[cryptography] The Wandering Music Band

realcr realcr at gmail.com
Thu Jan 8 05:54:51 EST 2015

Hey, thanks again for the reply.

> The only notable difference is that in my version you are checkpointing
> the change in th blockchain.
> You still have the very same form of signing, but you sign a slightly
> different message (transfer of a colored coin, one Satoshi worth of
> Bitcoin, to a new address) instead of "group members XYZ are now the
> official group instead of ABC".

I disagree with you, or maybe I have misunderstood you idea. I think that
Bitcoin is not related here.

Bitcoin is all or nothing. If I want to use it, all the participants of the
network have to be part of it.
That means that all the participants of the network have to compute hashes
all the time.
In addition, every Bitcoin transaction involves all the participants of the

Assume that there are n participants in the network, and k band members.
using Bitcoin, every change in the band involves O(n) network complexity,
O(n) memory usage to the network (Every participant in the network has to
remember O(1) more data).
I can't really talk about computational complexity here, as the Bitcoin
algorithm never really terminates. We can just say that it costs a lot of
computational power.

In the proposed naive solution, every time a change happens, the band S has
to remember a few more signatures. (About O(k)).
So every change requires O(poly(k)) network complexity (Some protocol
between the band members), O(poly(k)) memory usage to the network (Each of
the band members should remember all the signatures),
and O(poly(k)) computational power (For generating the signatures, and
protocol between the band members).
In my case k is pretty small (You may assume k = O(logn)).

I think that the naive solution outperforms Bitcoin in every way in this
case. Correct me if I'm wrong here.

> The band S doesn't publish the signatures. They only show the signatures
> whenever I ask them.
> Is secrecy a requirement? If so, take a look at Zerocoin/Zerocash (not yet
> released, though). It uses Zero-knowledge proofs for secure "mixing" of
> coins to preserve privacy. You could also chose to have the group
> periodically rekey and transfer the colored coin even if there's no change,
> just to hide when the change actually happens.

Secrecy is not required. I meant to say that the band has the
responsibility of keeping the signatures and show them on demand.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150108/7a73a345/attachment.html>

More information about the cryptography mailing list