Ari Juels and Mike Szydlo
Citation: A. Juels and M. Szydlo. In M. Blaze, ed., Financial Cryptography '02. Springer-Verlag. 2002. To appear
Abstract: Naor, Pinkas, and Sumner introduced and implemented a sealed-bid, two-server auction system that is perhaps the most efficient and practical to date. Based on a cryptographic primitive known as oblivious transfer, their system aims to ensure privacy and correctness provided that at least one auction server behaves honestly. As observed in \cite, however, the NPS system suffers from a security flaw in which one of the two servers can cheat so as to modify bids almost arbitrarily and without detection. We propose a means of repairing this flaw while preserving the attractive practical elements of the NPS protocol, including minimal round complexity for servers and minimal computation by players providing private inputs. Our proposal requires a slightly greater amount of computation and communication on the part of the two auction servers, but actually involves much less computation on the part of bidders. This latter feature makes our proposal particularly attractive for use with low-power devices. While the original proposal of NPS involved several dozen exponentiations for a typical auction, ours by contrast involves only several dozen modular multiplications.
The key idea in our proposal is a form of oblivious transfer that we
refer to as verifiable proxy oblivious transfer (VPOT). The security
of VPOT is predicated in a provable manner on a collection of common
cryptographic assumptions, including the RSA assumption, quadratic residuosity
assumption, and the random oracle model.