[Cryptography] Proposal of a fair contract signing protocol

Dennis E. Hamilton dennis.hamilton at acm.org
Sat Jun 25 17:32:50 EDT 2016

> -----Original Message-----
> From: cryptography [mailto:cryptography-
> bounces+dennis.hamilton=acm.org at metzdowd.com] On Behalf Of mok-kong shen
> Sent: Friday, June 24, 2016 23:23
> To: cryptography at metzdowd.com
> Subject: Re: [Cryptography] Proposal of a fair contract signing protocol
[ ... ]
> Sorry that I don't yet fully understand your point. Let me sketch
> my scheme in a way that IMHO would be easier for you to exactly
> pinpoint in order to provide your corresponding critiques, if any:
> In step 1 Alice proposes a contract C (in terms of X and Y of visual
> cryptography) but she signs "only" X which (alone) has no significance
> in the sense of a commitment. (Note that X could be combined with a
> different Y' to result in a C' that is different from C.) She promises
> that "if" in future Bob fully commits in step 2 via signing X and Y
> "then" she would (and is responsible to) sign Y in step 3, thus
> completing the formality of the proposed contract C.

Wait, there is a promise by Alice conditional on Bob signing X and Y 
And, of course, successfully returning that to her?   That is a weak
sense of "promise."  How is that witnessed or enforced?

What there really seems to be is the next step: She signs Y in step 3.
That is the only demonstration that she has concluded the contract is
in force as the result of receiving Bob's agreement.

Now the question is, who does she communicate having done that to -- 
how is it witnessed or verifiable -- and until she has, and it is not 
repudiatable (by anyone), how did this Protocol become "fair?"

There have been enough descriptions of how contracts work in reality
under common law and also under conditions where there is something
significant at risk.  Where the temptation of fraud is quite
high, brokers and escrow companies and other arrangements come into
the picture.  Simply notaries are sufficient in some cases.  Attempting 
to do this in a digital, distributed arrangement is where the whole 
business of non-repudiatable/-falsifiable time-stamping crops up.

It almost doesn't matter what the C = X || Y piecewise multi-stage
protocol is until the context and the above questions are addressed.

A different definition of fairness is simply a misdirection against
the general concern of how to verify that a contract has been 
entered into and that the agreement is neither refutable nor 

> [orcmid] [ ... ] What I do care is a scenario where the
> protocol succeeds, i.e. a valid contract C comes into being, but the
> signing processing is unfair according to my definition of fairness.
> I attempt/hope to convince everybody that such a valid contract C
> can never come out from my protocol. (This is my goal, nothing more,
> nor less.)
> M. K. Shen
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list