t -Private and Secure Auctions

In most of the used auction systems the values of bids are known to the auctioneer. This allows him to manipulate the outcome of the auction. Hence, one is interested in hiding these values. Some cryptographically secure protocols for electronic auctions have been presented in the last decade. Our work extends these protocols in several ways. Based on garbled circuits, i.e. encrypted circuits, we present protocols for sealed-bid auctions that fulfill the following requirements: 1. Protocols are information-theoretically t-private for honest but curious parties. 2. The number of bits that can be learned by active adversaries is bounded by the output length of the auction. Hence, if the result of the auction has to remain unchanged, then we present protocols that are secure against malicious attacks. 3. The computational requirements for participating parties are very low: only random bit choices and bitwise computation of the XOR-function are necessary. 4. The protocols are perfectly correct, i.e. they have a zero probability of failure. Note that one can distinguish between the protocol that generates a garbled circuit for an auction and the protocol to evaluate the bids in an auction based on the garbled circuit. Usually previous papers are focused on the problem of evaluating the bids of an auction. In this paper we address both problems. In addition to the generalization of the concept of garbled circuit we will present a t-private protocol for the construction of a garbled circuit that reaches the lower bound of 2t + 1 parties and a more randomness efficient protocol for (t + 1)2 parties. Finally we will present a strategy that allows new bidders to join a running auction or to change their bids dynamically. Our goal is that all bidders who do not change their bids are allowed to stay inactive in the process of bid changing.

[1]  J. Doug Tygar,et al.  Electronic Auctions with Private Bids , 1998, USENIX Workshop on Electronic Commerce.

[2]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[3]  Kaoru Kurosawa,et al.  Bit-Slice Auction Circuit , 2002, ESORICS.

[4]  Amos Beimel On Private Computation in Incomplete Networks , 2005, SIROCCO.

[5]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[6]  Hiroaki Kikuchi,et al.  Multi-round Anonymous Auction Protocols , 1999 .

[7]  Matthew K. Franklin,et al.  The Design and Implementation of a Secure Auction Service , 1996, IEEE Trans. Software Eng..

[8]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[9]  Ari Juels,et al.  A Two-Server, Sealed-Bid Auction Protocol , 2002, Financial Cryptography.

[10]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[11]  Matthew K. Franklin,et al.  Secure hypergraphs: privacy from partial broadcast , 1995, STOC '95.

[12]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[13]  Dieter Gollmann,et al.  Computer Security — ESORICS 2002 , 2002, Lecture Notes in Computer Science.

[14]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[15]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[16]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[17]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[18]  Rafail Ostrovsky,et al.  Reducibility and completeness in multi-party private computations , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[19]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[20]  Ahmad-Reza Sadeghi,et al.  Private auctions with multiple rounds and multiple items , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[21]  Felix Brandt,et al.  Fully Private Auctions in a Constant Number of Rounds , 2003, Financial Cryptography.

[22]  Yuval Ishai,et al.  Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator , 2005, CRYPTO.

[23]  Eyal Kushilevitz,et al.  A Zero-One Law for Boolean Privacy , 1991, SIAM J. Discret. Math..

[24]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[25]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[26]  Rafail Ostrovsky,et al.  Characterizing Linear Size Circuits in Terms of Pricacy , 1999, J. Comput. Syst. Sci..

[27]  Christian Cachin,et al.  Efficient private bidding and auctions with an oblivious third party , 1999, CCS '99.

[28]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[29]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[30]  Atsuko Miyaji,et al.  A Second-price Sealed-bid Auction with the Discriminant of the p0-th Root , 2002, Financial Cryptography.

[31]  Rami Zwick,et al.  Auction on the internet - a preliminary study , 1999 .

[32]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[33]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[34]  Andreas Jakoby,et al.  Private Computation - k-Connected versus 1-Connected Networks , 2002, CRYPTO.