On Thu, Nov 17, 2022 at 03:21:12PM +0100, Sigsum General wrote:
Hi,
this is a question that I hope is convered in the literature on transparency logs, but what meaning do we assign to a single, isolated, cosignature?
If we have a *sequence* of cosigned tree heads (signed by a particular witness, ordered by increasing tree size), then each cosignature says that all tree leafs in previous cosigned trees are present in later trees. But a sigsum client only sees a single cosigned tree head, not the sequence. In particular, consider the case of the first cosignature of a particular witness, with no history.
So what exactly does that signature mean?
"From my local vantage point, the log's state is append-only". This is a trivial claim when fetching the first tree head as there's no prior state, but after that the witness must require valid consistency proofs.
Note that a cosignature doesn't say there are no split-views, just that none has been presented to the witness. What convinces an end-user of global consistency is cosignatures from several independent witnesses.
I suspect there are maybe some underlying assumptions or policys that should be spelled out somewhere.
Is this an reasonably accurate description? When I see a leaf node accompanied by a cosigned treehead and an inclusion proof leading up to that head, then I expect that the witness will raise some alarm if, sometime in the future, the log attempts to publish a tree head where the leaf no longer is present?
Yep, alarm and of course not cosign that future inconsistent state.
In this case, a single cosignature doesn't make any claim about the state of the log, it just states that the witness has observed this state,
s/state/append-only state locally/
and hence that the witness has the information needed to detect future inconsistencies. More concisely: An isolated cosignature (without history) does not make a claim about the state of the log, it makes a claim about the state of the witness.
Does that make sense?
I disagree that there's no claim about the log's state. I agree that the central part is what (local append-only state) the witness is in.
-Rasmus