Merkle2: A Low-Latency Transparency Log System

Yuncong Hu, Kian Hooshmand, Harika Kalidhindi, Seung Jin Yang, R. A. Popa
{"title":"Merkle2: A Low-Latency Transparency Log System","authors":"Yuncong Hu, Kian Hooshmand, Harika Kalidhindi, Seung Jin Yang, R. A. Popa","doi":"10.1109/SP40001.2021.00088","DOIUrl":null,"url":null,"abstract":"Transparency logs are designed to help users audit untrusted servers. For example, Certificate Transparency (CT) enables users to detect when a compromised Certificate Authority (CA) has issued a fake certificate. Practical state-of-the-art transparency log systems, however, suffer from high monitoring costs when used for low-latency applications. To reduce monitoring costs, such systems often require users to wait an hour or more for their updates to take effect, inhibiting low-latency applications. We propose Merkle2, a transparency log system that supports both efficient monitoring and low-latency updates. To achieve this goal, we construct a new multi-dimensional, authenticated data structure that nests two types of Merkle trees, hence the name of our system, Merkle2. Using this data structure, we then design a transparency log system with efficient monitoring and lookup protocols that enables low-latency updates. In particular, all the operations in Merkle2 are independent of update intervals and are (poly)logarithmic to the number of entries in the log. Merkle2 not only has excellent asymptotics when compared to prior work, but is also efficient in practice. Our evaluation shows that Merkle2 propagates updates in as little as 1 second and can support 100× more users than state-of-the-art transparency logs.","PeriodicalId":6786,"journal":{"name":"2021 IEEE Symposium on Security and Privacy (SP)","volume":"10 1","pages":"285-303"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40001.2021.00088","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 23

Abstract

Transparency logs are designed to help users audit untrusted servers. For example, Certificate Transparency (CT) enables users to detect when a compromised Certificate Authority (CA) has issued a fake certificate. Practical state-of-the-art transparency log systems, however, suffer from high monitoring costs when used for low-latency applications. To reduce monitoring costs, such systems often require users to wait an hour or more for their updates to take effect, inhibiting low-latency applications. We propose Merkle2, a transparency log system that supports both efficient monitoring and low-latency updates. To achieve this goal, we construct a new multi-dimensional, authenticated data structure that nests two types of Merkle trees, hence the name of our system, Merkle2. Using this data structure, we then design a transparency log system with efficient monitoring and lookup protocols that enables low-latency updates. In particular, all the operations in Merkle2 are independent of update intervals and are (poly)logarithmic to the number of entries in the log. Merkle2 not only has excellent asymptotics when compared to prior work, but is also efficient in practice. Our evaluation shows that Merkle2 propagates updates in as little as 1 second and can support 100× more users than state-of-the-art transparency logs.
Merkle2:一个低延迟透明日志系统
透明日志旨在帮助用户审计不受信任的服务器。例如,证书透明度(Certificate Transparency, CT)使用户能够检测到一个受损的证书颁发机构(Certificate Authority, CA)何时颁发了假证书。然而,实用的最先进的透明日志系统在用于低延迟应用程序时,监控成本很高。为了降低监控成本,此类系统通常要求用户等待一个小时或更长时间才能使更新生效,从而抑制了低延迟应用程序。我们提出了Merkle2,这是一个透明的日志系统,支持高效的监控和低延迟的更新。为了实现这一目标,我们构建了一个新的多维的、经过身份验证的数据结构,其中嵌套了两种类型的Merkle树,因此我们的系统被命名为Merkle2。使用这个数据结构,我们设计了一个透明的日志系统,它具有高效的监控和查找协议,可以实现低延迟的更新。特别是,Merkle2中的所有操作都独立于更新间隔,并且与日志中的条目数呈(多)对数关系。Merkle2不仅与之前的工作相比具有很好的渐近性,而且在实践中也是高效的。我们的评估表明,Merkle2在短短1秒内传播更新,并且可以支持比最先进的透明日志多100倍的用户。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信