[Cryptography] Proposal of a fair contract signing protocol

Allen allenpmd at gmail.com
Fri Jun 24 18:39:04 EDT 2016

On Sun, Jun 19, 2016 at 12:51 PM, mok-kong shen <mok-kong.shen at t-online.de>

> Step 1: Alice formulates a contract document C, generates with visual
> cryptography a pair (X, Y), sends a message containing signed(Alice,X)
> and Y to Bob and asks him to accept C before a certain day T in the
> future and promises to complete the contract formality within a certain
> time period TP in case Bob commits to C in step 2.
> Step 2: Bob obtains C from (X, Y). If he can't accept C, he informs
> Alice and the protocol begins again at step 1. Otherwise he sends a
> message containing signed(Bob,X) and signed(Bob,Y) to Alice and asks
> her to release C. (If Bob does nothing before T is reached, the
> protocol begins again at step 1.)
> Step 3: Alice examines whether Bob has signed the correct stuff, i.e.
> whether he hadn't e.g. by mistake sent signed(Bob,Z) in place of
> signed(Bob,X) with Z != X. If Bob had signed the wrong stuff, she
> informs Bob and the protocol begins again at step 1. Otherwise she
> releases C, signed(Alice,X), signed(Alice,Y), signed(Bob,X) and
> signed(Bob,Y) to the public. (Alice is responsible to complete step 3
> within TP.)

On Fri, Jun 24, 2016 at 5:51 PM, mok-kong shen <mok-kong.shen at t-online.de>

> Under a valid contract I meant what Alice in step 3 produces, which
> includes the text of the contract C and the pair of visual cryptography
> (X, Y) signed by both Alice and Bob, with (X, Y) exactly reproducing C.
> Does that sufficiently cover your "how to test for it"? Or do you mean
> anything in connection with the digital signatures of Alice and Bob?
> (I assume that the signatures are properly done by them.)

Using this definition of validity "what Alice in step 3 produces", the
protocol is pretty obviously "unfair".  In Step 3, Alice creates and
publishes signed(Alice,Y).  She can create and publish this at her
option--if she does, a valid contract suddenly comes into existence, and if
she does not, there is no valid contact.  Therefore, the creation of the
valid contract is completely under Alice's control at this point, and
completely out of Bob's control.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160624/bcb59855/attachment.html>

More information about the cryptography mailing list