Cryptography Reference
In-Depth Information
protocol, the group must also choose some prime
p
and a generator
g
for the field.
If buyer
j
f
(
i
) , they choose a random number,
x i,j ,
wants to pay
x i,j mod
and announce
. The seller chooses one of the
submitted values, perhaps at random or perhaps by choosing the
first to arrive if it can be determined fairly. This becomes the winning
bid at time
g
p
at time
it
.
The seller announces the chosen value and broadcasts it. If the
seller wants to be clever, the seller can also choose a random value,
y i , construct a key from
i
y i mod
x i,j y i mod
,andencrypta
message. Each of the bidders can try to read the message but only
the bidder who wins round
g
p
and
g
p
will succeed.
This continues until there's only one winning bidder left standing.
The bidder who wins round
i
+1 to
avoid being duped into continuing bidding because there's no easy
way to for an anonymous bidder to see when there are no other bid-
ders. When no bids arrive for a round, the seller and the buyer can
establish a key and begin any negotiations to exchange the goods. If
physical items and real cash are part of the transaction, this will usu-
ally involve stripping away the anonymity from each other. But the
losing bidders don't find out any information.
Anderson and Stajano point out, often humorously, that there are
many ways for bidders to ensure that the auction is honest. While
the bidders are kept anonymous, they can claim ownership of a bid
by revealing a value of
i
will usually drop out of round
i
x i,j .
It is possible to extend the protocol to remove the requirement to
hold the bidding in rounds by allowing each bidder to include their
maximum bid. The bidder can also sign this with their private key,
x i,j and
x i,j mod
. If this can be reliably distributed to all bidders,
perhaps through a system like the Dining Cryptographers' network
(see Chapter 11), then the seller can choose a winning bid through a
dutch auction.
g
p
10.9 The Future
In the short-termfuture, everymachine on the Internet will be a first-
class citizen that will be able to send and receive mail. The best so-
lution for active remailers is to create tools that will turn each SMTP
port into an anonymous remailer. To some extent, they already do
this. They take the incoming mail messages and pass them along
to their final destination. It would be neat, for instance, to create
a plug-in MIME module for Eudora or another email program that
Search WWH ::




Custom Search