Transparency Overlays and Applications Melissa Chase (Microsoft - - PowerPoint PPT Presentation

transparency overlays and applications
SMART_READER_LITE
LIVE PREVIEW

Transparency Overlays and Applications Melissa Chase (Microsoft - - PowerPoint PPT Presentation

Mar 23, 2024 108 likes •1.32k views

Transparency Overlays and Applications Melissa Chase (Microsoft Research Redmond) Sarah Meiklejohn (University College London) 2 (icons by parkjisun from noun project) 2 (icons by parkjisun from noun project) 2 (icons by parkjisun from noun

slide-1
SLIDE 1

Transparency Overlays and Applications

Melissa Chase (Microsoft Research Redmond) Sarah Meiklejohn (University College London)

slide-2
SLIDE 2

2

(icons by parkjisun from noun project)

slide-3
SLIDE 3

2

(icons by parkjisun from noun project)

slide-4
SLIDE 4

2

(icons by parkjisun from noun project)

slide-5
SLIDE 5

2

(icons by parkjisun from noun project)

slide-6
SLIDE 6

2

(icons by parkjisun from noun project)

slide-7
SLIDE 7

2

(icons by parkjisun from noun project)

slide-8
SLIDE 8

2

(icons by parkjisun from noun project)

slide-9
SLIDE 9

2

(icons by parkjisun from noun project)

slide-10
SLIDE 10

2

(icons by parkjisun from noun project)

slide-11
SLIDE 11

2

(icons by parkjisun from noun project)

slide-12
SLIDE 12

2

(icons by parkjisun from noun project)

slide-13
SLIDE 13

2

(icons by parkjisun from noun project)

? ? ? ?

slide-14
SLIDE 14

2

(icons by parkjisun from noun project)

advertisers doctors spy agencies credit raters marketers insurance companies hackers

? ? ? ? ? ? ? ?

slide-15
SLIDE 15

3

slide-16
SLIDE 16

3

events in the system can be

  • data access by user
  • data access by third party
  • data creation by user
slide-17
SLIDE 17

3

events in the system can be

  • data access by user
  • data access by third party
  • data creation by user

transparency: bad events are exposed

slide-18
SLIDE 18

4

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

a transparency overlay

(architecture very much inspired by Certificate Transparency [LL’13])

slide-19
SLIDE 19

4

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design

a transparency overlay

(architecture very much inspired by Certificate Transparency [LL’13])

slide-20
SLIDE 20

4

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security

a transparency overlay

(architecture very much inspired by Certificate Transparency [LL’13])

slide-21
SLIDE 21

4

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security

a transparency overlay

(architecture very much inspired by Certificate Transparency [LL’13]) construction

slide-22
SLIDE 22

4

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems?

a transparency overlay

(architecture very much inspired by Certificate Transparency [LL’13]) construction

slide-23
SLIDE 23

4

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems?

a transparency overlay

design (architecture very much inspired by Certificate Transparency [LL’13]) construction

slide-24
SLIDE 24

5

system

design

slide-25
SLIDE 25

5

system log server

log

log server

log

log server

log

log server

log

design

slide-26
SLIDE 26

5

system log server

log

design

slide-27
SLIDE 27

5

system GenEventSet log server

log

design

slide-28
SLIDE 28

5

system Log GenEventSet log server

log

design

slide-29
SLIDE 29

6

auditors (efficiently) determine if events are in the log

system Log CheckEntry GenEventSet (meaning |snap| ≪ |log|) auditor snap log server

log

slide-30
SLIDE 30

7

monitors (inefficiently) detect bad events in the log

system Log CheckEntry GenEventSet Inspect log server

log

auditor snap monitor

snap BE E

(meaning |E| ≈ |log|)

slide-31
SLIDE 31

8

auditors and monitors ensure consistent view of log

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence (can output evidence of inconsistencies)

slide-32
SLIDE 32

9

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) design construction

slide-33
SLIDE 33

9

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? security (add LS,Au,Mo) construction

slide-34
SLIDE 34

10

system Log CheckEntry GenEventSet Inspect Gossip evidence

consistency

log server

log

monitor

snap BE E

auditor snap CheckEvidence

slide-35
SLIDE 35

10

CheckEntry Inspect Gossip evidence

consistency

monitor

snap BE E

auditor snap CheckEvidence

slide-36
SLIDE 36

10

CheckEntry Inspect Gossip evidence

consistency

adversary wins if (1) evidence fails even though (2) monitor and auditor did have inconsistent view there exists event that auditor thinks is in the log but monitor doesn’t monitor

snap BE E

auditor snap CheckEvidence

slide-37
SLIDE 37

11

system Log CheckEntry GenEventSet Inspect Gossip evidence

non-frameability (related to [DGHS’16])

log server

log

monitor

snap BE E

auditor snap CheckEvidence

slide-38
SLIDE 38

11

Log CheckEntry Inspect evidence

non-frameability (related to [DGHS’16])

adversary wins if evidence passes log server

log

CheckEvidence

slide-39
SLIDE 39

12

system Log CheckEntry GenEventSet Inspect Gossip evidence

accountability

log server

log

monitor

snap BE E

auditor snap CheckEvidence

slide-40
SLIDE 40

12

system Log CheckEntry GenEventSet Inspect Gossip evidence

accountability

adversary wins if (1) it promised to include an event that (2) auditor and monitor believe to not be in the log, but (3) evidence fails monitor

snap BE E

auditor snap CheckEvidence

slide-41
SLIDE 41

13

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security construction which systems? security (add LS,Au,Mo) (consistency) (non-frameability) (accountability)

slide-42
SLIDE 42

13

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security construction which systems? (add LS,Au,Mo) (consistency) (non-frameability) construction (accountability)

slide-43
SLIDE 43

14

dynamic list commitment (dlc)

(aka tamper-evident log [CW’09]) (aka authenticated data structure [AGT’01,PSTY’13]) (aka rolling hash chain or Merkle tree [M’89])

slide-44
SLIDE 44

15

dynamic list commitment (dlc)

system

slide-45
SLIDE 45

15

dynamic list commitment (dlc)

system

e1 e2

slide-46
SLIDE 46

15

dynamic list commitment (dlc)

Com CheckCom Append basic

system

e1 e2

slide-47
SLIDE 47

15

dynamic list commitment (dlc)

Com CheckCom Append basic

system (generate succinct commitment)

e1 e2

slide-48
SLIDE 48

15

dynamic list commitment (dlc)

Com CheckCom Append basic

system (generate succinct commitment) (check commitment)

e1 e2

slide-49
SLIDE 49

15

dynamic list commitment (dlc)

Com CheckCom Append basic

e1 e2 e3 e4

system (generate succinct commitment) (check commitment) (add new events)

slide-50
SLIDE 50

16

dynamic list commitment (dlc)

Com CheckCom Append ProveAppend CheckAppend basic all events?

system

e1 e2

slide-51
SLIDE 51

16

dynamic list commitment (dlc)

Com CheckCom Append ProveAppend CheckAppend basic all events?

e1 e2 e3 e4

system (can’t delete events)

slide-52
SLIDE 52

17

dynamic list commitment (dlc)

Com CheckCom Append ProveAppend CheckAppend ProveIncl CheckIncl basic all events? specific event?

e1 e2 e3 e4

system (can’t omit events)

slide-53
SLIDE 53

18

dynamic list commitment (dlc)

Com CheckCom Append ProveAppend CheckAppend ProveIncl CheckIncl basic all events? specific event?

system

e1 e2 e3 e4

slide-54
SLIDE 54

18

dynamic list commitment (dlc)

Com CheckCom Append ProveAppend CheckAppend ProveIncl CheckIncl basic all events? specific event?

system

e1 e2 e3 e4

slide-55
SLIDE 55

18

dynamic list commitment (dlc)

Com CheckCom Append ProveAppend CheckAppend ProveIncl CheckIncl basic all events? specific event?

system

e1 e2 e3 e4

this is ordered w.r.t. some notion of time

slide-56
SLIDE 56

18

dynamic list commitment (dlc)

Com CheckCom Append ProveAppend CheckAppend ProveIncl CheckIncl basic all events? specific event? DemoInconsistent CheckInconsistent inconsistent?

“your commitment c does not represent the state of my list at time t” system

e1 e2 e3 e4

this is ordered w.r.t. some notion of time

slide-57
SLIDE 57

18

dynamic list commitment (dlc)

Com CheckCom Append ProveAppend CheckAppend ProveIncl CheckIncl basic all events? specific event? DemoInconsistent CheckInconsistent inconsistent? DemoNotIncl CheckNotIncl non-inclusion?

“your commitment c does not represent the state of my list at time t” system

e1 e2 e3 e4

this is ordered w.r.t. some notion of time

slide-58
SLIDE 58

19

system Log CheckEntry GenEventSet Inspect Gossip evidence

construction

log server

log

monitor

snap BE E

auditor snap CheckEvidence

slide-59
SLIDE 59

19

system Log CheckEntry GenEventSet Inspect Gossip evidence

construction

log server

log

monitor

snap BE E

auditor snap CheckEvidence

slide-60
SLIDE 60

19

system Log CheckEntry GenEventSet Inspect Gossip evidence

construction

log server

log

monitor

snap BE E

auditor snap CheckEvidence

dlc snap t sig

=

a (timed) signature, so no one can frame LS

slide-61
SLIDE 61

19

system Log CheckEntry GenEventSet Inspect Gossip evidence

construction

log server

log

monitor

snap BE E

auditor snap CheckEvidence

dlc snap t sig

=

snap E log =

a (timed) signature, so no one can frame LS

slide-62
SLIDE 62

20

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Sys LS

slide-63
SLIDE 63

20

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Sys LS

event

slide-64
SLIDE 64

20

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Sys LS

event rcpt a (timed) signature, so LS is accountable

slide-65
SLIDE 65

20

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Sys LS

event rcpt check rcpt a (timed) signature, so LS is accountable

slide-66
SLIDE 66

20

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Sys LS

event rcpt update log

  • add event to E
  • update dlc
  • update snap

check rcpt a (timed) signature, so LS is accountable

slide-67
SLIDE 67

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

slide-68
SLIDE 68

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event

slide-69
SLIDE 69

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

slide-70
SLIDE 70

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

snapA

slide-71
SLIDE 71

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

snapA ProveAppend

slide-72
SLIDE 72

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

snapA ProveAppend snapLS,π

slide-73
SLIDE 73

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

snapA ProveAppend CheckAppend snapLS,π

slide-74
SLIDE 74

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

snapA ProveAppend CheckAppend snapLS,π event

slide-75
SLIDE 75

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

snapA ProveAppend CheckAppend snapLS,π event ProveIncl

slide-76
SLIDE 76

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

snapA ProveAppend CheckAppend snapLS,π event ProveIncl CheckIncl

slide-77
SLIDE 77

21

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Sys Auditor

event update?

LS Auditor

snapA ProveAppend CheckAppend snapLS,π event ProveIncl CheckIncl b

slide-78
SLIDE 78

22

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Monitor

slide-79
SLIDE 79

22

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Monitor

snapM

slide-80
SLIDE 80

22

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Monitor

snapM find EΔ (events since snapM)

slide-81
SLIDE 81

22

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Monitor

snapM find EΔ (events since snapM) snapLS,EΔ

slide-82
SLIDE 82

22

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= LS Monitor

snapM find EΔ (events since snapM) snapLS,EΔ Append(EΔ,dlcM) = dlcLS? use checks to update BE

slide-83
SLIDE 83

23

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Monitor Auditor

slide-84
SLIDE 84

23

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Monitor Auditor

snapM,snapA

slide-85
SLIDE 85

23

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Monitor Auditor

snapM,snapA DemoInconsistent(E,dlcA,tA) π

slide-86
SLIDE 86

23

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Monitor Auditor

snapM,snapA DemoInconsistent(E,dlcA,tA) π b←CheckInconsistent(dlcA,tA,dlcM,π) if b return (snapA,snapM,π)

slide-87
SLIDE 87

23

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

snap E log = dlc snap t sig

= Monitor Auditor

snapM,snapA DemoInconsistent(E,dlcA,tA) π b←CheckInconsistent(dlcA,tA,dlcM,π) if b return (snapA,snapM,π) checks that (1) snapshots are signed by LS and (2) π proves inconsistency

slide-88
SLIDE 88

24

security

ability to carry out DemoInconsistent, ProveAppend, and ProveIncl ⇒ consistency unforgeability of DemoInconsistent, DemoNotIncl*, and signature scheme ⇒ non-frameability ability to carry out DemoNotIncl* ⇒ accountability

*uses pledged version in which Auditor keeps track of failed events and gossips about them with Monitor to produce new type of evidence

slide-89
SLIDE 89

25

goal: bad events are exposed

slide-90
SLIDE 90

25

goal: bad events are exposed system receives promises to include events in the log

slide-91
SLIDE 91

25

+ auditors determine if these events are in the log

auditor system CheckEntry log server

goal: bad events are exposed system receives promises to include events in the log

slide-92
SLIDE 92

25

+ auditors determine if these events are in the log + auditors and monitors ensure consistent view of log

monitor auditor Gossip auditor system CheckEntry log server

goal: bad events are exposed system receives promises to include events in the log

slide-93
SLIDE 93

25

+ auditors determine if these events are in the log + auditors and monitors ensure consistent view of log ⇒ (by consistency+accountability) event is in monitor’s view of the log

monitor auditor Gossip auditor system CheckEntry log server

goal: bad events are exposed system receives promises to include events in the log

slide-94
SLIDE 94

25

+ auditors determine if these events are in the log + auditors and monitors ensure consistent view of log ⇒ (by consistency+accountability) event is in monitor’s view of the log

monitor auditor Gossip

+ monitors detect bad events in the log ⇒

auditor system CheckEntry log server

goal: bad events are exposed system receives promises to include events in the log

log server monitor Inspect

slide-95
SLIDE 95

26

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) (consistency) (non-frameability) (dlc+sig) construction construction (accountability)

slide-96
SLIDE 96

26

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) (consistency) (non-frameability) (dlc+sig) which systems? construction (accountability)

slide-97
SLIDE 97

27

Log CheckEntry Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

Certificate Transparency

CA client website

bad certificate issuance is exposed ⇒ clients are less likely to accept bad certificates

(icon by parkjisun from noun project)

slide-98
SLIDE 98

28

Log CheckEntry Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

Bitcoin

sender receiver miner blockchain

double spending is exposed

slide-99
SLIDE 99

28

Log CheckEntry Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

Bitcoin

sender receiver miner blockchain

double spending is exposed … provably!

slide-100
SLIDE 100

28

Log CheckEntry Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

Bitcoin

sender receiver miner blockchain

double spending is exposed … provably! sender and receiver don’t need to store blockchain

slide-101
SLIDE 101

28

Log CheckEntry Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence

Bitcoin

sender receiver miner blockchain

double spending is exposed … provably! sender and receiver don’t need to store blockchain gives rise to hybrid system with no mining

slide-102
SLIDE 102

29

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) (consistency) (non-frameability)

  • pen problems

(dlc+sig) construction (accountability) (CT+Bitcoin)

slide-103
SLIDE 103

29

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) (consistency) (non-frameability) all parties needed?

  • pen problems

(dlc+sig) construction (accountability) (CT+Bitcoin)

slide-104
SLIDE 104

29

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) (consistency) (non-frameability) all parties needed? privacy?

  • pen problems

(dlc+sig) construction (accountability) (CT+Bitcoin)

slide-105
SLIDE 105

29

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) (consistency) (non-frameability) all parties needed? privacy? better?

  • pen problems

(dlc+sig) construction (accountability) (CT+Bitcoin)

slide-106
SLIDE 106

29

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) (consistency) (non-frameability) all parties needed? privacy?

  • thers?

better?

  • pen problems

(dlc+sig) construction (accountability) (CT+Bitcoin)

slide-107
SLIDE 107

29

system Log CheckEntry GenEventSet Inspect Gossip evidence log server

log

monitor

snap BE E

auditor snap CheckEvidence design security which systems? (add LS,Au,Mo) (consistency) (non-frameability) all parties needed? privacy?

  • thers?

better?

Thanks for listening! Full version: eprint.iacr.org/2016/915

  • pen problems

(dlc+sig) construction (accountability) (CT+Bitcoin)

slide-108
SLIDE 108

30

dynamic list commitment (dlc)

slide-109
SLIDE 109

30

dynamic list commitment (dlc)

Com CheckCom Append basic

slide-110
SLIDE 110

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append basic

slide-111
SLIDE 111

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Com( ) = H(e2||H(e1))

e1 e2

basic

slide-112
SLIDE 112

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

basic

slide-113
SLIDE 113

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Append( ,c12) = H(e4||(H(e3)||c12))

e3 e4

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

basic

slide-114
SLIDE 114

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Append( ,c12) = H(e4||(H(e3)||c12))

e3 e4 e1 e2 e3 e4

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

basic

slide-115
SLIDE 115

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Append( ,c12) = H(e4||(H(e3)||c12))

e3 e4

ProveAppend CheckAppend

e1 e2 e3 e4

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

basic all events?

slide-116
SLIDE 116

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Append( ,c12) = H(e4||(H(e3)||c12))

e3 e4

ProveAppend CheckAppend

e1 e2 e3 e4

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

ProveAppend(c12,c1234, ) = e3 e4

e1 e2 e3 e4

basic all events?

slide-117
SLIDE 117

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Append( ,c12) = H(e4||(H(e3)||c12))

e3 e4

ProveAppend CheckAppend

e1 e2 e3 e4

CheckAppend(c12,c1234, ) = (c1234 = Append( ,c12))

e3 e4 e3 e4

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

ProveAppend(c12,c1234, ) = e3 e4

e1 e2 e3 e4

basic all events?

slide-118
SLIDE 118

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Append( ,c12) = H(e4||(H(e3)||c12))

e3 e4

ProveAppend CheckAppend ProveIncl CheckIncl

e1 e2 e3 e4

CheckAppend(c12,c1234, ) = (c1234 = Append( ,c12))

e3 e4 e3 e4

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

ProveAppend(c12,c1234, ) = e3 e4

e1 e2 e3 e4

basic all events? specific event?

slide-119
SLIDE 119

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Append( ,c12) = H(e4||(H(e3)||c12))

e3 e4

ProveAppend CheckAppend ProveIncl CheckIncl

e1 e2 e3 e4

CheckAppend(c12,c1234, ) = (c1234 = Append( ,c12))

e3 e4 e3 e4

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

ProveAppend(c12,c1234, ) = e3 e4

e1 e2 e3 e4

ProveIncl(c1234,e3, ) = (c12, )

e1 e2 e3 e4 e4

basic all events? specific event?

slide-120
SLIDE 120

30

dynamic list commitment (dlc)

Com

e1 e2

CheckCom Append

Append( ,c12) = H(e4||(H(e3)||c12))

e3 e4

ProveAppend CheckAppend ProveIncl CheckIncl

e1 e2 e3 e4

CheckAppend(c12,c1234, ) = (c1234 = Append( ,c12))

e3 e4 e3 e4

Com( ) = H(e2||H(e1))

e1 e2

CheckCom(c, ) = (c = H(e2||H(e1)))

e1 e2

ProveAppend(c12,c1234, ) = e3 e4

e1 e2 e3 e4

ProveIncl(c1234,e3, ) = (c12, )

e1 e2 e3 e4 e4

CheckIncl(c1234,e3,(c12, )) = CheckAppend(c12,c1234, )

e4 e3 e4

basic all events? specific event?