Score:1

A signing scheme that can be verified by anyone from the group who signed jointly

al flag

Suppose that a set of entities each have public/private key pairs, (P1, S1), (P2, S2), ..., (Pn, Sn).

In a straightforward scenario, a message signed with Si can be verified using Pi.

My question is, is there a way for me to sign a message with {S1...Sn} and the signature can be verified using one of the {P1...Pn}?

Here is my use case:

I have a list of clients, with each I share a key pair with.

In most of the cases the communication is 1 to 1 - I sign a message dedicated to one client with the dedicated private key and the client can verify using the corresponding public key.

For a new use case, I want to achieve a 1 to n communication without signing the message n times - I want to see if it's possible to create one signature that can be verified by the n clients using their respective public key.

knaccc avatar
es flag
A signature proves someone knows a secret which is linked to a corresponding public key. If there is no link between the secret and any of the other public keys, then there is no way that someone attempting to verify the signature with an independent public key can know if the correct secret has been used in the signature. Perhaps if you could elaborate more on your scenario, there might be an interesting approach to solving the problem you have by generating the other public keys such that they are linked to the secret.
weixin0129 avatar
al flag
Thanks @knaccc for your response! I edited my question to add my use case. Please let me know if it helps clarify my question.
knaccc avatar
es flag
I looked at your updated question. I'm not entirely sure what you mean by "I have a list of clients, with each I share a key pair with". What is wrong with you just having one (private, public) key pair, and using that to sign all of your outgoing messages? You just tell everyone your public key. They also have their own personal key pairs that they will only use for signing messages on their own behalf to send to you.
weixin0129 avatar
al flag
Sorry for the terribly delayed response to your question. Yes I would have used a common key pair if i could. But I wonder if there is a way that does not require creating and distributing new keys - so that it's a seamless experience to the clients, i.e. they can verify the signatures like how they used to without knowing the signing has changed on my side. Please let me know if that makes sense. And thanks for your help. @knaccc
knaccc avatar
es flag
So your question is simply: I use a key pair to sign messages to send to other people. Is there a way to change my public key without having to advise each of those people individually of my new public key?
weixin0129 avatar
al flag
Either a new key that's somehow associated with all the existing keys, or a signing mechanism that involves all existing keys.
weixin0129 avatar
al flag
but pretty much, yes. The goal is to only create the signature once instead of signing it using different keys multiple times.
knaccc avatar
es flag
When you next send a signed message to someone, you can simply sign it with your brand-new public key, and also send at the same time your brand-new public key signed by your older private key(s). This means someone can check that this brand-new key pair you are using has been authorized by the older key pairs you were using.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.