[Cryptography] Proposal of a fair contract signing protocol

mok-kong shen mok-kong.shen at t-online.de
Tue Jun 21 18:14:17 EDT 2016 

Am 21.06.2016 um 18:50 schrieb Christian Huitema:
> On Monday, June 20, 2016 3:24 PM, mok-kong shen wrote:
>>
>> Am 20.06.2016 um 05:05 schrieb Peter Fairbrother:
>>> On 19/06/16 17:51, mok-kong shen wrote:
>>> [..]
>>>
>>>> [Addendum 19.06.2016] There are literatures which claim (if I have
>>>> not
>>>> misinterpreted) that protocols of our genre are impossible.
>>>
>>> They are impossible.
>>>
>>> This is known as the two generals problem:
>>>
>>> https://en.wikipedia.org/wiki/Two_Generals%27_Problem
>>>
>>
>> I should very much appreacite your critically and clearly pointing out
>> where/why  my protocal doesn't fulfill its intended purposes.
>
> Sorry, but it is the other way around. The problem that you are trying to solve appears to be the same as the "two generals" problem, which is proven to not have a solution. If you want to see further work on your proposal, then you need to demonstrate first that the "fair signing" problem is not the same as the "two generals" problems.
>
> It is also well known that one can make arbitrarily complicated attempts at solving at the two generals problems: if a simple message + ACK fails, add an ACK of ACK, etc., ad libitum. Given the general result, all these attempts ultimately fail in some obscure way. Spending time about the particular way this or that construct fails generally takes a long time, and is not particularly interesting.

I am not of your opinion. I have in my (revised) post very clearly
defined the goal of my protocol, namely (see 1st para.) to avoid a
situation where there exists a finite time period during which Alice
commits to something, while Bob has no corresponding commitment.

(Whether there was historically a certain other problem that could be
argued to have intimate relationship to that goal doesn't matter for
the correctness issue of my protocol as such. The extreme one could
eventually claim would be that my protocol was already known in an
equivalent form before. But that priority issue would have to be shown
by others, not by me.)

Now in note (a) and (b) I argued that "there can be no unfairness of
the nature mentioned above". These are my claims and as such any reader
of my post may certainly attempt to show that my logical conclusion
of these claims to be false. That's why I asked for comments and
critiques in this group and a few other groups. This is an entirely
legitimate and standard way to present something scientific to the
public, isn't it?

M. K. Shen

More information about the cryptography mailing list