[cryptography] Fwd: The Wandering Music Band

realcr realcr at gmail.com
Thu Dec 10 15:02:36 EST 2015

```It has been a while, but I think I know now about an idea to solve this
problem.
I really appreciate all the help I got from your responses.

I wrote a document that explains it here:

https://www.newtolife.net/the-trusted-supernode-and-distributed-banking.html

Abstract:

The Trusted Supernode is an abstract idea for a distributed secure and
efficient banking system. This system allows payment operations that
disturb only small amount of participants. It overcomes adversarial attacks
by applying a useful proof of work, combined with node mixing.

The Trusted Supernode bank system relies at its core on a special form of
trusted entity called the supernode. In addition to its ability to manage
payments, the supernode should allow to securely exchange computation and
storage services for money.

real.

---------- Forwarded message ----------
From: realcr <realcr at gmail.com>
Date: Wed, Jan 7, 2015 at 5:40 PM
Subject: The Wandering Music Band
To: cryptography at randombit.net

Hi,
I am looking for some crypto primitive to solve a problem I have.

Assume that I meet a group of people. call it S. I get to talk to them a
bit, and
then they are gone.

This group of people walk together in the world. Sometimes they add a
person to
their group, and sometimes they remove one person. (You can assume it's a
music
band, then it all makes sense). Generally, though, you may assume that they
have
at least k people in the group at all times.

Assume that I meet the resulting group at some time in the future, after
many
members were added or removed. How can the new group S' prove to me that
they
are the descendants of the original group S?

1. Naive Solution: Remembering lots of signatures.

Every person in the world will have a key pair (of some asymmetric crypto)
to
represent his identity. When I first meet the group S, I collect all their
public keys and keep them.

Whenever a new member x is added to the group S, all the current members of
S
sign over the new list: S U {x}. Whenever a member x is removed from the
group
S, all the current members of S sign over the new list S \ {x}. The group
members always have to carry with them all the signatures since the
beginning of
time.

When I meet the group at some point in the future, I can just ask them to
prove
their current public keys, and also to show me all the signatures since the
beginning.

My issue with this solution is that the group has to remember more and more
signatures as time goes by. I wonder if there is a more efficient way.

2. Using "Transitive Signatures"

I have seen two articles about a concept called Transitive Signatures.
Shortly: Given a signature of x over y, and of y over z, any participant
will be
able to generate a signature where x signs over z.

http://people.csail.mit.edu/rivest/MicaliRivest-TransitiveSignatureSchemes.pdf
https://eprint.iacr.org/2004/215.pdf

I didn't manage to apply this method to my problem though.

I will appreciate any idea or hint about how to solve this.

Regards,
real.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20151210/7e9bc482/attachment.html>
```