Signature Verification

The verifier receives message $M$ and the BiBa signature $s$_i, s_j . We assume for now that the verifier has an efficient method to authenticate the SEALs $s$_i, s_j. To verify the BiBa signature the verifier computes $h=H(m)$, checks that $s$_i ≠s_j, and $G$_h( s_i ) = G_h(s_j).

Note that the verification is very light-weight: Without considering the SEAL authentication, the verification only requires one hash function computation and two hash function computations.