More practical and secure history-independent hash tables

Abstract

Direct-recording electronic (DRE) voting systems have been used in several countries including United States, India, and the Netherlands to name a few. A common flaw that was discovered by the security researchers was that the votes were stored sequentially according to the time they were cast, which allows an attacker to break the anonymity of the voters. Subsequent research pointed out the connection between vote storage and the privacy property historyindependence. In a weakly history-independent data structure, every possible sequence of operations consistent with the current set of items is equally likely to have occurred. In a strongly history-independent data structure, items must be stored in a canonical way, i.e., for any set of items, there is only one possible memory representation. Strong historyindependence implies weak history-independence but considerably constrains the design choices of the data structures. In this work, we present and analyze an efficient hash table data structure that simultaneously achieves the following properties:-It is based on the classic linear probing collision-handling scheme.-It is weakly history-independent.-It is secure against collision-timing attacks. That is, we consider adversaries that can measure the time for an update operation, but cannot observe data values, and we show that those adversaries cannot learn information about the items in the table.-All operations are significantly faster in practice (almost 2x faster for high load factors) than those of the commonly used strongly historyindependent linear probing method proposed by Blelloch and Golovin (FOCS’07), which is not secure against collision-timing attacks. To our knowledge, our hash table construction is the first data structure that combines history-independence and protection against a form of timing attacks.