Abstract
In a sealed-bid auction, bidders simultaneously submit their sealed bids to the auctioneer without knowledge of the others’ bids. The auctioneer will then declare the bidder with the highest price (or second-highest price) as the winner during the opening stage. Although existing bidding solutions focus on ensuring certain characteristics of the auction, including correctness, fairness, privacy protection, and confidentiality, it is difficult for losing bidders to verify whether the winner is a genuine bidder or just a fake bidder that is manipulated by a malicious party (e.g., a malicious auctioneer). In this paper, we introduce a fair indictment mechanism for an online sealed-bid auction that includes self-enforcing privacy. Our solution allows for an honest bidder to detect malicious activity and provides the bidder with verifiable evidence to indict a dishonest party. A successful indictment will give an incentive to the honest bidder and will result in a withdrawal of the result of the auction, whereas a failed indictment will require the involved complainer to pay a penalty. We achieve this goal using a scheme designed with an oblivious polynomial evaluation and homomorphic cryptosystem. We also involve a semi-honest verification agent in the indictment process to help the honest party verify the winning bid. This prevents the auctioneer from controlling the entire auction process. We also provide an analysis of the indictment, requirements, security and efficiency of the proposed mechanism and demonstrate the use of our solution in a multiple-item sealed-bid auction (i.e., combinatorial auction).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ghosh A, Arce I (2010) Guest editors’ introduction: in cloud computing we trust—but should we? IEEE Secur Priv. doi:10.1109/msp.2010.177
Habib S, Hauke S, Ries S, Muhlhauser M (2012) Trust as a facilitator in cloud computing: a survey. J Cloud Comput Adv Syst Appl. doi:10.1186/2192-113x-1-19
STAR (security, trust and assurance registry) program (2011). In: Cloud Security Alliance, Accessed from https://cloudsecurityalliance.org/star/#_overview. Accessed 7 July 2016
Dingledine R, Mathewson N, Syverson P (2004) Tor: the second-generation onion router. Paper presented at the Proceedings of the 13th Conference on USENIX Security Symposium, vol 13, San Diego, CA
Edman M, Yener B (2009) On anonymity in an electronic society: a survey of anonymous communication systems. ACM Comput Surv 42(1):1–35. doi:10.1145/1592451.1592456
Chaum DL (1981) Untraceable electronic mail, return addresses, and digital pseudonyms. Commun ACM 24(2):84–90. doi:10.1145/358549.358563
NIST cloud computing standards roadmap, NIST CCSRWG-092 (2011) NIST. Gaithersburg, MD, USA
Park J, Spetka E, Rasheed H, Ratazzi P, Han K (2012) Near-real-time cloud auditing for rapid response. In: 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA). IEEE Computer Society, Washington, DC, USA
Shaoham Y (1987) Temporal logics in AI: semantical and ontological considerations. Artif Intell. doi:10.1016/0004-3702(87)90052-x
Reveilhac M, Pasquet M (2009) Promising secure element alternatives for NFC technology. In: First international workshop on near field communication, 2009. NFC’09. IEEE, pp 75–80
Pearson S (2011) Toward accountability in the cloud. Internet Comput IEEE. doi:10.1109/mic.2011.98
Blomqvist K (1997) The many faces of trust. Scand J Manag. doi:10.1016/s0956-5221(97)84644-1
Mayer R, Davis J, Schoorman F (1995) An integrative model of organizational trust: past, present, and future. Acad Manag Rev 20(3):709–734
Pawar PS, Rajarajan M, Nair SK, Zisman A (2012) Trust model for optimized cloud services. Springer, Berlin
Gartner, (2013) Gartner says personal worlds and the internet of everything are colliding to create new markets. Gartner Newsroom, Barcelona, Spain
Haq IU, Alnemr R, Paschke A, Schikuta E, Boley H, Meinel C (2010) Distributed trust management for validating sla choreographies. In: Wieder P, Yahyapour R, Ziegler W (eds) Grids and service-oriented architectures for service level agreements. Springer, Boston, MA
Abawajy J (2011) Establishing trust in hybrid cloud computing environments. In: Proceedings of the 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. IEEE Computer Society, Washington, DC, USA
Takabi H, Joshi J, Ahn G (2010) Security and privacy challenges in cloud computing environments. IEEE Secur Priv. doi:10.1109/msp.2010.186
Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. Paper presented at the Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, Prague, Czech Republic
Canetti R (2001) Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of 42nd IEEE Symposium on Foundations of Computer Science, 2001, 8–11 October 2001, pp 136–145. doi:10.1109/sfcs.2001.959888
Acknowledgements
This research was supported by the Global Research Laboratory (GRL) program through the National Research Foundation of Korea (NRF-2014K1A1A2043029).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wong, KS., Kim, M.H. Toward a fair indictment for sealed-bid auction with self-enforcing privacy. J Supercomput 74, 3801–3819 (2018). https://doi.org/10.1007/s11227-017-2045-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-017-2045-3