A Blockchain-based Privacy-Preserving Scheme for Sealed-bid Auction

The sealed-bid auction enables bidders to secretly send their bids to the auctioneer, which compares all bids and publishes the winning one on the bid-opening day. This type of auction is friendly for protecting the bid privacy, and sufficiently fair for all bidders if the auctioneer acts faithfully. Unfortunately, the auctioneer may not always be trustworthy. The auctioneer has the ability to deliberately leak any bid information to a part of bidders for raising the final winning price based on the investigation. Meanwhile, the auctioneer can appoint any bidder as the winner, as long as the bidder accepts a higher winning price than the current highest bid. Since bidders cannot obtain any bid information from others, to the best of our knowledge, it is difficult to prevent bid leakage from the auctioneer, and support bidders to verify the bid comparison results without disclosing the winning bid, simultaneously. To alleviate these problems, we first construct a homomorphic encryption(HE)-based bid comparison circuit. All bidders can directly compute a cipher of the winning bid by using this circuit; hence, the winning bid does not need to be exposed to all bidders. Then, we propose a blockchain-based sealed-bid scheme (BSS) by integrating the circuit with commitment and zero-knowledge proof. The auctioneer only obtains the commitments of bids before the bid-opening day, and he has to prove that the winner's bid is the same as the plaintext of the bidders' computed cipher. Thus, the auctioneer can neither leak the bid information nor publish a higher winning price during in the auction. Detailed performance analysis shows that the computational complexity of BSS is linear with the binary length of bids.