Methods and apparatus for efficient computation of one-way chains in cryptographic applications

US 8,086,866 B2
Filed: 06/02/2008
Issued: 12/27/2011
Est. Priority Date: 04/16/2001
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A method implemented by a processor, the processor being coupled to a memory, the memory having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain, the method comprising the steps of:

storing in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset, the subset of values of the one-way chain comprising a plurality of designated non-consecutive values of the one-way chain;

utilizing one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;

generating a cryptographic output determined by the computed value not in the subset; and

updating the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value ν_iassociated therewith, wherein the value ν_iis given by ν_i=h(ν_i+1), for a given hash function or other one-way function h. An initial distribution of helper values may be stored for the one-way chain of length s, e.g., at positions given by i=2^jfor 0≦j≦log₂s. A given one of the output values ν_iat a current position in the one-way chain may be computed utilizing a first helper value previously stored for another position in the one-way chain between the current position and an endpoint of the chain. After computation of the given output value, the positions of the helper values are adjusted so as to facilitate computation of subsequent output values. Advantageously, a storage-computation product associated with generation of the output values of the one-way chain has a complexity O((log s)²).

15 Citations

View as Search Results

20 Claims

1. A method implemented by a processor, the processor being coupled to a memory, the memory having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain, the method comprising the steps of:
- storing in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset, the subset of values of the one-way chain comprising a plurality of designated non-consecutive values of the one-way chain;
  
  utilizing one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  generating a cryptographic output determined by the computed value not in the subset; and
  
  updating the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset.
- View Dependent Claims (4)
- - 4. The method of claim 1 wherein the cryptographic output comprises at least one of a password, a cryptographic key, a digital signature and an authentication code.

2. A method implemented by a processor, the processor being coupled to a memory, the memory having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain, the method comprising the steps of:
- storing in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset;
  
  utilizing one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  generating a cryptographic output determined by the computed value not in the subset; and
  
  updating the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein a storage-computation product associated with generation of the values of the one-way chain has a complexity O((log s)²) where s denotes the length of the chain.

3. A method implemented by a processor, the processor being coupled to a memory, the memory having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain, the method comprising the steps of:
- storing in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset;
  
  utilizing one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  generating a cryptographic output determined by the computed value not in the subset; and
  
  updating the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein an initial subset of values of the one-way chain stored as initial helper values comprises values at positions in the chain given by;
  
  i=2^jfor 0≦
  
  j≦
  
  log₂s,where s is the length of the chain.

5. A method implemented by a processor, the processor being coupled to a memory, the memory having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain, the method comprising the steps of:
- storing in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset;
  
  utilizing one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  generating a cryptographic output determined by the computed value not in the subset; and
  
  updating the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein each of the helper values is stored in the form of a corresponding peg that includes, in addition to its associated helper value, additional information including a destination position in the chain, a priority, and a state.
- View Dependent Claims (7)
- - 7. The method of claim 5 wherein the number of pegs utilized to store respective helper values is given approximately by:
    - σ
      
      +┌
      
      log₂(σ
      
      +1)┐
      
      ,where s=2^σ is the length of the chain such that σ
      
      =log₂s.

6. A method implemented by a processor, the processor being coupled to a memory, the memory having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain, the method comprising the steps of:
- storing in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other chain not in the subset;
  
  utilizing one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  generating a cryptographic output determined by the computed value not in the subset; and
  
  updating the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein for a given position i in the one-way chain a corresponding value ν
  
  _ican be computed and one or more new helper values determined within a specified computational budget.
- View Dependent Claims (8)
- - 8. The method of claim 6 wherein the specified computational budget is given approximately by:
    - b=└
      
      σ
      
      /2┘
      
      ,where s=2^σ is the length of the chain such that σ
      
      =log₂s.

9. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor and having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain;
  
  the processor being configured to store in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset;
  
  to utilize one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  to generate a cryptographic output determined by the computed value not in the subset; and
  
  to update the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein the subset of values of the one-way chain comprises a plurality of designated non-consecutive values of the one-way chain.
- View Dependent Claims (12)
- - 12. The apparatus of claim 9 wherein the cryptographic output comprises at least one of a password, a cryptographic key, a digital signature and an authentication code.

10. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor and having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain;
  
  the processor being configured to store in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset;
  
  to utilize one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  to generate a cryptographic output determined by the computed value not in the subset; and
  
  to update the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein a storage-computation product associated with generation of the values of the one-way chain has a complexity O((log s)²) where s denotes the length of the chain.

11. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor and having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain;
  
  the processor being configured to store in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset;
  
  to utilize one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  to generate a cryptographic output determined by the computed value not in the subset; and
  
  to update the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein an initial subset of values of the one-way chain stored as initial helper values comprises values at positions in the chain given by;
  
  i=2^jfor 0≦
  
  j≦
  
  log₂s,where s is the length of the chain.

13. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor and having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain;
  
  the processor being configured to store in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset;
  
  to utilize one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  to generate a cryptographic output determined by the computed value not in the subset; and
  
  to update the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein each of the helper values is stored in the form of a corresponding peg that includes, in addition to its associated helper value, additional information including a destination position in the chain, a priority, and a state.
- View Dependent Claims (15)
- - 15. The apparatus of claim 13 wherein the number of pegs utilized to store respective helper values is given approximately by:
    - σ
      
      +┌
      
      log₂(σ
      
      +1)┐
      
      ,where s=2^σ is the length of the chain such that σ
      
      =log₂s.

14. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor and having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain;
  
  the processor being configured to store in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset;
  
  to utilize one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  to generate a cryptographic output determined by the computed value not in the subset; and
  
  to update the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset;
  
  wherein for a given position i in the one-way chain a corresponding value ν
  
  _ican be computed and one or more new helper values determined within a specified computational budget.
- View Dependent Claims (16)
- - 16. The apparatus of claim 14 wherein the specified computational budget is given approximately by:
    - b=└
      
      σ
      
      /2┘
      
      ,where s=2^σ is the length of the chain such that σ
      
      =log₂s.

17. A non-transitory machine-readable medium for storing one or more programs for use by a processor in generating values of a one-way chain, the processor being coupled to a memory, the memory having a designated amount of storage available for storing values of a one-way chain, the designated amount of available storage being less than that required to store simultaneously all of the values of the one-way chain, the one or more programs when executed causing the processor to perform the steps of:
- storing in the memory a subset of the values of the one-way chain as helper values for facilitating computation of other values of the one-way chain not in the subset, the subset of values of the one-way chain comprising a plurality of designated non-consecutive values of the one-way chain;
  
  utilizing one of the values in the subset of values to compute one of the other values of the one-way chain not in the subset;
  
  generating a cryptographic output determined by the computed value not in the subset; and
  
  updating the stored subset of values of the one-way chain so as to replace at least one of the helper values with a new helper value not previously part of the subset.

18. A method implemented by a processor, the processor being coupled to a memory, the method comprising the steps of:
- storing in the memory a first subset of values of a one-way chain as initial helper values for facilitating computation of other values of the one-way chain not in the first subset;
  
  utilizing one of the values in the first subset of values to compute one of the other values of the one-way chain not in the first subset;
  
  generating a cryptographic output determined by the computed value not in the first subset; and
  
  storing in the memory a second subset of the values of the one-way chain, different than the first subset of values of the one-way chain, as updated helper values for facilitating computation of other values of the one-way chain not in the second subset;
  
  wherein at least a portion of the memory that is used to store the first subset of values of the one-way chain is reused to store the second subset of values of the one-way chain; and
  
  wherein at least one of the first and second subsets of values of the one-way chain comprises a plurality of designated non-consecutive values of the one-way chain.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18 wherein a storage-computation product associated with generation of the values of the one-way chain has a complexity O((log s)²) where s denotes the length of the chain.
  - 20. The method of claim 18 wherein an initial subset of values of the one-way chain stored as initial helper values comprises values at positions in the chain given by:
    - i=2^jfor 0≦
      
      j≦
      
      log₂s,where s is the length of the chain.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Crypto Research, LLC (Bjorn Markus Jakobsson)
Original Assignee
Bjorn Markus Jakobsson
Inventors
Jakobsson, Bjorn Markus
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US12/131,404
Publication Number

US 20090172418A1
Time in Patent Office

1,303 Days
Field of Search

380/28, 380/30, 713/168, 713/176, 713/177, 713/180, 713/193, 713/181
US Class Current

713/181
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 9/3236   using cryptographic hash fu...

H04L 9/50   using hash chains, e.g. blo...

Methods and apparatus for efficient computation of one-way chains in cryptographic applications

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for efficient computation of one-way chains in cryptographic applications

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others