[Cryptography] Proposal of a fair contract signing protocol

mok-kong shen mok-kong.shen at t-online.de
Sun Jun 26 17:54:17 EDT 2016

Am 26.06.2016 um 10:08 schrieb Sidney Markowitz:
> mok-kong shen wrote on 25/06/16 6:22 PM:
>> What I do care is a scenario where the
>> protocol succeeds, i.e. a valid contract C comes into being, but the
>> signing processing is unfair according to my definition of fairness.
>> I attempt/hope to convince everybody that such a valid contract C
>> can never come out from my protocol. (This is my goal, nothing more,
>> nor less.)
> Ok, I went over all the previous messages you have sent in this thread and
> extracted everything you have said that regards the definition of what is fair
> or not fair and how each step in the protocol makes it fair.
> As far as I can tell you define "not fair" as being the situation in which one
> person is "fully committed" to contract C when the other person is not "fully
> committed" to contract C. You define "fair" as the situation in which both
> parties become "fully committed" at a single moment.
> The most recent way you summarized the definition "fully committed":
> "Fully committed by a partner means he/she has signed both X and Y
> or has promised to sign both because a certain condition is satisfied"
> Since you say that Alice is not "fully committed" after step 1, you must be
> saying that the promise does not make her fully committed until the condition
> of the promise is satisfied by Bob signing C in step 2.
> You have not specified any protocol for "promise". How is it proven that A
> promised to sign Y without having A digitally sign Y or digitally sign a
> promise that includes Y?
> This leaves no reason for your protocol to require that contract C is split
> into separate halves X and Y that are signed separately. You could just as
> easily write the contract to say "Alice and Bob agree to this transaction
> subject to this contract being signed by both Alice and Bob" and then have
> both Alice and Bob "promise" to sign it conditional on the other person
> signing it. If you do that, then a single signature provides the simultaneous
> commitment that you require for "fairness", according to your definitions.
> This protocol puts all the power into the "promise" which binds Alice, but you
> never define how a binding promise can be made without the promise itself
> being a contract that has to be put into effect in a "fair" fashion. That
> leads to an endless recursion.

I wrote: "The messages of step 1 and 2 are to be sent with
signcryption, .....", i.e. that promise is signed by Alice.

M. K. Shen

More information about the cryptography mailing list