Re: Multi-signature Verifiable Credentials from Manu Sporny on 2022-10-10 (public-credentials@w3.org from October 2022)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Mon, 10 Oct 2022 18:39:43 -0400
To: Jack Tanner <jack@tonomy.foundation>
Cc: public-credentials@w3.org, rebal@tonomy.foundation, Suneet Bendre <bendre.android@gmail.com>
Message-ID: <CAMBN2CT0aY3=bYfMg+nCnzZ3TqrKe8HLj0Z0Bf7M4=KmgBOyFg@mail.gmail.com>

On Mon, Oct 10, 2022 at 4:37 AM Jack Tanner <jack@tonomy.foundation> wrote:
> What are the options you are considering for how to verify that a M/N proof set contains the required number of signatures?

I should probably start by saying that we (Digital Bazaar) hasn't
found a super strong market need for M-of-N threshold signatures yet.
It doesn't mean that it doesn't exist, just that we haven't found it
yet. :)

That's further complicated by there being multiple design paths for
implementing M-of-N (either as a single "anonymous" signature or
multiple signatures).

> How do you express the condition for this?

There are multiple ways... I'd suggest to use the easiest to implement
mechanism in order to make sure that others have an easy time
implementing it.

> What we are doing here is using the W3C Verifiable Condition, a verification method type. I am wondering if you have got a different approach?

The VerifiableCondition2021 mechanism does seem to cover all of the
possible cases. I would argue that it might be too complex to
implement and have it pass a security review. You might consider
breaking threshold signatures into separate use cases and then using a
different type for each use case. What's the simplest threshold
signature you can model... start with that (and specifically don't
include support for weights or arbitrary branching logic such as
conditionAnd or conditionOr). So, start with something simple like
this:

{
"id": "did:example:123#4",
"controller": "did:example:123",
"type": "ThresholdVerification2022",
"threshold": 3,
"verificationMethod": [A, B, C, D, E]
}

... and then use standard Data Integrity proof sets to collect the
signatures on the thing you're signing:

https://w3c.github.io/vc-data-integrity/#proof-sets

There is a challenge there in that you're going to have to figure out
how to communicate both the ThresholdVerification2022 Verification
Method as well as the specific public key that generated each
signature, which probably means defining a new cryptosuite for
threshold signatures.

All that said, you've probably thought about this problem far more
deeply than I have given your work on VerifiableCondition2021. My only
advice is that that prior work might be too complicated to catch on
and so you might try something more focused that achieves a large
number of use cases (without trying to solve all of them with a single
verification method scheme).

-- manu

--
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Monday, 10 October 2022 22:40:32 UTC