Cryptographic Proposal for Handling Group Actors
In this discussion, several ideas were considered for allowing groups to collectively participate as agents with the outside world. One pattern considered is that a notary agent would monitor the group for decisions or authorizations, and would then execute those decisions when the groups’ internal decision-making process has supported an action or a policy.
However, this creates a vulnerability – whoever controls the notary’s private key can impersonate the group or veto group decisions.
The Impersonation Problem
This paper points to a potential solution. The authors identify a secret sharing procedure to generate key pairs, encrypt, decrypt, and sign things, without the “real” private key for the collective ever being known by a single party. (A talk on the paper at the Black Hat Conference can be found here.) The original purpose was generating side-channel resistant cryptographic signatures, by employing hardware from different countries that are unlikely to collude to share backdoors. However, it would be well suited to holochain as well.
A potential procedure would work like this: a group member would ask the notaries to sign or decrypt something, and the notaries would request proof of authorization. The notaries would only comply with the request of the requester can prove that it is valid, ie sanctioned by the group. In order to impersonate the group, all notaries in a group would have to collude at the same time.
The Veto Problem
However, the solution above does not stop the veto problem, which in fact becomes worse, as any notary can stop all group action by refusing to sign or even just going offline. The paper contains a solution to this problem, extending the secret sharing procedure to create multiple pools of notaries that share the same collective private key. This is bootstraped off of the original pool, and does not expose any additional information to an attacker. Each pool is capable of conducting cryptographic operations independently. This means that a group only needs one notary pool to be operational to continue working.
A Market for Notary Publics
Notary pools will be most secure when the notaries included are diverse, and lack a common reason or means to collude. The most effective implementation would involve a mixture of public and private notaries. Private notaries would belong to the group, requiring all operations to have at least some group nexus. This also provides some security if a company or state agency floods the public market with fake notaries that wait to collude until they have complete control over a replicated pool.
However, public notaries would be equally important. They prevent a clique within a group, perhaps the most technically savy members, from conducting an internal putsch. Public notaries would be paid, possibly though a “proof of notarization” mechanism or even a separate currency.
Additionally, it would be valuable to have a diverse group of public notaries from different countries subject to different laws to prevent legal compulsion. Far down the road, one could imagine a non-profit organization that could inspect and certify facts about notary businesses, like there physical location.