Sigsum-general October 2025

sigsum-general@lists.sigsum.org

2 participants
2 discussions

Multi proofs for multi signing?
by Giulio 23 Oct '25

23 Oct '25

Hi all, In WEBCAT we're adding support for multiple signatures over the same artifact (a manifest). How we log that depends on the monitoring story. One (probably not great) option would be to sign the artifact once with a known key (which one, though?) and log that artifact that includes the N signatures once in Sigsum. The downside is that the Sigsum leaf would then be discoverable only via the submitting key, not by the individual signer keys. If we want per-key transparency, we should instead submit each signature over the artifact to Sigsum and get a proof for each. That seems best for monitoring and seems to be the least hacky design. Assuming all signatures (and proofs) need to adhere to the same trust policy, there's a lot of duplication when gathering individual proofs. My understanding is that we can wait until all leaves are included in the same tree, collect a single cosigned tree head (STH), and verify the log signature and cosignatures once. Each leaf will have its own inclusion path, but many hashes will overlap. This reduces verification work (one STH validation instead of N) and total size on the wire. Does this usage make sense? For a first step, I'd like to just fetch per-leaf proofs for the same tree size so I can reuse the same STH, without trying to merge paths yet. If that sounds reasonable, is this a mode of operation Sigsum would be interested in supporting in the client (i.e., worth a PR), or should I implement it on top using the log APIs directly? Thanks! Giulio

2 3

Temporal guarantees of Sigsum proofs
by Giulio 23 Oct '25

23 Oct '25

Hi all, After a conversation with rgdd, I was trying to understand what kind of temporal guarantees a Sigsum entry can provide. For instance, I need something akin (but slightly less strict) to a timestamping authority: something that can attest that a certain signature was included on a specific date, or at least definitely not afterwards. This would allow me to enforce expirations over signed artifacts: if an artifact was included after a certain threshold (e.g., 30 days after signing), I could consider it expired, knowing that the corresponding signature couldn’t have been forward-dated. A naive way to achieve this without Sigsum would be to submit the content to a timestamping authority (TSA), then include the TSA’s signed timestamp within the content to be signed. However, this approach introduces a single point of failure (a trusted third party) and adds unnecessary format complexity. Since inclusion proofs from a Sigsum server already include a cosigned checkpoint with a timestamp, I was wondering whether similar guarantees could be derived from these components. My concern is that if I simply trusted the timestamp in the checkpoint, the logic wouldn’t hold: anyone could request a new inclusion proof at a later time, which would include a newer checkpoint timestamp and an updated tree head. One immutable element between proofs is the leaf index, which correlates monotonically with inclusion order, though not directly with wall-clock time. A possible workaround would be to require proofs where the tree size in the checkpoint is at most N leaves ahead of the included leaf (say < 10), ensuring some temporal proximity between signing and inclusion. However, this approach would prevent me from obtaining new proofs for old signatures, for instance, after witness rotation, unless there was an archive of checkpoints (and the same for witnesses)? Summarizing: is there a way to use the Sigsum log server and the witnesses to attest that an inclusion happened at a specific timestamp? Thank you, Cheers, Giulio

2 3

2025

2024

2023

2022

2021

Sigsum-general October 2025