Question 4. A sealed-bid auction is a process where a number of partiescalled bidders submit sealed bids for buying some item. Once all sealed bidshave been submitted, the bids are revealed and the highest bidder is the onethat buys the item.Suppose that the following cryptographic primitives are available:• A fully secure public-key encryption scheme (e.g., RSA-OAEP) thatconsists of the key-generation algorithm PKE.Gen, the encryption algorithm Enc, and the decryption algorithm Dec. • An existentially unforgeable digital signature scheme (e.g., RSA-FDH)that consists of the key-generation algorithm DS.Gen, the signing algorithm Sign, and the verification algorithm Vrfy. • A trusted certificate authority (CA) that can be used to issue publickey certificates for any party.Using the cryptographic primitives above, design and analyse an electronic sealed-bid auction protocol according to the following guidelines: • The parties involved in the auction are: (i) an auction administrator(AA) and a number of m bidders B1, . . . , Bm. The bidders trust theAA during the execution of an auction protocol. However, a maliciousbidder may observe the communication of another bidder with the AA,or even attempt to send a message on behalf of another party. • An auction protocol execution for a publicly known item I consists ofthree phases outlined as follows:1. Setup: the involved parties generate any necessary cryptographickeys and obtain certificates for their public keys. In addition, theAA provides each bidder with any necessary public keys (andcertificates) it has generated and the bidders send any necessarypublic keys (and certificates) they have generated to the AA.2. Bidding: Each bidder securely provides the AA with their bid(i.e., an integer amount of money) for item I.3. Result: The AA “opens” all the sealed bids and sets Bˆ ∈{B1, . . . , Bm} as the identity of the highest bidder. It announcesthe result to all bidders, which consists of the identity Bˆ and thebid of bidder Bˆ. For simplicity, assume that any two bidders willnever provide the same bid, i.e., there are no ties.• The auction protocol should be designed so that it achieves the following security properties:1. The bidders cannot learn each others’ bids during the Bindingphase.2. Only one bid per bidder will be accepted.3. No bidder can provide the AA with a bid on behalf of anotherbidder. 4. When a bidder receives the result, they are assured that it wasindeed provided by the AA.In particular, given the above guidelines, you are asked to:(b).  Argue about the security of your design. Namely, explainwhy each of the four aforementioned security properties is achieved.Your argumentation should be based on the security of the underlyingcryptographic primitives.

icon
Related questions
Question

Question 4. A sealed-bid auction is a process where a number of parties
called bidders submit sealed bids for buying some item. Once all sealed bids
have been submitted, the bids are revealed and the highest bidder is the one
that buys the item.
Suppose that the following cryptographic primitives are available:
• A fully secure public-key encryption scheme (e.g., RSA-OAEP) that
consists of the key-generation algorithm PKE.Gen, the encryption algorithm Enc, and the decryption algorithm Dec.

• An existentially unforgeable digital signature scheme (e.g., RSA-FDH)
that consists of the key-generation algorithm DS.Gen, the signing algorithm Sign, and the verification algorithm Vrfy.

• A trusted certificate authority (CA) that can be used to issue publickey certificates for any party.
Using the cryptographic primitives above, design and analyse an electronic sealed-bid auction protocol according to the following guidelines:

• The parties involved in the auction are: (i) an auction administrator
(AA) and a number of m bidders B1, . . . , Bm. The bidders trust the
AA during the execution of an auction protocol. However, a malicious
bidder may observe the communication of another bidder with the AA,
or even attempt to send a message on behalf of another party.

• An auction protocol execution for a publicly known item I consists of
three phases outlined as follows:
1. Setup: the involved parties generate any necessary cryptographic
keys and obtain certificates for their public keys. In addition, the
AA provides each bidder with any necessary public keys (and
certificates) it has generated and the bidders send any necessary
public keys (and certificates) they have generated to the AA.
2. Bidding: Each bidder securely provides the AA with their bid
(i.e., an integer amount of money) for item I.
3. Result: The AA “opens” all the sealed bids and sets Bˆ ∈
{B1, . . . , Bm} as the identity of the highest bidder. It announces
the result to all bidders, which consists of the identity Bˆ and the
bid of bidder Bˆ. For simplicity, assume that any two bidders will
never provide the same bid, i.e., there are no ties.
• The auction protocol should be designed so that it achieves the following security properties:
1. The bidders cannot learn each others’ bids during the Binding
phase.
2. Only one bid per bidder will be accepted.
3. No bidder can provide the AA with a bid on behalf of another
bidder.

4. When a bidder receives the result, they are assured that it was
indeed provided by the AA.
In particular, given the above guidelines, you are asked to:

(b).  Argue about the security of your design. Namely, explain
why each of the four aforementioned security properties is achieved.
Your argumentation should be based on the security of the underlying
cryptographic primitives.

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 1 steps

Blurred answer