Auction Specification Model v0.1-draft
2024-05-01

A participant in an auction who submits bids for items or assets being auctioned. Bidders compete with each other by placing bids with the intention of acquiring the auctioned item at the best possible price.

The bidders may engage in the process of deciding the winner by providing ZK proofs that said winner's bid in indeed larger or smaller (in case of a procurement auction)

The entity responsible for overseeing and managing the auction process. The auctioneer verifies the validity of bids, ensures compliance with auction rules, and ultimately determines the winning bid. In the context of zero-knowledge auctions, the auctioneer may also act as a verifier, validating bids without gaining knowledge of their content or the identity of the bidders. Moreover, the verifier declares the winner of the auction.

An offer made by a bidder to purchase an item or asset being auctioned. Bids typically include the bid amount and any relevant terms or conditions specified by the bidder. Bids can be submitted openly in English or Dutch auctions, or in sealed envelopes in sealed-bid auctions.

An auction format where bidders submit their bids privately without knowledge of other bidders' bids. Bids are typically sealed in envelopes or submitted electronically in a confidential manner. The bids are then opened simultaneously at the end of the auction, and the highest bid, in the case of First-price Sealed-Bid auction, wins.

Quoting from (Blass, Erik-Oliver and Kerschbaum, Florian, 2018),

One run of \(\Pi_{\text{strain}}\) requires a total of 4 blocks latency: 1 block for suppliers to commit, and then 3 blocks for core comparisons and computation of the winning bid.

To be discussed in <2024-07-01 Mon> meeting–it seems to be relevant to some work that was recently completed by @0xisk.

Quoting from (Blass, Erik-Oliver and Kerschbaum, Florian, 2018),

Ideal Functionality. Our protocol [Strain] emulates a trusted third party TTP that, first, receives all bids from all suppliers. If supplier pseudonymity is required, all participating suppliers \(S_i\) send their bids \(v_i\) via a pseudonymous channel, or else they send it via an authenticated channel. The trusted third party then computes result \(cmp_{i,j}\) of the comparison between each bid. Finally, the trusted third party announces (broadcasts) the results of all comparisons to auctioneer A, each Supplier \(S_i\), and all other participants of the blockchain. Similar to order preserving encryption, this reveals the total order of bids and hence the winner of the auction, but does not reveal the bids themselves.

\begin{align*} &\text{for all } S_i \text{ do} \\ &\quad \text{if Pseudonymity then } S_i \rightarrow \text{TTP}: \mathcal{F}_{\text{Pseu}}(v_i); \text{ else } S_i \rightarrow \text{TTP}: \mathcal{F}_{\text{Auth}}(v_i); \\ &\text{for } i = 1 \text{ to } s \text{ do} \\ &\quad \text{for all } j \neq i \text{ do} \\ &\quad \quad \text{TTP}: \text{Let } \text{cmp}_{i,j} = 1, \text{ if } v_i > v_j \text{ and } \text{cmp}_{i,j} = 0 \text{ otherwise;} \\ &\quad \text{end for} \\ &\text{end for} \\ &\text{TTP} \rightarrow \{A, S_1, \ldots, S_s\}: \mathcal{F}_{\text{BC}}(\{\text{cmp}_{i,j} \mid \forall i, j \in \{1, \ldots, s\}\}); \\ &\text{TTP} \rightarrow A: \{v_w \mid v_w = \min(v_1, \ldots, v_s)\}; \end{align*}

The only difference to our settings is that we would use the \(\max\) function instead in the last step.

Imagine that, at some point, \(A\) announces a new auction and uploads a smart contract to the blockchain. The smart contract is very simple and allows parties to comfortably exchange messages as mentioned before. The contract is signed by \(sk_A\), so everybody understands that this is a valid procurement auction

The identity of bidders must remain unknown and the specifics of their bids are kept private (this is important when revealing the bidder’s identity could influence the auction’s outcome or lead to privacy breaches, e.g., real estate, art/collectibles, etc.).

Ensuring the integrity of the auction process as well as protecting against fraud. Questions to be answered:

• How to prove the actual worth of the bidder claiming that she has? If that's not in the scope of the project, it has to be explicitly stated that such a responsibility is delegated to third-party tools.
• Should there be an escrow to guarantee that the bid is held securely?

The system must provide a proof that the some bid has won without revealing its value.

• Revealing the winning bid is an sensitive information. It shows the valuation of item \(i\) by the bidder \(j\). While it may not impact the auction at time \(t\), it could still be abused in an auction at time \(t + 1\)