Common use of Key authentication Clause in Contracts

Key authentication. To determine Kvo for a non-leaf node vo whose children are both leaf nodes corresponding to members Mi1 and Mi2 , the adversary E has to know rMi1 rMi2 . However, E only observes rMi1 and rMi2 . Thus, it is infeasible for E to solve the ▇▇▇▇▇▇-▇▇▇▇▇▇▇ problem for rMi1 rMi2 . On the other hand, to determine Kv for a non- leaf node v which contains at least one non-leaf child node, say node 2v + 1, E has to know K2v+1 K2v+2 . However, E cannot identify K2v+1 from the blinded key messages due to the intractability of the discrete logarithm problem (i.e., given only K2v+1 xMi and xMi , it is infeasible to compute K2v+1). Therefore, A-TGDH provides key authentication.

Key authentication. To determine Kvo for a non-leaf node vo whose children are both leaf nodes corresponding to members Mi1 and Mi2 , the adversary E has to know rMi1 αrMi1 rMi2 . However, E only observes rMi1 αrMi1 and rMi2 αrMi2 . Thus, it is infeasible for E to solve the ▇▇▇▇▇▇-▇▇▇▇▇▇▇ problem for rMi1 αrMi1 rMi2 . On the other hand, to determine Kv for a non- leaf node v which contains at least one non-leaf child node, say node 2v + 1, E has to know K2v+1 K2v+2 αK2v+1K2v+2 . However, E cannot identify K2v+1 from the blinded key messages due to the intractability of the discrete logarithm problem (i.e., given only K2v+1 xMi αK2v+1xMi and xMi αxMi , it is infeasible to compute K2v+1). Therefore, A-TGDH provides key authentication.