Raziel: Private and Verifiable Smart Contracts on Blockchains

Raziel combines secure multi-party computation and proof-carrying code to provide privacy, correctness and verifiability guarantees for smart contracts on blockchains. Effectively solving DAO and Gyges attacks, this paper describes an implementation and presents examples to demonstrate its practical viability (e.g., private and verifiable crowdfundings and investment funds). Additionally, we show how to use Zero-Knowledge Proofs of Proofs (i.e., Proof-Carrying Code certificates) to prove the validity of smart contracts to third parties before their execution without revealing anything else. Finally, we show how miners could get rewarded for generating pre-processing data for secure multi-party computation.Comment: Support: cothority/ByzCoin/OmniLedge

Secret, verifiable auctions from elections

Auctions and elections are seemingly disjoint. Nevertheless, similar cryptographic primitives are used in both domains. For instance, mixnets, homomorphic encryption and trapdoor bit-commitments have been used by state-of-the-art schemes in both domains. These developments have appeared independently. For example, the adoption of mixnets in elections preceded a similar adoption in auctions by over two decades. In this paper, we demonstrate a relation between auctions and elections: we present a generic construction for auctions from election schemes. Moreover, we show that the construction guarantees secrecy and verifiability, assuming the underlying election scheme satisfies analogous security properties. We demonstrate the applicability of our work by deriving auction schemes from the Helios family of election schemes. Our results advance the unification of auctions and elections, thereby facilitating the progression of both domains

Publicly Verifiable Auctions with Privacy

Online auctions have a steadily growing market size, creating billions of US dollars in sales value every year. To ensure fairness and auditability while preserving the bidder\u27s privacy is the main challenge of an auction scheme. At the same time, utility driven blockchain technology is picking up the pace, offering transparency and data integrity to many applications. In this paper, we present a blockchain-based first price sealed-bid auction scheme. Our scheme offers privacy and public verifiability. It can be built on any public blockchain, which is leveraged to provide transparency, data integrity, and hence auditability. The inability to double spend on a blockchain is used to prevent bid replay attacks. Moreover, our scheme can achieve non-repudiation for both bidders and the auctioneer without revealing the bids and we encapsulate this concept inside the public verification of the auction. We propose to use ElGamal encryption and Bulletproofs to construct an efficient instantiation of our scheme. We also propose to use recursive zkSNARKs to reduce the number of comparison proofs from $N-1$ to $1$, where $N$ is the number of bidders

Formal Verification of e-Auction Protocols

Auctions have a long history, having been recorded as early as 500 B.C.. With the rise of Internet, electronic auctions have been a great success and are increasingly used. Many cryptographic protocols have been proposed to address the various security requirements of these electronic transactions. We propose a formal framework to analyze and verify security properties of e-Auction protocols. We model protocols in the Applied Pi-Calculus and define privacy notions, which include secrecy of bids, anonymity of the participants, receipt-freeness and coercion-resistance. We also discuss fairness, non-repudiation and non-cancellation. Additionally we show on two case studies how these properties can be verified automatically usingProVerif, and discover several attacks

Multi-attribute auctions with different types of attributes: Enacting properties in multi-attribute auctions

International audienceMulti-attribute auctions allow agents to sell and purchase goods and services taking into account more attributes besides the price (e.g. service time, tolerances, qualities, etc.). In this paper we analyze attributes involved during the auction process and propose to classify them between verifiable attributes, unverifiable attributes and auctioneer provided attributes. According to this classification we present VMA2, a new Vickrey-based reverse multi-attribute auction mechanism which, taking into account the different types of attributes involved in the auction, allows the auction customization in order to suit the auctioneer needs. On the one hand, the use of auctioneer provided attributes enables the inclusion of different auction concepts such as social welfare, trust or robustness whilst, on the other hand, the use of verifiable attributes guarantee truthful bidding. The paper exemplifies the behaviour of VMA2 describing how an egalitarian allocation can be achieved. The mechanism is then tested in a simulated manufacturing environment and compared with other existing auction allocation methods

Improving Transparency and Verifiability in School Admissions: Theory and Experiment

Students participating in centralized admissions procedures do not typically have access to the information used to determine their matched school, such as other students' preferences or school priorities. This can lead to doubts about whether their matched schools were computed correctly (the 'Verifiability Problem') or, at a deeper level, whether the promised admissions procedure was even used (the 'Transparency Problem'). In a general centralized admissions model that spans many popular applications, we show how these problems can be addressed by providing appropriate feedback to students, even without disclosing sensitive private information like other students' preferences or school priorities. In particular, we show that the Verifiability Problem can be solved by (1) publicly communicating the minimum scores required to be matched to a school ('cutoffs'); or (2) using 'predictable' preference elicitation procedures that convey rich 'experiential' information. In our main result, we show that the Transparency Problem can be solved by using cutoffs and predictable procedures together. We find strong support for these solutions in a laboratory experiment, and show how they can be simply implemented for popular school admissions applications involving top trading cycles, and deferred and immediate acceptance