Efficient Cryptographic Protocols Realizing E-Markets with Price Discrimination

  • Aggelos Kiayias
  • Moti Yung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4107)


Perfect (or “first degree”) Price Discrimination is a standard economic practice that is used to increase the pricing effectiveness over a diverse population of prospective buyers. It is done by selling to different buyers at different prices based on their respective willingness to pay. While the strategy achieves Pareto efficiency, there are a number of problems in realizing and giving incentive to buyers to participate (and stay) in a market with price discrimination. This is especially true in an open process (like Internet commerce), where parties may learn about their price’s individual standing (within the group of buyers) and may withdraw due to being relatively “over-charged” or may “resell” due to getting the goods at a relatively low price. We investigate the difficulties of realizing perfect price discrimination markets when full information is available to the participants even under the assumption of using standard cryptographic techniques. We then propose a “fair solution” for price discrimination in e-markets: using efficient cryptographic protocols (much more efficient than secure function evaluation protocols) we give incentives to users to stay in a market that utilizes price discrimination. Our protocols assure that the seller obtains the total revenue it expects and no buyer learns the price of other buyers. In addition, each buyer gets a “fair” discount off the surplus (the accumulated suggested payments by buyers minus the seller’s expected revenue) when applicable and the seller may get part of the surplus as well. Further, the seller gets to learn the market “willingness to pay” (for potential future use), while this knowledge does not affect the pricing of the current e-market instance. Along the way we investigate the cryptographic primitive of “robust distributed summation” that may be of independent interest as a protocol construction.


Price Discrimination Bulletin Board Cryptographic Protocol Homomorphic Encryption Encryption Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ACJT00]
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. [Ben87]
    Benaloh, J.: Verifiable Secret-Ballot Elections, PhD Thesis, Yale University (1987)Google Scholar
  3. [Bou00]
    Boudot, F.: Efficient Proofs that a Committed Number Lies in an Interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. [CFT98]
    Chan, A.H., Frankel, Y., Tsiounis, Y.: Easy Come - Easy Go Divisible Cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. [CF85]
    Cohen (Benaloh), J.D., Fischer, M.J.: A Robust and Verifiable Cryptographically Secure Election Scheme. In: FOCS 1985 (1985)Google Scholar
  6. [CGS97]
    Cramer, R., Gennaro, R., Schoenmakers, B.: A Secure and Optimally Efficient Multi-Authority Election Scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, Springer, Heidelberg (1997)Google Scholar
  7. [CDS94]
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, Springer, Heidelberg (1994) (a personal generator for G)Google Scholar
  8. [DF02]
    Damgård, I., Fujisaki, E.: A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. [C01]
    Di Crescenzo, G.: Privacy for the Stock Market. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 269–288. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. [DJ00]
    Damgård, I., Jurik, M.: A Generalisation, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System. In: Public Key Cryptography, pp. 119–136 (2001)Google Scholar
  11. [DDPY94]
    Santis, A.D., Crescenzo, G.D., Persiano, G., Yung, M.: On Monotone Formula Closure of SZK. In: FOCS 1994 (1994)Google Scholar
  12. [FS87]
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, Springer, Heidelberg (1987)Google Scholar
  13. [FPS00]
    Fouque, P.-A., Poupard, G., Stern, J.: Sharing Decryption in the Context of Voting or Lotteries. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. [FO97]
    Fujisaki, E., Okamoto, T.: Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)Google Scholar
  15. [G97]
    Goldwasser, S.: Multi-party computations: Past and present (invited talk). In: PODC 1997, pp. 1–6 (1997)Google Scholar
  16. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth annual ACM Symp. Theory of Computing (1987)Google Scholar
  17. [KTY04]
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable Signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. [Ni99]
    Nisan, N.: Algorithms for Selfish Agents. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, Springer, Heidelberg (1999)CrossRefGoogle Scholar
  19. [Od02]
    Odlyzko, A.: Privacy, Economics, and Price Discrimination on the Internet. In: First Workshop on Economics and Information Security, Berkeley (2002)Google Scholar
  20. [Pai99]
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, Springer, Heidelberg (1999)Google Scholar
  21. [Poi00]
    Pointcheval, D.: Self-Scrambling Anonymizers, Financial Cryptography. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 259–275. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. [Rab83]
    Rabin, M.: Transactions protected by beacons. Journal of Computer and System Sciences 27, 256–267 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  23. [Va96]
    Varian, H.R.: Differential Pricing and Efficiency, First Monday, peer-reviewed journal on the Internet (1996),
  24. [Ya86]
    Yao, A.: How to generate and exchange secrets. In: IEEE FOCS, pp. 162–167 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Aggelos Kiayias
    • 1
  • Moti Yung
    • 2
  1. 1.Computer Science and EngineeringUniversity of ConnecticutStorrsUSA
  2. 2.RSA Laboratories, Bedford, MA, USA and Computer ScienceColumbia UniversityNew YorkUSA

Personalised recommendations