Abstract
We investigate proxy auctions, an auction model which is proving very successful for on-line businesses (e.g., http://www.ebay.com), where a trusted server manages bids from clients by continuously updating the current price of the item and the currently winning bid as well as keeping private the winning client’s maximum bid.
We propose techniques for reducing the trust in the server by defining and achieving a security property, called server integrity. Informally, this property protects clients from a novel and large class of attacks from a corrupted server by allowing them to verify the correctness of updates to the current price and the currently winning bid. Our new auction scheme achieves server integrity and satisfies two important properties that are not enjoyed by previous work in the literature: it has minimal interaction, and only requires a single trusted server. The main ingredients of our scheme are two minimal-round implementations of zero-knowledge proofs for proving lower bounds on encrypted values: one based on discrete logarithms that is more efficient but uses the random oracle assumption, and another based on quadratic residuosity that only uses standard intractability assumptions but is less efficient.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Http://www.ebay.com/.
Abe, M., & Suzuki, K. (2002). M+1-st price auction using homomorphic encryption. In LNCS : Vol. 2274. Proc. of public key cryptography’02 (pp. 115–224). Berlin: Springer.
Bogetoft, P., Damgard, I., Jakobsen, T., Nielsen, K., Pagter, J., & Toft, T. (2006). A practical implementation of secure auctions based on multiparty integer computation. In LNCS : Vol. 4107. Proc. of financial cryptography’06 (pp. 142–147). Berlin: Springer.
Boudot, F. (2000). Efficient proofs that a committed number lies in an interval. In LNCS : Vol. 1807. Proc. of Eurocrypt’00 (pp. 431–444). Berlin: Springer.
Blum, M., De Santis, A., Micali, S., & Persiano, G. (1991). Non-interactive zero-knowledge. SIAM Journal of Computing, 20(6), 1084–1118.
Cachin, C. (1999). Efficient private bidding and auctions with an oblivious third party. In: Proc. of ACM conference CCS’99 (pp. 120–127).
Camenisch, J., Chaabouni, R., & Shelat, A. (2008). Efficient protocols for set membership and range proofs. In LNCS : Vol. 5350. Proc. of Asiacrypt’08 (pp. 234–252). Berlin: Springer.
Cramer, R., Damgård, I., & Schoenmakers, B. (1994). Proofs of partial knowledge and simplified design of witness hiding protocols. In LNCS : Vol. 839. Proc. of Crypto’94 (pp. 174–187). Berlin: Springer.
Canetti, R., Goldreich, O., & Halevi, S. (1998). The random oracle methodology, revisited. In: Proc. of ACM symposium on theory of computing’98 (pp. 209–218).
De Santis, A., Di Crescenzo, G., & Persiano, G. (1994). The knowledge complexity of quadratic residuosity languages. Theoretical Computer Science, 132, 291–317.
De Santis, A., Di Crescenzo, G., & Persiano, G. (2004). On NC1 Boolean circuit composition of non-interactive perfect zero-knowledge. In LNCS : Vol. 3153. Proc. of mathematical foundations of computer science’04 (pp. 356–367). Berlin: Springer.
De Santis, A., Di Crescenzo, G., Persiano, G., & Yung, M. (2008). On monotone formula composition of perfect zero-knowledge languages. SIAM Journal on Computing, 38(4), 1300–1329.
Di Crescenzo, G. (2005). You can prove so many things in zero-knowledge. In LNCS : Vol. 3822. Proc. of CISC’05 (pp. 10–27). Berlin: Springer.
Di Crescenzo, G. (2000). Private selective payment protocols. In LNCS : Vol. 1962. Proc. of Financial Cryptography’00 (pp. 72–89). Berlin: Springer.
Di Crescenzo, G. (1995). Recycling random bits in composed perfect zero-knowledge. In LNCS : Vol. 921. Proc. of Eurocrypt’95 (pp. 367–381). Berlin: Springer.
Di Crescenzo, G., Herranz, J., & Sáez, G. (2004). Reducing server trust in private proxy auctions. In LNCS : Vol. 3184. Proc. of TrusBus’04 (pp. 80–89). Berlin: Springer.
Fiat, A., & Shamir, A. (1986). How to prove yourself: practical solutions to identification and signature problems. In LNCS : Vol. 263. Proc. of Crypto’86 (pp. 186–194). Berlin: Springer.
Feige, U., Lapidot, D., & Shamir, A. (1999). Multiple non-interactive zero knowledge proofs under general assumptions. SIAM Journal on Computing, 29(1), 1–28.
Goldreich, O. (2004). Foundations of cryptography: basic applications. Cambridge: Cambridge University Press.
Goldwasser, S., & Micali, S. (1984). Probabilistic Encryption. Journal of Computer and System Sciences, 28(2), 270–299.
Goldwasser, S., Micali, S., & Rackoff, C. (1989). The knowledge complexity of interactive proof-systems. SIAM Journal on Computing, 18(1), 186–208.
Harkavy, M., Tygar, D., & Kikuchi, H. (1998). Electronic auctions with private bids. In: Proc. of 3rd USENIX workshop on electronic commerce (pp. 61–74).
Juels, A., & Szydlo, M. (2003). A Two-server, sealed-bid auction protocol. In LNCS : Vol. 2357. Proc. of financial cryptography’03 (pp. 72–86). Berlin: Springer.
Kikuchi, H. (2001). (M+1)st-price auction protocol. In LNCS : Vol. 2339. Proc. of financial cryptography’01 (pp. 351–363). Berlin: Springer.
Lipmaa, H. (2003). On diophantine complexity and statistical zero-knowledge arguments. In LNCS : Vol. 2894. Proc. of Asiacrypt’03 (pp. 398–415). Berlin: Springer.
Lipmaa, H., Asokan, N., & Niemi, V. (2002). Secure Vickrey auctions without threshold trust. In LNCS : Vol. 2357. Proc. of financial cryptography’02 (pp. 87–101). Berlin: Springer.
Mao, W. (1998). Guaranteed correct sharing of integer factorization with off-line share- holders. In LNCS : Vol. 1431. Proc. of public-key cryptography’98 (pp. 60–71). Berlin: Springer.
Naor, M., Pinkas, B., & Sumner, R. (1999). Privacy preserving auctions and mechanism design. In: Proc. of the ACM Conference on Electronic Commerce (pp. 129–139).
Pedersen, T. P. (1991). A threshold cryptosystem without a trusted party. In LNCS : Vol. 547. Proc. of Eurocrypt’91 (pp. 522–526). Berlin: Springer.
Sako, K. (2000). An auction protocol which hides bids of losers. In LNCS : Vol. 1751. Proc. of public key cryptography’00 (pp. 422–432). Berlin: Springer.
Schnorr, C. P. (1990). Efficient identification and signatures for smart cards. In LNCS : Vol. 435. Proc. of Crypto’89 (pp. 239–252). Berlin: Springer.
Sakurai, K., & Miyazaki, S. (1999). A bulletin-board based digital auction scheme with bidding down strategy. In: Proc. of CrypTEC’99 (pp. 180–187).
Stubblebine, S., & Syverson, P. (1999). Fair on-line auctions without special trusted parties. In LNCS : Vol. 1648. Proc. of financial cryptography’99 (pp. 230–240). Berlin: Springer.
Teranishi, I., & Sako, K. (2006). K-times anonymous authentication with a constant proving cost. In LNCS : Vol. 3958. Proc. of public key cryptography’06 (pp. 525–542). Berlin: Springer.
Vickrey, W. (1961). Counterspeculation, auctions, and competitive sealed tenders. Journal of Finance, 16(1), 8–37.
Yuen, T. H., Huang, Q., Mu, Y., Susilo, W., Wong, D. S., & Yang, G. (2009). Efficient non-interactive range proof. In LNCS : Vol. 5609. Proc. of Cocoon’09 (pp. 138–147). Berlin: Springer.
Author information
Authors and Affiliations
Corresponding author
Additional information
G. Di Crescenzo: Part of this work done while visiting UPC, Spain.
J. Herranz and G. Sáez: Work partially supported by Spanish MICINN Ministry, project TSI2006-02731.
Rights and permissions
About this article
Cite this article
Di Crescenzo, G., Herranz, J. & Sáez, G. On server trust in private proxy auctions. Electron Commer Res 10, 291–311 (2010). https://doi.org/10.1007/s10660-010-9057-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-010-9057-x