[Cryptography] Proposal of a fair contract signing protocol

Sidney Markowitz sidney at sidney.com
Sun Jun 26 04:08:44 EDT 2016 

mok-kong shen wrote on 25/06/16 6:22 PM:
> What I do care is a scenario where the
> protocol succeeds, i.e. a valid contract C comes into being, but the
> signing processing is unfair according to my definition of fairness.
> I attempt/hope to convince everybody that such a valid contract C
> can never come out from my protocol. (This is my goal, nothing more,
> nor less.)
>

Ok, I went over all the previous messages you have sent in this thread and
extracted everything you have said that regards the definition of what is fair
or not fair and how each step in the protocol makes it fair.

As far as I can tell you define "not fair" as being the situation in which one
person is "fully committed" to contract C when the other person is not "fully
committed" to contract C. You define "fair" as the situation in which both
parties become "fully committed" at a single moment.

The most recent way you summarized the definition "fully committed":

"Fully committed by a partner means he/she has signed both X and Y
or has promised to sign both because a certain condition is satisfied"

Since you say that Alice is not "fully committed" after step 1, you must be
saying that the promise does not make her fully committed until the condition
of the promise is satisfied by Bob signing C in step 2.

You have not specified any protocol for "promise". How is it proven that A
promised to sign Y without having A digitally sign Y or digitally sign a
promise that includes Y?

This leaves no reason for your protocol to require that contract C is split
into separate halves X and Y that are signed separately. You could just as
easily write the contract to say "Alice and Bob agree to this transaction
subject to this contract being signed by both Alice and Bob" and then have
both Alice and Bob "promise" to sign it conditional on the other person
signing it. If you do that, then a single signature provides the simultaneous
commitment that you require for "fairness", according to your definitions.

This protocol puts all the power into the "promise" which binds Alice, but you
never define how a binding promise can be made without the promise itself
being a contract that has to be put into effect in a "fair" fashion. That
leads to an endless recursion.

 -- Sidney

More information about the cryptography mailing list