[Cryptography] Proposal of a fair contract signing protocol

mok-kong shen mok-kong.shen at t-online.de
Sat Jul 2 18:09:00 EDT 2016


Am 02.07.2016 um 04:58 schrieb Ray Dillinger:
>
>
> On 07/01/2016 02:27 PM, mok-kong shen wrote:
>
>> If Bob chooses to go the first way, the protcol completes and the
>> fiarness definiton applies. If Bob chooses to go the second way,
>> the protocol never completes and, since the fairness definition
>> only deals with a completed protocol, it has no chance of being
>> considered at all.
>
> If your fairness definition only deals with a completed
> protocol, but one of the participants has the power to
> stop the protocol short of completion, in possession of
> the EXACT SAME evidence of the contract that they would
> have had it been completed, and is able to PREVENT the
> other from having such evidence - then your protocol
> conforms to your fairness definition without being fair
> in any meaningful way.
>
> If we had the power to force people to *COMPLETE* protocols
> then designing security and cryptography applications would
> be easy.  We don't.

Completion of the protocol (i.e. after step 3) means that both
partners have signed the contract C and the evidence is released
to the public (see step 3) so that anyone, e.g. a lawyer having
interest to study the validity of C, can do an examination. This
corresponds exactly to a normal contract on paper that is
hand-signed by both partners, isn't it?  So I don't understand
what your first paragraph above implies. Note that Bob certainly
can't do what you wrote, since after step 2 Alice hasn't yet
fully committed. If Alice were to do what you wrote in that she
fully commits (via signing Y), she could only prevent Bob have
the evidence of her signing Y through not not releasing all the
stuffs listed in step 3 to the public, right? But then step 3 is
not completed and with that the protocol as a whole is also not
completed, isn't it? Consequently the fairness definition would
have no chance of being applied at all, right? (That is, I
don't see what defects you are criticizing through using the
hypothetical scenario of your first paragraph above.)

M. K. Shen



More information about the cryptography mailing list