1

I’m looking for a one-way accumulator which can safely add new members (deletion is not necessary) and does not rely on a trusted party in any way. Unfortunately it appears that it does not exist yet.

My project has an authentication based on a block chain (like Bitcoin) so it's manually initialized and after that it runs on its own. If I put a hash in every block, nodes relay special packets only for the authenticated users, hence the need for a simple authentication scheme without a group manager, no one is to be trusted more than yourself in his honesty. After a round of votes all the nodes agree on the entrance of a new member and the hash is changed accordingly (or witnesses depending on the scheme) and the ban of a member is simply another "black list" hash (or some other method depending on the scheme).

Alin Tomescu
  • 1,003
  • 10
  • 30
gurghet
  • 179
  • 9
  • 1
    Did you try Google @gurghet? Yes, there are. There are three existing schemes that immediately come to my mind. Two of them can even be made universal (non-membership witnesses). The question as it is is a pure reference request and off topic. If you have more concrete questions to an accumulator scheme, edit your question and I'll answer. – DrLecter Mar 19 '14 at 07:04
  • Well I don't know the schemes you are referring to so I don't know what to edit precisely, but I guess you are referring to theoretical schemes which can't be used in practice because they use a 2Mb accumulator or other problems. I said I want to use them in a project so... yeah, real workable schemes. – gurghet Mar 19 '14 at 09:44
  • 1
    This one for instance @gurghet? – DrLecter Mar 19 '14 at 09:50
  • DrLecter I really thank you for your effort but I think you are referring to a scheme that requires a trusted party (group manager in the paper lexicon) which I wrote I don't have in my project. Correct me if I'm wrong. – gurghet Mar 19 '14 at 09:53
  • 1
    Just for the setup. But in a real world setting you will need soneone who runs the setup in any scheme @gurghet. Maybe you could edit your question and outline your application. Otherwise this seems to be a crystal ball thing ;) – DrLecter Mar 19 '14 at 09:57
  • Just for the setup? Well I didn't read that paper in detail because I stopped as soon as I read "group manager", I'll read it again. Thanks. – gurghet Mar 19 '14 at 10:13
  • 1
    If you only want to add elements to the accumulator, then you can forget the factorization after setup @gurghet. However, if you want collision-freeness you can only accumulate prime numbers. But you can use the mapping to primes proposed in Appendix B of this paper for this purpose and thus accumulate arbitrary elements which you map to primes. – DrLecter Mar 19 '14 at 10:22
  • 2
    @DrLecter You still need a trusted party who promises to forget the factorization. While you can generate RSA moduli without knowing their factorization they're very big. – CodesInChaos Mar 19 '14 at 10:55
  • 1
    @CodesInChaos Yes I know. The problem is that all dynamic accumulators have some secret that is generated during setup but could then be thrown away if you do not need to delete from the accumulator :/ – DrLecter Mar 19 '14 at 14:13

0 Answers0