Mathematical proof of a guaranteed double signature

[synctext]

A key primitive of the TrustChain work by Delft is the double signature. Once two parties reach agreement and cryptographically validate a transactions, it becomes tamper-proof, irrefutable, and also part of the consensus.

This work aims to produce a scheme which has an guaranteed outcome with nice properties: a first line of defense against double spending. Instead of two parties both directly signing a transactions, we introduce several phases and rely on third parties. The aim is to reduce the reliance on these third parties: they are blind, can be untrusted, and unreliable. We use third parties are group of random witnesses and when one of them truthfully executes the protocol, we guarantee a good outcome.

One idea to prevent double spending. Each round Alice has an assigned group of witnesses. These witnesses are assigned in a deterministic algorithm, depending out the (hash) outcome of the consensus and the public key of Alice. When both Bob and Charlie want to transact with Alice they will inform some of the same witnesses. This forms the basis of detecting double spends cheaply.

Simplistic draft protocol:

• step 1: Alice send out a willingness_to_sign(transaction,time_bound, signature) to Bob and n witnesses
• step 2: Bob replies with a willingness_to_sign(transaction,signature) and committing to this transactions, send out to Alice witnesses and others selected by Bob
• step 3: Alice signs the transactions, sends it to Bob+witnesses
• step 4: Bob signs the transactions, returns it to Alice+witnesses
• step 5a: Consolidation phase provides a deterministic outcome either: double signed record created, Alice failed, Bob failed or both Alice and Bob failed.
• step 5b: Another outcome is if one party tries to double spend, if we simply assume the whole network is a witness we can prove that double spending will be always detected.
• step5c: Also, if Alice and Charlie conduct another transaction and Alice tries to double spend, the witness group is assumed to have overlap and malicious behavior is detected.

Technique to possibly use:

• Commitment Schemes and Zero-Knowledge Protocols
• https://en.wikipedia.org/wiki/Group_signature

[kc1212]

I think Collective Signing may be a solution for this problem.