Online Mergers and Applications to Registration-Based Encryption and Accumulators
引用次数: 0
Abstract
In this work we study a new information theoretic problem, called online merging , that has direct applications for constructing public-state accumulators and registration-based encryption schemes. An online merger receives the sequence of sets { 1 } , { 2 } , . . . in an online way, and right after receiving { i } , it can re-partition the elements 1 , . . . , i into T 1 , . . . , T m i by merging some of these sets. The goal of the merger is to balance the trade-off between the maximum number of sets wid = max i ∈ [ n ] m i that co-exist at any moment, called the width of the scheme, with its depth dep = max i ∈ [ n ] d i , where d i is the number of times that the sets that contain i get merged. An online merger can be used to maintain a set of Merkle trees that occasionally get merged. An online merger can be directly used to obtain public-state accumulators (using collision-resistant hashing) and registration-based encryptions (relying on more assumptions). Doing so, the width of an online merger translates into the size of the public-parameter of the constructed scheme, and the depth of the online algorithm corresponds to the number of times that parties need to update their “witness” (for accumulators) or their decryption key (for RBE). In this work, we construct online mergers with poly (log n ) width and O (log n/ log log n ) depth, which can be shown to be optimal for all schemes with poly (log n ) width. More generally, we show how to achieve optimal depth for a given fixed width and to achieve a 2-approximate optimal width for a given depth d that can possibly grow as a function of n (e.g., d = 2 or d = log n/ log log n ). As applications, we obtain accumulators with O (log n/ log log n ) number of updates for parties’ witnesses (which can be shown to be optimal for accumulator digests of length poly (log n )) as well as registration based encryptions that again have an optimal O (log n/ log log n ) number of decryption updates, resolving the open question of Mahmoody, Rahimi, Qi [TCC’22] who proved that Ω(log n/ log log n ) number of decryption updates are necessary for any RBE (with public parameter of length poly (log n )). More generally, for any given number of decryption updates d = d ( n ) (under believable computational assumptions) our online merger implies RBE schemes with public parameters of length that is optimal, up to a constant factor that depends on the security parameter. For example, for any constant number of updates d , we get RBE schemes with public parameters of length O ( n 1 / ( d +1) ).基于注册的加密和累加器的在线合并和应用
在这项工作中,我们研究了一个新的信息理论问题,称为在线合并,它直接应用于构造公共状态累加器和基于注册的加密方案。在线合并接收集合{1},{2},…的序列。以在线的方式,并且在收到{I}之后,它可以重新划分元素1,…i变成t1,…通过合并这些集合。合并的目标是在任意时刻共存的最大集合个数wid = maxi∈[n] m i与深度deep = maxi∈[n] d i之间取得平衡,其中di是包含i的集合合并的次数。在线合并可用于维护一组偶尔合并的Merkle树。在线合并可以直接用于获取公共状态累加器(使用抗冲突散列)和基于注册的加密(依赖于更多假设)。这样,在线合并的宽度转换为构建方案的公共参数的大小,在线算法的深度对应于各方需要更新其“见证”(对于累加器)或其解密密钥(对于RBE)的次数。在这项工作中,我们构建了具有poly (log n)宽度和O (log n/ log log n)深度的在线合并,可以证明它对于所有具有poly (log n)宽度的方案都是最优的。更一般地说,我们展示了如何在给定的固定宽度下实现最佳深度,以及如何在给定的深度d下实现2-近似最佳宽度,该宽度可能作为n的函数增长(例如,d = 2或d = log n/ log log n)。作为应用,我们获得了各方证人更新次数为O (log n/ log log n)的累加器(对于长度为poly (log n)的累加器摘要来说,这是最优的),以及基于注册的加密,同样具有最优的O (log n/ log log n)的解密更新次数,解决了Mahmoody, Rahimi,Qi [TCC ' 22]证明了Ω(log n/ log log n)解密更新次数对于任何RBE(公共参数长度为poly (log n))都是必要的。更一般地说,对于任何给定数量的解密更新d = d (n)(在可信的计算假设下),我们的在线合并意味着具有最优长度的公共参数的RBE方案,直至依赖于安全参数的常数因子。例如,对于任意常数更新d,我们得到公共参数长度为O (n 1 / (d +1))的RBE方案。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文
求助全文
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
