Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- we're using XOR method on ring oram
- store block on server as EncBlock || Sign_client(EncBlock)
- store buckets on server with a bucket merkle tree
- verification tree is augmented with bucket hashes, as before
- we also have freshness tree
- to ReadPath:
- client sends server a requested path with offsets
- server sends client all the requested blocks along path XORd together = PathXORBlock || PathXORSignature
- client reconstructs dummy encryptions and signatures
- client XORs away on PathXORBlock and PathXORSignature to retrieve real block and signature
- client verifies signature on block
- client verifies freshness of block
- if either fail, call CheckBucket on every bucket in path
- security note:
- if server changes any bit along the path, it'll sign wrong
- assumes signatures are guaranteed to not be homomorphic; ie, Sign(a) + Sign(b) !!= Sign(a + b)
- to ReadBucket:
- client gets the bucket, verifies the signatures in the bucket
- if signatures are bad, call CheckBucket
- if freshnesses are bad, call CheckBucket
- if signatures are good, server gives merkle proof up to verification tree root
- to WriteBucket:
- client writes bucket, gets signature from server of the root of the bucket tree
- updates freshness tree
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement