[Cryptography] Proposal of a fair contract signing protocol

mok-kong shen mok-kong.shen at t-online.de
Sat Jun 11 04:45:57 EDT 2016

Am 11.06.2016 um 02:28 schrieb Ray Dillinger:
> On 06/10/2016 01:59 PM, mok-kong shen wrote:
>> When a contract in digital from is to be signed online by Alice and
>> Bob, an issue concerning the fairness of the signing process crops up
>> as follows: If Alice first signs the document and sends it to Bob, it
>> means she has committed to something (e.g. ready to purchase an article
>> from Bob at a certain price). Bob can however, if he desires, at least
>> to some extent arbitrarily delay giving his digital signature, i.e.
>> having a period during which he has no corresponding commitment. This
>> is obviously unfair and thus to be avoided, if possible.
> Contracts as legal commitments are not operative until signed
> by all parties.  Software commitments, when competently implemented,
> are the same.
> The fairness issue arises, to some extent, if there is a period
> of time during which Bob may have the *option* of signing or not,
> after Alice has already signed.
> But this is easily prevented - by incremental signing, as you
> suggested, but secret splits, including visual-cryptography
> splits, are not appropriate, because for any such split one can
> fabricate a corresponding split that combines with it to make
> a different contract.  Thus the commitment fails, because
> Alice has signed a split of contract A, and Bob provides a
> specially constructed split that combines with it to form
> contract B and claims Alice agreed to contract B when she
> signed.

No. If in step (2) Bob employs a Z so that (X,Z) gives a document
D different from C and sends signed(Bob,X) and signed(Bob,Z) to Alice,
then this manipulation will be detected by Alice as I wrote in
step (3) and the protocol fails to complete.

M. K. Shen

P.S. I like to take this opportunity to post an addendum to my OP
to avoid an eventual possible misunderstanding of the readers.

[Addendum:] Remark: The message sent by Alice in step (1) looks like
the following and is as a whole piece encrypted with Bob's public key
and signed by Alice.

...... some text ...... Here is the X-part of VC signed by me:
signed(Alice,X) ......Here is the Y-part of VC: Y ......
some text ......

More information about the cryptography mailing list