1 / 28

Survey on e-Auction

Survey on e-Auction. Presenter Nguyen Hoang Anh NordSecMob. Outline. Introduction to e-Auction What is auction? Desired properties for an e-Auction scheme Basic e-Auction protocol e-Auction scheme English auction First-price sealed bid auction

gada
Download Presentation

Survey on e-Auction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Survey on e-Auction Presenter Nguyen Hoang Anh NordSecMob

  2. Outline • Introduction to e-Auction • What is auction? • Desired properties for an e-Auction scheme • Basic e-Auction protocol • e-Auction scheme • English auction • First-price sealed bid auction • Second-price sealed bid auction (Vickrey auction) • Conclusion

  3. Introduction to e-Auction • An auction is a method of trading goods that do not have a fixed price • Auction is based on competition and reflects the essential of market • The sellers wish to sell their goods as high as possible, the buyers want to pay as little as necessary • Roles: Bidder (buyer) – Seller – Auctioneer (trusted third party)

  4. Introduction to e-Auction • Types of auctions: • English auction • Dutch auction • Sealed-bid auction: First-price, Second-price, (M+1)st-price

  5. Desired properties • Non-repudiation • No framing • Traceability • Public verifiability • Unlinkability • Robustness • Efficiency of bidding

  6. Desired properties • Fairness • All bids should be dealt with in a fair way, e.g., no information about bidding will be disclosed to give any bidder unfair advantage • Bidder privacy • No bidder’s identity or trading history will be revealed even after the auction session. • The secrecy of losing bids should be kept. • Correctness of system • The winning bid is the highest among bids were placed. The winner is the person who made that bid

  7. Basic auction protocol • Initialization • Auctioneer sets the system parameters and publishes them • Bidder registration • A bidder sends the Auctioneer her/his public key to register • Auction preparation • The Auctioneer computes the preparation data for each auction. A bidder may download her/his information for bidding • Bidding • A bidder computes her/his bid information and places her/his bid • Opening a winning bid • The Auctioneer computes only a winning bid while keeping the other bids secret (not needed in public auction) • Winner decision • The Auctioneer identifies only a winner while keeping loser’s anonymity

  8. English auction scheme • Proof of knowledge • PK(y = P()) is the proof of knowledge between two parties • given the publicly known value y, the Prover knows the value of  such that the predicate P() is true. • Signature based on a Proof of Knowledge (SPK) • SPK[(): y = g] (m)

  9. English auction scheme • 2 Bulletin Board System (BBS) • Bulletin board is a place where people can leave public messages, e.g., to advertise things, announce events, or provide information • Can be read by anybody, but can be written only by an authority => Help reduce communication complexity • 2 separate roles • AM: Auction Manager • Prepare for auctions • Carry out several auctions • Manage the current bid value • RM: Registration Manager • Manager the participants of auctions • Prepare for auctions • Identifies a certain bidder at the request of AM

  10. 2. Preparation gr grs Public keys 6. Winner decision V31 V31=SPK[():T1 = (y1r)] (mR) 6. Winner decision V31 V31=SPK[():T1 = (y1r)] (mR) y3r y1r y2r : • T2 = y2rs • T3 = y3rs • T1 = y1rs • : Alice : y1 Bob : y2 Carol : y3 : Current bid value 3. grs • Registration • (y1, V11) • V11 = SPK[(): y1 = g] (mR) 5. Bidding (3, m1, V21) V21 = SPK[(): T1 = (grs)] (mR) Alice (y1, x1, m1) y1 = gx1 English auction scheme 4. T1 = (grs)x1 Kazumasa OMOTE. A study on Electronic Auctions, 2002

  11. English auction scheme • Properties • Linkability in an auction (same Ti in one auction) • Unlinkability among different auctions (different Ti-s for different auctions) • No single authority can break anonymity and secrecy of bids

  12. First-price sealed-bid auction • Desired properties • Secrecy of bidding price => open bids from highest possible price to the winning price, all the lower prices are kept secret • Verifiability => Use public key encryption systems or hash chain technique • Undeniability => The bidder needs to sign for his bid • Anonymity => Bidders register to a registration center and get their keys for signature scheme

  13. First-price sealed-bid auction • Undeniable signature scheme • Signing algorithm • Verification protocol • a signature can only be verified with the help of the signer => Avoid replay attack • Disavowal protocol • allows the signer to prove whether a given signature is a forgery => The signer cannot deny his valid signature

  14. Disavowal My sig was the valid signature of j Sig1(b1) My sig was not a valid signature of j Sig2(b2) My sig was not a valid signature of j Sig3(b3) My sig was not a valid signature of j First-price sealed-bid auction Undeniable signature of bidding price Sig1(b1) Sig2(b2) Sig3(b3) Bidder 1: b1 Auctioneer Price list {1, 2,…, n} Bidder 2: b2 Bidder 3: b3 j = n j = n - 1 Winning bid j Winning bidder Bidder 2 j Sakurai and Miyazaki. A bulletin-board based digital auction scheme with bidding down strategy. In Proc. International Workshop on Cryptographic Techniques and E-Commerce, 1999

  15. First-price sealed-bid auction Sakurai and Miyazaki. A bulletin-board based digital auction scheme with bidding down strategy. In Proc. International Workshop on Cryptographic Techniques and E-Commerce, 1999

  16. First-price sealed-bid auction • Drawbacks of the protocol • All bidders have to communicate with the auctioneer in opening phase => Protocol 2

  17. EK_b1(M_b1) EK_b2(M_b2) EK_b3(M_b3) First-price sealed-bid auction Bidder 1: b1 Auctioneer Price list {1, 2,…, n} {(K_1; M_1), (K_2; M_2)…, (K_n; M_n)} Bidder 2: b2 Bidder 3: b3 • j = n • Check the equality EK_j(C_bi) = M_j ? • If such C_bi exists: winning bid is j, winning bidder is i • - If there is no such C_bi: j = j – 1, repeat above step Sako. Universally verifiable auction protocol which hides losing bids. In Proc Of SCIS’99, pages 35-39

  18. First-price sealed-bid auction Sako. Universally verifiable auction protocol which hides losing bids. In Proc Of SCIS’99, pages 35-39

  19. First-price sealed-bid auction • Advantage • Bidders need not to communicate with the auctioneer in opening phase • Disadvantage • Malicious auctioneer can reveal all bidding prices => Use plural auctioneers and distributed decryption technique

  20. First-price sealed-bid auction • Problems with sealed-bid auction methods using public key cryptosystems • Computationally expensive • Require a lot of communication • Limit the number of bidders and the range of bidding prices

  21. (Bid1, Sig1(Bid1)) S11 (Bid2, Sig2(Bid2)) S12 (Bid3, Sig3(Bid3)) S13 hk(Sai) Sa1 Sa2 Sa3 First-price sealed-bid auction Publishes (Bid_i,Sigi(Bid_i) Auctioneer 1 Bidder 1: P1 Secret seeds: (S11, S21,...,Sa1) Check hash chain for all bidders bi = h(hk(S1i)|hk(S2i)|…|hk(Sai)) ??? Publishes hk(Sij) Bidder 2: P2 Secret seeds: (S21, S22,…,Sa2) k = n k = k - 1 Auctioneer a Bidder 3: P3 Secret seeds: (S13, S23,…,Sa3) Bidi = {bi, c1i, c2i, …, cai} bi = h(hPi(S1i)|hPi(S2i) | … | hPi(Sai)) cji = hn+1(Sji) K. Suzuki, K. Kobayashi, and H. Morita. Efficient sealed-bid auction using hash chain. Proceedings of the Third International Conference on Information Security and Cryptology, Vol. 2015 of Lecture Notes In Computer Science, pages 183 – 191, 2000. Springer-Verlag. ISBN 3-540-41782-6

  22. First-price sealed-bid auction • Secrecy of bidding price • Bids are opened from the highest price to the winning price • Hash chain is distributed to plural auctioneers => losing bid prices are kept secret (besides the case all auctioneers collude) • Verifiability • Anyone can verify the correctness of the hash chains which are already published • Undeniability • The signer has to sign for his bid • Anonymity • Each bidder can use his public key of signature to bid anonymously • Efficiency

  23. Vickrey auction • Vickrey auction scheme • The bidder who offers the highest bid price gets the good at the second-highest price • Attractive theoretical properties • The dominant strategy for each bidder is to place a bid honestly according to her/his own true value • Rarely used in practice • Auctioneer may change the outcome of auctions • Auctioneer may reveal bidders’ private information

  24. Vickrey auction scheme • Homomorphic encryption scheme • EK(m1; r1) . EK(m2; r2) = EK (m1+m2; r1+r2) • Range proof: integer commitment scheme, plus range checking • PK(c=EK(,)    [L,H])

  25. Vickrey auction scheme • Notations • S: seller • A: auction authority • B: maximum number of bidders • V: maximum number of different bids • (X1, …, XB): vector of bids in a nonincreasing order • In public-key cryptosystem (G,E,D), c = EK(m; r) denote the encryption of m by using a random coin r under they key K. • H: hash function

  26. E=∏i Epk(Bbi) Sig1(Epk(Bb1)) X2 X2 Sig2(Epk(Bb2)) X2 X2 Sig3(Epk(Bb3)) My bid was higher than X2 Vickrey auction Auctioneer’s public key: pk Bidder 1: b1 Auctioneer Secret key: sk Seller Bidder 2: b2 Decrypt E Learn bid statistic Bidder 3: b3 Helger Lipmaa, N. Asokan, Valtteri Niemi. Secure Vickrey Auctions without threshold trust. Technical Report 2001/095, International Association for Cryptologic Research, November 2001

  27. Practical e-Auction systems • eBay and Amazon Auction use Vickrey model with a proxy bidder facility • The bidder tells the proxy a maximum price that s/he is willing to pay • The proxy keeps this information secret and bids on the bidder’s behalf in the ascending auction. • The highest bidder wins, pays at amount equal to the second highest bidder (plus one increment). • Ebay: fixed ending time. Amazon: auctions end when there have been no new bids for ten minutes.

  28. Conclusion • Three kinds of auction schemes are surveyed • English auction scheme • First-price sealed-bid auction scheme • Second-price sealed-bid auction scheme • Desired properties • Bidder privacy • Correctness of system • Efficiency

More Related