Brandt’s Fully Private Auction Protocol Revisited

  • Jannik Dreier
  • Jean-Guillaume Dumas
  • Pascal Lafourcade
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7918)


Auctions have a long history, having been recorded as early as 500 B.C. [17]. Nowadays, electronic auctions have been a great success and are increasingly used. Many cryptographic protocols have been proposed to address the various security requirements of these electronic transactions, in particular to ensure privacy. Brandt [4] developed a protocol that computes the winner using homomorphic operations on a distributed ElGamal encryption of the bids. He claimed that it ensures full privacy of the bidders, i.e. no information apart from the winner and the winning price is leaked. We first show that this protocol – when using malleable interactive zero-knowledge proofs – is vulnerable to attacks by dishonest bidders. Such bidders can manipulate the publicly available data in a way that allows the seller to deduce all participants’ bids. Additionally we discuss some issues with verifiability as well as attacks on non-repudiation, fairness and the privacy of individual bidders exploiting authentication problems.


Homomorphic Property Reliable Broadcast Auction Protocol Dishonest Participant Electronic Auction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bangerter, E., Camenisch, J.L., Maurer, U.M.: Efficient proofs of knowledge of discrete logarithms and representations in groups with hidden order. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 154–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Brandt, F.: A verifiable, bidder-resolved auction protocol. In: Falcone, R., Barber, S., Korba, L., Singh, M. (eds.) Proceedings of the 5th AAMAS Workshop on Deception, Fraud and Trust in Agent Societies, pp. 18–25 (2002)Google Scholar
  3. 3.
    Brandt, F.: Fully private auctions in a constant number of rounds. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 223–238. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Brandt, F.: How to obtain full privacy in auctions. International Journal of Information Security 5, 201–216 (2006)CrossRefGoogle Scholar
  5. 5.
    Burmester, M., Desmedt, Y.G., Piper, F., Walker, M.: A general zero-knowledge scheme. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 122–133. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  6. 6.
    Chaum, D., Evertse, J.-H., van de Graaf, J., Peralta, R.: Demonstrating possession of a discrete logarithm without revealing it. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 200–212. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  7. 7.
    Chaum, D., Evertse, J.-H., van de Graaf, J.: An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 127–141. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  8. 8.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  9. 9.
    Chow, S.S.M., Ma, C., Weng, J.: Zero-Knowledge Argument for Simultaneous Discrete Logarithms. In: Thai, M.T., Sahni, S. (eds.) COCOON 2010. LNCS, vol. 6196, pp. 520–529. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Cramer, R., Damgård, I.B.: Zero-Knowledge Proofs for Finite Field Arithmetic or: Can Zero-Knowledge Be for Free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  11. 11.
    Curtis, B., Pieprzyk, J., Seruga, J.: An efficient eAuction protocol. In: ARES, pp. 417–421. IEEE Computer Society (2007)Google Scholar
  12. 12.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  13. 13.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  14. 14.
    Fischer, M.J., Lynch, N.A., Paterson, M.: Impossibility of distributed consensus with one faulty process. J. ACM 32(2), 374–382 (1985)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Fischlin, M., Fischlin, R.: Efficient non-malleable commitment schemes. Journal of Cryptology 22, 530–571 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Katz, J.: Efficient cryptographic protocols preventing “man-in-the-middle” attacks. PhD thesis, Columbia University (2002)Google Scholar
  17. 17.
    Krishna, V.: Auction Theory. Academic Press, San Diego (2002)Google Scholar
  18. 18.
    Maurer, U.: Unifying zero-knowledge proofs of knowledge. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 272–286. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: ACM Conference on Electronic Commerce, pp. 129–139 (1999)Google Scholar
  20. 20.
    Omote, K., Miyaji, A.: A Practical English Auction with One-Time Registration. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 221–234. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Peng, K., Boyd, C., Dawson, E., Viswanathan, K.: Robust, Privacy Protecting and Publicly Verifiable Sealed-Bid Auction. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 147–159. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Sadeghi, A.R., Schunter, M., Steinbrecher, S.: Private auctions with multiple rounds and multiple items. In: DEXA Workshops, pp. 423–427. IEEE (2002)Google Scholar
  23. 23.
    Sako, K.: An Auction Protocol Which Hides Bids of Losers. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 422–432. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. 24.
    Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4, 161–174 (1991)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jannik Dreier
    • 1
  • Jean-Guillaume Dumas
    • 2
  • Pascal Lafourcade
    • 1
  1. 1.CNRS, VerimagUniversité Grenoble 1France
  2. 2.CNRS, Laboratoire Jean Kuntzmann (LJK)Université Grenoble 1France

Personalised recommendations