[Cryptography] Aggregate signatures

[xor]

I'm going to think about contracts in the future. Right now I'm working
on a fee distribution protocol that, instead of mining, depends on the
agreement of all potential fee receivers. Maybe a million peers was a
bit much, but since the cryptocurrency in question removes incentives
for pool mining, as well as proof of work, I anticipate even cellphone
users will be able to 'mine' currency, so I'm aiming high. I've been
having several problems with this protocol, one of which is bandwidth
usage, hence my interest in aggregate signatures.

On Mon, 2014-06-09 at 10:52 +0100, ianG wrote:
> On 9/06/2014 04:33 am, xor wrote:
> > My interest in aggregate signatures is related with my interest in
> > cryptocurrencies as well. For the application I have in mind I don't
> > need the verification, nor the signing, to be fast, but it needs to be
> > faster than performing the same operation for each individual signature,
> > hopefully it will have constant time when people are signing the same
> > message.
> 
> 
> If you are talking about cryptocurrencies, then I'd guess you're working
> with contracts.  At least, that's what I do if talking about 'aggregate
> signatures.'
> 
> In that case, you don't need any crypto for 2nd and mass parties to sign
> the statement, directly.  You just need to quote the hash of the
> contract in the business request you are doing, which as a consequence
> of the request is signed.  We can then interpolate the acceptance of the
> statement (contract) from that.
> 
> As you are quoting the contract in your own signed/identified request,
> moving value around, you've (most of) the elements of the contract covered.
> 
> 
> 
> iang
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography