24 research outputs found
Verifying Privacy Preserving Combinatorial Auctions
Suppose you are competing in an online sealed bid auction for some goods. How
do you know the auction result can be trusted? The auction site could be performing actions that support its own commercial interests by blocking certain bidders or even reporting incorrect winning prices. This problem is magnified
when the auctioneer is an unknown party and the auctions are for high value items. The incentive for the auctioneer to cheat can be high as they could stand to make a significant profit by inflating winning prices or by being paid by a certain bidder to announce them the winner. Verification of auction results provides
confidence in the auction result by making it computationally infeasible for an auction participant to cheat and not get caught. This thesis examines the construction of verifiable privacy preserving combinatorial auction protocols. Two verifiable privacy preserving combinatorial auction protocols are produced by
extending existing auction protocols
Brandt's fully private auction protocol revisited
International audienceAuctions have a long history, having been recorded as early as 500 B.C. [Kri02]. Nowadays, electronic auctions have been a great success and are increasingly used in various applications, including high performance computing [BAGS02]. Many cryptographic protocols have been proposed to address the various security requirements of these electronic transactions, in particular to ensure privacy. Brandt [Bra06] developed a protocol that computes the winner using homomorphic operations on a distributed ElGamal encryption of the bids. He claimed that it ensures full privacy of the bidders, i.e. no information apart from the winner and the winning price is leaked. We first show that this protocol – when using malleable interactive zero-knowledge proofs – is vulnerable to attacks by dishonest bidders. Such bidders can manipulate the publicly available data in a way that allows the seller to deduce all participants' bids. We provide an efficient parallelized implementation of the protocol and the attack to show its practicality. Additionally we discuss some issues with verifiability as well as attacks on non-repudiation, fairness and the privacy of individual bidders exploiting authentication problems
Secret, verifiable auctions from elections
Auctions and elections are seemingly
disjoint.
Nevertheless, similar cryptographic primitives are used
in both domains. For instance, mixnets, homomorphic encryption and trapdoor
bit-commitments have been used by state-of-the-art schemes in both domains.
These developments have appeared independently. For example, the adoption of
mixnets in elections preceded a similar adoption in auctions by over two decades.
In this paper, we demonstrate a relation between auctions and elections:
we present a generic construction for auctions from election schemes. Moreover,
we show that the construction guarantees secrecy and verifiability,
assuming the underlying election scheme satisfies analogous security properties.
We demonstrate the applicability of our work by deriving auction schemes from
the Helios family of election schemes.
Our results advance the unification of auctions and elections, thereby facilitating the progression of both domains
Novel Secret Sharing and Commitment Schemes for Cryptographic Applications
In the second chapter, the notion of a social secret sharing (SSS) scheme is introduced in which shares are allocated based on a player's reputation and the way she interacts with other parties. In other words, this scheme renews shares at each cycle without changing the secret, and it allows the trusted parties to gain more authority. Our motivation is that, in real-world applications, components of a secure scheme have different levels of importance (i.e., the number of shares a player has) and reputation (i.e., cooperation with other parties). Therefore, a good construction should balance these two factors accordingly.
In the third chapter, a novel socio-rational secret sharing (SRS) scheme is introduced in which rational foresighted players have long-term interactions in a social context, i.e., players run secret sharing while founding and sustaining a public trust network. To motivate this, consider a repeated secret sharing game such as sealed-bid auctions. If we assume each party has a reputation value, we can then penalize (or reward) the players who are selfish (or unselfish) from game to game. This social reinforcement stimulates the players to be cooperative in the secret recovery phase. Unlike the existing protocols in the literature, the proposed solution is stable and it only has a single reconstruction round.
In the fourth chapter, a comprehensive analysis of the existing dynamic secret sharing (DSS) schemes is first provided. In a threshold scheme, the sensitivity of the secret and the number of players may fluctuate due to various reasons. Moreover, a common problem with almost all secret sharing schemes is that they are ``one-time'', meaning that the secret and shares are known to everyone after secret recovery. We therefore provide new techniques where the threshold and/or the secret can be changed multiple times to arbitrary values after the initialization. In addition, we introduce a new application of dynamic threshold schemes, named sequential secret sharing (SQS), in which several secrets with increasing thresholds are shared among the players who have different levels of authority.
In the fifth chapter, a cryptographic primitive, named multicomponent commitment scheme (MCS) is proposed where we have multiple committers and verifiers. This new scheme is used to construct different sealed-bid auction protocols (SAP) where the auction outcomes are defined without revealing the losing bids. The main reason for constructing secure auctions is the fact that the values of the losing bids can be exploited in future auctions and negotiations if they are not kept private. In our auctioneer-free protocols, bidders first commit to their bids before the auction starts. They then apply a decreasing price mechanism to define the winner and selling price in an unconditionally secure setting
DRIVE: A Distributed Economic Meta-Scheduler for the Federation of Grid and Cloud Systems
The computational landscape is littered with islands of disjoint resource providers including
commercial Clouds, private Clouds, national Grids, institutional Grids, clusters, and data centers.
These providers are independent and isolated due to a lack of communication and coordination,
they are also often proprietary without standardised interfaces, protocols, or execution environments.
The lack of standardisation and global transparency has the effect of binding consumers
to individual providers. With the increasing ubiquity of computation providers there is an opportunity
to create federated architectures that span both Grid and Cloud computing providers
effectively creating a global computing infrastructure. In order to realise this vision, secure and
scalable mechanisms to coordinate resource access are required. This thesis proposes a generic
meta-scheduling architecture to facilitate federated resource allocation in which users can provision
resources from a range of heterogeneous (service) providers.
Efficient resource allocation is difficult in large scale distributed environments due to the inherent
lack of centralised control. In a Grid model, local resource managers govern access to a
pool of resources within a single administrative domain but have only a local view of the Grid
and are unable to collaborate when allocating jobs. Meta-schedulers act at a higher level able to
submit jobs to multiple resource managers, however they are most often deployed on a per-client
basis and are therefore concerned with only their allocations, essentially competing against one
another. In a federated environment the widespread adoption of utility computing models seen in
commercial Cloud providers has re-motivated the need for economically aware meta-schedulers.
Economies provide a way to represent the different goals and strategies that exist in a competitive
distributed environment. The use of economic allocation principles effectively creates an
open service market that provides efficient allocation and incentives for participation.
The major contributions of this thesis are the architecture and prototype implementation of the
DRIVE meta-scheduler. DRIVE is a Virtual Organisation (VO) based distributed economic metascheduler
in which members of the VO collaboratively allocate services or resources. Providers
joining the VO contribute obligation services to the VO. These contributed services are in effect
membership “dues” and are used in the running of the VOs operations – for example allocation,
advertising, and general management. DRIVE is independent from a particular class of provider
(Service, Grid, or Cloud) or specific economic protocol. This independence enables allocation in
federated environments composed of heterogeneous providers in vastly different scenarios. Protocol
independence facilitates the use of arbitrary protocols based on specific requirements and
infrastructural availability. For instance, within a single organisation where internal trust exists,
users can achieve maximum allocation performance by choosing a simple economic protocol.
In a global utility Grid no such trust exists. The same meta-scheduler architecture can be used
with a secure protocol which ensures the allocation is carried out fairly in the absence of trust.
DRIVE establishes contracts between participants as the result of allocation. A contract describes
individual requirements and obligations of each party. A unique two stage contract negotiation
protocol is used to minimise the effect of allocation latency. In addition due to the co-op nature of
the architecture and the use of secure privacy preserving protocols, DRIVE can be deployed in a
distributed environment without requiring large scale dedicated resources.
This thesis presents several other contributions related to meta-scheduling and open service
markets. To overcome the perceived performance limitations of economic systems four high utilisation
strategies have been developed and evaluated. Each strategy is shown to improve occupancy,
utilisation and profit using synthetic workloads based on a production Grid trace. The
gRAVI service wrapping toolkit is presented to address the difficulty web enabling existing applications.
The gRAVI toolkit has been extended for this thesis such that it creates economically
aware (DRIVE-enabled) services that can be transparently traded in a DRIVE market without requiring
developer input. The final contribution of this thesis is the definition and architecture of
a Social Cloud – a dynamic Cloud computing infrastructure composed of virtualised resources
contributed by members of a Social network. The Social Cloud prototype is based on DRIVE
and highlights the ease in which dynamic DRIVE markets can be created and used in different
domains
Tidy: Symbolic Verification of Timed Cryptographic Protocols
International audienc
Language-based Techniques for Practical and Trustworthy Secure Multi-party Computations
Secure Multi-party Computation (MPC) enables a set of parties to
collaboratively compute, using cryptographic protocols, a function
over their private data in a way that the participants do not see
each other's data, they only see the final output. Typical MPC
examples include statistical computations over joint private data,
private set intersection, and auctions. While these applications are
examples of monolithic MPC, richer MPC
applications move between "normal" (i.e., per-party local)
and "secure" (i.e., joint, multi-party secure) modes
repeatedly, resulting overall in mixed-mode computations. For
example, we might use MPC to implement the role of the dealer in a
game of mental poker -- the game will be divided into rounds of
local decision-making (e.g. bidding) and joint interaction
(e.g. dealing). Mixed-mode computations are also used to improve
performance over monolithic secure computations.
Starting with the Fairplay project, several MPC frameworks have been
proposed in the last decade to help programmers write MPC applications in
a high-level language, while the toolchain manages the
low-level details. However, these frameworks are either not expressive
enough to allow writing mixed-mode applications or lack formal
specification, and reasoning capabilities, thereby diminishing the
parties' trust in such tools, and the programs written using
them. Furthermore, none of the frameworks provides a verified
toolchain to run the MPC programs, leaving the potential of security holes
that can compromise the privacy of parties' data.
This dissertation presents language-based techniques to make MPC more
practical and trustworthy. First, it presents the design and
implementation of a new MPC Domain Specific Language, called Wysteria,
for writing rich mixed-mode MPC applications. Wysteria provides several
benefits over previous languages, including a conceptual single thread of
control, generic support for more than two parties, high-level abstractions
for secret shares, and a fully formalized type system and operational
semantics. Using Wysteria, we have implemented several MPC applications,
including, for the first time, a card dealing application.
The dissertation next
presents Wys*, an embedding of Wysteria in F*, a
full-featured verification oriented programming language. Wys*
improves on Wysteria along three lines: (a) It enables programmers to
formally verify the correctness and security properties of their
programs. As far as we know, Wys* is the first language to
provide verification capabilities for MPC programs. (b) It provides a
partially verified toolchain to run MPC programs, and finally (c) It
enables the MPC programs to use, with no extra effort, standard
language constructs from the host language F*, thereby making it
more usable and scalable.
Finally, the dissertation develops static analyses that help optimize
monolithic MPC programs into mixed-mode MPC programs, while providing
similar privacy guarantees as the monolithic versions