Brandt's fully private auction protocol revisited

Jannik Dreier 1 Jean-Guillaume Dumas 2 Pascal Lafourcade 3, 4
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Auctions have a long history, having been recorded as early as 500 B.C. [Kri02]. Nowadays, electronic auctions have been a great success and are increasingly used in various applications, including high performance computing [BAGS02]. Many cryptographic protocols have been proposed to address the various security requirements of these electronic transactions, in particular to ensure privacy. Brandt [Bra06] developed a protocol that computes the winner using homomorphic operations on a distributed ElGamal encryption of the bids. He claimed that it ensures full privacy of the bidders, i.e. no information apart from the winner and the winning price is leaked. We first show that this protocol – when using malleable interactive zero-knowledge proofs – is vulnerable to attacks by dishonest bidders. Such bidders can manipulate the publicly available data in a way that allows the seller to deduce all participants' bids. We provide an efficient parallelized implementation of the protocol and the attack to show its practicality. Additionally we discuss some issues with verifiability as well as attacks on non-repudiation, fairness and the privacy of individual bidders exploiting authentication problems.
Type de document :
Article dans une revue
Journal of Computer Security, IOS Press, 2015, Special issue on security and high performance computing systems, 23 (5), pp.587-610. 〈10.3233/JCS-150535〉
Liste complète des métadonnées

Littérature citée [26 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01233555
Contributeur : Jannik Dreier <>
Soumis le : lundi 30 novembre 2015 - 12:07:28
Dernière modification le : vendredi 6 juillet 2018 - 15:06:10
Document(s) archivé(s) le : samedi 29 avril 2017 - 04:01:16

Fichier

main.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Copyright (Tous droits réservés)

Identifiants

Citation

Jannik Dreier, Jean-Guillaume Dumas, Pascal Lafourcade. Brandt's fully private auction protocol revisited. Journal of Computer Security, IOS Press, 2015, Special issue on security and high performance computing systems, 23 (5), pp.587-610. 〈10.3233/JCS-150535〉. 〈hal-01233555〉

Partager

Métriques

Consultations de la notice

873

Téléchargements de fichiers

136