[Cryptography] Aggregate signatures

Tom Mitchell mitch at niftyegg.com
Mon Jun 9 16:34:05 EDT 2014 

On Sun, Jun 8, 2014 at 9:40 PM, Dirk-Willem van Gulik <dirkx at webweaving.org>
wrote:

> On 8 Jun 2014, at 11:47, xor <crypto at idlecore.com> wrote:
> > I'm a programmer, I need a way to have several people sign the same
> > message,
>
.....

> >
> http://theory.stanford.edu/~dfreeman/cs259c-f11/finalpapers/aggregatesigs.pdf
> >
> > I couldn't find however a single implementation, I couldn't find one in
> > openssl, nss, or anywhere else. Does anyone know of a decent
> > implementation? Does anyone know if there is even a standard?
>
> Firstly - a million private keys  is a very large number - even in todays
> internet day and age
>


> title = {Accountable-subgroup Multisignatures: Extended Abstract},
>

Yes....
Lots of keys is a lot of data and a lot of key look ups and verification
(slow).....

If you are talking about a million keys you quickly will find you
are no longer in the world of email.  I commonly assemble a message
with quality images and more only to find that I fill up the mail box
of one or more friends or I encounter my service limits.

Clearly you need a secure place for the document shelf for the document
to live while it collects signatures.    You must keep the signatures
and data isolate.  The collection of signatures needs to be signed
so joe-random-badguy cannot insert himself.

With a million your tool may need to manage (cope with) revocations often...

If the document is more than one screen you need to allow those that
sign time (perhaps weeks) to view, read etc.  and then sign.

Signers need to verify the document they sign and did sign is the exact one
that they
reviewed.   Recall Radar putting a stack of paper in front of Col. Potter
 with a
"ringer for Clinger" in the pile.  This may prove the hardest part...

Authority must be managed as must invitations so trust is not lost.
If trust is only validated by a majority of strangers and automated army
of robots with pseudo users could assert and dominate the validity
or invalidate the document.

Validation implies/mandates revocation... I might agree today learn
something
tomorrow and thus wish to withdraw my signature.  Later might get back on
board
when the flaw is fixed or I learn more.

Note the web (HTML) has no state so these atomic operations are difficult.

Me ... I would look at enhancing Mercurial, Git or another distributed
source control
system and add a sign off with signature feature.   If you get it right I
can see value
and quick user adoption especially if you can embody a signature tree for
use in
review and accept processes.





-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140609/074940e3/attachment.html>

More information about the cryptography mailing list