Re: protocol for proofing sending a document

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 06/28/05 

Date: Tue, 28 Jun 2005 00:16:42 +0000 (UTC)

Anna Kahn wrote:
>Assume we have 2 parties Alice and Bob. Alice wants to send a document
>to Bob. If Alice really sends the document to Bob, then she can prove to
>a third, not involved party, Carol, that indeed she sends the document
>to Bob (so Bob received the document) and there is no way for a
>dishonest Bob to claim that he never received the document from Alice.
>Further, if Alice doesn't send the document to Bob, then there is no way
>for Alice to prove to Carol, that she sends the document.

No problem. If Bob wants to cooperate, he can sign a statement
saying "I, Bob, have received the following document: <...>".

If Bob doesn't want to cooperate, he might receive the document and
then refuse to sign such a statement. Is it a security goal to prevent
that? If so, I think your problem as stated is going to be unsolvable.

I would also warn you to be careful about the distinction between Bob
(a human), and Bob's agent (some software running on Bob's computer).
In cryptography, we often make no distinction, because no distinction
is needed. But in your problem -- as in non-repudiation -- the distinction
is important. Your problem -- just like non-repudiation -- probably
requires thought about not just the mathematics, but also about law and
dispute resolution and the like.