[Cryptography] Proposal of a fair contract signing protocol

[Ray Dillinger]

On 06/13/2016 03:52 PM, Ron Garret wrote:

 Suppose that Alice decides she wants to rescind her offer.  She’s not
actually allowed to do that, but she can claim that she never received
Bob’s acceptance, and Bob can’t prove otherwise.
> 
> So we add another step to the protocol: Alice has to acknowledge to Bob that she received his acceptance in order to complete the protocol, which she does.  Are they committed now?  No, because now Bob can decide to rescind his acceptance by claiming (falsely but plausibly) that he never received Alice’s acknowledgement.

It doesn't work.  Both of them know within an hour that they either do,
or don't, have the other's acknowledgement of the contract (or the
signed contract).  Alice who made the offer and does not have Bob's
ack on the offer is not bound.  Bob who signed the offer but received
no acknowledgement of the receipt of his signature, is not bound.
Expiration of an hour without those conditions being met, means the
contract is not operative.

I have the impression that your proof that this is insoluble relies on
preconditions which would be laughed at in any court of law - such as
the notion that correspondents are not aware of the passage of time or
can consider time to be a meaningful part of the protocol.  Or on the
parties playing ridiculous mathematical games like a child asking "why"
iteratively forever, insisting on an infinite regress of acknowledging
the acknowledgements.

Such antics and requirements for absolute mathematical purity do not
impress judges and juries, any more than a child's demand to know the
ultimate cause of the universe.

				Bear


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160613/a4d04f44/attachment.sig>