On 05/26/2016 03:47 PM, Tim Wilson-Brown - teor wrote: > > This is not possible, each authority only produces one consensus per hour. > If a majority of authorities sign the same consensus, that consensus will be served by all authorities, and accepted by clients. > Otherwise, there is a consensus failure, and no authority serves a consensus for that hour. Ok - as replied to Tom Ritter previously, this was about the https://lists.torproject.org/pipermail/tor-dev/2014-July/007092.html. I guess it's not so relevant in this context, I'll probably remove this section in the next iteration then. > If you wish to include extra "CoSi" lines in the consensus, they must be deterministically agreed. > The process works something like this: > * each authority includes information in its vote, > * each authority deterministically uses the information in the votes to produce a consensus, > * each authority signs the consensus it produced, > * if a majority of authorities signed exactly the same consensus, that consensus is served to clients. Thank you for the detailed explanation. > As you mention, one way to work around this requirement is for authorities to round-robin as CoSi leader. > > A second is for each authority to validate the CoSi signatures provided by each other authority, and only include those signatures validated and voted for by a majority of authorities in the consensus. (CoSi validation is deterministic, even thought CoSi signing is not, due to network effects - a CoSi signer may sign one request, but go down before signing them all.) Just a nitpick here: cosi signatures by definition *are* probabilistic because each co-signers must generate a new random for each round (as in Schnorr signatures). Having a signer failure also induces different signatures, but they would already be different anyhow. > > A third is for CoSi signatures to be appended to the consensus, just like authority signatures are appended. Then authorities, mirrors, and clients only serve consensuses with a majority (5/9) of valid CoSi signatures. Your third option is exactly what we had in mind; See section 6 about compatibility: "[...] treating the new CoSi-generated collective signature as just an additional signature that gets attached to and distributed with consensus documents". I see now that we may use an incorrect terminology in this context; we should change "included" to "appended" as you suggests. Thanks, Nicolas
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev