W3C home > Mailing lists > Public > public-credentials@w3.org > January 2022

Re: Future-proofing VCs via multiple signatures

From: Christopher Allen <ChristopherA@lifewithalacrity.com>
Date: Fri, 14 Jan 2022 10:20:57 -0800
Message-ID: <CACrqygCN5vPStQd2kSiHxEfu+GQt1-ddW1gHmqukRdYLW5s0xA@mail.gmail.com>
To: Eugeniu Rusu <eugeniu@jolocom.com>
Cc: Brian Richter <brian@aviary.tech>, "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>, Manu Sporny <msporny@digitalbazaar.com>, "public-credentials@w3.org" <public-credentials@w3.org>
Since the title of this thread is about future-proofing, there is one
important future you are missing.

With schnorr-based multisig on secp (and its variants such as 25519-dalek,
ristretto, etc. but NOT orginary 25519), you can have multisig proofs that
are effectively indistinguishable from single signature proofs. This is
because schnorr can be additive.

This allows for some important privacy options — you can know that an
aggregate threshold of multiple people signed it, but not specifically who.

The terms I have been using is accountable signatures where if you need who
signed it and how many (the traditional multisig in bitcoin), and
non-accountable signatures (now available as option in bitcoin taproot).

It also solves some business issues, as you can have a signature that
approves new stock shares signed by an accountable super-majority of board
of directors, or by 50+1 stockholders, who need coercion resistance to the
more powerful members and thus need to be able to non-accountably vote
anonymously. You can also combine these with a smart signature.

In addition, this ability has an impact on the future of chain signatures.
You can just add all the previous schnorr signatures and provide only the
aggregate of the chain. It is only valid if the all the chain is valid, but
does not require the chain itself, only the signature of the last entry.

There is also something also called adapter signatures which is relevant to
the future, which means you can't verify the signature without an offline
secret generated separately. This is often used with payments, where the
signature is not valid unless the fee has been paid, thus revealing the
secret you need. Issue now, pay later!

Let me know if these are interest to you — Blockchain Commons has on our
roadmap to demonstrate these this year with CBOR, but could be funded to
demonstrate with LD-Proofs.

-- Christopher Allen
Received on Friday, 14 January 2022 18:21:47 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC