Optimal Authenticated Data Structures with Multilinear Forms

TitleOptimal Authenticated Data Structures with Multilinear Forms
Publication TypeBook Chapters
Year of Publication2010
AuthorsPapamanthou C, Tamassia R, Triandopoulos N
EditorJoye M, Miyaji A, Otsuka A
Book TitlePairing-Based Cryptography - Pairing 2010
Series TitleLecture Notes in Computer Science
Pagination246 - 264
PublisherSpringer Berlin Heidelberg
ISBN Number978-3-642-17454-4, 978-3-642-17455-1
KeywordsAlgorithm Analysis and Problem Complexity, authenticated dictionary, Coding and Information Theory, Computer Communication Networks, Data Encryption, Discrete Mathematics in Computer Science, multilinear forms, Systems and Data Security

Cloud computing and cloud storage are becoming increasingly prevalent. In this paradigm, clients outsource their data and computations to third-party service providers. Data integrity in the cloud therefore becomes an important factor for the functionality of these web services.Authenticated data structures, implemented with various cryptographic primitives, have been widely studied as a means of providing efficient solutions to data integrity problems (e.g., Merkle trees). In this paper, we introduce a new authenticated dictionary data structure that employs multilinear forms, a cryptographic primitive proposed by Silverberg and Boneh in 2003 [10], the construction of which, however, remains an open problem to date. Our authenticated dictionary is optimal, that is, it does not add any extra asymptotic cost to the plain dictionary data structure, yielding proofs of constant size, i.e., asymptotically equal to the size of the answer, while maintaining other relevant complexities logarithmic. Instead, solutions based on cryptographic hashing (e.g., Merkle trees) require proofs of logarithmic size [40]. Because multilinear forms are not known to exist yet, our result can be viewed from a different angle: if one could prove that optimal authenticated dictionaries cannot exist in the computational model, irrespectively of cryptographic primitives, then our solution would imply that cryptographically interesting multilinear form generators cannot exist as well (i.e., it can be viewed as a reduction). Thus, we provide an alternative avenue towards proving the nonexistence of multilinear form generators in the context of general lower bounds for authenticated data structures [40] and for memory checking [18], a model similar to the authenticated data structures model.