> Is there a way of constructing a digital signature so
> that the signature proves that at least m possessors of
> secret keys corresponding to n public keys signed, for n
> a dozen or less, without revealing how many more than m,
> or which ones signed?

Yes there are a number of ways.  Usually they involve splitting the 
private key so that when a quorum of fragment signatures are done, they 
can be combined and the result verified by the public key.   Look for 
multi-step signing or threshold signatures, for example.

Disclaimer: I worked at CertCo who had the "best" technology in this area. 
It was created for SET.
        /r$


--
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to