Additive Combinatorics and Discrete Logarithm Based Range Protocols

We show how to express an arbitrary integer interval $I = [0, H]$ as a sumset $I = \sum_{i=1}^\ell G_i * [0, u - 1] + [0, H']$ of smaller integer intervals for some small values $\ell$, $u$, and $H' < u - 1$, where $b * A = \{b a : a \in A\}$ and $A + B = \{a + b : a \in A \wedge b \in B\}$. We show how to derive such expression of $I$ as a sumset for any value of $1 < u < H$, and in particular, how the coefficients $G_i$ can be found by using a nontrivial but efficient algorithm. This result may be interesting by itself in the context of additive combinatorics. Given the sumset-representation of $I$, we show how to decrease both the communication complexity and the computational complexity of the recent pairing-based range proof of Camenisch, Chaabouni and shelat from ASIACRYPT 2008 by a factor of $2$. Our results are important in applications like e-voting where a voting server has to verify thousands of proofs of e-vote correctness per hour. Therefore, our new result in additive combinatorics has direct relevance in practice

Cryptographic Randomized Response Techniques

We develop cryptographically secure techniques to guarantee unconditional privacy for respondents to polls. Our constructions are efficient and practical, and are shown not to allow cheating respondents to affect the ``tally'' by more than their own vote -- which will be given the exact same weight as that of other respondents. We demonstrate solutions to this problem based on both traditional cryptographic techniques and quantum cryptography.Comment: 21 page

Managing Distrust-Induced Risk with Deposit in Supply Chain Contract Decisions

This paper studies the trust issue in a two-echelon supply chain information sharing process. In a supply chain, the retailer reports the forecasted demand to the supplier. Traditionally, the supplier’s trust in the retailer’s reported information is based on the retailer’s reputation. However, this paper considers that trust is random and is also affected by the reputation and the demand gap. The supplier and retailer have been shown to have different evaluations regarding the degree of trust. Furthermore, distrust is inherently linked to perceived risk. To mitigate perceived risk, a two-stage decision process with an unpayback deposit contract is proposed. At the first stage, the supplier and the retailer negotiate the deposit contract. At the second stage, a Stackelberg game is used to determine the retailer’s reported demand and the supplier’s production quantity. We show that the deposits from the retailer’s and supplier’s perspectives are different. When the retailer’s reported demand is equal to the supplier’s forecasted demand, the retailer’s evaluation of the deposit is more than that of supplier’s. When the retailer’s reported demand is equal to the retailer’s forecasted demand, the deposit from the retailer’s perspective is at the lowest level

Publicly Verifiable Auctions with Privacy

Online auctions have a steadily growing market size, creating billions of US dollars in sales value every year. To ensure fairness and auditability while preserving the bidder\u27s privacy is the main challenge of an auction scheme. At the same time, utility driven blockchain technology is picking up the pace, offering transparency and data integrity to many applications. In this paper, we present a blockchain-based first price sealed-bid auction scheme. Our scheme offers privacy and public verifiability. It can be built on any public blockchain, which is leveraged to provide transparency, data integrity, and hence auditability. The inability to double spend on a blockchain is used to prevent bid replay attacks. Moreover, our scheme can achieve non-repudiation for both bidders and the auctioneer without revealing the bids and we encapsulate this concept inside the public verification of the auction. We propose to use ElGamal encryption and Bulletproofs to construct an efficient instantiation of our scheme. We also propose to use recursive zkSNARKs to reduce the number of comparison proofs from $N-1$ to $1$, where $N$ is the number of bidders

Secure Sealed-Bid Online Auctions Using Discreet Cryptographic Proofs

Abstract This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, the winning bid is determined without information about the losing bids leaking to either the auctioneer or other bidders. Practical implementation of the protocol is feasible using circuit-based cryptographic proofs along with additively homomorphic bit commitment. Moreover, we propose the development of a Proof Certificate standard. These certificates convey sufficient information to recreate the cryptographic proofs and verify them offline

On server trust in private proxy auctions

We investigate proxy auctions, an auction model which is proving very successful for on-line businesses (e.g.http://www.ebay.com), where a trusted server manages bids from clients by continuously updating the current price of the item and the currently winning bid as well as keeping private the winning client’s maximum bid. We propose techniques for reducing the trust in the server by defining and achieving a security property, called server integrity. Informally, this property protects clients from a novel and large class of attacks from a corrupted server by allowing them to verify the correctness of updates to the current price and the currently winning bid. Our new auction scheme achieves server integrity and satisfies two important properties that are not enjoyed by previous work in the literature: it has minimal interaction, and only requires a single trusted server. The main ingredients of our scheme are two minimal-round implementations of zero-knowledge proofs for proving lower bounds on encrypted values: one based on discrete logarithms that is more efficient but uses the random oracle assumption, and another based on quadratic residuosity that only uses standard intractability assumptions but is less efficient.Postprint (published version