Alice has an identity initialized on her phone. She wants to add more devices to be authorized to sign off on valid blocks that extend her chain.
Problem is Bob is a creepy fuck who can learn which device she is on depending on which key she is signing data with.
We are looking for an efficient asymmetric signature scheme masks m of n signatures to be indistinguishable from a single signature.
This would minimize the leaked information to a maximum of allowing the outside observer to speculate if was a key rotation or a new device being added.
User Story
Alice has an identity initialized on her phone. She wants to add more devices to be authorized to sign off on valid blocks that extend her chain.
Problem is Bob is a creepy fuck who can learn which device she is on depending on which key she is signing data with.
We are looking for an efficient asymmetric signature scheme masks m of n signatures to be indistinguishable from a single signature.
This would minimize the leaked information to a maximum of allowing the outside observer to speculate if was a key rotation or a new device being added.