Re: voting by m of n digital signature?

2008-11-14 Thread Florian Weimer 
* James A. Donald:

> Is there a way of constructing a digital signature so
> that the signature proves that at least m possessors of
> secret keys corresponding to n public keys signed, for n
> a dozen or less, without revealing how many more than m,
> or which ones signed?

What about this?

  Christian Cachin, Asad Samar
  Secure Distributed DNS
  

Or do you require that potential signers must not be able to prove
that they signed?

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: voting by m of n digital signature?

2008-11-10 Thread dan 

"James A. Donald" writes:
-+---
 | Is there a way of constructing a digital signature so
 | that the signature proves that at least m possessors of
 | secret keys corresponding to n public keys signed, for n
 | a dozen or less, without revealing how many more than m,
 | or which ones signed?
 | 

quorum threshhold crypto; if Avishai Wool or Moti Yung
or Yvo Desmedt or Yair Frankel or...  are here on this
list, they should answer

a *tiny* contribution on my part

  http://geer.tinho.net/geer.yung.pdf

humbly,

--dan

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: voting by m of n digital signature?

2008-11-09 Thread Richard Salz 
> Is there a way of constructing a digital signature so
> that the signature proves that at least m possessors of
> secret keys corresponding to n public keys signed, for n
> a dozen or less, without revealing how many more than m,
> or which ones signed?

Yes there are a number of ways.  Usually they involve splitting the 
private key so that when a quorum of fragment signatures are done, they 
can be combined and the result verified by the public key.   Look for 
multi-step signing or threshold signatures, for example.

Disclaimer: I worked at CertCo who had the "best" technology in this area. 
It was created for SET.
/r$


--
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

voting by m of n digital signature?

2008-11-09 Thread James A. Donald 

Is there a way of constructing a digital signature so
that the signature proves that at least m possessors of
secret keys corresponding to n public keys signed, for n
a dozen or less, without revealing how many more than m,
or which ones signed?

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]