A Two-Server , Sealed-Bid Auction Protocol ( Extended Abstract )

Naor, Pinkas, and Sumner introduced and implemented a sealed-bid, two-server auction system that is perhaps the most efficient and practical to date. Based on a cryptographic primitive known as oblivious transfer, their system aims to ensure privacy and correctness provided that at least one auction server behaves honestly. As observed in [19], however, the NPS system suffers from a security flaw in which one of the two servers can cheat so as to modify bids almost arbitrarily and without detection. We propose a means of repairing this flaw while preserving the attractive practical elements of the NPS protocol, including minimal round complexity for servers and minimal computation by players providing private inputs. Our proposal requires a slightly greater amount of computation and communication on the part of the two auction servers, but actually involves much less computation on the part of bidders. This latter feature makes our proposal particularly attractive for use with low-power devices. While the original proposal of NPS involved several dozen exponentiations for a typical auction, ours by contrast involves only several dozen modular multiplications. The key idea in our proposal is a form of oblivious transfer that we refer to as verifiable proxy oblivious transfer (VPOT). The security of VPOT is predicated in a provable manner on a collection of common cryptographic assumptions, including the RSA assumption, quadratic residuosity assumption, and the random oracle model.

[1]  Jacques Stern,et al.  Non-interactive Private Auctions , 2002, Financial Cryptography.

[2]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[3]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[4]  Ueli Maurer,et al.  Efficient Secure Multi-party Computation , 2000, ASIACRYPT.

[5]  Jan Camenisch,et al.  Optimistic Fair Secure Computation , 2000, CRYPTO.

[6]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[7]  Donald Beaver Minimal-Latency Secure Function Evaluation , 2000, EUROCRYPT.

[8]  Giovanni Di Crescenzo Private Selective Payment Protocols , 2000, Financial Cryptography.

[9]  Kazue Sako,et al.  An Auction Protocol Which Hides Bids of Losers , 2000, Public Key Cryptography.

[10]  Christian Cachin,et al.  Efficient private bidding and auctions with an oblivious third party , 1999, CCS '99.

[11]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[12]  InitializerRonald L. RivestLaboratory Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer , 1999 .

[13]  J. Doug Tygar,et al.  Electronic Auctions with Private Bids , 1998, USENIX Workshop on Electronic Commerce.

[14]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[15]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[16]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[17]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[18]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[19]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[20]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[21]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[22]  Claude CrrZpeau Verifiable Disclosure of Secrets and Applications , 2022 .