Information Technology Reference
In-Depth Information
TABLE 3.2
PathGen
Table for the Sixth Block of the File F Stored
in the Skip List in Figure 3.2
Node
v
v
6
v
5
w
1
w
3
w
4
w
6
w
7
D
(
v
)
rgt
rgt
dwn
dwn
rgt
rgt
dwn
l
(
v
)
0
0
1
2
2
2
3
Q
(
v
)
0
1
1
6
3
1
1
G
(
v
)
0
x
(
v
5
)
f
(
v
7
)
f
(
w
5
)
f
(
w
2
)
f
(
v
1
)
f
(
v
14
)
(Algorithm 2) to verify the integrity of the skip list using the table Π and the
signature of the start node S, which is
sig
sk
(
H
(
f
(
S
))), sent by the cloud server.
Algorithm 2 iteratively computes tuples (λ
j
, ρ
j
, δ
j
, γ
j
) for each node
v
j
on
the verification path plus a sequence of integers ζ
j
. At each iteration of the
for-loop, the tuple (λ
j
, ρ
j
, δ
j
, γ
j
) associated with a node
v
j
of the verification path
represents the following:
• λ
j
=
l
(
v
j
), that is, the level of
v
j
;
• ρ
j
=
r
(
v
j
), that is, the rank of
v
j
;
• δ
j
indicates whether we arrived at
v
j
from right or below;
• γ
j
=
f
(
v
j
), that is, the label of
v
j
;
• ζ
j
is equal to the sum of the ranks of all the nodes that are to the right
of nodes of the path seen so far but are not on the verification path.
3.4.4 Bilinear Aggregate Signatures
We have used BLS (Boneh, Lynn, and Shacham) aggregate signatures in our
scheme to achieve public auditability and blockless verification.
3.4.4.1 BLS Signature Scheme
Boneh, Lynn, and Shacham [6] gave a simple, deterministic signature
scheme in which the signatures are very short. The signer's secret key is
x
∈ , the public key is
y
=
g
x
, and
g
is the generator of the multiplicative
group
G
of order
q
. Let
H
: {0, 1}
*
→
G
be a hash function. The signature
scheme is given by
q
Sign
(
m
): the signature σ on message
m
is σ = (
H
(
m
))
x
∈
G
.
Ve r if y
(σ,
m
): accept if
e
(
g
, σ) =
e
(
g
x
,
H
(
m
)).
3.4.4.2 Aggregate Signature Scheme
Aggregate signatures [6] are used if we have different signers who want to
sign different messages but we only want to produce one signature. This is
Search WWH ::
Custom Search