Resolve-impossibility for a contract-signing protocol

A multi-party contract signing protocol allows a set of participants to exchange messages with each other with a view to arriving in a state in which each of them has a pre-agreed contract text signed by all the others. Such a protocol was introduced by Garay and MacKenzie in 1999; it consists of a main protocol and a sub-protocol involving a trusted party. Their protocol was shown to have a flaw by Chadha, Kremer and Scedrov in CSFW 2004. Those authors also presented a fix - a revised sub-protocol for the trusted party. In our work, we show an attack on the revised protocol for any number n > 4 of signers. Furthermore, we generalise our attack to show that the message exchange structure of Garay and MacKenzie\´s main protocol is flawed: whatever the trusted party does will result in unfairness for some signer. This means that it is impossible to define a trusted party protocol for Garay and MacKenzie\´s main protocol; we call this "resolve-impossibility"