Implementing eAuctions with Sharemind

1
Implementing e-Auctions with Sharemind

• Md. Sadek Ferdous
• 12th November 2008

2
Overview
Types of Auction Possible exploitations in Auction
Advantages of e-Auction Auction steps Security
considerations Design Issues
Sharemind Proposed solution Design issues in the
solution Suggestion
Conclusions
3
Auction

• Mention of auction in as early as 500 B.C
• One of the main forms of selling, buying and
  exchanging goods
• Objective is the efficient trading of commodities

4
Types of auctions

• Open cry auction
• --English and Dutch auction
• Sealed bid auction
• --Sealed bid first price auction and Vickrey
  auction
• Multi item auction
• --Discriminative auction, Non-discriminative
• --Combinatorial and Walrasian Auction
• All pay auction
• Buyout auction
• --Permanent Temporary
• No reserve (NR) auction
• Reserve auction
• Reverse auction
• Round robin auction

5
Exploitations in auctions

• Bid shielding
• Collusion
• Bid schilling
• Bid sniping
• Bid siphoning
• Mispresented or non-existent item

6
e-Auction

• Shorthand for Electronic auction
• One of the major sources of revenue for
  e-Commerce
• eBay with yearly revenue of 7.67 Billion USD is
  the main actor to popularize the term e-Auction

7
Advantages

• No time constraint
• No geographical constraint
• Potentially large number of sellers and buyers

8
Challenges

• Mode of payment
• Fraudulancy
• Posting
• Dependable Security
• Guarding against problems of traditional auctions

9
Auction steps

• Initialization
• Registration
• Bidding
• Winner determination

10
Security considerations

• Unforgeability
• Non-repudiation
• Anonymity
• Public verfiability
• Robustness
• Efficiency
• Fairness

11
Design Issues

• Trust issues
• Anonymity issues
• Bid authentication issue

12
Sharemind

• A framework for secure computation based on
• secret sharing.
• In secret sharing, a secret value is divided
  among
• several values known as shares
• Origianal secret can be reconstructed only if all
  
• the shares are known.

• In Sharemind, there are miner nodes and
• controller node.
• Controller divides the secret into share and
  sends
• them to the miners, miners perform operations on
• those shared values.
• Currently add or multiply two shared values,
  multiply a shared
• value by a constant, extract bits from shared
  value, determine if
• the two shared values are equal and if not,
  which one is greater.

13
Proposed solution

• Sharemind with Group Signature Scheme
• Auction type Sealed bid

14
List of parties

• Auctioneer
• Bidder
• Registrar
• Miners
• Controller

15
Auction Steps
Initialization

• Auctioneer sets up an auction and advertises it
  to the public.
• Registrar sets up the group certificate.

16
Auction Steps
Registration

• Bidder creates a pair of
• public and private key.
• Sends a message to the
• auctioneer.
• Auctioneer provides a
• token.

• Bidder sends this token
• and his public key to the
• registrar.
• Registrar issues a group
• certificate and identifier
• for him.

17
Auction Steps

• Bid is sent to the controller.
• Controller signs them using
• private key, and then divides
• into three share, signs them
• again using group certificate
• and sends them to the miners.

Bidding

• The signature with private
• key adds veriability group
• signature adds anonymity.

• Miners verify the bid using
• group public key and stores
• them in their local databases.

• When bid ends, the miners
• determine the highest bid
• send that bid and the signature
• to the auctioneer.

18
Auction Steps

• The auctioneer publishes the
• winning bid.
• The winning bidder contacts
• with his identifier and signature

Winner determination

• The auctioneer contacts the
• registrar to get back the public
• key and the token associated
• with that id and receives them.
• The auctioneer comapres the
• two signatures, if it matches,
• the winners id is published.

• If more than one winner found,
• a second phase of auction may
• take place.

19
Design issues of the architecture

• Trust issues
• Anonymity issue
• Bid authentication issue

20
Enhancements of Sharemind

• Multiple controllers
• Simultanenous connections
• Hybrid database

21
Conclusions

• This talk has
• described various types of auction and different
  exploitation methods in auction,
• provided an overview on advantages, security
  considerations and design issues in e-Auction,
• presented a novel approach on how to integrate
  Sharemind for e-Auction using group signature
  scheme, and
• suggested a few enhancements based on the
  proposal.

22
Thank you. Questions or comments?