Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives

David Derler, Christian Hanser, and Daniel Slamanig

Abstract

Cryptographic accumulators allow to accumulate a finite set of values into a single succinct accumulator. For every accumulated value, one can efficiently compute a witness, which certifies its membership in the accumulator. However, it is computationally infeasible to find a witness for any non-accumulated value. Since their introduction, various accumulator schemes for numerous practical applications and with different features have been proposed. Unfortunately, to date there is no unifying model capturing all existing features. Such a model can turn out to be valuable as it allows to use accumulators in a black-box fashion. To this end, we propose a unified formal model for (randomized) cryptographic accumulators which covers static and dynamic accumulators, their universal features and includes the notions of undeniability and indistinguishability. Additionally, we provide an exhaustive classification of all existing schemes. In doing so, it turns out that most accumulators are distinguishable. Fortunately, a simple, light-weight generic transformation allows to make many existing dynamic accumulator schemes indistinguishable. As this transformation, however, comes at the cost of reduced collision freeness, we additionally propose the first indistinguishable scheme that does not suffer from this shortcoming. Finally, we employ our unified model for presenting a black-box construction of commitments from indistinguishable accumulators as well as a black-box construction of indistinguishable, undeniable universal accumulators from zero-knowledge sets. Latter yields the first universal accumulator construction that provides indistinguishability.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.CT-RSA 2015
Keywords
staticdynamicuniversal cryptographic accumulatorsunified modelindistinguishabilityundeniabilityblack-box constructions
Contact author(s)
david derler @ iaik tugraz at
History
Short URL
https://ia.cr/2015/087

CC BY

BibTeX

@misc{cryptoeprint:2015/087,
author = {David Derler and Christian Hanser and Daniel Slamanig},
title = {Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives},
howpublished = {Cryptology ePrint Archive, Paper 2015/087},
year = {2015},
note = {\url{https://eprint.iacr.org/2015/087}},
url = {https://eprint.iacr.org/2015/087}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.