[Cryptography] Proposal of a fair contract signing protocol

mok-kong shen mok-kong.shen at t-online.de
Thu Jun 30 12:32:12 EDT 2016

Am 29.06.2016 um 17:08 schrieb Allen:
>     Step 1: Alice formulates a contract document C, assigns to it a unique
>     identifier, generates with visual cryptography a pair (X, Y), signs X
>     and sends a message containing signed(Alice, X) and Y and a promise
>     (a conditioned commitment) that she will sign Y in case Bob signs X and
>     Y, to Bob.
> As you stated previously, Alice's "promise" is enforceable in court by
> Bob, so as soon as Alice sends her promise, she is bound while Bob is
> not, and therefore the protocol fails any reasonable definition of
> "fairness".

You clearly have misunderstood me. In step 1 Alice is bound to
something but Bob to nothing. But that doesn't matter "at all" to
my definition of fairness, which deals merely with (1) the (if
exists, then clearly bad) hypothetical situation where a contract
already comes into being (i.e. after step 3) "but" there is a (for
argumentaton purposes temporarily "assumed" possible) finite time
period in the contract processing during which one partner is fully
committed while the other partner is not fully committed and (2)
the consequential corresponding question of whether such an "assumed"
case could "ever" happen in my scheme. I claim that such a hypothetical
case clearly can't logically exist, which means that my protocol
satisfies my definition. If you don't agree, then please point out
at which location or locations of my protocol there is something
wrong/impossible and therefore my scheme couldn't satisfy my definition.

M. K. Shen

More information about the cryptography mailing list