Contract Signing, Optimism, and Advantage [chapter]

Rohit Chadha, John C. Mitchell, Andre Scedrov, Vitaly Shmatikov
2003 Lecture Notes in Computer Science  
A contract signing protocol lets two parties exchange digital signatures on a pre-agreed text. Optimistic contract signing protocols enable the signers to do so without invoking a trusted third party. However, an adjudicating third party remains available should one or both signers seek timely resolution. We analyze optimistic contract signing protocols using a game-theoretic approach and prove a fundamental impossibility result: in any fair, optimistic, timely protocol, an optimistic player
more » ... lds an advantage to the opponent. The proof relies on a careful characterization of optimistic play that postpones communication to the third party. Since advantage cannot be completely eliminated from optimistic protocols, we argue that the strongest property attainable is the absence of provable advantage, i.e., abuse-freeness in the sense of Garay-Jakobsson-MacKenzie. ¢ ¡ ¤ £ ¦ ¥ § © for public keys and ! for protocol messages. As usual, the terms over a signature are the well-formed expressions produced by applying functions to arguments of the correct sort. A fact is a first-order atomic formula over the chosen signature, without free variables. Therefore, a fact is the result of applying a predicate symbol to ground terms of the correct sort. A state is a finite multiset of facts. A state transition is a rule written using two multisets of first-order atomic formulas and existential quantification, in the syntactic form a rule, these variables may be replaced by any ground terms. As an example, consider state
doi:10.1007/978-3-540-45187-7_24 fatcat:f3evyv5ewvd3vfukdo3j7s32i4