>
> Now the original members b,c,d create an alternative history:
I assume that the original band has a majority of correct members.
Therefore at least two out of {b,c,d} are correct, and they will not create
alternate history.
The original formulation is included:
Assume that the world contains correct people (People you can trust) and
> corrupt people (Those you can't trust).
> Also assume that the world has a majority of correct people (If it helps,
> you may assume 3/4 correct people).
>
> I am given a set S which contains k members (The music band). Assume that
> a majority of this set is correct.
>
> From time to time:
> - A random person (From the world) joins the band. (With good probability
> this new member is correct).
> - A random person (From the band) leaves the band.
>
On Thu, Jan 8, 2015 at 2:38 PM, Michael Rogers <mich...@briarproject.org>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 08/01/15 07:03, realcr wrote:
> > I think the naive solution I proposed in my first message is more
> > efficient than using Bitcoin, because it does not involve proof of
> > work or flooding stuff.
> >
> > Shortly: Whenever a person is added to the band, all the members
> > sign on the new list. Whenever a member leaves the band, all the
> > members sign on the new list. The band members keep the signatures
> > forever, so they can always prove they where formed originally from
> > the original band S.
>
> I think there might be a problem if a majority of members leave the
> band one by one and then construct an alternative history:
>
> band_0 = {a,b,c,d} // original lineup
> band_1 = {a,b,c} // d leaves
> band_2 = {a,b,c,e} // e joins
> band_3 = {a,b,e} // c leaves
> band_4 = {a,b,e,f} // f joins
> band_5 = {a,e,f} // b leaves
> band_6 = {a,e,f,g} // g joins
>
> Now the original members b,c,d create an alternative history:
>
> band_0 = {a,b,c,d} // original lineup
> band_1' = {b,c,d} // a leaves
> band_2' = {b,c,d,h} // h joins
>
> Which is the true lineup, band_6 or band_2'?
>
> A verifier who's seen both histories can tell that b and c have signed
> inconsistent statements. But how can a verifier know whether they've
> seen all histories that might exist?
>
> Cheers,
> Michael
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQEcBAEBCAAGBQJUrnpiAAoJEBEET9GfxSfMEqIIAK8ZHAE4XzAmVYg3A7z2kWJA
> mUHNoNMHf7198NLH9ddMrLOmKbGYWRko/6VY6dStx8Na3E0O1nAZVO2vdK9oTlBJ
> v6O6mmgAuAnG4oKAn3+KQHhGIxIUmsOn7vHTgF6X6l7JlgEnEhwNQ2GZ5azbyEnb
> iSxAjy1cnH4uWV8On8nFrBRfv1BkcizoclX1hBxF9b2v0+psNLbS0/EIFuGkonfx
> CYGRC117saH9t//kwEZEAk2b8PeNENb/memS4beBJdQNe0oMaiKV/rxXgf2IwnpX
> 1AdDopBU84EnICiwuB8lwSqhdlKBO07fJ6Slki/l6Fjie9lUlFU/4+rpSNQnzOE=
> =98M3
> -----END PGP SIGNATURE-----
>
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
