[Cryptography] What do we call a signature over multiple pieces of data?

Fri Feb 10 01:09:29 EST 2023

On 2/6/23 21:12, Phillip Hallam-Baker wrote:
> I am trying to work out what the name of the thing I am writing is.
>
> OK so we have
>
> Digital signature - base class
>
> Multi-Signature - A single piece of data signed under multiple private 
> keys, all of which are required for the signature to be considered valid.

I would call this type a 'consensus signature' - the basic unit of 
action of of a body which must come to a unanimous agreement to act, 
like a jury etc.

> Quorum signature - A multi-signature where t of n sigs must be present

There's a special case, because in committee proceedings a quorum is 
some threshold number of votes, and does not usually require that those 
votes are unanimously in favor. A quorum that requires ten votes takes 
valid action even if six of them voted yes and four voted no or 
abstained, out of the 20 or however many could have voted.  A 'quorum' 
shows that a certain number of people (or agents) have paid attention to 
the question, but the emergent action does not necessarily require all 
of those people to have been in agreement.

>
> Threshold signature - A digital signature created from a private key 
> split into t of n shares.

I think that one's well established.

>
> Merkle Signatures, Tree Signatures, Lamport Signatures, all used to 
> refer to symmetric key based signatures.
>
And still do.  The adaptation of these to asymmetric keys changes their 
properties enough that I think as an author you have to mention which 
variety you're talking about on just about every page you mention them.

> What I have is a sequence of envelopes and a signature on the apex of 
> a Merkle tree and I am extracting a specific envelope and the apex 
> signature and the parts necessary to reconstruct the digest chain for 
> that envelope. What do we call such a signature that we haven't 
> already used?
>
> There are two cases,
>
> Signature on envelope #42, signing envelope #10
>
> Signature on envelope #42, signing envelope #10, #32, #40
>
>
> The overall requirement is to provide a proof that document P was 
> signed After document X but before Document Y. Where X has been 
> enrolled in a Trusted external notary chain and Y incorporates an 
> output from that chain.
>
> So if I am trying to show that I collected a set of forensics data on 
> a particular date, documents X and Y probably involve a DoJ or NIST 
> notary chain, either directly or indirectly. If you run your own 
> notary log, the trusted party can be yourself (if you were active at 
> the time with sufficient granularity).
>
> Interval Signature???
>
I think 'interval signature' is probably a good nomenclature for that 
because it corresponds to things that happened within some interval in a 
(chronological) Merkle Tree.

Bear

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20230209/35e738c5/attachment.htm>