The participants

(1) Registration Manager (RM)

(i) It is a unit for bidders to apply for registration. All bidders only require registering once. After that, they can participate in multiple auctions and no more registration is needed.

(ii) It is also responsible to store bidders’ identity information and corresponding secret parameters.

(iii)Manages and maintains the bulletin board, which is called BBRM. On the bulletin board, two types of information would be published. One is registration key and identity information of a bidder. Another is pseudonym that a bidder uses in a single auction round. The published information would be supplied to anyone for identification verification. And only the RM has the authority to write and update the bulletin board.

(2) Agent House (AH)

(i) It is responsible to communicates with broker agent and creates bid agents.

(ii) Manages and maintains a bulletin board, which is called BBAH. The bulletin board would provide the bidder’s transaction public key for the verification purpose. And only the AH has the authority to write and update the bulletin board.

(3) Auction House (AUH)

(i) Provides the auction place, maintains the operations, and hosts the auctions.

(ii) Manages and maintains a bulletin board, which is called BBAUH. On this bulletin

board, the published information would be the bidding information of bidders and the winning bidder’s information. All the published information can be used to verify one’s identity. And only the AUH has the authority to write and update the bulletin board.

(4) Bidder (B)

(i) It is the one who participates and places bids in the auction.

4.2 Using modular exponentiation

In order to know what is the difference in computation amount between using modular exponentiation and using Elliptic Curve Cryptosystem in English Auction protocol, this paper employs the same auction processes on these two methods.

First, the scheme using modular exponentiation in English Auction protocol is presented as follows. The given system parameters are shown in Table 2.

Table 2: System Parameters for modular exponentiation scheme p, q Two big prime numbers, satisfying q| p1;

g A generator with order q in Z ; _p

EK(m) A symmetric encryption method of message m with the key K;

(K is the shared key between Bi and AM)

H(x) A one-way hash function, satisfying H ^j(x )H(x ,H^j-1(x)) and x

x H⁰( ) ;

SKAH AH’s private key;

PKAH AH’s public key;

Bi The ith bidder;

j

bidi _, A bid price that is placed by Bi in the jth round of auction;

SK i Bi’s private key;

RK i Bi’s registration key;

k , i t_1,i, t_2,i Three secret parameters that are chosen by Bi;

j

Ni _, A pseudonym, RM creates only for Bi in the jth round of auction;

r j A random number chosen by AH in the jth round of auction;

G j The public information published by AH in the jth round of auction;

j

TPKi _, A transaction public key, AH generates only for Bi in the jth round of auction;

The auction processes are described as follows.

4.2.1 Initialization

RM and AH establish system parameters and the steps are as follows:

(1) Registration Manager

Step 1: Sets up a read-only bulletin board (BBRM)and post two kinds of information.

One is registration key and identity information of all bidders. Another is pseudonyms used by the bidders in the jth round of auction. RM is the only one can write and update the bulletin board.

Step 2: Declare p, q, g, H(x) publicly.

(2) Auction House

Step 1: Sets up a read-only bulletin board (BBAH) and publish the transaction public key and related information of all bidders on the bulletin boards. AH is the only one authorized to write and update the bulletin board.

Step 2: Randomly select an integer SK_AH[1,q -1] as the private key and use it to calculate the corresponding public key PK_AH. The equation is as follows:

(1) ...

...

mod

AH

AH g p

PK  ^SK Step 3: Post PK_AH on BBAH.

4.2.2 Registration

As a new bidder (Bi) joins in an auction, he/she must apply for registration with RM at the very beginning. After the registration completes, RM would generates pseudonyms, which can only be used one time, for Bi in the jth round of auction.

Bi should first calculate all relevant parameters before registering with RM. The registration process is shown as below:

Step 1: Bi randomly selects an integer SK_i[1,q -1] as the private key and computes a corresponding registration key RK . The equation is given as follows: _i

(2) ...

...

mod p g

RK_i  ^SKi

Step 2: Bi randomly selects an integer k_i[1,q -1] as a secret parameter. a secure channel to RM. After RM receives the information transmitted by Bi, the registration would proceed. each other. In contrast, RM would refuse to take the registration application from Bi if the received information is forged.

Step 6: RM keeps Bi’s identity information ID and the corresponding secret parameter _i k in its own database. i

Step 7: RM posts Bi’s identity information ID and registration key _i RK on BB_i RM.

Step 8: Before the jth round of auction starts, RM would generate a pseudonym (N_{i ,j}) for every bidder Bi. The order of all pseudonyms would be randomly arranged and posted on BBRM. The equation is shown as below:

(7)

Step 9: Bi can use (7) to compute his/her own pseudonym and verify that his/her pseudonym matches with the one that is posted on BBRM. If Bi dose not find his/her pseudonym on BBRM, he/she can appeal to RM.

4.2.3 Generation of Transaction Public Key

In the jth round of auction, Bi can obtain auction information through AH who could ask broker agent to supply the information about currently open auctions. The broker agent would prepare an auction house list that matches the needs of Bi and send the list back to the AH for Bi to review. When Bi decides which auction he/she wants to participate, Bi would have to apply a transaction public key (TPK_{i ,j}), which is managed by AH. AH would generate

j equation is shown as below:

(10)

4.2.4 Signature

Before Bi starts to participate in the auction, Bi must verify TPK_{i ,j} given by the AH on BBAH. If the key is valid, Bi would calculate the corresponding signature with his/her bid price and the related information. Subsequently, Bi can start participating in the bidding. The steps are stated as follows:

Step 1: Bi uses AH’s public key PK_AH to compute a parameter S_i , as follows: _,j

Step 5: Bi used K to encrypt the bid _i bid_{i ,j} and the signature {α_{i ,j} ,β_{i ,j}}, obtaining the ciphertext E_K (bid_{i ,j} ,α_{i ,j} ,β_{i ,j})

i .

4.2.5 Auction Bidding

Before the auction starts, Bi needs to obtain a bid agent from the AH. After a bid agent is acquired, Bi, then, is allowed to bid. The auction bidding process is stated as follows:

Step 1: Bi should first send out the data tuple {TPK_{i ,j}, E_Ki(bid_{i ,j} ,α_{i ,j} ,β_{i ,j})} to AH and apply for a bid agent.

Step 2: After the AH receives the data from Bi, AH must compute the shared key K to _i decrypt the ciphertext E_K (bid_{i ,j} ,α_{i ,j} ,β_{i ,j})

i and authenticates the validity of )}

i . The equations for verification are shown as below:

AH can reject the bidding request from Bi if the received information is false.

Step 3: AH uses the bidding information {TPK_{i ,j} ,bid_{i ,j} ,α_{i ,j} ,β_{i ,j}} to create a new bid agent for Bi, and then AH would send this agent to the selected AUH to represent Bi to participate in the auction.

Step 1, 2, and 3 can be skipped if the bid is placed more than once. Only the bidding

Step 4: When the bid agent arrives at the AUH, it has to be verified that TPK_{i ,j} is same as on BBAH. If not, AUH can reject Bi’s application.

Step 5: AUH verifies the bidding information {TPK_{i ,j} ,bid_{i ,j} ,α_{i ,j} ,β_{i ,j}} using (17). If (17) holds, it means that {TPK_{i ,j} ,bid_{i ,j} ,α_{i ,j} ,β_{i ,j}} is valid.

Step 6: AUH posts the bidding information {TPK_{i ,j} ,bid_{i ,j} ,α_{i ,j} ,β_{i ,j}} on BBAUH. Anyone can use (17) to verify the bidding information of Bi.

4.2.6 Winner Announcement

When the jth round of auction ends, the one who places the highest bid price would be announced as the winner. Then AUH would take the winner’s TPK_{i ,j} to reconfirm the

winner’s information, N_{i ,j} andRK with AH and RM. Afterward, the result would be _i published on BBAUH and can be obtained by anyone to verify. The steps are stated as follows:

Step 1: AUH takes the winner’s TPK_{i ,j} to AH and ask for the pseudonym N_{i ,j} used by the winner.

Step 2: AH returns the information {TPK_{i ,j},( r_j‧S_{i ,j}),N_{i ,j}} back to the AUH.

Step 3: AUH can use (10) to confirm the relationship between TPK_{i ,j} and N_{i ,j}.

Step 4: AUH takes the winner’s N_{i ,j} to RM and ask for the winner’s RK . _i

Step 5: RM returns the information {N_{i ,j} ,H ^j(k_i),RK_i} back to the AUH.

Step 6: AUH can use (7) to confirm the relationship between N_{i ,j} and RK . _i

Step 7: The AUH will post the winner’s information, {TPK_{i ,j},( r_j‧S_{i ,j}),N_{i ,j}} and }

), ( ,

{N_{i ,j} H^j k_i RK_i , on BBAUH. The winner’s information on BBAUH can be obtained by anyone to verify again by using (7) and (10).