Progressive Second Price Auction

• Progressive Second Price Auction is a mechanism that allocates resources using secure sorting and comparison to determine winners and uniform clearing prices.
• It integrates cryptographic methods like homomorphic encryption and secure MPC to protect bid details while ensuring strategyproofness and budget balance.
• The protocol is scalable and practical for hundreds of participants, with performance validated through empirical timing and efficient use of Boolean circuits.

A Progressive Second Price (PSP) Auction is a resource allocation protocol designed to optimize assignment and pricing in multi-item, multi-agent environments while providing strict privacy guarantees on bid information. PSP-type auctions combine elements of classical Vickrey and Dutch auctions, decentralized computation, and cryptographically enforced privacy. The main contribution is an explicit protocol based on homomorphic encryption and sorting networks that computes truthful, budget-balanced winner sets and uniform clearing prices, with provable privacy: no information beyond the set of winners and final prices is leaked to any party within the system.

1. Formal Structure of the Progressive Second Price Auction

The PSP auction applies to a set of sellers $s_1,\dots,s_M$ each offering one homogeneous item, and buyers $b_1,\dots,b_N$ each seeking one item. Sellers and buyers submit private bids $V_i^s$ and $V_j^b$ respectively, encoded as binary vectors of fixed bit-length $L$.

Clearing proceeds as follows:

• Sell-bids are sorted in non-decreasing order $V_{(1)}^s \le \cdots \le V_{(M)}^s$.
• Buy-bids are sorted in non-increasing order $V_{(1)}^b \ge \cdots \ge V_{(N)}^b$.
• The number of trades $k$ is the largest index for which $V_{(k)}^s \le V_{(k)}^b$.
• Winners: the first $k-1$ sellers and buyers.
• Clearing prices: uniform for all winners as $p^s = V_{(k)}^s, \; p^b = V_{(k)}^b$.

This mechanism achieves strategyproofness, individual rationality, and ex post budget balance in the cleartext setting (Xu et al., 2019).

2. Privacy Definition and Threat Model

PSP auctions adopt simulation-based privacy under the semi-honest model, involving two parties:

• Auctioneer $A$: orchestrates computation, never learns cleartext bids.
• Non-colluding agent $T$: possesses decryption keys but receives only random permutations of encrypted IDs.

Privacy guarantee: the joint view of $A$ and $T$ is simulatable using only the encrypted bid vectors and the auction output (winner sets, prices). No additional bid information is leaked beyond what is strictly implied by the allocation result (Xu et al., 2019).

3. Cryptographic Primitives and Secure Building Blocks

Bid privacy is enforced using the Goldwasser–Micali homomorphic encryption scheme:

• Key generation yields public ($n, x$) and secret ($p, q$) keys.
• Bids are encrypted bitwise; homomorphic properties support encrypted XOR operations.
• Private AND and integer comparison circuits are constructed using two-round protocols involving $T$ for decryption/re-encryption, with each AND evaluated via blinded masking (Xu et al., 2019).

The protocol recursively reduces sorting, comparison, and winner determination to Boolean circuits efficiently evaluable in the encrypted domain.

4. Secure Auction Protocol Workflow

The complete protocol follows:

• Bid Submission: sellers and buyers send encrypted bid vectors and IDs.
• Private Sorting: auctioneer and agent perform a secure sorting network (odd-even merge is optimal for scalability up to hundreds of participants), jointly sorting seller bids non-decreasingly and buyer bids non-increasingly.
• Winner Determination: encrypted values are compared iteratively; the index $k^*$ is computed where $V_{(k^*)}^s \le V_{(k^*)}^b$, all under encryption.
• Outcome Release:
  • The auctioneer randomly permutes winner ID vectors and sends them, together with clearing prices, to the agent.
  • The agent decrypts, permutes again, and returns the sets to the auctioneer.
  • Only randomized winner sets and uniform prices are revealed; the ordering and bid values remain unknown.

No step involves revealing bids or their ranking to any party, and the mapping between input bids and observable outputs is strictly limited by cryptographic indistinguishability (Xu et al., 2019).

5. Theoretical Security and Privacy Analysis

Security is proved via a sequential composition of the underlying MPC primitives:

• XOR and AND: semantic security and blinded masking ensure simulation indistinguishability.
• Sorting and comparison: entire workflows are encoded as secure two-party computations; random permutations post-decryption prevent reconstruction of input ordering.

The complete protocol is secure in the semi-honest model; each party’s view is simulatable from its own inputs/outputs, and bid values are protected (Xu et al., 2019).

6. Performance and Scalability Metrics

Computational and communication costs are determined by the sorting algorithm and bit-length:

• Private comparison: $O(L)$ ANDs + $O(L)$ XORs per comparison.
• Odd-even mergesort: $O(n \log^2 n \cdot L)$ ANDs and messages for $n$ participants.
• Empirical timing: for $n=256, L=8$, odd-even mergesort completes in 15 minutes, outperforming selection and bitonic sorts.

The protocol is practical for hundreds of participants; computation is distributed, with no monolithic bottleneck. All messages are encrypted, and only winner sets are decrypted after random permutation (Xu et al., 2019).

7. Generalization and Extensions

The conceptual framework and cryptographic primitives support several extensions:

• Multi-unit auctions: concatenated EBV arrays for multi-copy bidding.
• Combinatorial or spectrum auctions: secure circuits for complex allocation rules.
• Continuous or online double auctions: repeated invocation of MPC sorting/comparison routines.
• Cloud resource allocation and energy markets: bid privacy applied to CPU/kWh trading.

In every case, no participant—auctioneer, agent, or external entity—gains information about bids beyond the allocation and prices, maintaining strong privacy guarantees (Xu et al., 2019).

---

References:

• “Privacy-preserving Double Auction Mechanism Based on Homomorphic Encryption and Sorting Networks” (Xu et al., 2019)