Encyclopedia of Cryptography and Security

2005 Edition
| Editors: Henk C. A. van Tilborg

Contract Signing

Reference work entry
DOI: https://doi.org/10.1007/0-387-23483-7_76

A contract is a nonrepudiable agreement on a given contract text, i.e., a contract can be used to prove agreement between the signatories to any verifier. A contract signing scheme [4] is used to fairly compute a contract such that, even if one of the signatories misbehaves, either both or none of the signatories obtain a contract. Contract signing generalizes fair exchange of signatures: a contract signing protocol does not need to output signatures but can define its own format instead. Contract signing can be categorized by the properties of fair exchange (like abuse-freeness) as well as the properties of the nonrepudiation tokens it produces (like third-party time stamping of the contract). Unlike agreement protocols, contract signing needs to provide a nonrepudiable proof that an agreement has been reached.

Early contract signing protocols were either based on an in-line Trusted Third Party [8], gradual exchange of secrets [5], or gradual increase of privilege [3]. Like fair...
This is a preview of subscription content, log in to check access.


  1. [1]
    Asokan, N., Victor Shoup, and Michael Waidner (1988). “Optimistic fair exchange of digital signatures.” Advances in Cryptology—EUROCRYPT'98, Lecture Notes in Computer Science, vol. 1403, ed. K. Nyberg. Springer-Verlag, Berlin, 591–606.Google Scholar
  2. [2]
    Baum-Waidner, Birgit and Michael Waidner (2000). “Round-optimal and abuse-free optimistic multi-party contract signing.” 27th International Colloquium on Automata, Languages and Programming (ICALP), Lecture Notes in Computer Science, vol. 1853, eds. U. Montanari, J.D.P Rolim, and E. Welzl. Springer-Verlag, Berlin, 524 ff.Google Scholar
  3. [3]
    Ben-Or, M., O. Goldreich, S. Micali, and R.L. Rivest (1990). “A fair protocol for signing contracts.” IEEE Transactions on Information Theory, 36 (1), 40–46.Google Scholar
  4. [4]
    Blum, Manuel (1981). “Three applications of the oblivious transfer.” Version 2. Department of Electrical Engineering and Computer Sciences, University of California at Berkeley, Berkley, CA.Google Scholar
  5. [5]
    Blum, Manuel (1983). “Coin flipping by telephone, a protocol for solving impossible problems.” ACM SIGACT News, 15 (1), 23–27.zbMATHMathSciNetGoogle Scholar
  6. [6]
    Even, Shimon (1983). “A protocol for signing contracts.” ACM SIGACT News, 15 (1), 34–39.Google Scholar
  7. [7]
    Pfitzmann, Birgit, Matthias Schunter, and Michael Waidner (1998). “Optimal efficiency of optimistic contract signing.” 17th Symposium on Principles of Distributed Computing (PODC). ACM Press, New York, 113–122.Google Scholar
  8. [8]
    Rabin, Michael O. (1983). “Transaction protection by beacons.” Journal of Computer and System Sciences, 27, 256–267.zbMATHMathSciNetGoogle Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

There are no affiliations available