Skip to main content
SpringerLink
Log in

Trustee: Full Privacy Preserving Vickrey Auction on Top of Ethereum

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11599))

Included in the following conference series:

Abstract

The wide deployment of tokens for digital assets on top of Ethereum implies the need for powerful trading platforms. Vickrey auctions have been known to determine the real market price of items as bidders are motivated to submit their own monetary valuations without leaking their information to the competitors. Recent constructions have utilized various cryptographic protocols such as ZKP and MPC, however, these approaches either are partially privacy-preserving or require complex computations with several rounds. In this paper, we overcome these limits by presenting Trustee as a Vickrey auction on Ethereum which fully preserves bids’ privacy at relatively much lower fees. Trustee consists of three components: a front-end smart contract deployed on Ethereum, an Intel SGX enclave, and a relay to redirect messages between them. Initially, the enclave generates an Ethereum account and ECDH key-pair. Subsequently, the relay publishes the account’s address and ECDH public key on the smart contract. As a prerequisite, bidders are encouraged to verify the authenticity and security of Trustee by using the SGX remote attestation service. To participate in the auction, bidders utilize the ECDH public key to encrypt their bids and submit them to the smart contract. Once the bidding interval is closed, the relay retrieves the encrypted bids and feeds them to the enclave that autonomously generates a signed transaction indicating the auction winner. Finally, the relay submits the transaction to the smart contract which verifies the transaction’s authenticity and the parameters’ consistency before accepting the claimed auction winner. As part of our contributions, we have made a prototype for Trustee available on Github for the community to review and inspect it. Additionally, we analyze the security features of Trustee and report on the transactions’ gas cost incurred on Trustee smart contract.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Digital assets in Ethereum blockchain. https://tokenmarket.net/blockchain/Ethereum/assets/

  2. Top 100 cryptocurrencies by market capitalization (2018). https://coinmarketcap.com

  3. Al-Bassam, M., Sonnino, A., Król, M., Psaras, I.: Airtnt: fair exchange payment for outsourced secure enclave computations. arXiv preprint arXiv:1805.06411 (2018)

  4. Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13. ACM New York (2013)

    Google Scholar 

  5. Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: USENIX Security Symposium, pp. 781–796 (2014)

    Google Scholar 

  6. Benet, J.: IPFS-content addressed, versioned, P2P file system. arXiv preprint arXiv:1407.3561 (2014)

  7. Bentov, I., et al.: Tesseract: real-time cryptocurrency exchange using trusted hardware. IACR Cryptology ePrint Archive, 2017:1153 (2017)

    Google Scholar 

  8. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313–314. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_19

    Chapter  Google Scholar 

  9. Blass, E.-O., Kerschbaum, F.: Strain: a secure auction for blockchains. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 87–110. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99073-6_5

    Chapter  Google Scholar 

  10. Bos, J.W., Halderman, J.A., Heninger, N., Moore, J., Naehrig, M., Wustrow, E.: Elliptic curve cryptography in practice. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 157–175. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_11

    Chapter  Google Scholar 

  11. Brandenburger, M., Cachin, C., Kapitza, R., Sorniotti, A.: Blockchain and trusted computing: problems, pitfalls, and a solution for Hyperledger fabric. arXiv preprint arXiv:1805.08541 (2018)

  12. Brown, D.R.L.: Standards for efficient cryptography sec 2: recommended elliptic curve domain parameters (2010). http://www.secg.org/sec2-v2.pdf

  13. Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: SGXPECTREattacks: leaking enclave secrets via speculative execution. arXiv preprint arXiv:1802.09085 (2018)

  14. Cheng, R., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contract execution. arXiv preprint arXiv:1804.05141 (2018)

  15. Galal, H.S., Youssef, A.M.: Succinctly verifiable sealed-bid auction smart contract. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds.) DPM/CBT -2018. LNCS, vol. 11025, pp. 3–19. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00305-0_1

    Chapter  Google Scholar 

  16. Galal, H.S., Youssef, A.M.: Verifiable sealed-bid auction on the ethereum blockchain. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 265–278. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_18

    Chapter  Google Scholar 

  17. Martínez, V.G., Encinas, L.H., Ávila, C.S.: A survey of the elliptic curve integrated encryption scheme. J. Comput. Sci. Eng. 2, 7–13 (2010)

    Google Scholar 

  18. Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: USENIX Security Symposium, pp. 217–233 (2017)

    Google Scholar 

  19. Lee, S., Shih, M.-W., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In: 26th USENIX Security Symposium, USENIX Security, pp. 16–18 (2017)

    Google Scholar 

  20. Lind, J., Eyal, I., Pietzuch, P., Sirer, E.G.: Teechan: payment channels using trusted execution environments. arXiv preprint arXiv:1612.07766 (2016)

  21. Matetic, S., et al.: ROTE: rollback protection for trusted execution. IACR Cryptology ePrint Archive, 2017:48 (2017)

    Google Scholar 

  22. Milutinovic, M., He, W., Wu, H., Kanwal, M.: Proof of luck: an efficient blockchain consensus protocol. In: Proceedings of the 1st Workshop on System Software for Trusted Execution, p. 2. ACM (2016)

    Google Scholar 

  23. Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3–24. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_1

    Chapter  Google Scholar 

  24. Seo, J.: SGX-shield: enabling address space layout randomization for SGX programs. In: NDSS (2017)

    Google Scholar 

  25. Shih, M.-W., Lee, S., Kim, T., Peinado, M.: T-SGX: eradicating controlled-channel attacks against enclave programs. In: Proceedings of the Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA (2017)

    Google Scholar 

  26. Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing page faults from telling your secrets. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 317–328. ACM (2016)

    Google Scholar 

  27. Tran, M., Luu, L., Kang, M.S., Bentov, I., Saxena, P.: Obscuro: a bitcoin mixer using trusted execution environments. IACR Cryptology ePrint Archive, 2017:974 (2017)

    Google Scholar 

  28. Bulck, J.V., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: Proceedings of the 27th USENIX Security Symposium. USENIX Association, August 2018

    Google Scholar 

  29. Weisse, O., et al.: Breaking the virtual memory abstraction with transient out-of-order execution. Technical report, Foreshadow-NG (2018)

    Google Scholar 

  30. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)

    Google Scholar 

  31. Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 640–656. IEEE (2015)

    Google Scholar 

  32. Zhang, F.: mbedtls-sgx: a TLS stack in SGX (2016). https://github.com/bl4ck5un/mbedtls-SGX

  33. Zhang, F., Cecchetti, E., Croman, K., Juels, A., Shi, E.: Town crier: an authenticated data feed for smart contracts. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 270–282. ACM (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Concordia Institute for Information Systems Engineering, Concordia University, Montréal, QC, Canada

    Hisham S. Galal & Amr M. Youssef

Authors
  1. Hisham S. Galal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amr M. Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amr M. Youssef .

Editor information

Editors and Affiliations

  1. Stirling University, Stirling, UK

    Andrea Bracciali

  2. Concordia University, Montréal, QC, Canada

    Jeremy Clark

  3. University of Oxford, Oxford, UK

    Federico Pintore

  4. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter B. Rønne

  5. University of Trento, Trento, Italy

    Massimiliano Sala

Rights and permissions

Reprints and permissions

Copyright information

© 2020 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Galal, H.S., Youssef, A.M. (2020). Trustee: Full Privacy Preserving Vickrey Auction on Top of Ethereum. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P., Sala, M. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11599. Springer, Cham. https://doi.org/10.1007/978-3-030-43725-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-43725-1_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-43724-4

  • Online ISBN: 978-3-030-43725-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation