crypto-slides-17-contract.1x1

crypto-slides-17-contract.1x1 - Contract Signing c...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Contract Signing c circlecopyrt Eli Biham - August 18, 2010 471 Contract Signing (17) Contract Signing Contract signing protocols enable two parties, Alice and Bob, to sign a binding contract. It is required that after the execution of the protocol: • Alice will be able to prove that Bob signed. • Bob will be able to prove that Alice signed. • Fairness : Alice can prove that Bob signed if and only if Bob can prove that Alice signed. – If one party cheats, he/she will not be able to take advantage of that in order to gain an advantage over the other party. – He/she will not be able to prove that the other party signed, if the other party is not able to prove that he/she signed. c circlecopyrt Eli Biham - August 18, 2010 472 Contract Signing (17) Contract Signing (cont.) Example : An insecure protocol for signing contracts. Given a contract m , Alice sends her signature on the contract, S A ( m ), to Bob and then Bob sends his signature, S B ( m ), to Alice. This protocol is not secure because Bob can choose not to send his signature to Alice, and therefore he will be able to prove that the contract is valid, if he wants to, and when it’s in his best interests. On the other hand, Alice cannot prove that the contract is valid, but also cannot cancel the contract. c circlecopyrt Eli Biham - August 18, 2010 473 Contract Signing (17) Contract Signing (cont.) “Improved” (still insecure) protocols : 1. Alice and Bob sign. Alice sends the signature to Bob, then Bob sends to Alice, but the signature becomes valid only if Alice signs that she got Bob’s signature. 2. Signing 50 times in 50 rounds, such that in each round Alice and Bob provide another signature to the contract (mixed with the round number), and all the 50 are required to prove signature. 3. Signing 50 times, but each time the signature is on the message along with all previous signatures, i.e., Alice signs the contract, Bob signs the contract with Alice’s signature, Alice signs the contract with the two signatures, etc. c circlecopyrt Eli Biham - August 18, 2010 474 Contract Signing (17) Contract Signing (cont.) Theorem : A deterministic protocol for signing contracts without the partici- pation of a third party does not exist. Proof : Assume that such a protocol exists. While running the protocol, there should be some step n , after which both parties have the signatures, and none of them know it before it. Without loss of generality, the n ’th message is sent from Alice to Bob. Since Alice does not receive any information in step n , she knows the signature already after step n − 1. Contradiction. Therefore, there is no protocol where both parties learn the signatures together at exactly the same time....
View Full Document

This note was uploaded on 04/14/2011 for the course CS 236506 taught by Professor Yanivcarmeli during the Spring '11 term at Technion.

Page1 / 27

crypto-slides-17-contract.1x1 - Contract Signing c...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online