In NFT, PoS, Cross-Chain Communication and DEX, a Vickrey auction is proven (the prover won a Nobel prize) to increase the seller's income and the bidder pays their true valuation. The bidder with the highest bid wins and pays the second-highest price for the goods. Google Ads used a Vickrey auction but migrated to an English auction because it is not easy to achieve public verifiability on the second price. A Vickrey auction can be generalized to an M+1st-price auction that sells M goods. The highest M winners pay the M+1st-price.
- Correctness: The protocol can find exactly M winners and the M+1st price.
- Public Verifiability: The result can be publicly verifiable.
- Bid Secrecy: All bidder's bids should be kept as a secret.
- M+1st-Bidder's Anonymity: The identity of the bidder who bids the M+1st-price should be kept a secret.
- No Trusted Manager: A trusted manager is not necessary in our protocol.
- Bid Binding: Each bidder cannot change their bid after submitting it to the Smart Contract.
- Financial Fairness: The malicious (absent) bidder's stake will be used to compensate honest bidders.
We proposed three Smart Contract based auction protocols. All of them fulfill the required properties and provide additional features without a trusted manager.
In the IEEE-Access and the master branch, we focus on extending the bid upper bound. The time complexity of this protocol is O(M log P) per bidder.
A bit-slice bidding vector V is necessary to compare each bidder's bids secretly without a trusted manager. The upper bound of a bidder's bid is bounded by the length of the bidding vector |V|. In this protocol, we use a base-2 binary format to encode the bidding vector. To our best knowledge, this is the first secure M+1st-price auction protocol that can reach an exponential level bid upper bound 2^|V| without a trusted manager, somewhat homomorphic encryption (SHE) and fully homomorphic encryption (FHE). Please read the following journal paper for more details.
Po-Chu Hsu and Atsuko Miyaji. ``Blockchain based M+1st-Price Auction with Exponential Bid Upper Bound''. In IEEE Access, vol. 11, pages 91184-91195, 2023
The conference version can be found in the SciSec2022 branch. Please read the following conference paper for more details.
Po-Chu Hsu and Atsuko Miyaji. ``Scalable M+1st-Price Auction with Infinite Bidding Price''. In International Conference on Science of Cyber Security (SciSec’22), LNCS 13580, Springer-Verlag, pages 121–136, 2022
In the TrustCom2021 branch, we focus on optimizing the time complexity. The time complexity of this protocol is O(P) per bidder.
The time complexity for a trusted manager is usually O(BPM) since the manager needs to compare all B bidder's bids, verify each bidder's bidding vector with length P and find M winning bidders.
We use zero-knowledge proofs to remove the B factor and we found a greedy strategy to remove the M factor.
To our best knowledge, this is the first secure M+1st-price auction protocol that can reach an optimal time complexity without a trusted manager and Mix and Match protocol. Please read the following conference paper for more details.
Po-Chu Hsu and Atsuko Miyaji. ``Bidder Scalable M+1st-Price Auction with Public Verifiability''. In International Conference on Trust, Security and Privacy in Comput- ing and Communications (TrustCom’21), IEEE, pages 34–42, 2021
In the DSC2021 branch, we focus on how to use Smart Contracts to replace the trusted manager. The time complexity of this protocol is O(BPM) per bidder.
To our best knowledge, this is the first secure M+1st-price auction protocol that can fulfill all required properties without a trusted manager. Please read the following journal paper for more details.
Po-Chu Hsu and Atsuko Miyaji. ``Publicly Verifiable M+1st-Price Auction Fit for IoT with Minimum Storage''. In Security and Communication Networks, pages 1–10, 2021
The conference version is the same as the DSC2021 branch. Please read the following conference paper for more details.
Po-Chu Hsu and Atsuko Miyaji. ``Verifiable M+1st-Price Auction without Manager''. In Conference on Dependable and Secure Computing (DSC’21), IEEE, pages 1–8, 2021
This tutorial is tested on a Ubuntu 22.04 (LTS) server.
In this tutorial, we demonstrate how to deploy the auction Smart Contract to an Ethereum simulator ganache-cli and use our Python Web3 Client to benchmark the gas usage.
This tutorial includes 5 steps.
- Step 1. Download the Smart Contract and our web3 client
- Step 2. Install the Python virtual environment (optional)
- Step 3. Install the Solidity compiler
- Step 4. Install the Ethereum simulator
- Step 5. How to use seller.py, bidder.py and benchmark.py
- The auction Smart Contract.
git clone https://github.com/tonypottera24/m-1st_auction_sol.git - The Python Web3 Client we designed to benchmark the Smart Contract.
git clone https://github.com/tonypottera24/m-1st_auction_py.git
This step can make sure you are using the Python packages we tested.
- Install a virtual environment such as
python3-venv.sudo apt install python3-venv - Create and activate the virtual environment.
cd m-1st_auction_py python3 -m venv venv source venv/bin/activate - Install required packages to build Python packages.
sudo apt install build-essential python3-dev libgmp-dev - Install required Python packages.
pip install -r requirements.txt
Please follow the instructions on the official website py-solc-x if the following example doesn't work for you.
- Enter the Python interpreter
python - Get installable
solc(Solidity compiler) versions.The
>>>part is the command you need to type in the interpreter.>>> import solcx >>> solcx.get_installable_solc_versions() [Version('0.8.21'), ...] - Install version
0.8.21(you can install the latest compatible version)>>> solcx.install_solc(version="0.8.21") Version('0.8.21') - You can use the following command to check the installed compiler version.
>>> solcx.get_installed_solc_versions() [Version('0.8.21')]
In this tutorial, we use ganache-cli as an example. Please follow the instructions on the official website ganache-cli if the following example doesn't works for you.
-
Install nodejs
An issue said the v12 provided by
aptisn't supported byganache-cli. Please follow the instructions on the official website nodesource if the following example doesn't works for you.Set the nodejs version you want to install.
NODE_MAJOR=20Install nodesource gpg key.
sudo mkdir -p /etc/apt/keyrings curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.listInstall nodejs
sudo apt update sudo apt install nodejs -
Install the
ganache-clipackage.sudo npm install -g ganache -
Start the
ganache-cli.ganache-cli --miner.defaultGasPrice 1 --miner.blockGasLimit 0xfffffffffff --miner.callGasLimit 0xfffffffffff --miner.blockTime 1 -a 1000--miner.defaultGasPricecan set the gas price.--miner.blockGasLimitcan increase the gas limit of a block.--miner.callGasLimitcan increase the gas limit of a function call.--miner.blockTimegenerate a new block per second.-acan set the number of accounts simulated.--logging.debugshows all debug messages (optional)
An example of selling 1 item to 5 bidders with a bid upper bound 2^8 - 1 = 255 is
./benchmark.py -M 1 -B 5 -L 8
The benchmark can fail if the timeout is too short.
You can also execute the seller and bidder commands in different tabs.
./seller.py -M 1 -L 8
./bidder.py -i 1 -b 10
./bidder.py -i 2 -b 20
./bidder.py -i 3 -b 30
./bidder.py -i 4 -b 40
./bidder.py -i 5 -b 50
usage: seller.py [-h] [--port PORT] [-i INDEX] [-M M] -L L [-s STAKE] [-t TIMEOUT] [-o OUTPUT]
options:
-h, --help show this help message and exit
--port PORT web3 provider port
-i INDEX, --index INDEX
index of account
-M M number of goods
-L L length of bidding vector
-s STAKE, --stake STAKE
minimum stake
-t TIMEOUT, --timeout TIMEOUT
timeout for each phase
-o OUTPUT, --output OUTPUT
contract json for addr and abi
--port: the web3 provider port.--index: the index of Ethereum account in the wallet.-M: the number of goods the seller wants to sell.-L: the length of the bidding vectorV. The bid upper bound is2^|V| - 1.--stake: each bidder's minimum stake.--timeout: the timeout for each phase.--output: the contract address and abi json filename
Example: selling 1 item with bid upper bound 2^8 - 1 = 255
./seller.py -M 1 -L 8
usage: bidder.py [-h] [--port PORT] -i INDEX [-c CONTRACT] -b BID
options:
-h, --help show this help message and exit
--port PORT web3 provider port
-i INDEX, --index INDEX
index of account
-c CONTRACT, --contract CONTRACT
contract addr and abi json
-b BID, --bid BID bidding price
--port: the web3 provider port.--index: the index of Ethereum account in the wallet.--contract: the json file contains contract addr and abi--bid: the bidding price.
Example: one bidder bid 10 and another bidder bid 20
./bidder.py -i 1 -b 10
./bidder.py -i 2 -b 20
usage: benchmark.py [-h] [--port PORT] [-M M] -B B -L L
options:
-h, --help show this help message and exit
--port PORT port
-M M number of goods
-B B number of bidders
-L L bidding vector length
Example: simulate a seller selling 1 item to 5 bidders. The bid upper bound is 2^8 - 1 = 255
./benchmark -M 1 -B 5 -L 8
If you have any questions or want to learn more about this research, please open an issue or send a mail to the following address.
- Po-Chu Hsu: tonypottera[at]gmail.com
This project is licensed under the MIT License - see the LICENSE.txt file for details