Dynamic member list

[ppoliani]

Is it possible to start with one set of members and then at some point about the list of members but still keep the same collective public/secret key.

For example, one scenario might be to start with the initial set of member S1. Then use that to encrypt some data. At a later point then some members might leave the group and some other might join. However, since the data where encrypted with the S1 set of members, it would make sense to use the same key to decrypt the original data even though the members have changed.

[davidrusu]

Hi @ppoliani, this crate has been superseded by https://github.com/maidsafe/sn_sdkg.

As for your question. You can create a key with a threshold t, as long as you have t + original members, you can continue using the original key.

But there is no way to "update" a key to include new members. The generated key is tied directly to the DKG participants.

You can implement a "handover" protocol where the new set S2 runs DKG to create a new key KEY2, then they bring that key to S1 who signs it with their key. This signature would be a proof that membership has changed S1 to S2.

If you keep this chain of signatures around, you can use it convince clients that the new members are indeed the valid members.

# Chain of signatures leading to the current members

S1 --> S2 --> S3 --> ... -> S10 (current member)

[ppoliani]

@davidrusu Thank you for such a prompt reply :)

The handover protocol makes absolute sense. At the same time it's till unfortunate though that such flexibility is not possible. The issue is that is such setup is used to let clients encrypt private data then it might be impossible in the future to decrypt such data when the new S2 is created.

Pardon my ignorance, what I'm thinking out loud might not even be possible in general 😆

[davidrusu]

Yes, DKG is probably not what you want for persistent, long term encryption where the owners are changing.

[ppoliani]

@davidrusu thank you so much for your valuable input :)