A hash chain H for a one-way hash function h(·) is a sequence of hash values < v0, v1, ..., vn >, where vn is a secret value, vi is generated by vi = h(vi+1) for i = n-1, n-2, ..., 0 and v0 is a public value. A hash chain traversal algorithm T computes and outputs the hash chain H, returning vi in time period (called round) i for 1 ≤ i ≤ n. At the outset, T stores carefully chosen κ hash values (including vn) of H in κ memory storages (called pebbles). In round i, T performs two kinds of computations; online computation to output vi with hash values stored in pebbles and then preparatory computation to rearrange pebbles for future rounds. Usually, the online computation consists of either one or zero hash function evaluation, while the preparatory computation occupies most of the computational cost. The design goal of previous hash chain traversal algorithms was to minimize the worst case computational cost per round with minimal pebbles. On the contrary, we study a different optimization problem of minimizing the average case computational cost. Our proposed traversal algorithm reduces the average case computational cost by 20-30% and the online computational cost by 23-33% for parameters of practical interest. For example, if the proposed algorithm is implemented on battery-powered devices, the battery lifetime can be increased by 20-30%.

A hash chain H for a one-way hash function h() is a sequence of hash values < v0, v1, ..., vn >, where v0 is a public value, vn a secret value, and vi = h(vi+1). A hash chain traversal T computes and outputs the hash chain H, returning vi in time period (called round) i for 1 ≤ i ≤ n. While previous hash chain traversal algorithms were designed to output all hash values vi (1 ≤ i ≤ n) in order, there are applications where every m-th hash value (i.e., vm, v2m, v3m, ...) is required to be output. We introduce a hash chain traversal algorithm that selectively outputs every m-th hash value efficiently. The main technique is a transformation from a hash chain traversal algorithm outputting every hash value into that outputting every m-th hash value. Compared with the direct use of previous hash chain traversal algorithms, our proposed method requires less memory storages and computational costs.

The accumulator was introduced as a decentralized alternative to digital signatures. While most of accumulators are based on number theoretic assumptions and require time-consuming modulo exponentiations, Nyberg's combinatoric accumulator dose not depend on any computational assumption and requires only bit operations and hash function evaluations. In this article, we present a generalization of Nyberg's combinatoric accumulator, which allows a lower false positive rate with the same output length. Our generalization also shows that the Bloom filter can be used as a cryptographic accumulator and moreover excels the Nyberg's accumulator.

The Android pattern unlock is a widely adopted graphical password system that requires a user to draw a secret pattern connecting points arranged in a grid. The theoretical security of pattern unlock can be defined by the number of possible patterns. However, only upper bounds of the number of patterns have been known except for 3×3 and 4×4 grids for which the exact number of patterns was found by brute-force enumeration. In this letter, we present the first lower bound by computing the minimum number of visible points from each point in various subgrids.

The Android pattern unlock is a popular graphical password scheme, where a user is presented a 3×3 grid and required to draw a pattern on the onscreen grid. Each pattern is a sequence of at least four contact points with some restrictions. Theoretically, the security level of unlock patterns is determined by the size of the pattern space. However, the number of possible patterns is only known for 3×3 and 4×4 grids, which was computed by brute-force enumeration. The only mathematical formula for the number of possible patterns is a permutation-based upper bound. In this article, we present an improved upper bound by counting the number of “visible” points that can be directly reached by a point.