競標是一種議訂價格的程序，也是各種決定商品價格的方法中最基本及最重要的一種。商品的售價能藉由競標市場中的互動來決定。在現實的環境中，為了因應各種不同的商業目的而發展出了許多不同型態的競標機制，例如英式競標、荷式競標、密封式競標、維克瑞 (Vickrey) 式競標等。在最近幾年來，由於網際網路的蓬勃發展，所以許多傳統的交易方式也漸漸地朝向電子化轉型，其中，電子競標更是因為網際網路無遠弗界的特性而受到了許多的注目。然而，不同於傳統面對面競標，在電子競標中很容易發生如擋標、誘標等問題，使得商品的價格無法被正確的決定，因而讓競標失去了原先的意義。因此，為了滿足安全及公平的原則，在設計電子競標系統時需考慮不可否認、公開驗證、匿名、標價機密、無收據等性質。本論文將深入探討這些性質，並提出一滿足此五個性質的電子密封式競標系統。
到目前為止已有多種電子密封式競標系統被發表。在本論文的第二章中首先將會根據開標程序執行者的不同而將這些電子密封式競標系統分為兩大類別；一類是由競標者本身來執行開標程序，另一類則是由拍賣商來執行開標程序。接著本論文將會分別對這兩類別的優缺點加以分析，並回顧四個著名的電子密封式競標系統。在第二章的最後一節將會就安全性、效率性以及其他性質來對這四個競標系統做比較。
在第三章中將會解釋無收據性質的重要性並提出一種結合智慧卡的無收據電子密封式競標系統。此系統以結合智慧卡及機率式加密器的方式，來改良先前系統所需要的一種稱為單向不可竊聽通道的不合理假設，並利用單向雜湊函數來設計而增加整體的效能。在本章的最後將會詳細地分析此系統並證明此系統確實滿足前述的五個性質，然後將此系統與先前系統詳細比較，以證明此系統在整體效能上的優越性。
在本論文第四章中將會先回顧一由日本學者千田 (Chida) 等人所提出的電子密封式競標系統，然後再以實例方式來詳細說明此系統第一開標協定的安全漏洞。接著本論文將會探討根據此安全漏洞所引申出來的數值比較問題，然後提出一種有效率的方法來解決此問題。在本章的最後將會提出一種基於此數值比較方法的開標協定，此開標協定不但同樣地改良千田第一開標協定的安全漏洞，同時也比千田第二開標協定更有效率。

Auctions are a form of price negotiation and one of the most basic and important methods for establishing the price of goods. In an
auction, goods can be sold at a price determined by interactions in the market. Many types of auctions have been practiced in various situations. In recent years, the Internet has rapidly spread, and thus it has accelerated the development of the trading on the Internet. For this reason, an auction business extends rapidly on the Internet. However, this rapid development of electronic auction results in many problems at the same time. For realizing a fair and secure electronic auction scheme, there are five requirements should be satisfied. They are non-repudiation, public verifiability, anonymity, secrecy of bidding price and receipt-freeness, respectively.
To date, many electronic sealed-bid auction schemes have been proposed for satisfying different security requirements. In Chapter 2, these electronic sealed-bid auction schemes will be classified into two categories depending on how the sealed-bids are opened in the opening phase. Four well-known schemes will be reviewed and then compared with one another in terms of security, efficiency, and other properties in the end of this chapter.
In Chapter 3, a new efficient receipt-free sealed-bid auction scheme by using smart card will be proposed. The proposed scheme is the first practicable receipt-free sealed-bid auction scheme. It takes advantage of combining the smart card with a probabilistic encryption to improve an unreasonable assumption of the previous scheme, and employs the one-way hash function to increase the efficiency. In the end of this chapter, the proposed scheme will be compared with the previous scheme in terms of security and efficiency.
In Chapter 4, a security flaw of the first opening protocol of the previous scheme will be shown by giving an instance. As a result of the security flaw, a value-comparing problem is described and then a new value-comparing method is proposed. The method is a general model that can be implemented by using variant cryptographic primitives according to different situations. Furthermore, in order to repair the security flaw, an improved opening protocol based on the new value-comparing method will be proposed. The improved opening protocol not only repairs the security flaw, but also has more efficiency than the second opening protocol of the previous scheme.

[1] Forrester Research Inc. "http://www.forrester.com"
[2] e-Max Network Corp. "http://www.coolbid.com.tw"
[3] eBay Inc. "http://www.ebay.com"
[4] Yahoo! Inc. "http://auctions.yahoo.com"
[5] W. Vickrey, "Counter Speculation, Auctions, and Competitive Sealed Tenders,"
Journal of Finance, Vol. 16, pp. 8-37, (1961).
[6] P.R. Wurman, W.E. Walsh, and M.P. Wellman, "Flexible Double Auction for
Electronic Commerce: Theory and Implementation," Decision Support System,
24, pp. 17-27, (1998).
[7] M. Rothkopf, T. Teisberg, and E. Kahn, "Why Are Vickrey Auctions Rare?"
Journal of Political Economy, Vol. 98, pp. 94-109, (1990).
[8] M. Rothkopf and R. Harstad, "Two Model of Bid-Taker Cheating in Vickrey
Auctions," Journal of Business, Vol. 68, pp. 257-267, (1995).
[9] NetVisibility Inc. "http://www.auctioninsider.com"
[10] US National Fraud Information Center. "http://www.fraud.org/02intstats.htm"
[11] Josh Boyd, "Safety on the auction block," Information Security Magazine, Jan-
uary 2000.
[12] Dennis Prince, "The State of Sniping," AuctionWatch Inc. April 2000.
"http://wsacp.auctionwatch.com/awdaily/features/sniping"
[13] C. Boyd and W. Mao, "Security Issues for Electronic Auctions," (2000).
"http://www.hpl.hp.com/techreports/2000/HPL-2000-90.html"
[14] Mace Software Inc. "http://www.macesoftware.com"
[15] K. Suzuki, K. Kobayashi, and H. Morita, "Efficient Sealed-bid Auction using
Hash Chain" In International Conference on Information Security and Cryp-
tology - ICISC 2000, Lecture Notes in Computer Science 2015, pp. 183-191,
Springer-Verlag, (2000).
[16] W. Ham, K. Kim, and H. Imai, "Yet Another Strong Sealed-Bid Auctions," In
Symposium on Cryptography and Information Security - SCIS 2003, Vol. 1/2,
pp. 11-16, (2003).
[17] K. Peng, C. Boyd, E. Dawson, and K. Viswanathan, "Non-interactive Auction
Schemewith Strong Privacy," In Information Security and Cryptology - ICISC
2002, Lecture Notes in Computer Science 2587, pp.407-420, Springer-Verlag,
(2003).
[18] F. Brandt, "Fully Private Auctions in a Constant Number of Rounds," In 7th
Internation Conference on Financial Cryptography - FC 2003, to be published,
(2003).
[19] M. Franklin and M. Reiter, "The Design and Implementation of a Secure Auc-
tion Service," IEEE Transactions on Software Engineering, Vol. 22, No. 5, pp.
302-312, (1996).
[20] H. Kikuchi, M. Harkavy, and J.D. Tygar, "Multi-round Anonymous Auction
Protocols," In Proc. of ¯rst IEEE Workshop on Dependable and Real-Time
E-Commerce Systems, pp. 62-69, (1998).
[21] M. Abe and K. Suzuki, "Receipt-Free Sealed-Bid Auction," In 5th International
Information Security Conference - ISC 2002, Lecture Notes in Computer Sci-
ence 2433, pp. 191-199, Springer-Verlag, (2002).
[22] K. Sakurai and S. Miyazaki, "A bulletin-board based digital auction scheme
with bidding down strategy," In Proc. of 1999 International Workshop on Cryp-
tographic Techniques and E-Commerce, pp. 180-187, (1999).
[23] K. Sako, "An Auction Protocol Which Hides Bids of Losers," In Public Key
Cryptography - PKC 2000, Lecture Notes in Computer Science 1751, pp. 422-
432, Springer-Verlag, (2000).
[24] K. Kobayashi, H. Morita, K. Suzuki, and M. Hakuta, "Efficient Sealed-Bid
Auction by Using One-Way Functions," IEICE Trans. Fundamentals, Vol. E84-
A, NO.1, (Jan. 2001).
62 BIBLIOGRAPHY
[25] K. Chida, K. Kobayashi, and H. Morita, "Efficient Sealed-Bid Auctions for
Massive Numbers of Bidders with Lump Comparison," In 4th International In-
formation Security Conference - ISC 2001, Lecture Notes in Computer Science
2200, pp. 408-419, Springer-Verlag, (2001).
[26] Y. Mu and V. Varadharajan, "An Internet Anonymous Auction Scheme," In In-
ternational Conference on Information Security and Cryptology - ICISC 2000,
Lecture Notes in Computer Science 2015, pp. 171-182, Springer-Verlag, (2000).
[27] K. Sakurai and S. Miyazaki, "An Anonymous Electronic Bidding Protocol
Based on a New Convertible Group Signature Scheme," In Information Se-
curity and Privacy, 5th Australasian Conference, ACISP 2000, Lecture Notes
in Computer Science 1841, pp. 385-399, Springer-Verlag, (2000).
[28] K. Viswanathan, C. Boyd, and E. Dawson, "A Three Phased Scheme for Sealed
Bid Auction System Design," In Information Security and Privacy, 5th Aus-
tralasian Conference, ACISP 2000, Lecture Notes in Computer Science 1841,
pp. 412-426, Springer-Verlag, (2000).
[29] M. Harkavy, J.D. Tygar, and H. Kikuchi, "Electronic Auctions with Private
Bids," In 3rd USENIX Workshop on Electronic Commerce, pp. 61-73, (1998).
[30] M. Naor, B. Pinkas, and R. Sumner, "Privacy preserving auctions and mecha-
nism design," In 1st ACM Conf. on Electronic Commerce, pp. 129-139, ACM
Press, (1999).
[31] A. Juels and M. Szydlo, "A Two-Server, Sealed-Bid Auction Protocol," In 6th
Internation Conference on Financial Cryptography - FC 2002, to be published,
(2002).
[32] H. Kikuchi, S. Hotta, K. Abe, and S. Nakanishi, "Distributed Auction Servers
Resolving Winner and Winning bid without Revealing Privacy of Bids," In
Proc. of International Workshop on Next Generation Internet Technologies and
Applications - NGITA 2000, IEEE, pp. 307-312, (2000).
[33] A. Shamir, "How to Share a Secret," Communication of the ACM, Vol. 22(11),
(1979).
[34] M. Ben-Or, S. Goldwasser, and A. Wigderson, "Completeness Throems for Non-
Cryptographic Fault-Tolerant Distributed Computation," In Proc. of STOC
''88, pp. 01-10, (1988).
[35] T. Rabin and M. Ben-Or, "Veri¯able Secret Sharing and Multiparty Protocols
with Honest Majority," In Proc. of STOC ''89, pp. 73-85, (1989).
[36] M. Michels and M. Stadler, "Efficient convertible undeniable signature
schemes," In Proc. of 4th Annual Workshop on Selected Areas in Cryptogra-
phy, (1997).
[37] L. Lamport, "Password Authentication with Insecure Communication,"
Commn. of ACM, Vol. 24, No. 11, pp. 770-772, (1981).
[38] R.L. Revist and A. Shamir, "PayWord and MicroMint:Two simple micropay-
ment schemes," In Proceeding of 1996 International Workshop on Security Pro-
tocols, Lecture Notes in Computer Science 1189, pp. 69-87, Springer-Verlag,
(1996).
[39] J. Benaloh and D. Tuinstra, "Receipt-Free Secret-Ballot Elections," In Proc. of
STOC ''94, pp. 544-553, (1994).
[40] V. Niemi and A. Renvall, "How to Prevent Buying of Votes in Computer Elec-
tions," In Advances in Cryptology - ASIACRYPT ''94, Lecture Notes in Com-
puter Science 917, pp. 164-170, Springer-Verlag, (1994).
[41] K. Sako and J. Kilian, "Receipt-Free Mix-type Voting Scheme," In Advances in
Cryptology - EUROCRYPT ''95, Lecture Notes in Computer Science 921, pp.
393-403, Springer-Verlag, (1995).
[42] T. Okamoto, "Receipt-Free Electronic Voting Schemes for Large Scale Elec-
tions," In Proc. of 5th Security Protocols, Lecture Notes in Computer Science
1361, pp. 25-35, Springer-Verlag, (1997).
[43] M. Hirt and K. Sako, "Efficient Receipt-Free Voting Based on Homomorphic
Encryption," In Advances in Cryptology - EUROCRYPT 2000, Lecture Notes
in Computer Science 1807, pp. 539-556, Springer-Verlag, (2000).
[44] G. Brassard, D. Chaum, and C. Crepeau, "Minimum Disclosure Proofs of
Knowledge," Journal of Computer and System Sciences, Vol. 37, No. 2, pp.
156-189, (1988).
[45] A.C. Yao, "Protocols for secure computations (extended abstract)," In Proc. of
FOCS ''82, pp. 160-164, IEEE Computer Society, (1982).
[46] C. Cachin, "Efficiient Private Bidding And Auctions with An Oblivious Third
Party," In Proc. of ACM-CCS ''99, (1999).
[47] M. Jakobasson and M. Yung, "Proving Without Knowing: On Obilivious, Ag-
nostic and Blindfolded Provers," In Advances in Cryptology - CRTPTO ''96,
Lecture Notes in Computer Science 1109, pp. 186-200, Springer-Verlag, (1996).
[48] M. Naor and B. Pinkas, "Oblivious transfer and polynomial evaluation," In
Proc. of STOC ''99, pp. 245-254, (1999).
[49] W. Diffie and M. E. Hellman, "New Directions in Crypography," IEEE trans-
action on Information Theory, Vol. IT-22, No. 6, pp.644-654, (1976).
[50] M. Bellare, J.A. Garay, and T. Rabin, "Fast Batch Verification for Modular
Exponentiation and Digital Signatures," In Advances in Cryptology - EURO-
CRYPT ''98, Lecture Notes in Computer Science 1403, pp. 236-250, Springer-
Verlag, (1998).
[51] M. Kumar and S. Feldman, "Internet Auctions," In 3rd USENIX Workshop on
Electronic Commerce, pp. 49-60, (1998).
[52] B. Schoenmakers, "A Simple Publicly Verifiable Secret Sharing Scheme and Its
Application to Electronic Voting," In Advances in Cryptology - CRYPTO ''99,
Lecture Notes in Computer Science 1666, pp. 148-164, Springer-Verlag, (1999).