Hey, thanks again for the reply. > The only notable difference is that in my version you are checkpointing > the change in th blockchain. > > You still have the very same form of signing, but you sign a slightly > different message (transfer of a colored coin, one Satoshi worth of > Bitcoin, to a new address) instead of "group members XYZ are now the > official group instead of ABC". >
I disagree with you, or maybe I have misunderstood you idea. I think that Bitcoin is not related here. Bitcoin is all or nothing. If I want to use it, all the participants of the network have to be part of it. That means that all the participants of the network have to compute hashes all the time. In addition, every Bitcoin transaction involves all the participants of the network. Assume that there are n participants in the network, and k band members. using Bitcoin, every change in the band involves O(n) network complexity, O(n) memory usage to the network (Every participant in the network has to remember O(1) more data). I can't really talk about computational complexity here, as the Bitcoin algorithm never really terminates. We can just say that it costs a lot of computational power. In the proposed naive solution, every time a change happens, the band S has to remember a few more signatures. (About O(k)). So every change requires O(poly(k)) network complexity (Some protocol between the band members), O(poly(k)) memory usage to the network (Each of the band members should remember all the signatures), and O(poly(k)) computational power (For generating the signatures, and protocol between the band members). In my case k is pretty small (You may assume k = O(logn)). I think that the naive solution outperforms Bitcoin in every way in this case. Correct me if I'm wrong here. > The band S doesn't publish the signatures. They only show the signatures > whenever I ask them. > > Is secrecy a requirement? If so, take a look at Zerocoin/Zerocash (not yet > released, though). It uses Zero-knowledge proofs for secure "mixing" of > coins to preserve privacy. You could also chose to have the group > periodically rekey and transfer the colored coin even if there's no change, > just to hide when the change actually happens. > Secrecy is not required. I meant to say that the band has the responsibility of keeping the signatures and show them on demand.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
