[Cryptography] Proposal of a fair contract signing protocol
mok-kong shen
mok-kong.shen at t-online.de
Fri Jul 1 17:26:52 EDT 2016
Am 01.07.2016 um 01:14 schrieb Judson Lester:
>
> It appears that your "fairness" is either vacuous or paradoxical.
>
> In the execution of your protocol, after step 1, Alice is committed to
> sign the executed contract when Bob completes step 2. Either this is
> equivalent to Alice being committed when Bob is not, or it is not
> equivalent.
> If the commitment to sign is equivalent to signing, the protocol isn't
> fair precisely because the scenario without this protocol isn't fair:
> Alice is committed where Bob isn't.
After step 1 Alice is committed to C (via signing Y in step 3) "on
condition" that (i.e. IF) Bob commits to C in step 2, but she has not
(yet) committed to C. So at that time point it is not true that
"Alice is [already] committed [to C] where Bob isn't".
> After step 2, Bob is committed to the contract. If Alice's commitment to
> sign is not equivalent to signing the contract, then Bob is committed
> and Alice is not, which is a violation of the fairness you've defined,
> with Alice and Bob's roles reversed.
After step 2, Bob is committed to C and, since Alice is bound to commit
to C now owing to what she has done in step 1, step 3 occurs and the
protocol completes. The fairness definition only applies to a completed
protocol, i.e. after step 3 (in other words it is meaningless to
consider the definition without also taking what happens in step 3 into
account).
M. K. Shen
More information about the cryptography
mailing list