011]. Table of Contents. Digital Signatures Incremental Signatures Concerns Early Work Oblivious Trees Obliviousness Implementation Concurrency Goals Challenges

gisela
Download Presentation

Oblivious Trees A Concurrent Cryptographic Data Structure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Oblivious TreesA Concurrent Cryptographic Data Structure William Strickland Christopher Fontaine [10-12-2011]

  2. Table of Contents • Digital Signatures • Incremental Signatures • Concerns • Early Work • Oblivious Trees • Obliviousness • Implementation • Concurrency • Goals • Challenges • Test Application Domains • References • Q & A

  3. Digital Signatures • Useful for detecting or preventing forgery and tampering of digital data. • Most useful with asymmetric key schemes. • Critical to Software distribution, Email, E-commerce. • Many algorithms and schemes exist. • Any change to the document invalidates the signature, even authorized changes. • Can a new valid signature be generated by only processing the updates of the document?

  4. Incremental Signatures • Potential performance improvements in applications where signatures a repeatedly computed for often changing documents. • Signature generation proportional to updates. • Signature size and verification difficulty does not grow with repeated updates. • Must maintain security and privacy of non-incremental schemes. • Security to tampering and forgery. • Privacy of revision history.

  5. Incremental Concerns • Security more complicated with incremental signatures. • Security is of foremost concern. • Attacker has new avenues to attack observing result of incremental changes. • No longer practical to hide which chunks have changed with a fast algorithm. • Privacy becomes an issue. • No previous versions to be concerned with in non-incremental. • Do no wish to leak information about previous edits with signature. • Some incremental signature schemes may be secure while still leaking revision history.

  6. Early Work • An early incremental signature scheme presented by Bellare, Goldreich and Goldwasser in 1994 utilized 2-3 trees to provide incremental signatures with proven security. • Utilized generic non-incremental signature function as building block. • This scheme was later found to leak revision history in by the structure of the tree. • Previous state information was leaked solely by the structure of the 2-3 tree.

  7. Obliviousness • An Oblivious data structure is defined as one that reveals no information about what operations have been performed on it. • Adding the oblivious property to the 2-3 tree signature scheme would resolve the privacy issues.

  8. Oblivious Trees • Implementation • 2-3 Tree Basis • Why? • Leaf Nodes at the same level • Fast Access to leaves • Good probability of a balanced tree • Leaf Nodes are in sorted order • Easy to locate using only size information

  9. Oblivious Trees • Implementation • Create • O(n) • Insert • O(log n) • Delete • O(log n) • Key Issues • Maintain Obliviousness • Maintain Performance

  10. Oblivious Trees • CREATE • Observation: Structure Reveals History • Bottom-up Construction • foreach(level i) • Traverse nodes from right to left • Choose d from {2,3} uniformly at random • Or set d to number of nodes left • Create a new node with d as its degree • Stop when number of nodes created = 1

  11. Oblivious Trees • INSERT • INSERT(b, i, CREATE(L)) == CREATE(L') • Locate the ith leaf • Insert new node b • Starting from i's parent • foreach(level l) • Moving from left to right, rebuild the tree in the same manner as CREATE, but with new random coin tosses.

  12. Oblivious Trees • DELETE • DELETE(i, CREATE(L)) == CREATE(L') • Locate the ith leaf • Delete the ith leaf • Starting from i's parent • foreach(level l) • Moving from left to right, rebuild the tree in the same manner as CREATE, but with new random coin tosses.

  13. Oblivious Tree R Root ? Internal Nodes Leaves L L L L L L

  14. Approach to Concurrency Observations • Tree structure is randomized. • There is no 'correct' tree structure, so long as the result is a 2-3 tree. • Outputting the current signature is akin to a snapshot of the tree. • Inserts and deletes only randomize the tree structure to the right of the affected index.

  15. Goals • First known implementation of Oblivious Tree data structure • Lock-free implementation of Oblivious Trees • Prove lock-free nature of implementation • Create representative parallel test application • Show improved performance over non-incremental signature schemes in test application

  16. Challenges • Creating a sequential implementation • Refine sequential implementation to be lock-free • Exploit randomized structure to enable concurrency • Develop test application and test data set • Tune hashing function and chunk size

  17. Test Application Domains • Signed Source Code Repository • Incremental Backup • Streaming Security Footage • Collaborative Photo/Text Editing

  18. References • Daniele Micciancio. 1997. Oblivious data structures: applications to cryptography. In Proceedings of the twenty-ninth annual ACM symposium on Theory of computing (STOC '97). ACM, New York, NY, USA, 456-464. DOI=10.1145/258533.258638 http://doi.acm.org/10.1145/258533.258638 • MihirBellare, OdedGoldreich, and ShafiGoldwasser. 1994. Incremental Cryptography: The Case of Hashing and Signing. In Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '94), YvoDesmedt (Ed.). Springer-Verlag, London, UK, 216-233. • QingjiZheng and ShouhuaiXu. 2011. Fair and dynamic proofs of retrievability. In Proceedings of the first ACM conference on Data and application security and privacy (CODASPY '11). ACM, New York, NY, USA, 237-248. DOI=10.1145/1943513.1943546 http://doi.acm.org/10.1145/1943513.1943546 • MihirBellare and Daniele Micciancio. 1997. A new paradigm for collision-free hashing: incrementality at reduced cost. In Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques (EUROCRYPT'97), Walter Fumy (Ed.). Springer-Verlag, Berlin, Heidelberg, 163-192.

More Related