We investigate proxy auctions, an auction model which is proving very successful for on-line businesses (e.g.http://www.ebay.com), where a trusted server manages bids from clients by continuously updating the current price of the item and the currently winning bid as well as keeping private the winning client’s maximum bid.
We propose techniques for reducing the trust in the server by defining and achieving
a security property, called server integrity. Informally, this property protects
clients from a novel and large class of attacks from a corrupted server by allowing
them to verify the correctness of updates to the current price and the currently
winning bid. Our new auction scheme achieves server integrity and satisfies two important
properties that are not enjoyed by previous work in the literature: it has minimal
interaction, and only requires a single trusted server. The main ingredients of
our scheme are two minimal-round implementations of zero-knowledge proofs for
proving lower bounds on encrypted values: one based on discrete logarithms that is
more efficient but uses the random oracle assumption, and another based on quadratic
residuosity that only uses standard intractability assumptions but is less efficient.
Public-key cryptography is widely used as the underlying mechanism for securing many protocols and applications in the Internet. A Public Key Infrastructure (PKI) is required to securely deliver public-keys to widely-distributed users or systems. The public key is usually made public by means of a digital document called certificate. Certificates are valid during a certain period of time; however, there are circumstances under which the validity of a certificate must be terminated sooner than assigned and thus, the certificate needs to be revoked. The Online Certificate Status Protocol (OCSP) is one of the most used protocols for retrieving certificate status information from the PKI. However, the OCSP protocol requires online signatures, which is a costly operation. In this article, we present an improvement over OCSP based on hash chains that reduces the processing burden in the server which in turn provides an additional protection against attacks based on flooding of queries.