[Cryptography] Proposal of a fair contract signing protocol
mok-kong.shen at t-online.de
Tue Jun 14 18:00:18 EDT 2016
Am 14.06.2016 um 14:23 schrieb Benjamin Kreuter:
> On Mon, 2016-06-13 at 17:43 -0400, Allen wrote:
>>> At any moment, both correspondents have a complete record of
>>> the other has acknowledged "on the record"
>> Alice signs the contract and sends it to Bob for his signature. A
>> months later, Bob claims he signed the contract and returned it the
>> day. How do you propose proving the time that Bob signed the
>> contract, if
>> his email client can simply forge the time sent header, and Alice's
>> simply forge the time received, or forge the unacknowledged messages
>> "Hey, where's the signed contract?"
> There are various ways this is resolved in the offline pen-and-paper
> case; e.g.:
> * Introduce certification authorities (notaries) who assert that a
> contract was signed no later than some time.
> * Sign multiple copies and deposit some copies with other parties, who
> can produce them on demand.
> * Use certified mail or some other reliable delivery channel.
> As someone pointed out earlier, the two-generals problem is inherently
> hard to deal with. People have had some awareness of this problem for
> a very long time, long before the concerns of the Internet age, and
> various solutions have been devised. Treaties are signed in the
> presence of witnesses and copies are sent to various countries. The
> USPS has long offered certified delivery and in some cases it is
> required by law.
> So for email, you would send a commitment to the signed contract to a
> public mailing list or Usenet group, and if there is a dispute later
> on, you can open the commitment. The timestamps of list/Usenet
> archives would prove that it was signed on or before some particular
> date, and the binding property of the commitment would prevent
The protocol I mentioned does not involve/need any trusted third party.
M. K. Shen
More information about the cryptography