[Cryptography] Proposal of a fair contract signing protocol
Alex Mazingue
eopiclius at yahoo.com
Fri Jul 1 21:44:42 EDT 2016
Can we please stop this "who is on first?" thread? The very definition of fairness provided by MK is recursive. End.
On Jul 1, 2016, at 5:26 PM, mok-kong shen <mok-kong.shen at t-online.de> wrote:
> Am 01.07.2016 um 01:14 schrieb Judson Lester:
>
> It appears that your "fairness" is either vacuous or paradoxical.
>
> In the execution of your protocol, after step 1, Alice is committed to
> sign the executed contract when Bob completes step 2. Either this is
> equivalent to Alice being committed when Bob is not, or it is not
> equivalent.
> If the commitment to sign is equivalent to signing, the protocol isn't
> fair precisely because the scenario without this protocol isn't fair:
> Alice is committed where Bob isn't.
After step 1 Alice is committed to C (via signing Y in step 3) "on
condition" that (i.e. IF) Bob commits to C in step 2, but she has not
(yet) committed to C. So at that time point it is not true that
"Alice is [already] committed [to C] where Bob isn't".
> After step 2, Bob is committed to the contract. If Alice's commitment to
> sign is not equivalent to signing the contract, then Bob is committed
> and Alice is not, which is a violation of the fairness you've defined,
> with Alice and Bob's roles reversed.
After step 2, Bob is committed to C and, since Alice is bound to commit
to C now owing to what she has done in step 1, step 3 occurs and the
protocol completes. The fairness definition only applies to a completed
protocol, i.e. after step 3 (in other words it is meaningless to
consider the definition without also taking what happens in step 3 into
account).
M. K. Shen
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list