[Cryptography] Proposal of a fair contract signing protocol
mok-kong shen
mok-kong.shen at t-online.de
Fri Jun 24 18:56:03 EDT 2016
Am 25.06.2016 um 00:39 schrieb Allen:
> On Sun, Jun 19, 2016 at 12:51 PM, mok-kong shen
> <mok-kong.shen at t-online.de <mailto:mok-kong.shen at t-online.de>> wrote:
>
> Step 1: Alice formulates a contract document C, generates with visual
> cryptography a pair (X, Y), sends a message containing signed(Alice,X)
> and Y to Bob and asks him to accept C before a certain day T in the
> future and promises to complete the contract formality within a certain
> time period TP in case Bob commits to C in step 2.
>
> Step 2: Bob obtains C from (X, Y). If he can't accept C, he informs
> Alice and the protocol begins again at step 1. Otherwise he sends a
> message containing signed(Bob,X) and signed(Bob,Y) to Alice and asks
> her to release C. (If Bob does nothing before T is reached, the
> protocol begins again at step 1.)
>
> Step 3: Alice examines whether Bob has signed the correct stuff, i.e.
> whether he hadn't e.g. by mistake sent signed(Bob,Z) in place of
> signed(Bob,X) with Z != X. If Bob had signed the wrong stuff, she
> informs Bob and the protocol begins again at step 1. Otherwise she
> releases C, signed(Alice,X), signed(Alice,Y), signed(Bob,X) and
> signed(Bob,Y) to the public. (Alice is responsible to complete step 3
> within TP.)
>
>
> On Fri, Jun 24, 2016 at 5:51 PM, mok-kong shen
> <mok-kong.shen at t-online.de <mailto:mok-kong.shen at t-online.de>> wrote:
>
> Under a valid contract I meant what Alice in step 3 produces, which
> includes the text of the contract C and the pair of visual cryptography
> (X, Y) signed by both Alice and Bob, with (X, Y) exactly reproducing C.
> Does that sufficiently cover your "how to test for it"? Or do you mean
> anything in connection with the digital signatures of Alice and Bob?
> (I assume that the signatures are properly done by them.)
>
>
> Using this definition of validity "what Alice in step 3 produces", the
> protocol is pretty obviously "unfair". In Step 3, Alice creates and
> publishes signed(Alice,Y). She can create and publish this at her
> option--if she does, a valid contract suddenly comes into existence, and
> if she does not, there is no valid contact. Therefore, the creation of
> the valid contract is completely under Alice's control at this point,
> and completely out of Bob's control.
Did you read what in step 1 Alice promises to do if Bob commits? If Bob
commits in step 2 and Alice doesn't do step 3 then she breaks her
promise and Bob could suit her. Note once again that if a contract
doesn't come into being for technical or human reasons, my definition
of unfairness is never touched upon, for the definition assumes a
valid document, i.e. step 3 is completed.
M. K. Shen
More information about the cryptography
mailing list