Giulio via Sigsum-general sigsum-general@lists.sigsum.org writes:
Not sure why you do incremental quorum check in https://github.com/freedomofpress/sigsum-ts/blob/main/src/verify.ts#L89, is it measurably expensive to verify more cosignatures than necessary?
[...] Do you think there's reasons not to do it, or that on the average it is likely more expensive to do the extra check every loop?
Can't say much about performance without actually measuring. To me, it just seems less complex to first iterate over the cosignatures, to get a list of witnesses with known keys and valid cosignatures. And only then check if that set satisfies the quorum.
In principle, one could also have the sender trim the proof and include only the cosignatures needed to satisfy the quorum. Assuming the client's policy is known.
Regards, /Niels