Optimal trade-off for Merkle tree traversal

In this paper we describe optimal trade-offs between time and space complexity of Merkle tree traversals with their associated authentication paths, improving on the previous results of M. Jakobsson, T. Leighton, S. Micali, and M. Szydlo [Fractal Merkle tree representation and traversal, in: RSA Cryptographers Track, RSA Security Conference, 2003] and M. Szydlo [Merkle tree traversal in log space and time, in: Proc. Eurocrypt, in: LNCS, vol. 3027, 2004, pp. 541-554; Merkle tree traversal in log space and time, Preprint version 2003, available at http://www.szydlo.com]. in particular, we show that our algorithm requires 2 log n/log(3)n hash function computations and storage for less than (log n/log(3) n + 1) log log n + 2 log n hash values, where n is the number of leaves in the Merkle tree. We also prove that these trade-offs are optimal, i.e. there is no algorithm that requires less than O(log n/log t) time and less than O (t log n/log t) space for any choice of parameter t >= 2. Our algorithm could be of special interest in the case when both time and space are limited. (c) 2006 Elsevier B.V. All rights reserved.