This Article 
 Bibliographic References 
 Add to: 
The Design and Implementation of a Secure Auction Service
May 1996 (vol. 22 no. 5)
pp. 302-312

Abstract—We present the design and implementation of a distributed service for performing sealed-bid auctions. This service provides an interface by which clients, or "bidders," can issue secret bids to the service for an advertised auction. Once the bidding period has ended, the auction service opens the bids, determines the winning bid, and provides the winning bidder with a ticket for claiming the item bid upon. Using novel cryptographic techniques, the service is constructed to provide strong protection for both the auction house and correct bidders, despite the malicious behavior of any number of bidders and fewer than one-third of the servers comprising the auction service. Specifically, it is guaranteed that 1) bids of correct bidders are not revealed until after the bidding period has ended, 2) the auction house collects payment for the winning bid, 3) losing bidders forfeit no money, and 4) only the winning bidder can collect the item bid upon. We also discuss techniques to enable anonymous bidding.

[1] W. Diffie, "The Impact of a Secret Cryptographic Standard on Encryption, Privacy, Law Enforcement and Technology," Hearing before the Subcommittee on Energy and Commerce, U.S. House of Representatives, 103rd Congress, First Session, Apr. 29 and June9, 1993, serial no. 103-53, pp. 111-116.
[2] D. Chaum, "Security without Identification: Transaction Systems to Make Big Brother Obsolete," Comm. ACM, vol. 28, pp. 1,030-1,044, 1985.
[3] G. Medvinsky and B.C. Neuman, "NetCash: A design for practical electronic currency on the internet," Proc. 1993 ACM Conf. Computer and Comm. Security, pp. 102-106.
[4] J.-P. Boly et al., "The ESPRIT Project Café," Proc. European Symp. Research in Computer Security 94, Springer-Verlag, New York, 1994, pp. 217-230.
[5] R. McAfee and J. McMillan, "Auctions and Bidding," J. Economic Literature, vol. 25, pp. 699-738, June 1987.
[6] "FCC Takes Licenses, Denies More Time to 13 Bidders," AP-Dow Jones News, Aug.10, 1994.
[7] P.H. Lewis, "Auction of Collectibles on the Internet," New York Times, May23, 1995.
[8] L. Lamport, R. Shostak, and M. Pease, "The Byzantine Generals Problem," ACM Trans. Programming Languages and Systems, vol. 4, no. 3, July 1982, pp. 382-401.
[9] M.K. Reiter, Secure Agreement Protocols: Reliable and Atomic Group Multicast in Rampart Proc. Second ACM Conf. Computer and Comm. Security, 1994.
[10] G.R. Blakely, "Safeguarding Cryptographic Keys," Proc. AFIPS Nat'l Computer Conf., pp. 313-317, 1979.
[11] A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, pp. 612-613, 1979.
[12] P. Feldman, "A Practical Scheme for Non-Interactive Verifiable Secret Sharing," Proc. 28th IEEE Symp. Foundations of Computer Science, pp. 427-437, Oct. 1987.
[13] S. Even, O. Goldreich, and Y. Yacobi, "Electronic Wallet," Proc. Crypto '83, Plenum Press, 1984.
[14] D. Chaum, A. Fiat, and M. Naor, "Untraceable Electronic Cash," Advances in Cryptology—Crypto '88 Proc., S. Goldwasser, ed., Lecture Notes in Computer Science 403, pp. 319-327, Springer-Verlag, 1989.
[15] M.K. Franklin and M.K. Reiter, "Verifiable Signature Sharing," Advances in Cryptology—Eurocrypt '95, L.C. Guillou and J. Quisquater, eds., Lecture Notes in Computer Science 921, pp. 50-63, Springer-Verlag, 1995.
[16] J. Hoffman, "New Power-of-Attorney Form Is Introduced," New York Times, Oct.1, 1994.
[17] T. ElGamal, A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms IEEE Trans. Information Theory, vol. 31, no. 4, pp. 469-472, 1985.
[18] C.P. Schnorr, "Efficient Identification and Signatures for Smart Cards," Advances in Cryptology—Crypto '89 Proc., G. Brassard, ed., Lecture Notes in Computer Science 435, pp. 239-252, Springer-Verlag, 1990.
[19] "NIST FIPS PUB 181, Digital Signature Standard," U.S. Dept. of Commerce/National Inst. of Standards and Tech nology.
[20] R.L. Rivest,A. Shamir, and L.A. Adleman,"A Method for Obtaining Digital Signatures and Public Key Cryptosystems," Comm. ACM, vol. 21, pp. 120-126, 1978.
[21] M. O. Rabin,“Digitalized signatures and public-key functions as intractable as factorization,”Tech. Rep. TR-212, Laboratory for Computer Science, MIT, 1979.
[22] D. Coppersmith, M. Franklin, J. Patarin, and M. Reiter, "Low-Exponent RSA with Related Messages," Advances in Cryptology—Eurocrypt '96, Springer-Verlag, to appear.
[23] A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung, "How to Share a Function Securely," Proc. 26th ACM Symp. Theory of Computing (STOC), pp. 522-533, 1994.
[24] T.P. Pedersen, "Distributed Provers with Applications to Undeniable Signatures," Advances in Cryptology—Eurocrypt '91 Proc., D.W. Davies, ed., Lecture Notes in Computer Science 547, pp. 221-242, Springer-Verlag, 1991.
[25] R.L. Rivest, RFC 1321: The MD5 Message Digest Algorithm, Internet Activities Board, Apr. 1992.
[26] B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch, "Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults," Proc. 26th IEEE Symp. Foundations of Computer Science, pp. 383-395, Oct. 1985.
[27] Y. Desmedt, "Threshold Cryptography," European Trans. Telecommunications and Related Technologies, vol. 5, no. 4, pp. 449-457, July 1994.
[28] O. Goldreich, S. Micali, and A. Wigderson, "How to Play Any Mental Game," Proc. 19th ACM Symp. Theory of Computing, pp. 218-229, May 1987.
[29] D. Dolev, C. Dwork, and M. Naor, “Non-Malleable Cryptography,” Proc. 23rd ACM Symp. Theory of Computing, pp. 542-552, 1991.
[30] J.B. Lacy, D.P. Mitchell, and W.M. Schell, "CryptoLib: Cryptography in Software," Proc. Fourth USENIX Security Workshop, pp. 1-17, Oct. 1993.
[31] "Data Encryption Standard," Nat'l Bureau of Standard, Federal Information Processing Standards Publication 46, Government Printing Office, Washington, D.C., 1977.
[32] S. Brands, "Untraceable Off-Line Cash in Wallets with Observers," Advances in Cryptology—Crypto '93, D.R. Stinson, ed., Lecture Notes in Computer Science 773, pp. 302-318, Springer-Verlag, 1994.

Index Terms:
Distributed systems, security, Byzantine failures, electronic commerce, sealed-bid auctions, verifiable signature sharing.
Matthew K. Franklin, Michael K. Reiter, "The Design and Implementation of a Secure Auction Service," IEEE Transactions on Software Engineering, vol. 22, no. 5, pp. 302-312, May 1996, doi:10.1109/32.502223
Usage of this product signifies your acceptance of the Terms of Use.