[Cryptography] Proposal of a fair contract signing protocol

Bill Cox waywardgeek at gmail.com
Mon Jun 13 19:03:41 EDT 2016

On Mon, Jun 13, 2016 at 1:01 PM, Ray Dillinger <bear at sonic.net> wrote:

> On 06/13/2016 10:26 AM, Allen wrote:
> > I believe the original poster is proposing a technical solution that
> > provides hard-to-refute proof, i.e., something more than just
> > he-said-she-said or "this is the record of all communications" vs "no
> it's
> > not, that is forged, here's the true record".
> I do not understand how that is an issue.
> Surely, if each message contains the hash of messages received so far,
> then the last message (at any time) contains the root of a Merkle tree
> demonstrating the complete correspondence record.  There is no way for
> Bob or Alice to continue correspondence while keeping the other ignorant
> of what is and isn't on the official record of their correspondence, and
> either can prove the existence and receipt of any message ever responded
> to "on the record" by the other.
> At any moment, both correspondents have a complete record of everything
> the other has acknowledged "on the record", and anything not
> acknowledged is inoperative as part of the record anyway because the
> other party might not have even received it. It can be resent, and any
> further messages originating from the sender will include its hash, or
> else the correspondence can just plain stop until it's acknowledged.
>                                 Bear

I did not read the above article, but...

In general, if two parties are communicating just with each other and wish
to both sign a contract, the last person to act has an advantage.  For
example, if I buy a domain name from you, and send you $100, you can keep
the $100, and not give me the domain name.  We can add rounds to help.  I
could send you half the money, you could give me the domain name, and then
I could send the other half, but then I can cheat and not send the
remaining $50.  The size of possible cheating is reduced proportionally to
the number of rounds, but we can't get it to 0.  We don't have this problem
at the grocery store because we simultaneously pay for goods and receive
them.  Participants at a distance taking turns do not have this ability.

With block chains, we can effectively get the possible cheating to 0.  For
example, we can sign a contract and enter it's hash into the block chain,
and in the contract state that it is valid only if recorded in the block
chain with both party's signatures.  It is like having a free escrow
agent.  I assume the article is about some improvement on this concept.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160613/a55cb6ec/attachment.html>

More information about the cryptography mailing list