Paper 2014/329

Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal

Berry Schoenmakers

Abstract

We present explicit optimal binary pebbling algorithms for reversing one-way hash chains. For a hash chain of length $2^k$, the number of hashes performed in each output round does not exceed $\lceil k/2 \rceil$, whereas the number of hash values stored (pebbles) throughout is at most $k$. This is optimal for binary pebbling algorithms characterized by the property that the midpoint of the hash chain is computed just once and stored until it is output, and that this property applies recursively to both halves of the hash chain. We introduce a framework for rigorous comparison of explicit binary pebbling algorithms, including simple speed-1 binary pebbling, Jakobsson's speed-2 binary pebbling, and our optimal binary pebbling algorithm. Explicit schedules describe for each pebble exactly how many hashes need to be performed in each round. The optimal schedule turns out to be essentially unique and exhibits a nice recursive structure, which allows for fully optimized implementations that can readily be deployed. In particular, we develop the first in-place implementations with minimal storage overhead (essentially, storing only hash values), and fast implementations with minimal computational overhead. Moreover, we show that our approach is not limited to hash chains of length $n=2^k$, but accommodates hash chains of arbitrary length $n\geq1$, without incurring any overhead. Finally, we show how to run a cascade of pebbling algorithms along with a bootstrapping technique, facilitating sequential reversal of an unlimited number of hash chains growing in length up to a given bound.

Note: Sample code available at http://www.win.tue.nl/~berry/pebbling/

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Financial Crypto 2016
Keywords
hash chainspebblingin-place algorithmslightweight cryptographypost-quantum cryptographyhash-based signaturesone-way function
Contact author(s)
berry @ win tue nl
History
2016-08-01: last of 5 revisions
2014-05-13: received
See all versions
Short URL
https://ia.cr/2014/329
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/329,
      author = {Berry Schoenmakers},
      title = {Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal},
      howpublished = {Cryptology ePrint Archive, Paper 2014/329},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/329}},
      url = {https://eprint.iacr.org/2014/329}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.