An important application of our timed-commitment scheme is contract signing: two mutually suspicious parties wish to exchange signatures on a contract. We show a two-party protocol that allows them to exchange RSA or Rabin signatures, without changing the PKI or the semantics of the signature. The protocol is strongly fair: if one party quits the protocol early, then the two parties must invest comparable amounts of time to retrieve the signatures. This statement holds even if one party has many more machines than the other.
Other applications, including honesty preserving auctions and collective
coin-flipping, are discussed. Applications, connected to 3-round zero-knowledge
protocols are discussed in the paper Zaps and Their
Postscript , gzipped Postscript .
Back to On-Line Publications