Our approach builds on a long tradition of secret function computations. Researchers have developed a number of techniques for securely computing arbitrary functions--some major examples are [2, 8, 3]. This means that given a set of participants, each with an input, we can compute (with a polynomial slowdown) any function of the inputs; and moreover, we can do so with a protocol that leaks no information to any participant. The only information that a participant will know about the the input of other particpants is information derivable from his own input and the final result.
Unfortunately, the general techniques for secure computation are impractical for general use. They do, in fact, run in polynomial time, but with a big explosion of states. Thus, the development of private protocols for specific problems must be done by hand. We have developed and tuned our protocol to run quickly -- and we believe that it is practical for real use. We plan to build a prototype system embedding this algorithm to prove its practicality.
In the remaining sections, we first consider a simple private sealed-bid auction; that is, we show how to compute the max function privately. Then, we describe a fully private and secure second-price auction protocol which is the result of several improvements on the original.
The essence of the second-price protocol is a series of computations
which securely determine whether or not there are at least two bids
greater than or equal to a specific value. This test is performed by
determining if there is some partition of the set of n
bidders into
and
such that there is a bid at least
as high as the test value on each side of the partition. We need not
actually consider all possible partitions; we can select a small
number (
) of partitions which will suffice. We iterate this
series of computations in a search for the value of the second highest
bid.