fix preparation for M+1st price auctions
This commit is contained in:
parent
fc9fdd313b
commit
da43b9311a
3
brandt.c
3
brandt.c
@ -73,7 +73,10 @@ BRANDT_bidder_start (struct BRANDT_Auction *auction,
|
|||||||
* encrypt_bid round to show that the bidder has chosen a valid bid and the
|
* encrypt_bid round to show that the bidder has chosen a valid bid and the
|
||||||
* outcome callback will remap the result to the original k price values. */
|
* outcome callback will remap the result to the original k price values. */
|
||||||
if (auction_mPlusFirstPrice == atype)
|
if (auction_mPlusFirstPrice == atype)
|
||||||
|
{
|
||||||
auction->k *= n;
|
auction->k *= n;
|
||||||
|
auction->b = auction->b * n + n - i - 1;
|
||||||
|
}
|
||||||
|
|
||||||
if (handler_prep[atype][outcome][msg_init])
|
if (handler_prep[atype][outcome][msg_init])
|
||||||
handler_prep[atype][outcome][msg_init] (auction);
|
handler_prep[atype][outcome][msg_init] (auction);
|
||||||
|
4
crypto.c
4
crypto.c
@ -741,7 +741,7 @@ smc_encrypt_bid (struct BRANDT_Auction *ad, size_t *buflen)
|
|||||||
gcry_mpi_addm (r_sum, r_sum, r_part, ec_n);
|
gcry_mpi_addm (r_sum, r_sum, r_part, ec_n);
|
||||||
|
|
||||||
/* prepare sum for additional M+1st price auction proof (see below) */
|
/* prepare sum for additional M+1st price auction proof (see below) */
|
||||||
if (0 < ad->m && j >= ad->i && 0 == (j - ad->i) % ad->n)
|
if (0 < ad->m && 1 == (ad->k - j - ad->i) % ad->n)
|
||||||
gcry_mpi_addm (r_sum2, r_sum2, r_part, ec_n);
|
gcry_mpi_addm (r_sum2, r_sum2, r_part, ec_n);
|
||||||
|
|
||||||
cur += 2 * sizeof (struct ec_mpi) + sizeof (struct proof_0og);
|
cur += 2 * sizeof (struct ec_mpi) + sizeof (struct proof_0og);
|
||||||
@ -809,7 +809,7 @@ smc_recv_encrypted_bid (struct BRANDT_Auction *ad,
|
|||||||
|
|
||||||
/* precalculate ciphertext sums for second 2dle proof needed in M+1st
|
/* precalculate ciphertext sums for second 2dle proof needed in M+1st
|
||||||
* price auctions */
|
* price auctions */
|
||||||
if (0 < ad->m && j >= ad->i && 0 == (j - ad->i) % ad->n)
|
if (0 < ad->m && 1 == (ad->k - j - sender) % ad->n)
|
||||||
{
|
{
|
||||||
gcry_mpi_ec_add (alpha_sum2, alpha_sum2, ct[0][j], ec_ctx);
|
gcry_mpi_ec_add (alpha_sum2, alpha_sum2, ct[0][j], ec_ctx);
|
||||||
gcry_mpi_ec_add (beta_sum2, beta_sum2, ct[1][j], ec_ctx);
|
gcry_mpi_ec_add (beta_sum2, beta_sum2, ct[1][j], ec_ctx);
|
||||||
|
@ -192,13 +192,19 @@ M+1st Price Auction schemes. We took the simplest one, interlacing the bids, so
|
|||||||
that no two bidders are allowed to bid the same price. On the application level
|
that no two bidders are allowed to bid the same price. On the application level
|
||||||
we will still handle $k_{\text{app}}$ different prices, but within libbrandt we
|
we will still handle $k_{\text{app}}$ different prices, but within libbrandt we
|
||||||
will multiply that by a factor of $n$ to get $k_{\text{lib}}=nk_{\text{app}}$.
|
will multiply that by a factor of $n$ to get $k_{\text{lib}}=nk_{\text{app}}$.
|
||||||
Then each bidder $i$ is only allowed to place his bid $b$ on prices $p$ with
|
|
||||||
$\exists a\in{[1,k_{\text{app}}]}:b=an-i+1$. This condition will be checked by
|
The bids are scaled up as well by the mapping $\forall
|
||||||
an additional proof in the first round of the protocol and ensures that the
|
i\in{[1,n]}:b_{i,\text{lib}}=b_{i,\text{app}}n-i+1$. Therefore the set of
|
||||||
bidders with a lower index win in case of ties. This expansion will be done
|
allowed bids for bidder $i$ is defined as $\{j|k_{\text{lib}}-j+1\equiv
|
||||||
right at the beginning of an auction by libbrandt. In the remaining part about
|
i\pmod{n}\}$.
|
||||||
the M+1st Price Auction Protocols we will use $k$ instead of $k_{\text{lib}}$,
|
|
||||||
so $k$ will be divisible by $n$ without remainder.
|
This restriction will be checked by an additional proof in the first round of
|
||||||
|
the protocol and ensures that the bidders with a lower index win in case of
|
||||||
|
ties. The expansion will be done right at the beginning of an auction by
|
||||||
|
libbrandt and the reverse mapping is applied before reporting the auction
|
||||||
|
outcome to the application, so this expansion is transparent to the application.
|
||||||
|
In the remaining part about the M+1st Price Auction Protocols we will use $k$
|
||||||
|
instead of $k_{\text{lib}}$, so $k$ will be divisible by $n$ without remainder.
|
||||||
|
|
||||||
Unfortunately this tie breaking simplification has the downside of revealing the
|
Unfortunately this tie breaking simplification has the downside of revealing the
|
||||||
identity and bid of the bidder who had the highest bid amongst the losing
|
identity and bid of the bidder who had the highest bid amongst the losing
|
||||||
|
Loading…
Reference in New Issue
Block a user