{"title":"基于注册的加密和累加器的在线合并和应用","authors":"Mohammad Mahmoody, Wei Qi","doi":"10.4230/LIPIcs.ITC.2023.15","DOIUrl":null,"url":null,"abstract":"In this work we study a new information theoretic problem, called online merging , that has direct applications for constructing public-state accumulators and registration-based encryption schemes. An online merger receives the sequence of sets { 1 } , { 2 } , . . . in an online way, and right after receiving { i } , it can re-partition the elements 1 , . . . , i into T 1 , . . . , T m i by merging some of these sets. The goal of the merger is to balance the trade-off between the maximum number of sets wid = max i ∈ [ n ] m i that co-exist at any moment, called the width of the scheme, with its depth dep = max i ∈ [ n ] d i , where d i is the number of times that the sets that contain i get merged. An online merger can be used to maintain a set of Merkle trees that occasionally get merged. An online merger can be directly used to obtain public-state accumulators (using collision-resistant hashing) and registration-based encryptions (relying on more assumptions). Doing so, the width of an online merger translates into the size of the public-parameter of the constructed scheme, and the depth of the online algorithm corresponds to the number of times that parties need to update their “witness” (for accumulators) or their decryption key (for RBE). In this work, we construct online mergers with poly (log n ) width and O (log n/ log log n ) depth, which can be shown to be optimal for all schemes with poly (log n ) width. More generally, we show how to achieve optimal depth for a given fixed width and to achieve a 2-approximate optimal width for a given depth d that can possibly grow as a function of n (e.g., d = 2 or d = log n/ log log n ). As applications, we obtain accumulators with O (log n/ log log n ) number of updates for parties’ witnesses (which can be shown to be optimal for accumulator digests of length poly (log n )) as well as registration based encryptions that again have an optimal O (log n/ log log n ) number of decryption updates, resolving the open question of Mahmoody, Rahimi, Qi [TCC’22] who proved that Ω(log n/ log log n ) number of decryption updates are necessary for any RBE (with public parameter of length poly (log n )). More generally, for any given number of decryption updates d = d ( n ) (under believable computational assumptions) our online merger implies RBE schemes with public parameters of length that is optimal, up to a constant factor that depends on the security parameter. For example, for any constant number of updates d , we get RBE schemes with public parameters of length O ( n 1 / ( d +1) ).","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":"64 1","pages":"15:1-15:23"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Online Mergers and Applications to Registration-Based Encryption and Accumulators\",\"authors\":\"Mohammad Mahmoody, Wei Qi\",\"doi\":\"10.4230/LIPIcs.ITC.2023.15\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this work we study a new information theoretic problem, called online merging , that has direct applications for constructing public-state accumulators and registration-based encryption schemes. An online merger receives the sequence of sets { 1 } , { 2 } , . . . in an online way, and right after receiving { i } , it can re-partition the elements 1 , . . . , i into T 1 , . . . , T m i by merging some of these sets. The goal of the merger is to balance the trade-off between the maximum number of sets wid = max i ∈ [ n ] m i that co-exist at any moment, called the width of the scheme, with its depth dep = max i ∈ [ n ] d i , where d i is the number of times that the sets that contain i get merged. An online merger can be used to maintain a set of Merkle trees that occasionally get merged. An online merger can be directly used to obtain public-state accumulators (using collision-resistant hashing) and registration-based encryptions (relying on more assumptions). Doing so, the width of an online merger translates into the size of the public-parameter of the constructed scheme, and the depth of the online algorithm corresponds to the number of times that parties need to update their “witness” (for accumulators) or their decryption key (for RBE). In this work, we construct online mergers with poly (log n ) width and O (log n/ log log n ) depth, which can be shown to be optimal for all schemes with poly (log n ) width. More generally, we show how to achieve optimal depth for a given fixed width and to achieve a 2-approximate optimal width for a given depth d that can possibly grow as a function of n (e.g., d = 2 or d = log n/ log log n ). As applications, we obtain accumulators with O (log n/ log log n ) number of updates for parties’ witnesses (which can be shown to be optimal for accumulator digests of length poly (log n )) as well as registration based encryptions that again have an optimal O (log n/ log log n ) number of decryption updates, resolving the open question of Mahmoody, Rahimi, Qi [TCC’22] who proved that Ω(log n/ log log n ) number of decryption updates are necessary for any RBE (with public parameter of length poly (log n )). More generally, for any given number of decryption updates d = d ( n ) (under believable computational assumptions) our online merger implies RBE schemes with public parameters of length that is optimal, up to a constant factor that depends on the security parameter. For example, for any constant number of updates d , we get RBE schemes with public parameters of length O ( n 1 / ( d +1) ).\",\"PeriodicalId\":6403,\"journal\":{\"name\":\"2007 IEEE International Test Conference\",\"volume\":\"64 1\",\"pages\":\"15:1-15:23\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 IEEE International Test Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4230/LIPIcs.ITC.2023.15\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Test Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.ITC.2023.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Online Mergers and Applications to Registration-Based Encryption and Accumulators
In this work we study a new information theoretic problem, called online merging , that has direct applications for constructing public-state accumulators and registration-based encryption schemes. An online merger receives the sequence of sets { 1 } , { 2 } , . . . in an online way, and right after receiving { i } , it can re-partition the elements 1 , . . . , i into T 1 , . . . , T m i by merging some of these sets. The goal of the merger is to balance the trade-off between the maximum number of sets wid = max i ∈ [ n ] m i that co-exist at any moment, called the width of the scheme, with its depth dep = max i ∈ [ n ] d i , where d i is the number of times that the sets that contain i get merged. An online merger can be used to maintain a set of Merkle trees that occasionally get merged. An online merger can be directly used to obtain public-state accumulators (using collision-resistant hashing) and registration-based encryptions (relying on more assumptions). Doing so, the width of an online merger translates into the size of the public-parameter of the constructed scheme, and the depth of the online algorithm corresponds to the number of times that parties need to update their “witness” (for accumulators) or their decryption key (for RBE). In this work, we construct online mergers with poly (log n ) width and O (log n/ log log n ) depth, which can be shown to be optimal for all schemes with poly (log n ) width. More generally, we show how to achieve optimal depth for a given fixed width and to achieve a 2-approximate optimal width for a given depth d that can possibly grow as a function of n (e.g., d = 2 or d = log n/ log log n ). As applications, we obtain accumulators with O (log n/ log log n ) number of updates for parties’ witnesses (which can be shown to be optimal for accumulator digests of length poly (log n )) as well as registration based encryptions that again have an optimal O (log n/ log log n ) number of decryption updates, resolving the open question of Mahmoody, Rahimi, Qi [TCC’22] who proved that Ω(log n/ log log n ) number of decryption updates are necessary for any RBE (with public parameter of length poly (log n )). More generally, for any given number of decryption updates d = d ( n ) (under believable computational assumptions) our online merger implies RBE schemes with public parameters of length that is optimal, up to a constant factor that depends on the security parameter. For example, for any constant number of updates d , we get RBE schemes with public parameters of length O ( n 1 / ( d +1) ).