ANONYMOUS AUCTION PROTOCOL BASED ON TIMED-RELEASE ENCRYPTION ATOP CONSORTIUM BLOCKCHAIN

In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
ANONYMOUS AUCTION PROTOCOL BASED ON
TIMED-RELEASE ENCRYPTION ATOP CONSORTIUM
BLOCKCHAIN
Jie Xiong and Qi Wang
Depa men o Compu e Science, Jinan Uni e si y, Guangzhou, China
ABSTRACT
The E he eum block chain as a decen alized pla o m is so success ul ha many applica ions deployed on
i . Howe e , o he inhe en anspa ency p ope ies and he lack o p i acy, deploying a inancial
applica ion on op o i is always a challenge. In his pape , we ackle his challenge and p opose an
anonymous sealed-bid auc ion p o ocol based on ime- eleased enc yp ion a op Conso ium Block chain.
We adop a s ic digi al ce i ica e-based iden i y mechanism o he conso ium block chain o pe mi
legi ima e pa icipan s, and u ilize he blind signa u e based on ellip ic cu e echnology o allowing
anonymous pa icipa ion. Mo eo e , a imed elease public key enc yp ion algo i hm is adop ed o enc yp
bids and p e en auc ionee om colluding wi h bidde s. This is comple ely di e en om he me hod
(ze o-knowledge p oo ) used in o he pape s o p e en collusion be ween auc ionee and bidde . We
p o ide a speci ic analysis o ou p o ocol, which shows ha ou p o ocol mee s anonymi y and
applicabili y.
KEYWORDS
Conso ium Block chain, Sma Con ac , Sealed-Bid Auc ion, Time-Released Enc yp ion, Blind signa u e.
1. INTRODUCTION
Elec onic auc ion is one o he basic businesses in elec onic comme ce [28], which is o ans e
he eal o line auc ion scena ios o he In e ne . Thus hey ha e he same basic componen s, ha
is, auc ion pa icipan s, auc ion ules and an a bi a ion ins i u ion. Among hem, he auc ion
pa icipan s include bidde s and selle s (auc ionee s). Auc ion ules e e o he p inciples which
ecognized and es ablished by he auc ionee and bidde in he p ocess o an auc ion. The
a bi a ion ins i u ion is esponsible o esol ing dispu es and con lic s du ing he auc ion. Online
auc ions ha e he ad an ages o low cos , wide ange and high speed, which is mo e con enien
and ime-sa ing o pa icipan s
.
T adi ionally, he e a e wo ypes o auc ions [1]:
1. Sealed-bid auc ion. This auc ion sys em equi es ha each bidde submi s a bid p ice in sealed
en elope and hands i o he auc ionee be o e he speci ied ime. A e he speci ied ime, hese
bids can be opened by auc ionee and he winning bidde can be selec ed acco ding o ce ain
ules.
2. Open-bid auc ion. In his auc ion sys em, all bid alues a e disclosed, and bidde s a e allowed
o submi bid mo e han once.
DOI : 10.5121/ijai .2019.9101 1
In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
2
In his pape , ou auc ion p o ocol is designed o sealed-bid auc ion o single- ound bidding.
Speci ically, an auc ionee needs o pu chase a ba ch o goods, a g oup o supplie s can p o ided
goods and hey submi bids. The auc ionee wan s o buy hese goods a he lowes p ice, each
supplie hopes o ge he ading oppo uni y o ade wi h he auc ionee . To acili a e his
mechanism, he s a e-o - he-a solu ion equi es a us ed hi d pa y (TTP) o hos auc ion asks
o achie e he p i acy o he pa icipan s and he ai ness exchange. Bu TTP s o es a lo o
impo an in o ma ion abou use s, so i is comes wi h po en ial h ea s om single-poin a acks
o collusion a acks all he ime, also i is di icul o ind a ully us ed ins i u ion o play such a
ole in eali y.
Recen ly, many auc ion p o ocols we e deployed on op o block chain. They ake ad an age o
he decen aliza ion and anspa ency p ope ies o he block chain o ge id o he sho comings
which b ough by he hi d pa y, o ha e e yone can check and e i y he in o ma ion on he
ledge . In o he wo ds, he e exis s con lic s in p ese ing he p i acy o he bids and us ing he
auc ionee o compu e he lowes bid p i a ely on open block chain. In o de o sol e such
challenges, c yp og aphic p o ocols can be u ilized, such as secu e mul ipa y compu ing (SMC),
sec e sha ing, e c. Bu p e ious esea ch has shown hese p o ocols will make he scheme
especially complica ed, which leads o huge communica ion and compu ing o e heads. The e a e
also some li e a u e [2], [3], ha p oposed o use ze o-knowledge p oo (ZKP) echnique o p o e
ha he auc ionee is legal in coun ing all he bids alue and publishing he esul s o he auc ion,
ha is, p e en ing he auc ionee and he bidde om colluding. Especially o he ZKP, i akes a
long ime o gene a e p oo s, and o deploymen ZKP on sma con ac s is pa icula ly
complica ed. The da a on he chain is publicly isible, so ano he challenge is ha we canno
gua an ee ha he auc ionee won’ dec yp he bid on he block chain du ing bidding ime, and
hen sec e ly leaks he p ice, o disguises himsel as a new bidde o pa icipa e in i .
Acco ding o he le el o pe mission o join he chain, Block chains can be ega ded as h ee ypes:
Public Block chain, P i a e Block chain and Conso ium Block chain. One o he mos special
ea u es o he Conso ium Block chain is ha any en i y node who wan s o join he chain needs
pe mission om he alliance. The Conso ium Block chain can be ega ded as a speci ic ange o
dis ibu ed TTP wi h high secu i y and c edibili y. The e o e, i is sui able o announce igo ous
auc ion ac i i ies wi h iden i y-based pe mi ing mechanisms, such as limi ing he a ibu es o
pa icipan s.
In his pape , we p esen an anonymous auc ion p o ocol based on ime- eleased enc yp ion on
Conso ium Block chain. We u ilize c yp og aphic p imi i es included ime elease enc yp ion o
gua an ee he ai ness and secu i y, and blind signa u e o gua an ee he bidde p i acy.
Speci ically, we implemen he ollowing ea u es:
1. Financial ai ness. The auc ionee can only dec yp he bid a e a ce ain ime, so he canno
leak any in o ma ion abou bids o o he pa icipan s who ha e no bid ye du ing he bidding
pe iod. And i he auc ionee abo s in he middle, as a punishmen , his deposi will be dis ibu ed
o o he bidde s. Also bidde s will be disquali ied i hey qui hal way.
2. Non- epea able bid. In an auc ion, he use can only bid once. I a bidde ies o bid mul iple
imes in one ask, he con ac will check and cas o he message.
3. Bid p i acy. The bid alue will be enc yp ed. Bidde s canno know he bids submi ed by he
o he s be o e commi ing o hei own. The auc ionee can only know all bids a e a speci ied
ime.
In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
3
4. Iden i y anonymi y. Only he ini ia o o he auc ion (auc ionee ) and CA know who
pa icipa ed in his auc ion, bu no one can bind a ce ain bid o a unique iden i y. And he bidding
beha io o he same use in mul iple auc ions canno be linked o each o he .
5. Public e i iable co ec ness. The da a gene a ed du ing he auc ion will be w i en on he chain,
so he pa icipa ing nodes can e i y i s co ec ness. Mo eo e , he inal auc ion esul s will also
be published on he block chain can be e i ied by anyone.
2.
RELATED WORK
The elec onic auc ion will ind a cen e as an a bi a ion ins i u ion. This a bi a ion ins i u ion is
gene ally a us ed hi d pa y (TTP) [4], [5], [6]. Usually, he ins ance o TTP can be an
elec onic bank, a ce i ica e issuing au ho i y, o a key dis ibu ion au ho i y. Fi s ly, TTP
publishes he auc ion ules, he deposi alue o he auc ionee , bidding ime pe iods and he ime
o open he esul . I he legi ima e use s a e in e es ed, hey can submi hei bids o TTP in a
ce ain o ma . In a sealed auc ion, his bid alue should be hidden, a e a pe iod o ime, TTP
will gi e ou he esul o open he winning bidde . TTP is also esponsible o esol ing
excep ions du ing he auc ion, such as someone qui hal way. Many cen alized online auc ion
esea ches [7], [8], [9] ely on a TTP, and hey assume ha TTP is semi-hones ha he will no
collude wi h he bidde . I is will-known ha he hi d pa y s o es oo much sensi i e da a,
mas e s oo much powe , i is impossible o us him comple ely. In eali y, nume ous eal wo d
inciden s e eal ha he pa y migh misbeha e o sel -in e es s [10], [11] p i a ely, o some o
a acke s [12] can comp omise i s unc ionali y.
In o de o a oid he de iciencies b ough abou by cen aliza ion, many esea ches g adually u n
o discussing he use o mul iple cen e s o weaken he powe o one cen e . Fo example, [13],
[14], [15] p opose mul iple auc ion pla o ms (APs), hey assume mos o APs a e hones . They
ge he auc ion esul s, which a e calcula ed by mul iple APs h ough SMC, sec e sha ing, e c. In
[16], B and e al. p opose using he announcemen o enc yp bina y bidding lis s on a
blackboa d. I uses op-down, bo om-up and bina y sea ch echniques o in e ac i ely ind he
winne bid wi hou e ealing unnecessa y in o ma ion. In [17], [18], Abe e al. use homomo phic
enc yp ion, he mix and ma ch echnique; i p oposes ha he auc ion esul s can be join ly
calcula ed in ciphe ex by each bidde in an in e ac i e manne . Among hem, message exchange
is ealized h ough secu e channel, which abandons he cen e and gua an ees he p i acy o bids.
Howe e , mul iple in e ac ions be ween bidding nodes a e equi ed, i cos s a lo o
communica ion be ween nodes and g ea ly inc eases he compu a ion o e head o indi idual
use s. The e o e, i is no well adop ed in eali y.
Block chain has decen alized and non- ampe ea u es, so i is ideal o deploying elec onic
auc ions on i . Recen ly, many esea ches ha e ocused on combining block chain wi h auc ion.
Kosba e al. p esen Hawk [2], a amewo k o c ea ing E he eum sma con ac on he block
chain. Anyone can w i e a Hawk p og am wi hou ha ing o implemen any c yp og aphy, i s
compile can au oma ically gene a e p i acy-p ese ing sma con ac . In he Hawk p og am, he
da a and he low o money will be blinded o he public. Hawk also u ilizes ze o cash echnology
o hide use iden i y. Hawk uses ZKP o p o e he hones y o he manage . Bu s udies ha e
shown ha i will ake a long ime o p oduce p oo using ZKP and deploying ZKP in sma
con ac is complex. Blass and Ke schbaum p esen S ain [19], a p o ocol o implemen sealed-
bid auc ion on he block chain. S ain p o ec s he bid p i acy agains ully malicious pa ies.
S ain also designed a wo-pa y compa ison algo i hm execu ed be ween any pai o bids o
calcula e he auc ion esul s in ciphe ex . Bu he p o ocol equi es mul iple in e ac ions be ween
In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
4
each pa icipan , and he communica ion and compu a ion o e head a e e y la ge o indi idual
use s. Snchez [3] p opose Raziel, a sys em ha combines SMC and ZKP c yp og aphic p imi i e
o gua an ee he p i acy, co ec ness and e i iabili y o sma con ac . Fu he mo e, he au ho
p esen s ha a sma con ac owne can p o e i s alidi y and co ec ness wi hou e ealing any
in o ma ion abou he sou ce message by using ZKP.
3.
PRELIMINARIES
Bilinea Pai ing
Th oughou his pape , we will use his de ini ion. Le G1 be a cyclic addi i e g oup, whose
o de s is a p ime q , and G2 be a cyclic mul iplica i e g oup wi h he same o de q . A bilinea
pai ing is a map
e : G
1

G
1

G
2 wi h he ollowing p ope ies:
1. Bilinea i y:
e(aP, bQ) = e(P, Q)
ab o all
P,Q

G ,a,b

Z
* .
1 q
2. Non-degene acy: e(P, Q)

1.
3. Compu abili y: he e exis s an e icien algo i hm o compu e e(P, Q) .
Block chain and Sma Con ac
A block chain can be e e ed o as a dis ibu ed da abase ha ch onologically s o es a chain o
da a in o sealed blocks [20] in a secu e and immu able manne . Head- o- ail blocks gua an ee ha
ansac ions a e pe o med in an o de , hence a ansac ion canno be al e ed wi hou changing i s
block and all he subsequen blocks. The con en o he blocks can be w i en by he pee s o he
block chain h ough he consensus mechanism.
Block chain has ou main p ope ies [2]: 1) Reliable deli e y o message. Because o he da a
w i en in o he block canno be modi ied. I is ideal ega ded block chain as a ledge o ensu e he
pe sis ence o message [21]. 2) Co ec compu a ion. The block chain can be seen as a s a e
machine d i en by ansac ions [22]. The mine s con inue o ecei e and alida e new blocks,
hen package hem on he chain, and he esul s o he calcula ions will be made public o all pee s.
3) T anspa ency. All in e nal s a es and compu a ions ia he block chain will be isible o he
whole block chain pee s. 4) Pseudonym. A message o a ansac ion sends by one use in he
block chain is e e ed o a pseudonym. The block chain add ess is usually gene a ed by he use 's
public key.
In he E he eum block chain [23], i p o ides he highes suppo o Tu ing's comple e
unc ionali y by sma con ac . They suppo he cons uc ion and execu ion o code ha allow
o he ope a ion o a unc ion on he block chain, which g ea ly en iches he lexibili y o he
block chain. Concep ually, a sma con ac can be ega ded as a special “TTP” [24], bu his
pa y is only o co ec ness and a ailabili y bu no o p i acy, because sma con ac s deployed
on block chain a e also anspa en .
4. TIME RELEASE PUBLIC KEY ENCRYPTION
The goal o ime elease public key enc yp ion is o send an enc yp ed message o he u u e and
wai un il a speci ied ime in he u u e o open. Le us assume ha a sende wan s o send a
message o a ecei e such ha he ecei e canno be able o open i un il a ce ain ime. The
In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
5
1
2
q
q
q
1
enc yp ion algo i hm in oduces a ime se e ( e e ed o TS). The sende can enc yp he
message using he public key o he ecipien and TS wi hou communica ing wi h TS. Only a e
he elease ime has passed, he ecipien can dec yp i by using his p i a e key and he signa u e
in o ma ion ( he in o ma ion is ela ed o he cu en ime) om he TS. In addi ion, only he
in ended ecipien holding he co esponding p i a e key can eco e he sec e a some ime
(en o ced by he us ed TS). So he ime elease public key enc yp ion scheme is secu e and
p i a e.
We desc ibe a simple cons uc ion o ime elease public key enc yp ion ha is de i ed om he
echnology in [25]. The cons uc ion is based on bilinea mapping, and he secu i y is based on
he ha dness o he Bilinea Di ie-Hellman P oblem.
Time Release Enc yp ion (TRE)
Suppose G1 is addi i e cyclic g oups, whose o de is a p ime q and G2
is mul iplica i e cyclic
g oups, whose o de is also p ime q . Le
e : G
1

G
1

G
2 is a bilinea map. G is a gene a o o
G1 . Gi en he wo c yp og aphic hash unc ions: H :{0,1}*  G* ; H : G* {0,1}n .
The TRE scheme con ains i e algo i hms: (TS GEN, Use GEN, TS b oadcas , ENC, DEC), and
i uns as ollows.
TS GEN: The TS akes as inpu a secu e pa ame e s k and ou pu s sys em pa ame e s
pa ams

{k,
q,G
1
,G
2
,e,G,
H
1
,
H
2
}
and key pai (P
TS , STS ) o TS. The TS andomly selec s s
as he p i a e key STS , whe e s  Z * . Then TS compu es sG as he public key PTS ,
PTS  (G, sG) . Only pa ams and PTS a e made public.
Use GEN: Each use picks a sec e key a  Z* and compu es he co esponding public key
(aG, asG) .
TS b oadcas : I uns by TS. TS inpu s a ime ins an T {0,1}* and ou pu s a ime-bound key
upda e o he o m sH1(T ) . TS au oma ically ou pu s he co esponding ime-bound key o all
cu en ime ins ances T, he alidi y o which can be publicly e i ied by each use : checking he
equa ion
e(sG, H
1
(T ))

e(G, sH
1
(T ))
is ue, whe e
(G, sG)

P
TS .
ENC: This algo i hm is execu ed by sende . Gi en a message M, a ecei e public key
(aG, asG) , a PTS , and a elease ime T {0,1}* ,
1) Fi s , we need o e i y whe he he ecei e eally needs he se e ’s ime-bound key upda e
message o dec yp he message M. So i checks e(aG, sG)  e(G, asG) ; I he equa ion is ue,
he enc yp ion algo i hm con inues.
2) Selec a andom numbe  Z * , hen compu e G and asG
3) Compu e
K

e( asG, H
1
(T ))

e(G, H
1
(T ))
as
4) Ou pu he ciphe ex
C

U,V

G, M

H
2
(K)

.
2

In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
6
1 1
n
DEC: This algo i hm is execu ed by ecei e . I inpu s a ciphe ex C, a ecei e p i a e key a ,
and a ime-bound key upda e sH1(T ) om TS, ha ou pu is message M.
1) Compu e
K


e(U, sH (T ))
a

e(G, H (T ))
as

K
.
2) Compu e
V

H
2
(K

)
o eco e message M.
A Ske ch o Secu i y Analysis
The secu i y p oo is he same o [25], we will simply desc ibe i he e.
1. The se e p i a e key is sa e, o he Disc e e Log (DL) p oblem is di icul (gi en G, sG , i
is di icul o ind s ).
2. The use p i a e key is sa e, o his p oblem is a leas as di icul as he DL p oblem (gi en
G, sG, aG, asG , i is di icul o ind a).
3. The se e p i a e key is sa e, o ha : o ind s om {G, sG, sH1(T1), sH1(T2 ),...} o ew i e
any sH1(Ti ) is a leas as di icul as he DL p oblem.
4. The dec yp ion is di icul wi hou ha ing ecei e and TS p i a e key. I a ecei e wan s o
dec yp a message be o e i s elease ime, he easies way is o sol e he Bilinea Di ie-Hellman
P oblem (because he di icul y o he o iginal p oblem is equal o he Bilinea Di ie-Hellman
P oblem in [25]). I he Bilinea Di ie-Hellman P oblem is di icul , he ecei e canno dec yp
any ciphe ex unless he elease ime a i al o he colludes wi h he TS.
5. BLIND SIGNATURE BASED ON ELLIPTIC CURVE
Blind signa u e [26] is a c yp og aphic p o ocol in ol ing bo h he use and he signe . The use
sends he blinded in o ma ion o he signe , who signs he in o ma ion bu canno ob ain he
speci ic con en o he signed in o ma ion. A e he use ecei es he signed in o ma ion and
emo es he blind ac o , he can ge he signa u e o he o iginal message by he signe . E en i
he signe sees his eal signa u e, he canno be su e i i came om his signa u e. Blind signa u e
algo i hm can e ec i ely p o ec he speci ic con en o signed messages o documen s, so i plays
a key ole in he applica ion o anonymi y in elec onic auc ion. Ou p o ocol makes an ex ensi e
use o Blind signa u e scheme [27] which base on ellip ic cu e, and i has s ong anonymi y.
Common pa ame e s a e:
E(Fq ) : an ellip ic cu e de ined on a ini e ield;
G  E(Fq ) : a base poin in ellip ic cu e;
q: a p ime numbe ;
d

R Z * : a signa u e p i a e key; Q  dG is a public key o e i y he signa u e.
SHA-1: {0,1}* {0,1}160 is a c yp og aphic hash unc ion.
Among he abo e pa ame e s, d is p i a e and o he pa ame e s a e public. Nex we will desc ibe
he algo i hm, whe e he no a ion
ep esen s he coo dina es o poin A.
( || ) indica es o connec wo bi s ings, and
R
X
( A)
In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
7
n
n
SIG:
1) The signe gene a es p i a e key
Y  kG and announce i o use .
k R
Z * , hen calcula es he co esponding public key
2) The use picks h ee blind ac o s

,

,

R Z * , hen calcula es:
A 

Y 

G 

Q  ( x, y) ;

x mod n
; c  SHA  1(m || ) ; c 

1(c 

) , Whe e m is
he o iginal message and c is he blinded message. Use sends c o he signe .
3) Signe calcula es: s  k  cd mod n , whe e s is he esul a e he signe signs c . The
signe hen sends s o he use .
4) Use calcula es: s 

s 

mod n . (c, s) is a blind signa u e o m.
VER:
The e i ie checks i
c  SHA 1(m || Rx (cQ  sG) mod n) , i his equa ion is ue, he
signa u e is alid. O he wise he e i ie ejec s he signa u e.
A Ske ch o Secu i y Analysis:
The speci ic secu i y p oo p ocess can be e e ed o [27]. The alidi y o he signa u e is based
on he secu i y gua an ee o he Schno Blind Signa u e Scheme, and he blindness is based on
he DL P oblem o he ellip ic cu e.
6. BLOCK CHAIN AUCTION PROTOCOL
Sys em Model
In his sec ion, we illus a e he speci ic p ocess o he auc ion de ail. Ou sys em comp ises ou
ypes o en i ies, as shown in Figu e 1. The CA is esponsible o issuing ce i ica e o each use
who is pe mi ed o pa icipa e, and issuing public and p i a e key pai s o wo sma con ac s.
The auc ionee is esponsible o announcing an auc ion ask, publishing he lis o use s who a e
allowed o join in auc ion, he public pa ame e s o be used in he calcula ion, he egis a ion ime,
he bidding ime ins ance and he inish ime. Du ing he auc ion p ocess, he auc ionee also
needs o sign he bid message o use s, and inally dec yp all he bidding ciphe ex . The bidde
bids in ciphe ex . Con ac -1 and Con ac -2 a e deployed on he Conso ium Block chain.
The se ial numbe in he Figu e 1 indica es he low o he p o ocol:
1. Bidde gene a es he key pai ( xi , yi ) ; 2. Bidde Bi applies o egis a ion om CA; 3. CA
checks he bidde eal iden i y, hen issues ce i o
B
i ; 4. CA sends
( X
1
,Y
1
), (d,Q), ( X
2
,Y
2
)
ia secu e channel o he auc ionee ; 5. Bidde blinds he bid bi o ci ; 6. Bidde applies o
signa u e; 7. A e he con ac -1 e i ies he ce i o Bi , i sends ci o auc ionee ; 8. The
auc ionee sends he signa u e si ; 9. Bidde downloads he si om con ac -2; 10. Bidde
emo es he blind ac o s; 11. Bidde sends he enc yp ed submission (bidding message); 12. The
In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
8
con ac -2 collec s submission and sends Esubi o he auc ionee ; 13. Auc ionee e i ies he
signa u e, dec yp he Esubi , a las , submi he esul on he chain.
Figu e 1. A p ocess model o ou auc ion p o ocol
We adop conso ium block chain in ou scheme. Auc ionee communica es wi h bidde s and
sma con ac s h ough an E he eum block chain ne wo k whe e bidde s send signa u e eques s
o enc yp ed bids o con ac s, e c. A e he con ac ecei es pa ame e s, he co esponding
unc ion will au oma ically execu e and he execu ion esul will be w i en in o he block chain.
S o ing a p i a e key in a sma con ac is no secu e, and he sma con ac equi es an ex e nal
igge can un. In o de o p e en he auc ionee dec yp bids and leaked hem in ad ance, as we
men ioned be o e. We in oduced a ime elease enc yp ion algo i hm when enc yp ing he bids,
he auc ionee can dec yp he bids ciphe ex un il he inish ime a i al. This p e en s he
auc ionee om colluding wi h he bidde du ing he p ocess o auc ion.
De ini ions
Lis 1: signa u e eco d able. The con ac -1 eco ds he signa u e in o ma ion o each
anonymous bidde o p e en bidde om bidding mul iple imes in one auc ion.
Lis 2: bidding eco d able. The con ac -2 s o es he bidding in o ma ion.
Lis 3: i s o es esul s o an auc ion ask.
Con ac -1: I s o es he Lis 1. The message sen o he con ac -1 add ess in he o m o a
ansac ion h ough block chain ne wo k.
Con ac -2: I s o es Lis 2 and Lis 3. The message sen o he con ac -2 add ess also in he o m
o a ansac ion.
In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
9
The Cons uc ion o P o ocol
Pa ame e s Se up and Auc ion Publish
The auc ionee ini ially se up he pa ame e s o be used in an auc ion ask, and b oadcas s he
auc ion ask in he block chain ne wo k. TS also uns he TS GEN algo i hm in TRE p o ocol as
men ioned be o e o ini ialize pa ame e s.
1) Se up he auc ion ask and deposi he budge . The auc ionee deploys con ac -1 and con ac -2.
The deposi is a sum o money ha he auc ionee needs o send in o he con ac -2 accoun .
Assume he auc ionee has abo ed he p o ocol o has been caugh chea ing, hen he money will
be dis ibu ed o he bidde s as a punishmen .
2) T1,T2 ,T3,T4 de ine he ime in e als o he ollowing ou phases: egis e a CA, sign o
bids alue, bidde submi s bid, and publish he auc ion esul , espec i ely.
3) CA picks ellip ic cu e E(Fq ) and he base poin G  E(Fq ) .
4) TS uns he TS GEN algo i hm o ini ialize and announce sys em pa ame e s pa ams , PTS ,
whe e PTS is he public key o TS. The auc ionee uns he Use GEN algo i hm in TRE p o ocol
o gene a e a key pai (aG, asG) (which will be used o bidde s o enc yp bids) o his ask
only.
5) The auc ionee , CA and TS announce he abo e public pa ame e s and in o ms he bidde s o
s a egis a ion. The egis a ion phase should be comple ed wi hin T1 .
Regis e a Ce i ica ion Au ho i y
The bidde egis e s a CA o ge a ce i ica e bound o his/he unique iden i y ID. A he same
ime, CA gene a es public and sec e key pai s o con ac -1 and con ac -2.
1) The bidde Bi gene a es a andom numbe xi as a sec e key and calcula es he co esponding
public key yi  xiG .
2) Bi sends {yi , IDi } o he CA.
3) The CA checks he iden i y o he bidde Bi and checks whe he he is eligible o pa icipa e in
his auc ion. A e he e iew is passed, CA will issue a ce i ica e ce i o Bi .
4) CA gene a es signa u e key pai s o con ac -1, ( X1,Y1) and (d ,Q), hen sends
X
1
, d
o he
auc ionee o e he secu e channel. The secu e channel o his pape is implemen ed by TLS,
which ensu es he con iden ial and in eg a ed o in o ma ion, and also i can p e en
ea esd opping.
5) The con ac -1 gene a es he signa u e eco d able Lis 1. The lis consis s o he bidde 's
ce i ica e and he bid lag. The lag is used o indica e whe he he use has applied o a
In e na ional Jou nal o Ad anced In o ma ion Technology (IJAIT) Vol. 9, No.1, Feb ua y 2019
16
[18] Abe, M., & Suzuki, K. (2002, Sep embe ). Receip - ee sealed-bid auc ion. In In e na ional
Con e ence on In o ma ion Secu i y (pp. 191-199). Sp inge , Be lin, Heidelbe g.
[19] Blass, E. O., & Ke schbaum, F. (2018, Sep embe ). S ain: A secu e auc ion o blockchains. In
Eu opean Symposium on Resea ch in Compu e Secu i y (pp. 87-110). Sp inge , Cham.
[20] Roeh s, A., da Cos a, C. A., & da Rosa Righi, R. (2017). OmniPHR: A dis ibu ed a chi ec u e
model o in eg a e pe sonal heal h eco ds. Jou nal o biomedical in o ma ics, 71, 70-81.
[21] Ga ay, J., Kiayias, A., & Leona dos, N. (2015, Ap il). The bi coin backbone p o ocol: Analysis and
applica ions. In Annual In e na ional Con e ence on he Theo y and Applica ions o C yp og aphic
Techniques (pp. 281-310). Sp inge , Be lin, Heidelbe g.
[22] Bu e in, V. (2014). A nex -gene a ion sma con ac and decen alized applica ion pla o m. whi e
pape .
[23] E he eum, W. G. (2014). A secu e decen alised gene alised ansac ion ledge [J]. E he eum p ojec
yellow pape , 151, 1-32.
[24] Delmolino, K., A ne , M., Kosba, A., Mille , A., & Shi, E. (2016, Feb ua y). S ep by s ep owa ds
c ea ing a sa e sma con ac : Lessons and insigh s om a c yp ocu ency lab. In In e na ional
Con e ence on Financial C yp og aphy and Da a Secu i y (pp. 79-94). Sp inge , Be lin, Heidelbe g.
[25] Blake, I. F., & Chan, A. C. F. (2004). Scalable, Se e -Passi e, Use -Anonymous Timed Release
Public Key Enc yp ion om Bilinea Pai ing. IACR C yp ology eP in A chi e, 2004, 211.
[26] S adle , M., Pi e eau, J. M., & Camenisch, J. (1995, May). Fai blind signa u es. In In e na ional
Con e ence on he Theo y and Applica ions o C yp og aphic Techniques (pp. 209-219). Sp inge ,
Be lin, Heidelbe g.
[27] Wang, H. Q., Zhang, J., & Zhao, J. X. (2005). Schno blind signa u e based on ellip ic cu e.
Jisuanji Gongcheng yu Sheji(Compu e Enginee ing and Design), 26(7), 1819-1822.
[28] Almeida, F., San os, J. D., & Mon ei o, J. A. (2014). E-comme ce business models in he con ex o
web3. 0 pa adigm. a Xi p ep in a Xi :1401.6102.