Re: Multi-signature Verifiable Credentials from Markus Sabadello on 2022-10-03 (public-credentials@w3.org from October 2022)

From: Markus Sabadello <markus@danubetech.com>
Date: Mon, 3 Oct 2022 13:32:03 +0200
To: public-credentials@w3.org
Message-ID: <3c33b0bc-930d-2292-6edd-a79c80b9e0bf@danubetech.com>
For me, whenever I hear the term "multi-signature", my first question is 
always if the "multi-signature" happens on the cryptographic layer (i.e. 
a single signature is created using multiple keys) or if happens 
elsewhere in the data model or protocol layer (e.g. multiple signatures 
are attached to a VC or JWT or whatever).

My understanding of Verifiable Conditions is that they are about the 
latter, i.e. they do multiple proofs and combine them in flexible ways.

Manu's list may also be missing a few things that can be done with 
Verifiable Conditions, e.g.:

* Using multiple proofs to perform M of N threshold multi-signature.

Markus

On 03.10.22 12:15, Jack Tanner wrote:
> For the cases that we are looking at
> * Using multiple proofs to perform set-based multi-signature. (we want 
> to be able to asynchronous sign the VC)
> * Using multiple proofs to perform chain-based multi-signature.
> * Using multiple proofs to perform multi-level/enveloped multi-signature.
> * Using a single proof to perform set-based multi-signature. (sign a 
> VC with a number of keys at once)
> * Using a single proof to perform chain-based multi-signature.
> * Using a single proof to perform M of N threshold multi-signature. 
> (we are using W3C's Verifiable Condition to express this condition in 
> the DID Document)
> * Using a single proof to perform privacy-preserving M of N  threshold
> multi-signature.
>
> Food for thought, the implementation we just finished with JWT's is a 
> kind of chain proof in the end to make it comply to the JWT standard - 
> we nested each JWS as the payload for the next JWS inside the JWT.
>
> Proof sets for JSON-LD format is also a great approach.
>
> Cheers,
> Jack
>
> On Sat, 1 Oct 2022 at 20:52, Manu Sporny <msporny@digitalbazaar.com> 
> wrote:
>
>     On Wed, Sep 28, 2022 at 4:08 AM Jack Tanner
>     <jack@tonomy.foundation> wrote:
>     > What should the proof look like?
>
>     We're trying to lock this down over the next couple of weeks in the
>     VCWG. The specific sections of the Data Integrity spec (with examples)
>     are here:
>
>     https://pr-preview.s3.amazonaws.com/w3c/vc-data-integrity/pull/59.html#proof-sets
>
>     and here:
>
>     https://pr-preview.s3.amazonaws.com/w3c/vc-data-integrity/pull/59.html#proof-chains
>
>     > Which VC library would make the most sense for the initial
>     implementation?
>
>     Digital Bazaar's open source vc-js library will support proof sets and
>     chains (as specified in the Data Integrity spec by the VCWG) in
>     production. There is strong customer pull for proof sets. There is not
>     strong customer pull for proof chains, but given that we have the
>     opportunity to define a global standard for doing that AND because
>     there are use cases like notarization that are important, we plan to
>     add full support for that as well.
>
>     Regarding the concept of multi-signature, I am a bit concerned that
>     people are talking past each other as there are a number of categories
>     there and it's possible that not everyone is talking about the same
>     categories of multisig. There are at least these categories:
>
>     * Using multiple proofs to perform set-based multi-signature.
>     * Using multiple proofs to perform chain-based multi-signature.
>     * Using multiple proofs to perform multi-level/enveloped
>     multi-signature.
>     * Using a single proof to perform set-based multi-signature.
>     * Using a single proof to perform chain-based multi-signature.
>     * Using a single proof to perform M of N threshold multi-signature.
>     * Using a single proof to perform privacy-preserving M of N threshold
>     multi-signature.
>
>     So, when you say "multi-signature" -- which one of these things are
>     you talking about?
>
>     -- manu
>
>     -- 
>     Manu Sporny - https://www.linkedin.com/in/manusporny/
>     Founder/CEO - Digital Bazaar, Inc.
>     News: Digital Bazaar Announces New Case Studies (2021)
>     https://www.digitalbazaar.com/
>
>
>
> -- 
> _________________________________________
>  
> Jack Tanner
> Founder and Architect | Tonomy Foundation
> p: (+31) 6 2216 5433
> w: tonomy.foundation <https://tonomy.foundation/> e: 
> jack@tonomy.foundation
> <https://twitter.com/@theblockstalk> 
> <https://www.linkedin.com/in/jack-tanner/>
>
Received on Monday, 3 October 2022 11:32:19 UTC