How to obtain full privacy in auctions

Privacy has become a factor of increasing importance in auction design. We propose general techniques for cryptographic first-price and (M+1)st-price auction protocols that only yield the winners' identities and the selling price. Moreover, if desired, losing bidders learn no information at all, except that they lost. Our security model is merely based on computational intractability. In particular, our approach does not rely on trusted third parties, e.g., auctioneers. We present an efficient implementation of the proposed techniques based on El Gamal encryption whose security only relies on the intractability of the decisional Diffie—Hellman problem. The resulting protocols require just three rounds of bidder broadcasting in the random oracle model. Communication complexity is linear in the number of possible bids.

[1]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[2]  Felix Brandt Social choice and preference protection: towards fully private mechanism design , 2003, EC '03.

[3]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[4]  Makoto Yokoo,et al.  Secure Combinatorial Auctions by Dynamic Programming with Polynomial Secret Sharing , 2002, Financial Cryptography.

[5]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[6]  Felix Brandt,et al.  Fully Private Auctions in a Constant Number of Rounds , 2003, Financial Cryptography.

[7]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[8]  Matt Blaze Proceedings of the 6th international conference on Financial cryptography , 2002 .

[9]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.

[10]  Aggelos Kiayias,et al.  Non-interactive Zero-Sharing with Applications to Private Distributed Decision Making , 2003, Financial Cryptography.

[11]  Kazue Sako,et al.  An Auction Protocol Which Hides Bids of Losers , 2000, Public Key Cryptography.

[12]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[13]  Moti Yung,et al.  On the Security of ElGamal based , 1998 .

[14]  Felix Brandt,et al.  Secure and Private Auctions without Auctioneers , 2002 .

[15]  Ari Juels,et al.  A Two-Server, Sealed-Bid Auction Protocol , 2002, Financial Cryptography.

[16]  Michael H. Rothkopf,et al.  Two Models of Bid-Taker Cheating in Vickrey Auctions , 1995 .

[17]  P. Klemperer Auction Theory: A Guide to the Literature , 1999 .

[18]  Hiroaki Kikuchi,et al.  (M+1)st-Price Auction Protocol , 2002, Financial Cryptography.

[19]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[20]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[21]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[22]  H. Nurmi,et al.  Cryptographic protocols for Vickrey auctions , 1993 .

[23]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[24]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[25]  William Vickrey,et al.  Counterspeculation, Auctions, And Competitive Sealed Tenders , 1961 .

[26]  M. Rothkopf,et al.  Why Are Vickrey Auctions Rare? , 1990, Journal of Political Economy.

[27]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[28]  W. K. Vickery,et al.  Counter-Speculation Auctions and Competitive Sealed Tenders , 1961 .

[29]  Yoav Shoham,et al.  On cheating in sealed-bid auctions , 2003, EC '03.

[30]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[31]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[32]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[33]  Moti Yung,et al.  Proceedings of the 9th international conference on Financial Cryptography and Data Security , 2005 .

[34]  Juan A. Garay,et al.  Efficient and Secure Multi-Party Computation with Faulty Majority and Complete Fairness , 2004, IACR Cryptol. ePrint Arch..

[35]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[36]  Masayuki Abe,et al.  M+1-st Price Auction Using Homomorphic Encryption , 2002, Public Key Cryptography.

[37]  Tuomas Sandholm,et al.  Issues in Computational Vickrey Auctions , 2000, Int. J. Electron. Commer..

[38]  Felix Brandt,et al.  On Correctness and Privacy in Distributed Mechanisms , 2005, AMEC@AAMAS/TADA@IJCAI.

[39]  Felix Brandt,et al.  (Im)possibility of unconditionally privacy-preserving auctions , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[40]  J. Doug Tygar,et al.  Electronic Auctions with Private Bids , 1998, USENIX Workshop on Electronic Commerce.

[41]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[42]  Jens Groth,et al.  Efficient Maximal Privacy in Boardroom Voting and Anonymous Broadcast , 2004, Financial Cryptography.

[43]  Jacques Stern,et al.  Non-interactive Private Auctions , 2002, Financial Cryptography.

[44]  Felix Brandt,et al.  Efficient Privacy-Preserving Protocols for Multi-unit Auctions , 2005, Financial Cryptography.

[45]  Valtteri Niemi,et al.  Secure Vickrey Auctions without Threshold Trust , 2002, Financial Cryptography.

[46]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[47]  I. Damgård,et al.  The protocols. , 1989, The New Zealand nursing journal. Kai tiaki.

[48]  Hugo Krawczyk,et al.  Secure Applications of Pedersen's Distributed Key Generation Protocol , 2003, CT-RSA.

[49]  E. Maasland,et al.  Auction Theory , 2021, Springer Texts in Business and Economics.

[50]  Felix Brandt,et al.  A verifiable, bidder-resolved Auction Protocol , 2002 .

[51]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[52]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[53]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[54]  Makoto Yokoo,et al.  Secure Generalized Vickrey Auction Using Homomorphic Encryption , 2003, Financial Cryptography.

[55]  Aggelos Kiayias,et al.  Self-tallying Elections and Perfect Ballot Secrecy , 2002, Public Key Cryptography.

[56]  Matthew K. Franklin,et al.  The Design and Implementation of a Secure Auction Service , 1996, IEEE Trans. Software Eng..

[57]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .