I am trying to put together a distributed hash table (DHT) with a name system where one will be able claim ownership of any key.
What I have in mind is the following interface
dht.secure_set(public_key, signature, key, value)
where
signature == sign(private_key, public_key, key, value)`
That is the key-value pair is signed by signature.
Then, others will be able to retrieve value given they know the public_key and key:
dht.secure_get(public_key, key)
The peer responsible for key in the DHT will only accept updates to the (public_key, key) pair only if the signature is indeed the signature of the (key, value) pair.
Is this signature scheme secure?
I see at least two issues with that:
A) having the storage peer responsible for verification is not sufficient. it may be a malicious node, so readers will have to verify too
B) If there are many (key, pubkey) tuples with the same key but different pubkeys, i.e. some key being really popular, this can put an undue burden on a small fraction of the nodes in terms of CPU cycles they have to spend (if there are frequent writes), storage and traffic they have to serve.
It may be better to derive a final lookup key from (key, pubkey) through a hash function so that those tuples get scattered throughout the keyspace. This is in fact what the bittorrent DHT specifies for its generic value signed storage