Re: A question on ECDSA signing (more efficient tx signing)?

Quote from: poiuytr4 on July 18, 2013, 09:14:02 PM

Quote from: DeathAndTaxes on July 18, 2013, 02:21:46 AM

Given:
private keys a & b
Public keys A & B
Data to be signed d

Is it possible to create a signature S such that it can be verified given only A, B, and d?

Why not sign the data d with private key a and then sign the result with private key b to give you S.
Use public key B then public key A on S to result in data d.

Would this solve the original problem?
Even though, as pointed out, there are distinct items of data so it wouldn't work in practice anyway.

This would be for a new (incompatible) transaction format. There would be no distinct items. Transactions would simply be signed at the tx level. At this point it is merely academic, I just want to know if it CAN be done and if doing so results in a reduction of security.

I don't believe it is possible to verify a double signature the way you described. Remember is verification the entity with the public key isn't recreating the signature and comparing it to the original (if they could do that they could counterfeit the signature on any data). They entity doing the verification can only validate if the signature is valid or not (i.e. true or false).

I may be wrong on this one.