Security and privacy in online auctions is a major concern as auction participants have many opportunities to cheat (e.g., repudiate bids, not deliver items, etc.). Online auctions such as those used by eBay are based on a type of auction referred to as an English auction. Dispite the English auction being the most popular type of auction, it has received less security coverage than other types of auctions (e.g., sealed-bid auctions). An existing proposal for a "secure" English auction prevents the Auctioneer from closing the auction early and from blocking bids, but does not protect a bidder's anonymity. Another proposal provides anonymity, but does not stop an Auctioneer from skewing its clock or blocking bids. This paper proposes a new scheme for conducting secure and anonymous online English auctions using a modified type of group sigture. Trust is divided among three servers owned by separate companies to ensure anonymity and fairness. Our scheme solves the problems of the existing English auction schemes and has following characteristics: unforgeability, anonymity, unlinkability, exculpability, coalition-resistance, verifiability, robustness, traceability, revocation, one-off registration, unskewability and unblockability. Our scheme has comparable efficiency to the existing schemes for the enhanced security and privacy it provides.

Presented at Conferences

  • International Conference on Security and Cryptography (SECRYPT'06) (2006)

    Setubal, Portugal