> Is there a way of constructing a digital signature so
> that the signature proves that at least m possessors of
> secret keys corresponding to n public keys signed, for n
> a dozen or less, without revealing how many more than m,
> or which ones signed?
Yes there are a number of ways. Usually they involve splitting the
private key so that when a quorum of fragment signatures are done, they
can be combined and the result verified by the public key. Look for
multi-step signing or threshold signatures, for example.
Disclaimer: I worked at CertCo who had the "best" technology in this area.
It was created for SET.
/r$
--
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
