a secure and efficient protocol for electronic treasury
play

A Secure and Efficient Protocol for Electronic Treasury Auctions s 1 - PowerPoint PPT Presentation

Oct 25, 2023 •347 likes •621 views

A Secure and Efficient Protocol for Electronic Treasury Auctions s 1 , Mehmet Sabr Kiraz 2 , Osmanbey Uzunkol 2 Atilla Bekta 1 IAM, Middle East Technical University, Ankara, Turkey 2 MCS Labs, TB ITAK B ILGEM, Kocaeli, Turkey

  1. A Secure and Efficient Protocol for Electronic Treasury Auctions s 1 , Mehmet Sabır Kiraz 2 , Osmanbey Uzunkol 2 Atilla Bekta¸ 1 IAM, Middle East Technical University, Ankara, Turkey 2 MCS Labs, TÜB˙ ITAK B˙ ILGEM, Kocaeli, Turkey BalkanCryptSec 2014, ˙ ITÜ, ˙ Istanbul, Turkey October 17, 2014 A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 1 / 27

  2. Outline Motivation 1 Auctions Current Privacy Issues Our Contribution Our Protocol 2 Security Analysis 3 A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 2 / 27

  3. Auctions Auction: A mechanism with predefined rules for buying and selling. According to the number of participants A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 3 / 27

  4. Auctions According to items Single-Unit Auction: Only one item is available for sale. Multi-Unit Auction: More than one homogeneous/identical item is being auctioned. Multi-Object Auction: Heterogeneous/differentiated items are being auctioned. A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 4 / 27

  5. This Work: Treasury Auctions Method of borrowing money from the market Treasury holds regular auctions for government securities (bonds and bills) Buyers submit bids (quantity and price) Bids are ranked in order The quantity for sale is awarded to the best bids USA (world’s largest and most active market), UK, Germany and Turkey use similar methods A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 5 / 27

  6. An Example of a Treasury Auction (Turkey) Performed only by the Treasury (Republic of Turkey Prime Ministry Undersecretariat of Treasury.) Central Bank = Financial agent of the auction process Primary Dealers = Authorized banks in Turkey Government Domestic Debt Securities (GDDSs) Government bonds: Maturity ≥ 1 year (364 days) Treasury bills: Maturity < 1 year (364 days) A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 6 / 27

  7. An Example of a Treasury Auction (Turkey) Phase 0: Public Call Treasury issues invitations for auction (is announced on the web) Phase 1: Submission Primary Dealers participate in the auction by submitting their unencrypted bids (offers) to the Central Bank Phase 2: Sorting Central Bank sorts the list of bids by unit price and sends the ordered list to the Treasury A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 7 / 27

  8. An Example of a Treasury Auction (Turkey) Phase 3: Cut-Off Point Treasury determines a cut-off point manually, determines the list of accepted / rejected primary dealers and sends the list of accepted bidders to the Central Bank Phase 4: Announcement of the Winners Central Bank informs the bidders about the results A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 8 / 27

  9. An Example of a Treasury Auction (Turkey) Submitted Bids Order Name of the Unit Price Nominal Bank (TRY 100) Amount p i a i 1. Bank 1 94.80 30,000 2. Bank 2 94.00 50,000 3. Bank 3 94.50 50,000 4. Bank 2 94.80 60,000 5. Bank 4 95.00 30,000 6. Bank 5 94.70 60,000 A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 9 / 27

  10. An Example of a Treasury Auction (Turkey) Sorted Bids New Name of the Unit Price Nominal Amount p i · a i Order Bank (TRY 100) Amount 100 p i a i 5. → 1. Bank 4 95.00 30,000 28,500 1. → 2. Bank 1 94.80 30,000 28,440 4. → 3. Bank 2 94.80 60,000 56,880 6. → 4. Bank 5 94.70 60,000 56,820 3. → 5. Bank 3 94.50 50,000 47,250 2. → 6. Bank 2 94.00 50,000 47,000 5 4 p i · a i p i · a i δ = TRY 175 , 000 → � 100 ≥ 175 , 000 and � 100 < 175 , 000 i = 1 i = 1 A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 10 / 27

  11. An Example of a Treasury Auction (Turkey) Cut-off Point New Name of the Unit Price Nominal Amount p i · a i Order Bank (TRY 100) Amount 100 p i a i 1. Bank 4 95.00 30,000 28,500 2. Bank 1 94.80 30,000 28,440 3. Bank 2 94.80 60,000 56,880 4. Bank 5 94.70 60,000 56,820 5. Bank 3 94.50 50,000 47,250 6. Bank 2 94.00 50,000 47,000 = ⇒ Cut-off point = 4 A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 11 / 27

  12. Current Privacy Issues - Bids are submitted in clear text - The names of the investors are not hidden in the list - A malicious Treasury can change the order on the lists the cut-off point A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 12 / 27

  13. Our Contribution - Avoid manual listing and manual determination of the cut-off point - Achieve correctness and privacy in the malicious model - Submit bids in a secure way (i.e. confidentiality & privacy) - Propose a model by - Collecting signed encrypted bids - Putting the list in an order and determining the cut-off point under encryption - Publishing only the winners - Ensuring losers that they indeed loose By using SMPC, Secret Sharing and Threshold Homomorphic Cryptosystem (Paillier). A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 13 / 27

  14. Paillier Cryptosystem n = pq where p � = q large primes n 2 with n | ord( g ) g ∈ R Z ∗ λ := lcm ( p − 1 , q − 1 ) µ := ( L ( g λ mod n 2 )) − 1 mod n where L ( x ) = x − 1 n : Public key (pk) ( n , g ) : Secret key (sk) ( λ, µ ) : plaintext m < n Encryption random value r < n ciphertext c = g m . r n mod n 2 ciphertext c < n 2 : Decryption plaintext m = L ( c λ mod n 2 ) .µ mod n A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 14 / 27

  15. Paillier Encryption is Additively Homomorphic 1 mod n 2 ) . ( g m 2 . r n 2 mod n 2 ) Enc pk ( m 1 , r 1 ) · Enc pk ( m 2 , r 2 ) = ( g m 1 . r n 2 ) mod n 2 = ( g m 1 . r n 1 ) . ( g m 2 . r n = g m 1 + m 2 . ( r 1 . r 2 ) n mod n 2 = Enc pk ( m 1 + m 2 , r 1 . r 2 ) A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 15 / 27

  16. Our Protocol: Submission and Evaluation Phase Private Input B i := ( PD i , p i , a i ) , sk ( 1 ) Primary Dealer ( PD i ) : PD i Central Bank ( CB ) : sk CB δ , sk T , sk ( 2 ) Treasury ( T ) : PD i Public Input Primary Dealer ( PD i ) : pk PD i , pk CB , pk T Central Bank ( CB ) : pk PD i , pk CB , pk T Treasury ( T ) : pk PD i , pk CB , pk T A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 16 / 27

  17. Our Protocol: Submission and Evaluation Phase Primary Dealer ( PD i ) computes (1) y i := ( p i · a i ) / 100 that is amount of payment (2) S B i := Sign PD i [ Hash ( B i )] (3) X i := ( Enc pk PDi ( S B i ) , Enc pk T ( p i ) , Enc pk T ( a i ) , Enc pk T ( y i )) and sends X i to the Central Bank ( CB ). A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 17 / 27

  18. Our Protocol: Submission and Evaluation Phase Treasury ( T ) computes Enc pk T ( δ ) where δ is the amount of required debt of the Treasury and sends Sign T [ Enc pk T ( δ )] to the Central Bank ( CB ). A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 18 / 27

  19. Our Protocol: Submission and Evaluation Phase Central Bank ( CB ) (1) Verifies Sign T [ Enc pk T ( δ )] k k � � (2) Computes output 1 := Enc pk T ( y i ) = Enc pk T ( y i ) i = 1 i = 1 k k � � Enc pk T ( a i ) = Enc pk T ( output 2 := a i ) i = 1 i = 1 A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 19 / 27

  20. Our Protocol: Submission and Evaluation Phase (3) Runs subprotocols using Enc pk T ( δ ) and X i ’s m � (4) Computes output 3 := Enc pk T ( p k ) , output 4 := Enc pk T ( y j ) j = 1 m � Enc pk T ( a j ) , output 6 := Enc pk T ( p m ) output 5 := j = 1 where k is the number of bids, m is the cut-off point and j is the position of the bid in the sorted list. and sends Sign CB [ output i , X j : i = 1 , . . . , 6 , j = 1 , . . . , m ] to the � � Treasury ( T ). A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 20 / 27

  21. Our Protocol: Submission and Evaluation Phase Treasury ( T ) (1) Verifies Sign CB [ output i , X j : i = 1 , . . . , 6 , j = 1 , . . . , m ] � � (2) Computes Dec sk T ([ � output i � : i = 1 , . . . , 6 ]) (3) Computes H j := Hash ( X j ) for j = 1 , . . . , m (4) Forms a lookup table with rows � � X j , H j A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 21 / 27

  22. Our Protocol: Award Phase Primary Dealer ( PD i ) computes Hash ( X i ) and sends it with his certificate cert i to the Treasury ( T ). Treasury ( T ) ? (1) Verifies Hash ( X i ) ∈ { H j : j = 1 , . . . , m } and determines res = “Accept/Reject” (2) Computes Dec sk ( 2 ) ( Enc pk PDi ( Sign T [ res ])) and sends it to PDi Primary Dealer ( PD i ) A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 22 / 27

  23. Our Protocol: Award Phase Primary Dealer ( PD i ) (1) Computes Dec sk ( 1 ) ( Dec sk ( 2 ) ( Enc pk PDi ( Sign T [ res ]))) to get PDi PDi Sign T [ res ] (2) Verifies Sign T [ res ] (3) Computes Dec sk ( 1 ) ( Enc pk PDi ( S B i )) and sends it to the Treasury PDi ( T ). A. Bekta¸ s, M. S. Kiraz, O. Uzunkol BalkanCryptSec 2014 Oct 17, 2014 23 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan University, Israel PKC 2013 Yehuda Lindell Techniques for Efficient Secure Computation 28/2/2013 1 / 39 Secure Computation Background A set of

689 views • 39 slides
Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for Voting Over the Internet, Indrajit Ray, (revisited) Indrakshi Ray, Natarajan Narasimhamurthi Paul Valiant extending work by Dale Neal &amp;

441 views • 5 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory

Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory

Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory Jean-Christophe Deneuville &lt; jean-christophe.deneuville@xlim.fr &gt; June the 26 th , 2017 PQCrypto 17 Utrecht Joint work with: P. Gaborit G. Z

1.54k views • 84 slides
Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo, Amira Barki, Solenn Brunet and Jacques Traor 1st Workshop on Advances in Secure Electronic Voting Schemes VOTING16 February 26th, 2016

532 views • 23 slides
Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction

Web Security: Web Security: Secure Electronic Transaction Secure Electronic Transaction Cunsheng Cunsheng Ding Ding HKUST, Hong Kong, CHI NA HKUST, Hong Kong, CHI NA Secure Elect ronic Transact ions An applicat ion-layer secur it y

483 views • 24 slides
FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol

FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol

FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol Ltd Americas Committee martinkoopman@gmail.com Australia Was Early to Electronic Trading But Late to FIX Very early use of electronic trading

809 views • 12 slides
Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F :

Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F :

June 20, 2016 Yassine Hamoudi Carnegie Mellon University Communication Complexity D 2 F : cost of the most efficient deterministic protocol R 2 F : cost of the most efficient randomized protocol with error 1 3 Alice Bob channel Number

1.15k views • 112 slides
EventApe S.E.T Protocol - an Autonomous Interoperable BlockChain system that aims to create

EventApe S.E.T Protocol - an Autonomous Interoperable BlockChain system that aims to create

EventApe S.E.T Protocol - an Autonomous Interoperable BlockChain system that aims to create transparent, secure and efficient smart ticketing contracts S.E.T. Protocol The Project ENTERPRISES/0618/0019 is co-financed by the European Regional

495 views • 6 slides
Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in

Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in

Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in Government 2004 March 10, 2004 What is the Electronic Treasury Enterprise Card (E-TREC)? E-TREC is the result of the Treasury Departments

507 views • 9 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload &amp; download confidential

202 views • 9 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment pain The vision The Octomizer: TVM for everyone 2 Simple, secure, and efficient Drive TVM adoption Expand the set of users who can deployment of

370 views • 14 slides
TURKISH ECONOMY April 2013 Macroeconomic Performance (2009 - 2011) GDP Growth (%) Growth in

TURKISH ECONOMY April 2013 Macroeconomic Performance (2009 - 2011) GDP Growth (%) Growth in

Republic of Turkey Undersecretariat of Treasury TURKISH ECONOMY April 2013 Macroeconomic Performance (2009 - 2011) GDP Growth (%) Growth in Total Domestic Demand (%) 10 9.2 8.8 25 8 20 15 6 10 4 5 0 2 -5 0 -10 -2 -15 -20 -4

528 views • 24 slides
SOVEREIGN DEBT MANAGEMENT FORUM DEBT OFFICE P L E N A R Y S E S S I O N 3 : D o m e s t i c m

SOVEREIGN DEBT MANAGEMENT FORUM DEBT OFFICE P L E N A R Y S E S S I O N 3 : D o m e s t i c m

Royaume du Maroc Ministre de lEconomie et des Finances TREASURY DEPARTMENT SOVEREIGN DEBT MANAGEMENT FORUM DEBT OFFICE P L E N A R Y S E S S I O N 3 : D o m e s t i c m a r k e t s a s a n a n s w e r t o f u t u r e c h a l l e

158 views • 12 slides
INVESTOR PRESENTATION FOR FULL YEAR 2016 RESULTS April 2017 Disclaimer This document (the

INVESTOR PRESENTATION FOR FULL YEAR 2016 RESULTS April 2017 Disclaimer This document (the

INVESTOR PRESENTATION FOR FULL YEAR 2016 RESULTS April 2017 Disclaimer This document (the Presentation) has been prepared for the sole purpose of the use at meetings with prospective investors to be held in connection with the

472 views • 24 slides
Acquisition of First Associations Bank Investor Presentation October 15, 2012 Forward-Looking

Acquisition of First Associations Bank Investor Presentation October 15, 2012 Forward-Looking

1 Acquisition of First Associations Bank Investor Presentation October 15, 2012 Forward-Looking Statements and Where to Find Additional Information Forward Looking Statements This investor presentation may contain forward-looking statements

231 views • 11 slides
BOEM Financial Security Workshop OCS Advisory Board White Board Session August 10, 2016 1

BOEM Financial Security Workshop OCS Advisory Board White Board Session August 10, 2016 1

BOEM Financial Security Workshop OCS Advisory Board White Board Session August 10, 2016 1 (The content of this presentation was developed by the OCS Advisory Board (OCSAB). The OCSAB makes no representation that it is a definitive or accurate

737 views • 26 slides
Kati Capozzi President and CEO Greater Sitka Chamber of Commerce 7/31/19 Who We Are Our history

Kati Capozzi President and CEO Greater Sitka Chamber of Commerce 7/31/19 Who We Are Our history

The Voice of Alaska Business Kati Capozzi President and CEO Greater Sitka Chamber of Commerce 7/31/19 Who We Are Our history Formed in 1953 before Alaska was a state for the purpose of promoting commerce in Alaska. Our vision To be the

303 views • 26 slides
John Anderson, President, Australian-Thai Cham ber of Com m erce May 20 12 1 AustCham s

John Anderson, President, Australian-Thai Cham ber of Com m erce May 20 12 1 AustCham s

John Anderson, President, Australian-Thai Cham ber of Com m erce May 20 12 1 AustCham s Objectives: To represent and prom ote the m utual business interest of its m em bers. To contribute to the developm ent of relations between

366 views • 14 slides
TRI REGIONAL ACTION COLLABORATION TASK FORCE e - Potential to be the 4 th Largest Lev evera

TRI REGIONAL ACTION COLLABORATION TASK FORCE e - Potential to be the 4 th Largest Lev evera

TRI REGIONAL ACTION COLLABORATION TASK FORCE e - Potential to be the 4 th Largest Lev evera erage ge Si Size Chamber in Province Advo vocacy acy - Building a stronger voice for business in the Tri Region Stream eamline ine -

542 views • 15 slides

More recommend