Survey on eAuction

1
Survey on e-Auction

• Presenter Nguyen Hoang Anh
• NordSecMob

2
Outline

• Introduction to e-Auction
• What is auction?
• Desired properties for an e-Auction scheme
• Basic e-Auction protocol
• e-Auction scheme
• English auction
• First-price sealed bid auction
• Second-price sealed bid auction (Vickrey auction)
• Conclusion

3
Introduction to e-Auction

• An auction is a method of trading goods that do
  not have a fixed price
• Auction is based on competition and reflects the
  essential of market
• The sellers wish to sell their goods as high as
  possible, the buyers want to pay as little as
  necessary
• Roles Bidder (buyer) Seller Auctioneer
  (trusted third party)

4
Introduction to e-Auction

• Types of auctions
• English auction
• Dutch auction
• Sealed-bid auction First-price, Second-price,
  (M1)st-price

5
Desired properties

• Non-repudiation
• No framing
• Traceability
• Public verifiability
• Unlinkability
• Robustness
• Efficiency of bidding

6
Desired properties

• Fairness
• All bids should be dealt with in a fair way,
  e.g., no information about bidding will be
  disclosed to give any bidder unfair advantage
• Bidder privacy
• No bidders identity or trading history will be
  revealed even after the auction session.
• The secrecy of losing bids should be kept.
• Correctness of system
• The winning bid is the highest among bids were
  placed. The winner is the person who made that bid

7
Basic auction protocol

• Initialization
• Auctioneer sets the system parameters and
  publishes them
• Bidder registration
• A bidder sends the Auctioneer her/his public key
  to register
• Auction preparation
• The Auctioneer computes the preparation data for
  each auction. A bidder may download her/his
  information for bidding
• Bidding
• A bidder computes her/his bid information and
  places her/his bid
• Opening a winning bid
• The Auctioneer computes only a winning bid while
  keeping the other bids secret (not needed in
  public auction)
• Winner decision
• The Auctioneer identifies only a winner while
  keeping losers anonymity

8
English auction scheme

• Proof of knowledge
• PK(y P(?)) is the proof of knowledge between
  two parties
• given the publicly known value y, the Prover
  knows the value of ? such that the predicate P(?)
  is true.
• Signature based on a Proof of Knowledge (SPK)
• SPK(?) y g? (m)

9
English auction scheme

• 2 Bulletin Board System (BBS)
• Bulletin board is a place where people can leave
  public messages, e.g., to advertise things,
  announce events, or provide information
• Can be read by anybody, but can be written only
  by an authority
• gt Help reduce communication complexity
• 2 separate roles
• AM Auction Manager
• Prepare for auctions
• Carry out several auctions
• Manage the current bid value
• RM Registration Manager
• Manager the participants of auctions
• Prepare for auctions
• Identifies a certain bidder at the request of AM

10
English auction scheme
4. T1 (grs)x1
Kazumasa OMOTE. A study on Electronic Auctions,
2002
11
English auction scheme

• Properties
• Linkability in an auction (same Ti in one
  auction)
• Unlinkability among different auctions (different
  Ti-s for different auctions)
• No single authority can break anonymity and
  secrecy of bids

12
First-price sealed-bid auction

• Desired properties
• Secrecy of bidding price
• gt open bids from highest possible price to the
  winning price, all the lower prices are kept
  secret
• Verifiability
• gt Use public key encryption systems or hash
  chain technique
• Undeniability
• gt The bidder needs to sign for his bid
• Anonymity
• gt Bidders register to a registration center and
  get their keys for signature scheme

13
First-price sealed-bid auction

• Undeniable signature scheme
• Signing algorithm
• Verification protocol
• a signature can only be verified with the help of
  the signer gt Avoid replay attack
• Disavowal protocol
• allows the signer to prove whether a given
  signature is a forgery
• gt The signer cannot deny his valid signature

14
First-price sealed-bid auction
Undeniable signature of bidding price
Sig1(b1) Sig2(b2) Sig3(b3)
Bidder 1 b1
Auctioneer Price list 1, 2,, n
Bidder 2 b2
Bidder 3 b3
j n
j n - 1
Winning bid j Winning bidder Bidder
2
j
Sakurai and Miyazaki. A bulletin-board based
digital auction scheme with bidding down
strategy. In Proc. International Workshop on
Cryptographic Techniques and E-Commerce, 1999
15
First-price sealed-bid auction
Sakurai and Miyazaki. A bulletin-board based
digital auction scheme with bidding down
strategy. In Proc. International Workshop on
Cryptographic Techniques and E-Commerce, 1999
16
First-price sealed-bid auction

• Drawbacks of the protocol
• All bidders have to communicate with the
  auctioneer in opening phase
• gt Protocol 2

17
First-price sealed-bid auction
Bidder 1 b1
Auctioneer Price list 1, 2,, n (K_1 M_1),
(K_2 M_2), (K_n M_n)
Bidder 2 b2
Bidder 3 b3

• j n
• Check the equality EK_j(C_bi) M_j ?
• If such C_bi exists winning bid is j, winning
  bidder is i
• - If there is no such C_bi j j 1, repeat
  above step

Sako. Universally verifiable auction protocol
which hides losing bids. In Proc Of SCIS99,
pages 35-39
18
First-price sealed-bid auction
Sako. Universally verifiable auction protocol
which hides losing bids. In Proc Of SCIS99,
pages 35-39
19
First-price sealed-bid auction

• Advantage
• Bidders need not to communicate with the
  auctioneer in opening phase
• Disadvantage
• Malicious auctioneer can reveal all bidding
  prices
• gt Use plural auctioneers and distributed
  decryption technique

20
First-price sealed-bid auction

• Problems with sealed-bid auction methods using
  public key cryptosystems
• Computationally expensive
• Require a lot of communication
• Limit the number of bidders and the range of
  bidding prices

21
First-price sealed-bid auction
Publishes (Bid_i,Sigi(Bid_i)
Auctioneer 1
Bidder 1 P1 Secret seeds (S11, S21,...,Sa1)
Check hash chain for all bidders
bi h(hk(S1i)hk(S2i)hk(Sai)) ???
Publishes hk(Sij)
Bidder 2 P2 Secret seeds (S21, S22,,Sa2)
k n
k k - 1
Auctioneer a
Bidder 3 P3 Secret seeds (S13, S23,,Sa3)


Bidi bi, c1i, c2i, , cai bi
h(hPi(S1i)hPi(S2i) hPi(Sai)) cji
hn1(Sji)
K. Suzuki, K. Kobayashi, and H. Morita. Efficient
sealed-bid auction using hash chain. Proceedings
of the Third International Conference on
Information Security and Cryptology, Vol. 2015 of
Lecture Notes In Computer Science, pages 183
191, 2000. Springer-Verlag. ISBN 3-540-41782-6
22
First-price sealed-bid auction

• Secrecy of bidding price
• Bids are opened from the highest price to the
  winning price
• Hash chain is distributed to plural auctioneers
  gt losing bid prices are kept secret (besides the
  case all auctioneers collude)
• Verifiability
• Anyone can verify the correctness of the hash
  chains which are already published
• Undeniability
• The signer has to sign for his bid
• Anonymity
• Each bidder can use his public key of signature
  to bid anonymously
• Efficiency

23
Vickrey auction

• Vickrey auction scheme
• The bidder who offers the highest bid price gets
  the good at the second-highest price
• Attractive theoretical properties
• The dominant strategy for each bidder is to place
  a bid honestly according to her/his own true
  value
• Rarely used in practice
• Auctioneer may change the outcome of auctions
• Auctioneer may reveal bidders private
  information

24
Vickrey auction scheme

• Homomorphic encryption scheme
• EK(m1 r1) . EK(m2 r2) EK (m1m2 r1r2)
• Range proof integer commitment scheme, plus
  range checking
• PK(cEK(?,?) ? ? ? L,H)

25
Vickrey auction scheme

• Notations
• S seller
• A auction authority
• B maximum number of bidders
• V maximum number of different bids
• (X1, , XB) vector of bids in a nonincreasing
  order
• In public-key cryptosystem (G,E,D), c EK(m r)
  denote the encryption of m by using a random coin
  r under they key K.
• H hash function

26
Vickrey auction
Auctioneers public key pk
Bidder 1 b1
Auctioneer Secret key sk
Seller
Bidder 2 b2
Decrypt E Learn bid statistic
Bidder 3 b3
Helger Lipmaa, N. Asokan, Valtteri Niemi. Secure
Vickrey Auctions without threshold trust.
Technical Report 2001/095, International
Association for Cryptologic Research, November
2001
27
Practical e-Auction systems

• eBay and Amazon Auction use Vickrey model with a
  proxy bidder facility
• The bidder tells the proxy a maximum price that
  s/he is willing to pay
• The proxy keeps this information secret and bids
  on the bidders behalf in the ascending auction.
• The highest bidder wins, pays at amount equal to
  the second highest bidder (plus one increment).
• Ebay fixed ending time. Amazon auctions end
  when there have been no new bids for ten minutes.

28
Conclusion

• Three kinds of auction schemes are surveyed
• English auction scheme
• First-price sealed-bid auction scheme
• Second-price sealed-bid auction scheme
• Desired properties
• Bidder privacy
• Correctness of system
• Efficiency