Owner: @Mehmet

This part was written in case of using VID scenario, but since the sampling protocol is now being applied, this part has become deprecated.

In that case, $node_j$ signs the certificate which consists of the hash value of $C_{agg}$ and $\{r_1,r_2,\dots,r_{\ell}\}$.

• Assume that the private key of $node_j$ is $sk_j$. All participating nodes prove that they possess their private keys during the proof of possession stage initially. This stage is only done when participating nodes register in the system. It doesn't need to be repeated with every signature. This process is needed to prevent the Rogue Key Attack. (more details can be found here)

• Participating nodes that pass this check are added to the trusted list.

• Every participating node $j$ is generate the signature as follows:

  $\sigma_j=Sign(sk_j, hash(C_{agg}, r_1,r_2,\dots,r_{\ell}))$

$\sigma_j=Sign(sk_j, hash(C_{agg}, r_1,r_2,\dots,r_{\ell}))$

• The signatures from participating nodes are verified by the dispersal, and valid signatures are collected in a pool. The size of the pool must be equal to or greater than the threshold value $t$. Then, these signatures are aggregated and the corresponding group public key is created as follows:

  Aggregation:

  • Given a set of signatures $\sigma_1,\sigma_2,\dots,\sigma_t$ and corresponding public keys $pk_1,pk_2,...,pk_t$:
    • Aggregate Signatures: $\sigma_{agg}=\sigma_1+\sigma_2+\dots+\sigma_t$
    • Aggregate Public Keys: $pk_{agg}=pk_1+pk_2+\dots+pk_t$

  Verification of Aggregated Signature:

  • Given $\sigma_{agg}$, $pk_{agg}$, and the original message $C_{agg}, r_1,r_2,\dots,r_{\ell}$:
    • Hash the message: $h=H(C_{agg}, r_1,r_2,\dots,r_{\ell})$
    • Verify: $e(pk_{agg},G)=e(\sigma_{agg},h)$

Aggregation:

• Given a set of signatures $\sigma_1,\sigma_2,\dots,\sigma_t$ and corresponding public keys $pk_1,pk_2,...,pk_t$:
  • Aggregate Signatures: $\sigma_{agg}=\sigma_1+\sigma_2+\dots+\sigma_t$
  • Aggregate Public Keys: $pk_{agg}=pk_1+pk_2+\dots+pk_t$

Verification of Aggregated Signature:

• Given $\sigma_{agg}$, $pk_{agg}$, and the original message $C_{agg}, r_1,r_2,\dots,r_{\ell}$:
  • Hash the message: $h=H(C_{agg}, r_1,r_2,\dots,r_{\ell})$
  • Verify: $e(pk_{agg},G)=e(\sigma_{agg},h)$
• Aggregate Signatures: $\sigma_{agg}=\sigma_1+\sigma_2+\dots+\sigma_t$
• Aggregate Public Keys: $pk_{agg}=pk_1+pk_2+\dots+pk_t$
• Hash the message: $h=H(C_{agg}, r_1,r_2,\dots,r_{\ell})$
• Verify: $e(pk_{agg},G)=e(\sigma_{agg},h)$

When the signatures are collected from each participating node, if it exceeds the threshold value, this will give us the proof that the data is encoded correctly and the integrity of the original data has been ensured.