Closed dbosk closed 6 years ago
dbosk
commented
6 years ago Since participants will see many proofs, they can store and later submit all proofs that they have seen. This will improve unlinkability slightly, although the number of witnesses can be used to determine its age. Thus the submission with the most signatures is probably submitted by the owner.
dbosk
commented
6 years ago In one extreme case, each witness can submit their own witness signature to storage.
dbosk
commented
6 years ago To have different protesters submit parts of the proof is good for
dbosk
commented
6 years ago Witness and protester both submit the proof share they have generated together (see commit 8abcd9a2).
dbosk
commented
6 years ago Say we have 10^6 protesters. Say that we require a threshold of 1000 witnesses. Then we need to submit 10^9 witness signatures to the blockchain. OmniLedger can handle ~1500 transactions/s. RedBelly can do 660 000 transactions/s.
The protester can merge all his own witness signatures, since they are linked anyway. On the other hand this means that the one uploading them is behind the $pid$. The same argument holds for the witness. (This relates to #58)
Protesters and witnesses should collect hashes of others' signatures, add them to the blockchain as soon as possible. If a value is already there, don't try to add it again. This should destroy some linkability --- but maybe not all. (Merkle mountain ranges is something to look into.)
dbosk
commented
6 years ago We should only publish \theta number of witness signatures, where \theta is the required threshold. This way we can make all of them indistinguishable. But maybe this matters little.
dbosk
commented
6 years ago Only the participant and witness know the proof share. The first to have the opportunity shall commit it (the second can see that it is already committed).
Then both must submit proofs anyway, only the witness knows the SPK of wid and only the participant knows the SPK of pid.
We assume that there exists an anonymous submission system (like Tor) that Eve cannot subvert. So all protesters can submit their proofs in an unlinkable fashion.