[Cryptography] Proposal of a fair contract signing protocol

[mok-kong shen]

There have been a number of comments in this thread after my last
post. I like to express my opinions in the following:

(a) The definition of unfairness I have in mind is: A valid contract
C is unfair in its signing processing, if there existed a certain finite
time interval in which one partner had already fully committed while the
other had yet the freedom to commit or not.

(b) Validity of digital signatures is an issue orthogonal to the present
one. In my protocol signing is involved at lots of places. It is
assumed that they are all properly done and hence can be checked by
anyone who wants to verify the contract.

(c) In step 1 Alice could, if she desires, expressly reserve her right
to cancel the proposal at anytime before getting Bob's acceptance in T.
(This could be useful e.g. for one selling a rare book which he has
only a single copy.)

(d) I surmise that, contrary to the impossibility claims, even
alternative fair contract signing protocols may be designed, though
I believe that my proposal should anyway be among those that can be
most simply argued to be correct or not.

(e) I like to take this opportunity to request the general readers of
our group to kindly take a few minutes of their free time to think of
reality-near hypothetical scenarios of transactions where a contract
C comes into being with my protocol but either Alice or Bob could
afterwards have the feeling that the protocol was unfair for her/him.
I should be extremely grateful for such informations, since they open
the door for me to attempt eventually feasible amendments and
improvements.

M. K. Shen