[Cryptography] Proposal of a fair contract signing protocol

[mok-kong shen]

Am 14.06.2016 um 14:23 schrieb Benjamin Kreuter:
> On Mon, 2016-06-13 at 17:43 -0400, Allen wrote:
>>>
>>> At any moment, both correspondents have a complete record of
>>> everything
>>> the other has acknowledged "on the record"
>> Alice signs the contract and sends it to Bob for his signature.  A
>> few
>> months later, Bob claims he signed the contract and returned it the
>> same
>> day.  How do you propose proving the time that Bob signed the
>> contract, if
>> his email client can simply forge the time sent header, and Alice's
>> can
>> simply forge the time received, or forge the unacknowledged messages
>> saying
>> "Hey, where's the signed contract?"
>
> There are various ways this is resolved in the offline pen-and-paper
> case; e.g.:
>
> * Introduce certification authorities (notaries) who assert that a
> contract was signed no later than some time.
>
> * Sign multiple copies and deposit some copies with other parties, who
> can produce them on demand.
>
> * Use certified mail or some other reliable delivery channel.
>
> As someone pointed out earlier, the two-generals problem is inherently
> hard to deal with.  People have had some awareness of this problem for
> a very long time, long before the concerns of the Internet age, and
> various solutions have been devised.  Treaties are signed in the
> presence of witnesses and copies are sent to various countries.  The
> USPS has long offered certified delivery and in some cases it is
> required by law.
>
> So for email, you would send a commitment to the signed contract to a
> public mailing list or Usenet group, and if there is a dispute later
> on, you can open the commitment.  The timestamps of list/Usenet
> archives would prove that it was signed on or before some particular
> date, and the binding property of the commitment would prevent
> cheating.

The protocol I mentioned does not involve/need any trusted third party.

M. K. Shen