Brandt’s Fully Private Auction Protocol Revisited
Auctions have a long history, having been recorded as early as 500 B.C. . Nowadays, electronic auctions have been a great success and are increasingly used. Many cryptographic protocols have been proposed to address the various security requirements of these electronic transactions, in particular to ensure privacy. Brandt  developed a protocol that computes the winner using homomorphic operations on a distributed ElGamal encryption of the bids. He claimed that it ensures full privacy of the bidders, i.e. no information apart from the winner and the winning price is leaked. We first show that this protocol – when using malleable interactive zero-knowledge proofs – is vulnerable to attacks by dishonest bidders. Such bidders can manipulate the publicly available data in a way that allows the seller to deduce all participants’ bids. Additionally we discuss some issues with verifiability as well as attacks on non-repudiation, fairness and the privacy of individual bidders exploiting authentication problems.
KeywordsHomomorphic Property Reliable Broadcast Auction Protocol Dishonest Participant Electronic Auction
Unable to display preview. Download preview PDF.
- 2.Brandt, F.: A verifiable, bidder-resolved auction protocol. In: Falcone, R., Barber, S., Korba, L., Singh, M. (eds.) Proceedings of the 5th AAMAS Workshop on Deception, Fraud and Trust in Agent Societies, pp. 18–25 (2002)Google Scholar
- 11.Curtis, B., Pieprzyk, J., Seruga, J.: An efficient eAuction protocol. In: ARES, pp. 417–421. IEEE Computer Society (2007)Google Scholar
- 16.Katz, J.: Efficient cryptographic protocols preventing “man-in-the-middle” attacks. PhD thesis, Columbia University (2002)Google Scholar
- 17.Krishna, V.: Auction Theory. Academic Press, San Diego (2002)Google Scholar
- 19.Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: ACM Conference on Electronic Commerce, pp. 129–139 (1999)Google Scholar
- 22.Sadeghi, A.R., Schunter, M., Steinbrecher, S.: Private auctions with multiple rounds and multiple items. In: DEXA Workshops, pp. 423–427. IEEE (2002)Google Scholar