From: wcs@anchor.ho.att.com (Bill_Stewart_HOY002_1305)
Date: Wed, 6 Oct 93 15:25:23 PDT
To: hfinney@shell.portal.com
Subject: Re: Crypto Idea; Multi-Part Sigs
Message-ID: <9310062222.AA15672@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text


Carl's comment that, for RSA, decryption and signing are really identical,
gets to the heart of the matter.  Hal posted a method for letting N people
together do the operations.  For N people separately, a trusted mailer
run by one of the people can solve the decryption problem
(RSA-decrypts the session key using its private key, RSA-encrypts it with 
the public keys for all the recipients, retransmits), and it's ok to trust it
since the list-runner is allowed to see the messages anyway.
This nethod tends to require the sign-N-times method of encryption or signature,
whish is boring but adequate for many needs, unless you want the
users to be anonymous.  The N of M signature method from Shamir doesn't work
will if you want to preserve anonymity of members of the group, and giving
everybody in the group their own copy of the key also may have drawbacks.