Paper 2024/505

RSA-Based Dynamic Accumulator without Hashing into Primes

Victor Youdom Kemmoe, Brown University
Anna Lysyanskaya, Brown University
Abstract

A cryptographic accumulator is a compact data structure for representing a set of elements coming from some domain. It allows for a compact proof of membership and, in the case of a universal accumulator, non-membership of an element x in the data structure. A dynamic accumulator, furthermore, allows elements to be added to and deleted from the accumulator. Previously known RSA-based dynamic accumulators were too slow in practice because they required that an element in the domain be represented as a prime number. Accumulators based on settings other than RSA had other drawbacks such as requiring a prohibitively large common reference string or a trapdoor, or not permitting deletions. In this paper, we construct RSA-based dynamic accumulators that do not require that the accumulated elements be represented as primes. We also show how to aggregate membership and non-membership witnesses and batch additions and deletions. We demonstrate that, for 112-bit, 128-bit, and 192-bit security, the efficiency gains compared to previously known RSA-based accumulators are substantial, and, for the first time, make cryptographic accumulators a viable candidate for a certificate revocation mechanism as part of a WebPKI-type system. To achieve an efficient verification time for aggregated witnesses, we introduce a variant of Wesolowski’s proof of exponentiation (Journal of Cryptology 2020) that does not require hashing into primes.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. ACM CCS 2024
DOI
10.1145/3658644.3690199
Keywords
RSA AccumulatorCryptographic AccumulatorVDFWebPKI
Contact author(s)
vyoudomk @ cs brown edu
anna @ cs brown edu
History
2024-09-03: last of 2 revisions
2024-03-29: received
See all versions
Short URL
https://ia.cr/2024/505
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/505,
      author = {Victor Youdom Kemmoe and Anna Lysyanskaya},
      title = {{RSA}-Based Dynamic Accumulator without Hashing into Primes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/505},
      year = {2024},
      doi = {10.1145/3658644.3690199},
      url = {https://eprint.iacr.org/2024/505}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.