“…Auditor ⟶ CSP: t, c, ID F . (11) Proof-Gen. Upon receiving the challenge from the auditor, the CSP first retrieves the hash-block corresponding to the given instant t from the public blockchain and extracts the two random values k 1 , k 2 ∈ 0, 1 { } l from the retrieved hashblock using the global function Ω. e CSP computes the set C � (i, v i ) , where i � π(k 1 , x) and v i � f(k 2 , x) for 1 ≤ x ≤ c. Next, it computes proof of possession for the challenged blocks as follows.…”