[Cryptography] Proposal of a fair contract signing protocol

mok-kong shen mok-kong.shen at t-online.de
Mon Jun 27 18:21:05 EDT 2016

Am 27.06.2016 um 07:38 schrieb Sidney Markowitz:
> mok-kong shen wrote on 27/06/16 9:54 AM:
>> Am 26.06.2016 um 10:08 schrieb Sidney Markowitz:
>>> This leaves no reason for your protocol to require that contract C is split
>>> into separate halves X and Y that are signed separately. You could just as
>>> easily write the contract to say "Alice and Bob agree to this transaction
>>> subject to this contract being signed by both Alice and Bob" and then have
>>> both Alice and Bob "promise" to sign it conditional on the other person
>>> signing it. If you do that, then a single signature provides the simultaneous
>>> commitment that you require for "fairness", according to your definitions.
>>> This protocol puts all the power into the "promise" which binds Alice, but you
>>> never define how a binding promise can be made without the promise itself
>>> being a contract that has to be put into effect in a "fair" fashion. That
>>> leads to an endless recursion.
>> I wrote: "The messages of step 1 and 2 are to be sent with
>> signcryption, .....", i.e. that promise is signed by Alice.
> You never mentioned that the promise is what is signed in step 1. You said
> that Alice only signs X in step 1 and promises to sign C = X | Y if Bob signs
> it in step 2. How could Alice sign a promise to sign X and Y if what she signs
> only includes X? And if Alice does have to sign "I promise to sign Contract C
> = X | Y within time T1 after Bob signs Contract C if he signs within time T2"
> and she is bound by that, then that promise is an unfair contract by your
> definition.

The message sent by Alice in step 1 contains in it, among others, two
pieces, one is signed(Alice, X), i.e. X digitally signed by her, the
other is Y, i.e. simply Y. She promises to sign Y in step 3, i.e. to
produce signed(Alice, Y), if Bob does step 2. The whole message sent
by her in step 1, which contains besides signed(Alice, X) and Y also
the said promise, is sent to Bob with signcryption, i.e. first
encrypted with Bob's public key and signed with Alice's private key.

M. K. Shen

More information about the cryptography mailing list