A hash calendar is a data structure that is used to measure the passage of time by adding hash values to an append-only database with one hash value per elapsed second. It can be thought of special kind of Merkle or hash tree, with the property that at any given moment, the tree contains a leaf node for each second since 1970‑01‑01 00:00:00 UTC.
A hash tree with 8 leaf nodes and a hash calendar after 7 seconds.
A hash calendar after 31 seconds consists of 5 disjoint hash trees.
The leaves are numbered left to right starting from zero and new leaves are always added to the right. By periodically publishing the root of the hash-tree is it possible to use a hash calendar as the basis of a hash-linking based digital timestamping scheme.
The hash calendar construct was invented by Estonian cryptographers Ahto Buldas and Mart Saarepera based on their research on the security properties of cryptographic hash functions and hash-linking based digital timestamping. Their design goal was to remove the need for a trusted third party i.e. that the time of the timestamp should be verifiable independently from the issuer of the timestamp.
Construction of a hash calendar
There are different algorithms that can be used to build a hash calendar and extract a relevant hash chain per second. The easiest is to imagine the calendar being built in two phases. In the first phase, the leaves are collected into complete binary trees, starting from left, and making each tree as large as possible.
Sparse hash calendar with 1110 = 10112 leaves
In the second phase, the multiple unconnected trees are turned into a single tree by merging the roots of the initial trees, but this time starting from the right and adding new parent nodes as needed (red nodes).
Compact hash calendar with 1110 = 10112 leaves.
The hash chains can then be extracted as from any hash tree. Since the hash calendar is built in a deterministic manner, the shape of the tree for any moment can be reconstructed knowing just the number of leaf nodes in the tree at that moment, which is one more than the number of seconds from 1970‑01‑01 00:00:00 UTC to that moment. Therefore, given the time when the calendar tree was created and a hash chain extracted from it, the time value corresponding to each leaf node can be computed.
Distributed hash calendar
The Distributed hash calendar is a distributed network of hash calendar nodes. In order to ensure a high availability service it is possible to have multiple calendars in different physical locations all of which communicate with each other to ensure that each calendar contains identical hash values. Ensuring that the calendars remain in agreement is a form of Byzantine fault tolerance
To the right a 5 node calendar cluster is shown where each node communicates with every other node in the cluster and there is no single point of failure. Although each node has a clock the clock is not used for setting the time directly but as a metronome to ensure that the nodes “beat” at the same time.
A five node hash calendar cluster is a component of Keyless Signature Infrastructure (KSI), each leaf in the hash calendar being the aggregate hash value of a globally distributed hash tree.
- Cryptographic hash functions
- Linked Timestamping
- Hash list
- Hash table
- Merkle tree
- Provably secure cryptographic hash function
- System and method for generating a digital certificate patent 8,312,528
- Merkle tree patent 4,309,569 – Explains both the hash tree structure and the use of it to handle many one-time signatures.
- Efficient Use of Merkle Trees – RSA labs explanation of the original purpose of Merkle trees: To handle many Lamport one-time signatures.