-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 08/01/15 07:03, realcr wrote:
> I think the naive solution I proposed in my first message is more
> efficient than using Bitcoin, because it does not involve proof of
> work or flooding stuff.
>
> Shortly: Whenever a person is added to the band, all the members
> sign on the new list. Whenever a member leaves the band, all the
> members sign on the new list. The band members keep the signatures
> forever, so they can always prove they where formed originally from
> the original band S.
I think there might be a problem if a majority of members leave the
band one by one and then construct an alternative history:
band_0 = {a,b,c,d} // original lineup
band_1 = {a,b,c} // d leaves
band_2 = {a,b,c,e} // e joins
band_3 = {a,b,e} // c leaves
band_4 = {a,b,e,f} // f joins
band_5 = {a,e,f} // b leaves
band_6 = {a,e,f,g} // g joins
Now the original members b,c,d create an alternative history:
band_0 = {a,b,c,d} // original lineup
band_1' = {b,c,d} // a leaves
band_2' = {b,c,d,h} // h joins
Which is the true lineup, band_6 or band_2'?
A verifier who's seen both histories can tell that b and c have signed
inconsistent statements. But how can a verifier know whether they've
seen all histories that might exist?
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJUrnpiAAoJEBEET9GfxSfMEqIIAK8ZHAE4XzAmVYg3A7z2kWJA
mUHNoNMHf7198NLH9ddMrLOmKbGYWRko/6VY6dStx8Na3E0O1nAZVO2vdK9oTlBJ
v6O6mmgAuAnG4oKAn3+KQHhGIxIUmsOn7vHTgF6X6l7JlgEnEhwNQ2GZ5azbyEnb
iSxAjy1cnH4uWV8On8nFrBRfv1BkcizoclX1hBxF9b2v0+psNLbS0/EIFuGkonfx
CYGRC117saH9t//kwEZEAk2b8PeNENb/memS4beBJdQNe0oMaiKV/rxXgf2IwnpX
1AdDopBU84EnICiwuB8lwSqhdlKBO07fJ6Slki/l6Fjie9lUlFU/4+rpSNQnzOE=
=98M3
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
