[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Members of Parliament Problem
Lucky writes:
>
>> At 9:32 AM 11/15/1996, Adam Shostack wrote:
>> I've been toying with schemes that multiply the Ns from everybody's
>> public key to create a new semi-anonymous public key. The only
>> problem is that in each case either identity is revealed or the
>> person seeking semi-anonymously reveals their secret key. So,
>> I am not quite there. ;-)
>
>I think that Chaum wrote some papers on group signatures. I'll try to dig
>them out. But it probably won't be before Sunday.
There are several types of "group signature" schemes out there. The one
which Chaum wrote about was signatures which require a group to perform
verification of the signature in relation to his undeniable signature
system (Lidong Chen advanced this a bit further to make the scheme more
general.) There are also systems in which group or subset of a group is
necessary to sign the message, the original work was by Yves Desmet in his
paper "Social Cryptography" in Crypto 88 or 89 I think. There have been
various advancements on these systems, with different threshold schemes
applied, the ability to have "super-votes" among the shares or veto schemes,
mechanisms using distributed computation to securely perform the signing
or encryption, as well other bells and whistles. At one point I was thinking
about such systems in the context of the DNSSEC work as a means for creating
a pseudonymous top-level domain with the same mechanisms for adjudication and
dispute resolution as the current system through group signatures but had to
set it aside to work on something a bit more practical. If anyone is really
interested I could probably put together a fairly comprehensive listing of
the literature in this particular area...
jim