1 / 49

Implementing e-auctions with sharemind

Implementing e-auctions with sharemind. MTAT.07.006 Research Seminar in Cryptography Md.Sadek Ferdous. Outline. Introduction Type of auction Problems with the traditional auction Electronic Auctions Proposed Solution Conclusion. Introduction.

keiki
Download Presentation

Implementing e-auctions with sharemind

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementing e-auctions with sharemind MTAT.07.006 Research Seminar in CryptographyMd.Sadek Ferdous

  2. Outline • Introduction • Type of auction • Problems with the traditional auction • Electronic Auctions • Proposed Solution • Conclusion

  3. Introduction • Auction is a flexible trading method based on competition. • 探討電子式拍賣的安全性與常見的議題

  4. Outline • Introduction • Type of auction • Problems with the traditional auction • Electronic Auctions • Proposed Solution • Conclusion

  5. Open cry auction(公開競價拍賣)English auction(英國式)

  6. Open cry auction(公開競價拍賣)Dutch auction(荷蘭式)

  7. Sealed bid auction(密封式競價拍賣)Sealed first priced auction(密封第一次競價拍賣)

  8. Sealed bid auction(密封式競價拍賣)Vickrey auction

  9. Multi-item auction(多物品拍賣) Discriminative auction(區分式拍賣)

  10. Multi-item auction(多物品拍賣)Non-discriminate auction(不區分式拍賣)

  11. Multi-item auction(多物品拍賣)Combinatorial auction(組合式拍賣)

  12. Multi-item auction(多物品拍賣)Walrasian auction

  13. All pay auction(標會)

  14. Buyout auction(買斷)Permanent(永久式)

  15. Buyout auction(買斷)Temporary(臨時式)

  16. No-reserve auction(不預定式拍買)

  17. Reserve auction(預定式拍賣)

  18. Reverse auction(反轉式拍賣)

  19. Round robin auction

  20. Outline • Introduction • Type of auction • Problems with the traditional auction • Electronic Auctions • Proposed Solution • Conclusion

  21. Bid shielding

  22. Collusion(共謀)

  23. Bid schilling

  24. Bid sniping

  25. Bid siphoning

  26. Misrepresented or non-existent items

  27. Outline • Introduction • Type of auction • Problems with the traditional auction • Electronic Auctions • Proposed Solution • Conclusion

  28. Advantage • No time constraint(無時間限制) • No geographical constraint(無地點限制) • Potentially large number of sellers and buys(潛在地大量賣家與買家)

  29. Challenge • Mode of payment(付款模式) • Fraudulency(詐欺) • Posting winning item(得標物品傳送) • Dependability and security(可靠性與安全性) • Guarding against problems of traditional auction(預防傳統拍賣問題) • The bidding process as a whole(競價過程是整體性)

  30. Auction process(1/2) • Initialization(初始) • 拍賣商或是線上拍賣管理者設定以下資訊並公開:預拍賣物品清單、先訂好的規則與期限。 • Bidder registration(買家登記) • 有人想要參與競價時必須註冊登記,此時他必須提供個人資料,用這作為付款依據。這步驟用來確保只有有效的買家才能參與競價過程。

  31. Auction process(2/2) • Bidding(競價) • 在這階段,有效的買家可以對物品出價。拍賣商檢查其有效性,也要確定是否遵守競價規則,如果所有要求達成,這競價價格就被接受。 • Winner determination(決定得標者) • 根據競價方針,能在任何時間或是期限之後決定得標者。這個過程,拍賣商要相當關鍵且保證公平,這必須要公開驗證。

  32. Security considerations of online auction(1/3) • Unforgeability(非偽造性) • 每個買家應該是自然且獨特,這樣不會被其他買家所偽裝。 • Non-repudiation(不可否認性) • 我們必須確保買家的競價是不可否認的,這樣當買家得標後不會拒絕這次交易。

  33. Security considerations of online auction(2/3) • Anonymity(匿名性) • 在競價價格與買家之間不能是線性相關。 • Public verifiability(公開驗證) • 所有競價必須要公開驗證,讓任何買家都能遵循在拍賣協定中檢查競價。這樣不僅能保有有效性且能讓其他買家確認得標者。

  34. Security considerations of online auction(3/3) • Robustness(堅實性) • 拍賣系統必須不受違法競價與無效買家所影響。 • Efficiency(效率性) • Time complexity包含檢查有效的競價與買家、決定得標者、註冊等等。 • Fairness(公平性) • 所有競價與買家的優勢必須相同。

  35. Design issues(1/2) • Trust issue • 協定設計依賴拍賣商的可信賴度。如果假設拍賣商是可信賴的,那麼一些問題就解決了,但是仍有幾個問題。所以總是有理由的假設拍賣商是不可信賴的且協定的設計要在這假設之下,這樣能透過TTP來協商,才能信任。

  36. Design issues(2/2) • Anonymity issue • 競價價格與買家不能有線性關係,這樣才有高等級的公平性。兩個團體的群體簽章,能達成匿名性。 • Bid authentication issue • 每筆競價必須有確切的認證,才不會被無效的買家出價。群體簽章也能達成。

  37. Outline • Introduction • Type of auction • Problems with the traditional auction • Electronic Auctions • Proposed Solution • Conclusion

  38. Sharemind(1/2) • Secret Sharing的技術 • 必須要所有Share有效,才能把Secret還原 • 由miner node與controller node所組成

  39. Sharemind(2/2) Data Base Controller 1 Miner 1 Stack Controller 2 Data Base Stack Miner 1 Miner 1 Controller n Data Base Stack

  40. The parties of E-Auction(1/2) • Auctioneer • 建立一個拍賣並公開。提供一個臨時的token給每一個獨立的買家。 • Bidder • 任何一個對這拍賣有興趣想參與的人。 • Registrar • 註冊每一個有效的買家,並提供secret key給買家使用。

  41. The parties of E-Auction(2/2) • Miners • 執行匿名計算並對競價資料作data mining algorithm。也能驗證競價資料的有效性。 • Controller • 提供interface在買家跟miner之間。每一筆買家的競價由miner核可後送到controller。也在競價資料上簽名做為買家的代表。

  42. Auction step - Initialization • 拍賣商建立一個拍賣,並公開。 • Registrar設定group certificate。

  43. Auction step - Registration • 想要參與的買家必須註冊。他產生他自己的公密鑰對。買家寄訊息給拍賣商,拍賣商給買家token。 • 買家用接收到的token與registrar溝通。驗證token,registrar發identity與group certificate給買家。買家把公鑰給registrar。

  44. Auction step – Bidding(1/2) • 每一筆競價資料都送到controller,controller用買家的private key對競價資料簽章並切成3份share,每份share都用group certificate所產生的group signature簽章。用private key簽章能增加競價的驗證性;群簽則是增加匿名性。

  45. Auction step – Bidding(2/2) • 3份share分別寄給不同的miner。每個miner用group public key對share驗證其有效性,並儲存到自己的database。由於group signature的unlikable特性,對任何的miner都不可能知道每筆share跟買家之間的關聯。 • 拍賣期間結束,miner決定最高競價並把競價與對應的簽章寄給拍賣商。

  46. Auction step - Winner Determination(1/2) • 拍賣商公開得標價,並詢問得標者的identity • 得標者回應他的identity並在對應的競價資料簽章。 • 拍賣商與registrar溝通,來取得public key與identity有關聯的token

  47. Auction step - Winner Determination(2/2) • 拍賣商驗證簽章是否跟競價資料簽章符合。 • 如果符合,拍賣商公開得標者identity • 如果有多筆相同競價資料或是多個得標者,將進行第二回合的拍賣,但是不用執行registration phase

  48. Outline • Introduction • Type of auction • Problems with the traditional auction • Electronic Auctions • Proposed Solution • Conclusion

  49. Conclusion • 利用Sharemind跟群簽的組合來實作電子拍賣 • 只有Sealed bid auction(密封式競價拍賣)才有價值,希望能發展其他形式的拍賣。

More Related