[Cryptography] Proposal of a fair contract signing protocol

mok-kong shen mok-kong.shen at t-online.de
Thu Jun 30 11:50:40 EDT 2016

Am 29.06.2016 um 16:40 schrieb Sidney Markowitz:
> mok-kong shen wrote on 29/06/16 11:53 PM:
>> [I hope that the following more carefully/clearly formulated revised
>> version of my OP should render the underlying idea of mine
>> understandable and more easily seen to be correct.]
> Well, at least you have made it clear that it is different than the Two
> Generals problem, so we can't simply say that what you are trying to do has
> been proven impossible that way. The Two Generals problem says (roughly) that
> it is impossible for two parties to unequivocally come to an agreement over an
> unreliable channel. Your protocol is allowed to time out without any contract
> coming into effect if it takes too long, so that is not an issue.
>> If Alice first signs the document and sends it to Bob, it
>> means she has committed to something (e.g. ready to purchase an article
>> from Bob at a certain price), Bob can however, if he desires, to some
>> extent delay giving his digital signature and thus have a certain
>> finite time interval during which he has no corresponding commitment.
>> This is obviously unfair and hence to be avoided, if possible.
> No, this is not obvious. Someone always has to be first to sign a contract,
> but a contract does not come into effect before both parties agree to it.
> If signing is what makes commitment then whoever signs first is committed
> first. In your protocol Alice first signs the promise. She is committed to
> contract P (the promise) which requires her to do certain things in exchange
> for Bob providing his signature on C. Bob has no corresponding commitment.
> That is unfair by your definition, but does not seem particularly unfair to
> me. When someone proposes a contract C, at some point they need to commit to
> something so that the other party has a reason to commit to something else.
> All you have done is make the promise that first stage of commitment and then
> called it "fair" because it is conditional on Bob's act of commitment.

In step 1, Alice commits to the promise P and X of virtual crypto,
nothing more nor less.

> If signed conditional promises make it fair by your definition then there is
> no need for your protocol: Alice writes C to include the clause "This contract
> comes into effect as soon as it is signed by both Alice and Bob as long as
> both signatures are done and the signed document is published by time T." Then
> it can be signed in any order and it is still fair by your definition.

Please compare carefully your argumentation with my definition. Your
clause for Alice to write is evident (or could be deemed to be
implicitly assumed). My definition demands clearly more. Note BTW that
in the last revision of my scheme I don't even mention T. The
pre-condition of my fairness definition is simply: IF a contract
(proposed by one partner, here e.g. Alice) C (ever) comes into being.

M. K. Shen

More information about the cryptography mailing list