we're using XOR method on ring oramstore block on server as EncBlock || Sign

1. we're using XOR method on ring oram
2.  
3. store block on server as EncBlock || Sign_client(EncBlock)
4. store buckets on server with a bucket merkle tree
5.  
6. verification tree is augmented with bucket hashes, as before
7.  
8. we also have freshness tree
9.  
10. to ReadPath:
11. client sends server a requested path with offsets
12. server sends client all the requested blocks along path XORd together = PathXORBlock || PathXORSignature
13. client reconstructs dummy encryptions and signatures
14. client XORs away on PathXORBlock and PathXORSignature to retrieve real block and signature
15.  
16. client verifies signature on block
17. client verifies freshness of block
18. if either fail, call CheckBucket on every bucket in path
19.  
20. security note:
21. if server changes any bit along the path, it'll sign wrong
22. assumes signatures are guaranteed to not be homomorphic; ie, Sign(a) + Sign(b) !!= Sign(a + b)
23.  
24.  
25.  
26. to ReadBucket:
27. client gets the bucket, verifies the signatures in the bucket
28. if signatures are bad, call CheckBucket
29. if freshnesses are bad, call CheckBucket
30. if signatures are good, server gives merkle proof up to verification tree root
31.  
32.  
33. to WriteBucket:
34. client writes bucket, gets signature from server of the root of the bucket tree
35. updates freshness tree