Batch verification of validity of bids in homomorphic e-auction
Introduction
In a sealed-bid auction scheme, each bidder chooses his evaluation from a number of biddable prices and submits it to some auctioneers, who then open the bids and determine the winning price and winner(s) according to a pre-defined auction rule. The commonly applied auction rules include first bid auction (the bidder with the highest bid wins and pays the highest bid), Vickrey auction (the bidder with the highest bid wins and pays the second highest bid) and the ρth bid auction (the bidders with the ρ − 1 highest bids win, pay the ρth highest bid and each get an identical item). The first-bid auction and Vickrey auction can be regarded as special cases of the ρth bid auction, which is a general solution. An auction must be correct, namely the auction result is strictly determined according to the auction rule. Fairness is necessary in any auction such that no bidder can take advantage over other bidders. Usually, bid privacy must be kept in an auction scheme, which means in the course of bid opening no losing bid is revealed.
When bid privacy must be kept in a non-interactive auction,1 an efficient bid opening function is homomorphic secret reconstruction [8], [10], [9], [15]. To adopt this bid opening function, one-selection-per-price principle and homomorphic bid sharing mechanism must be employed. Each bidder has to submit a bidding selection at every biddable price to indicate whether he is willing to pay that price (“YES” or “NO”). Every selection is sealed with a homomorphic secret sharing function, so that the auctioneers can use a homomorphic secret reconstruction function to determine whether the number of bidders willing to pay a price is over ρ without revealing any bidding selection. When this homomorphic bid opening mechanism is applied together with binary search strategy, the winning bid can be determined very efficiently.
In homomorphic e-auction, each bidding selection must be in some special range (certain values standing for “YES” or “NO”) to guarantee correctness and fairness of the auction. So validity of the bids must be proved by the bidders and verified publicly. However, all the existing homomorphic auction schemes [8], [10], [9], [15] ignore bid validity check. An attack to compromise correctness and fairness in the absence of bid validity check is presented in this paper to demonstrate necessity of bid validity check. Then implementation of bid validity check in homomorphic auction is proposed. As proof and verification of bid validity is highly inefficient, a batch cryptographic technique is proposed and applied to improve the efficiency of bid validity check. With the help of a new 1-out-of-w oblivious transfer technique, validity of bids can be efficiently proved and verified.
Section snippets
Symbols and parameters
The following symbols and parameters will be used in this paper.
- •
w represent the number of biddable prices in auction.
- •
E( ) denotes encryption.
- •
D( ) denotes decryption.
- •
〈x〉 : the bit length of integer x.
- •
ExpCost (x) denotes the number of multiplications needed to calculate an exponentiation with an x-bit exponent. ExpCosty (x) denotes the number of multiplications needed to calculate the product of y exponentiations with x-bit exponents.
- •
Two large primes p and q are chosen, such that p = 2q + 1 and w < q.
Related work
Homomorphic auction and two related cryptographic tools, batch verification and oblivious transfer are recalled in this section. The two tools will be improved and then employed later in this paper to optimize homomorphic auction.
Necessity and implementation of bid validity check
Necessity and implementation of bid validity check in homomorphic auction are discussed in this section.
Efficiency improvement of bid validity check
The bid validity check mechanism in Section 4.2 is so inefficient, that it becomes an efficiency bottleneck. So, it is optimised in efficiency in this section. The efficiency improvement is based on two new cryptographic primitives: a new batch verification primitive and a new 1-out-of-w oblivious transfer technique, which are extensions of the existing schemes described in Section 3.
Analysis
In this section, we show that the optimised bid validity check mechanism using batch verification is correct, sound, zero knowledge, and efficient.
Conclusion
Bid validity check is necessary in homomorphic auction schemes to prevent attack against correctness and fairness. However, bid validity check is usually costly. Batch verification technique and oblivious transfer can be combined to significantly improve efficiency of bid validity check in homomorphic auction schemes without compromising bid privacy.
Acknowledgement
We acknowledge the support of the Australian Research Council through ARC Discovery Grant No. DP0345458.
Dr. Kun Peng is a postdoctoral research fellow at ISI (information security centre) of Queensland University of Technology, Australia. He got his Ph.D. at ISI, QUT; his master degree in Computer Security and Privacy and bachelor degree in Computer Software at Huazhong University of Science and Technology, China. His research interest includes secure e-commerce and e-government, secure computation, zero knowledge proof, batch cryptology, anonymous channel and secure mobile agent.
References (17)
- et al.
Batch verification for equality of discrete logarithms and threshold decryptions
- et al.
Fast batch verification for modular exponentiation and digital signatures
- et al.
Attacking and repairing batch verification schemes
Secret sharing homomorphisms: keeping shares of a secret secret
- et al.
Proofs of partial knowledge and simplified design of witness hiding protocols
- L. Harn. Batch verifying multiple DSA-type digital signatures, in: Electronics Letters, vol. 34, no. 9, 1998, pp....
- A. Juels, M. Szydlo. An two-server auction protocol, in: Proc. of Financial Cryptography, 2002, pp....
- H. Kikuchi, Michael Harkavy, J.D. Tygar. Multi-round anonymous auction, in: Proceedings of the First IEEE Workshop on...
Cited by (18)
Comprehensive survey on privacy-preserving protocols for sealed-bid auctions
2020, Computers and SecurityCitation Excerpt :In some auction protocols, for example (Kikuchi, 2002; Kikuchi et al., 1999; 2000; Peng et al., 2002b) efficiency is improved by using homomorphic bid opening during the winner determination phase. An attack producing invalid bids can have detrimental impacts as shown in Peng et al. (2006). Specifically, an attack of invalid bids can affect quality of correctness and fairness.
An Optimal Strategy for Determining True Bidding Values in Secure Spectrum Auctions
2019, IEEE Systems JournalCellular communications systems in congested environments: Resource allocation and end-to-end quality of service solutions with MATLAB
2016, Cellular Communications Systems in Congested Environments: Resource Allocation and End-to-End Quality of Service Solutions with MATLABA Multitier Wireless Spectrum Sharing System Leveraging Secure Spectrum Auctions
2015, IEEE Transactions on Cognitive Communications and NetworkingSecure national electronic voting system
2014, Journal of Information Science and EngineeringEfficient homomorphic sealed-bid auction free of bid validity check and equality test
2014, Security and Communication Networks
Dr. Kun Peng is a postdoctoral research fellow at ISI (information security centre) of Queensland University of Technology, Australia. He got his Ph.D. at ISI, QUT; his master degree in Computer Security and Privacy and bachelor degree in Computer Software at Huazhong University of Science and Technology, China. His research interest includes secure e-commerce and e-government, secure computation, zero knowledge proof, batch cryptology, anonymous channel and secure mobile agent.