Presentation is loading. Please wait.

Presentation is loading. Please wait.

SRIRAM KRISHNAMACHARI MEHRDAD NOJOUMIAN KEMAL AKKAYA SOUTHERN ILLINOIS UNIVERSITY CARBONDALE FLORIDA ATLANTIC UNIVERSITY FLORIDA INTERNATIONAL UNIVERSITY.

Published byHayley Swanson Modified over 9 years ago

Similar presentations

Presentation on theme: "SRIRAM KRISHNAMACHARI MEHRDAD NOJOUMIAN KEMAL AKKAYA SOUTHERN ILLINOIS UNIVERSITY CARBONDALE FLORIDA ATLANTIC UNIVERSITY FLORIDA INTERNATIONAL UNIVERSITY."— Presentation transcript:

1 SRIRAM KRISHNAMACHARI MEHRDAD NOJOUMIAN KEMAL AKKAYA SOUTHERN ILLINOIS UNIVERSITY CARBONDALE FLORIDA ATLANTIC UNIVERSITY FLORIDA INTERNATIONAL UNIVERSITY Implementation and Analysis of Dutch- Style Sealed-Bid Auctions: Computational vs Unconditional Security

2 Outline Introduction: Auctions and its types Sealed bid auction Sealed bid auction properties Motivation and Contribution Protocols being compared Comparison parameters Evaluation and comparison Conclusion

3 Auctions Auction:  A mechanism in which a group of bidders (buyers) compete to buy a product  The auctioneer (seller) sells the item to the bidder who has proposed the highest bid Types:  English auction - bidders continuously bid for a higher price  Dutch-style auction, the auctioneer continuously reduces the price of the item until a bidder agrees to buy the item for that specific price  First-price auction, the bidder who proposes the highest price wins and pays the amount that he has offered  Second-price auction, the bidder who proposes the highest price wins, however, he pays the amount of the second-highest price  Sealed-bid auction of any type, the bidders seal their bids by using closed envelopes

4 Sealed-Bid Auction The bids are not kept private in an open auction Auctioneers or a group of bidders may collude to use the past losing bids to maximize the auction revenue. In a sealed-bid auction, the bidders seal their bids by a cryptographic method and submit their evaluations to the auctioneer The winner is identified and the selling price is determined without revealing the losing bids Neither allows the auctioneers and/or bidders to collude nor it reveals any information about the bidding trend Can be utilized for any type of auction

5 Sealed-Bid Auction: Properties Correctness:  The auction process must provide correct outcomes, i.e., winner and selling price. Privacy:  The losing bids must not be revealed to the auctioneer and the other participating bidders. Verifiability:  All parties who may exchange money must be able to verify the auction outcomes. Fairness:  Bidders should not modify/deny the bids that they have submitted, a.k.a, non-repudiation.

6 Secure Protocols Computationally Secure:  the adversary has limited computational capability Unconditionally Secure:  the adversary has unlimited computational power Passive adversary:  Adversaries follow the protocol and may attempt to learn the secret e.g., losing bids, auction price trend Active adversary:  Adversaries try to learn the secret and also deviate the protocol

7 Dutch Style Sealed Bid Auctions Auctioneer initiates the auction with some parameters Bidding phase:  The bidders choose their evaluations from the price set and submit their sealed-bids only once  The bidding phase ends after a predefined time Opening phase:  The selling price starts from the maximum price and it is decreased step by step until a bidder claims as the winner  The winner’s bid is opened for verification  The losers must prove that their bids have been less than the winning price without opening their bids

8 Motivation and Contribution Aims at evaluation of five different Dutch-style sealed- bid auction protocols Compare the selected protocols in terms of the computational complexity, i.e., initialization and verification times How these measurement parameters vary once the assumption, security or adversarial model change. The schemes are chosen from the same class of secure auction protocols (Dutch-style sealed bid)

9 Motivation and Contribution (Cont.) Each candidate is evaluated with various price ranges, modulus sizes, and number of bidders and auctioneers Analysis demonstrates how our measurement parameters vary across protocols when the price range, the modulus size, and the number of bidders and auctioneers are modified

10 1. Undeniable Signature Scheme (USS) (Sakurai and Miyazaki, 1999) proposes the first Dutch- style sealed-bid auction protocol Public bulletin board to implement the auction Each bidder verifies the auction results as the results are published on the bulletin board An undeniable signature scheme  A prover has to convince the verifier for the equality or inequality of two discrete logarithms A registration authority to certify bidder’s public key

11 2. Public-Key Encryption Scheme (PES) Overcomes the computational complexity problem of (Sakurai and Miyazaki, 1999) Based on ElGamal public key cryptosystem Bidder posts his bid in the form of an encrypted message Utilizes a probabilistic encryption of a bid in such a way that the bid is not decrypted unless it is the winning bid Single or Multiple auctioneer

12 3. Hash Chain Scheme (HCS) In (Sako, 2000) multiple-auctioneer model, a malicious auctioneer can reveal the losing bids In (Suzuki et al., 2000), a distributed decryption method is used in a multiple-auctioneer setting Protocol employs hash functions to create hash chains for encryption and decryption

13 4. Multicomponent Commitment (VNR & EVNR) Unconditionally secure Dutch-style sealed-bid auction protocols by (Nojoumian and Stinson 2010) Do not require any auctioneer to participate in the bidding and opening phases Trusted initializer initiates the auction & then leaves Initialization phase:  Each bidder receives some information from the initializer  and  denote the minimum and maximum prices respectively, i.e.,  =  -  +1

14 Multicomponent Commitment (Cont.) Bidding phase:  Bidders are connected through point-to-point secure channels  Each bidder β i commits to his bid β i  [ ,  ] Opening phase:  Bidders determine the auction outcomes on their own.  The winner reveals his bid  The losers prove that their bids had been less than the wining price Computations are performed in Z q. The prime q must be large enough such that n 2 /q be very small.

15 System Configuration Microsoft Visual Studio Crypto++ library Intel i7-2600 CPU @ 3.4GHz processor 16GB RAM The Diffie-Hellman library in Crypto++ was used to generate large prime numbers for the protocols Price range set as P1 to P100, P75, P50 or P25 Three combinations of bidders (i.e., 25, 50 and 75) Various modulus sizes (i.e., 128, 256, 512 and 1024)

16 Challenges In (Nojoumian and Stinson, 2010; Nojoumian, 2012)  Point-to-point channels among bidders required n-1 ports for every single bidder, i.e., n(n-1) ports for n bidders  Since the bidders conducted the auction on their own, the opening phase had to be synchronized  Notify-&-receive method was utilized to resolve this issue  Notify-&-receive technique led to an increased verification time  Real implementation of synchronized channels had been a big challenge & still under debate among software engineers  unconditionally secure protocols were only tested with 25 and 50 bidders since they were computationally intensive

17 Analysis Computational Protocols  USS: Undeniable Signature Scheme  PES: Public-Key Encryption Scheme  HCS: Hash Chain Scheme

18 USS Initialization An amplification in initialization time when the modulus size is increased Expected as generating large primes for larger modulus is more time- consuming

19 USS Verification The verification times varies with the price range, modulus size and number of bidders The longer verification time is mainly attributed to the presence of bidders in the opening phase as the auctioneer and bidders exchange

20 PES Initialization Initialization time same as USS as the parameters are same An amplification in initialization time when the modulus size is increased

21 PES Verification Reduced verification time compared to USS No significant variation in the verification time for similar changes in the auction parameters The computation load is fully on the auctioneer and the bidders do not participate in the opening phase

22 HCS Initialization Employs multiple auctioneers No significant effect on initialization time and time same as USS and PES as the parameters are same

23 HCS Verification Verification time varies with the number of auctioneers as well as the price range, modulus size and the number of bidders Varying the number of auctioneers has potential impact on verification time

24 Analysis Unconditional Protocols  Multicomponent Commitment Schemes  VNR: Verifiable Protocol with Non-Repudiation  EVNR: Efficient Verifiable Protocol with Non-Repudiation

25 VNR Initialization The initialization time is directly proportional to the size of the price set, modulus size and the number of bidders Time varies from 6 to 36 seconds for various modulus sizes

26 VNR Verification Restricted the test cases to 128 bit modulus and 25 and 50 bidders due to a high computational cost of these protocols Maximized to 3 minutes when price range is 25%, modulus is 128 and number of bidders is 50 respectively

27 EVNR Initialization Number of commitments is optimized by a logarithmic factor , i.e.,  =  log 2  The number of polynomials is reduced drastically

28 EVNR Verification Restricted the test cases to 128 bit modulus and 25 and 50 bidders due to a high computational cost of these protocols maximized to 48 seconds when price range is 25%, modulus is 128 and number of bidders is 50 respectively which is a major improvement

29 Computational Vs Conditional Among computationally secure protocols, the initialization time of PES protocol is higher than the other two protocols

30 Computational Vs Conditional Within the unconditionally secure protocols, EVNR is executed much faster Unconditionally secure protocols take more time in both phases, however, they can be run without any auctioneers and provide a higher level of security

31 Conclusion Unconditionally secure protocols are more expensive, however, they provide a higher level of security The computationally secure protocols are faster but they rely on computational assumptions Selecting an appropriate sealed-bid auction protocol is a trade off between the level of security and the time complexity

32 Thank You

33 Questions/Comments

Download ppt "SRIRAM KRISHNAMACHARI MEHRDAD NOJOUMIAN KEMAL AKKAYA SOUTHERN ILLINOIS UNIVERSITY CARBONDALE FLORIDA ATLANTIC UNIVERSITY FLORIDA INTERNATIONAL UNIVERSITY."

Similar presentations

(Single-item) auctions Vincent Conitzer v() = $5 v() = $3.

(Single-item) auctions Vincent Conitzer v() = $5 v() = $3.
CPS 296.1 Bayesian games and their use in auctions Vincent Conitzer

CPS Bayesian games and their use in auctions Vincent Conitzer
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Chapter 25: Auctions and Auction Markets 1 Auctions and Auction Markets.

Chapter 25: Auctions and Auction Markets 1 Auctions and Auction Markets.
Bidding Strategy and Auction Design Josh Ruffin, Dennis Langer, Kevin Hyland and Emmet Ferriter.

Bidding Strategy and Auction Design Josh Ruffin, Dennis Langer, Kevin Hyland and Emmet Ferriter.
1 Project 2 Bidding on an Oil lease. 2 Project 2- Description Bidding on an Oil lease Business Background Class Project.

1 Project 2 Bidding on an Oil lease. 2 Project 2- Description Bidding on an Oil lease Business Background Class Project.
Securing Auctions using Cryptography Richard Barnes Cryptography Applications Bistro University of Virginia, March 16, 2004 Richard Barnes Cryptography.

Securing Auctions using Cryptography Richard Barnes Cryptography Applications Bistro University of Virginia, March 16, 2004 Richard Barnes Cryptography.
Multi-item auctions with identical items limited supply: M items (M smaller than number of bidders, n). Three possible bidder types: –Unit-demand bidders.

Multi-item auctions with identical items limited supply: M items (M smaller than number of bidders, n). Three possible bidder types: –Unit-demand bidders.
Survey on e-Auction PresenterNguyen Hoang Anh NordSecMob.

Survey on e-Auction PresenterNguyen Hoang Anh NordSecMob.
Auctions An auction is a mechanism for trading items by means of bidding. Dates back to 500 BC where Babylonians auctioned of women as wives. Position.

Auctions An auction is a mechanism for trading items by means of bidding. Dates back to 500 BC where Babylonians auctioned of women as wives. Position.
1 Chapter 6: Auctions SCIT1003 Chapter 6: Auctions Prof. Tsang.

1 Chapter 6: Auctions SCIT1003 Chapter 6: Auctions Prof. Tsang.
Private-value auctions: theory and experimental evidence (Part I) Nikos Nikiforakis The University of Melbourne.

Private-value auctions: theory and experimental evidence (Part I) Nikos Nikiforakis The University of Melbourne.
Auctions Ruth Tarrant. Classifying auctions What is the nature of the good being auctioned? What are the rules of bidding? Private value auction Common.

Auctions Ruth Tarrant. Classifying auctions What is the nature of the good being auctioned? What are the rules of bidding? Private value auction Common.
The Economics of Information

The Economics of Information
The Science of Networks 6.1 Today’s topics Game Theory Normal-form games Dominating strategies Nash equilibria Acknowledgements Vincent Conitzer, Michael.

The Science of Networks 6.1 Today’s topics Game Theory Normal-form games Dominating strategies Nash equilibria Acknowledgements Vincent Conitzer, Michael.
A Prior-Free Revenue Maximizing Auction for Secondary Spectrum Access Ajay Gopinathan and Zongpeng Li IEEE INFOCOM 2011, Shanghai, China.

A Prior-Free Revenue Maximizing Auction for Secondary Spectrum Access Ajay Gopinathan and Zongpeng Li IEEE INFOCOM 2011, Shanghai, China.
Competitive Auctions Review Rattapon Limprasittiporn.

Competitive Auctions Review Rattapon Limprasittiporn.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Auction. Definition An auction is a process of buying and selling goods or services by offering them up for bid, taking bids, and then selling the item.

Auction. Definition An auction is a process of buying and selling goods or services by offering them up for bid, taking bids, and then selling the item.
From: Cryptographers’ Track of the RSA Conference 2008 Date:2011-11-29 Reporter: Yi-Chun Shih 1.

From: Cryptographers’ Track of the RSA Conference 2008 Date: Reporter: Yi-Chun Shih 1.

Similar presentations

Ads by Google