On Tue, Aug 23, 2022 at 08:48:48PM +0000, Warren Kumari wrote:
> It still feels like there is a tiny tweak that can be made that somehow
> magically solves this without having to rerun the algorithm (minus the
> selected people), but everything I think of is either wildly baroque, or
> relies on secrecy, or similar… I have a horrible feeling I'm going to wake
> up at 3AM with the perfect solution, just to realize once I'm fully awake
> that it is completely, obviously and hilariously wrong.
Secrecy can be achieved by appointing a set of parties who will release
pre-committed (SHA2-256 published in advance) secret values at a
suitable future time, and their values will be hashed together to arrive
at the "secret" additional seed. At least a majority of the parties in
question have to be trusted to not collude. Whether such complex
ceremony is viable or justified is not clear...
--
Viktor.
