A Two-Server, Sealed-Bid Auction Protocol

Naor, Pinkas, and Sumner introduced and implemented a sealed-bid, two-server auction system that is perhaps the most efficient and practical to date. Based on a cryptographic primitive known as oblivious transfer, their system aims to ensure privacy and correctness provided that at least one auction server behaves honestly. As observed in [19], however, the NPS system suffers from a security flaw in which one of the two servers can cheat so as to modify bids almost arbitrarily and without detection. We propose a means of repairing this flaw while preserving the attractive practical elements of the NPS protocol, including minimal round complexity for servers and minimal computation by players providing private inputs. Our proposal requires a slightly greater amount of computation and communication on the part of the two auction servers, but actually involves much less computation on the part of bidders. This latter feature makes our proposal particularly attractive for use with low-power devices. While the original proposal of NPS involved several dozen exponentiations for a typical auction, ours by contrast involves only several dozen modular multiplications. The key idea in our proposal is a form of oblivious transfer that we refer to as verifiable proxy oblimous transfer (VPOT).

[1]  Sang-Ho Lee,et al.  How To Exchange Secrets By OT , 2000, International Conference on Internet Computing.

[2]  Kazue Sako,et al.  An Auction Protocol Which Hides Bids of Losers , 2000, Public Key Cryptography.

[3]  Moti Yung,et al.  The Varieties of Secure Distributed Computation , 1993 .

[4]  Giovanni Di Crescenzo Private Selective Payment Protocols , 2000, Financial Cryptography.

[5]  InitializerRonald L. RivestLaboratory Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer , 1999 .

[6]  Jacques Stern,et al.  Non-interactive Private Auctions , 2002, Financial Cryptography.

[7]  Jan Camenisch,et al.  Optimistic Fair Secure Computation , 2000, CRYPTO.

[8]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[9]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[10]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[11]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[12]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[13]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[16]  Claude CrrZpeau Verifiable Disclosure of Secrets and Applications , 2022 .

[17]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[18]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[19]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[20]  Ueli Maurer,et al.  Efficient Secure Multi-party Computation , 2000, ASIACRYPT.

[21]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[22]  J. Doug Tygar,et al.  Electronic Auctions with Private Bids , 1998, USENIX Workshop on Electronic Commerce.

[23]  Paul F. Syverson,et al.  Fair On-Line Auctions without Special Trusted Parties , 1999, Financial Cryptography.

[24]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[25]  R. Cramer,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000 .

[26]  Matthew K. Franklin,et al.  The Design and Implementation of a Secure Auction Service , 1996, IEEE Trans. Software Eng..

[27]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[28]  Christian Cachin,et al.  Efficient private bidding and auctions with an oblivious third party , 1999, CCS '99.

[29]  Donald Beaver Minimal-Latency Secure Function Evaluation , 2000, EUROCRYPT.

[30]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[31]  Claude Crépeau,et al.  Verifiable Disclosure of Secrets and Applications (Abstract) , 1990, EUROCRYPT.

[32]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’89 , 1991, Lecture Notes in Computer Science.