JPH02118876A - Electronic bidding system - Google Patents

Electronic bidding system

Info

Publication number
JPH02118876A
JPH02118876A JP63272608A JP27260888A JPH02118876A JP H02118876 A JPH02118876 A JP H02118876A JP 63272608 A JP63272608 A JP 63272608A JP 27260888 A JP27260888 A JP 27260888A JP H02118876 A JPH02118876 A JP H02118876A
Authority
JP
Japan
Prior art keywords
bidder
bid
bid amount
opener
amount
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP63272608A
Other languages
Japanese (ja)
Other versions
JP2697876B2 (en
Inventor
Kazuo Ota
和夫 太田
Tatsuaki Okamoto
龍明 岡本
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nippon Telegraph and Telephone Corp
Original Assignee
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp filed Critical Nippon Telegraph and Telephone Corp
Priority to JP27260888A priority Critical patent/JP2697876B2/en
Publication of JPH02118876A publication Critical patent/JPH02118876A/en
Application granted granted Critical
Publication of JP2697876B2 publication Critical patent/JP2697876B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Abstract

PURPOSE:To hold the secret of the corresponding relation of a bidding price except a successful bid and a tenderer even when an identity confirming person who is the sponsor side of the bidder and a bidding opening person conspire by providing a random number preparing device, a stirrer, a random number component remover and the like. CONSTITUTION:A bidder supplies a random number R to a stirrer 120 by a random number preparing device 110 of a device 100 for a bidder and by using a bidding amount (m) and a publicized encipherment key N through an f-computer 121 and a multiplier 122 in the device 120, a stirred communication sentence m' is calculated. Next, the sentence m' is transmitted to a device 200 for an identity confirming person, a communication sentence s' with a signature corresponding to the sentence m' through a cirtifying device 210 is calculated, transmitted to the device 100, a signature value (s) corresponding to the amount (m) through a random component remover 130 is calculated and stored in a memory 140. Since the bidder supplies the amount (m) to a data compressor 150, a compression value (d) corresponding to the amount (m) is calculated, transmitted to the bidding opening person, the bidding opening person receives the compression value all bidders and after publicization, the bidder transmits the amount (m) to a device for opening a bidding, the unfair practice of a bidding promotor, the leakage of the bidding amount and the like can be prevented.

Description

【発明の詳細な説明】 [発明の目的〕 (産業上の利用分野) 本発明は、通信ネットワーク上に分散配置された複数の
入札者が電子的手段によって入札を行うプロトコルを実
現する電子式入札方式に関する。Detailed Description of the Invention [Object of the Invention] (Industrial Application Field) The present invention relates to an electronic bidding system that realizes a protocol in which a plurality of bidders distributed over a communication network submit bids by electronic means. Regarding the method.

(従来の技術) 電気通信システムを用いた電子式入札、すなわちネット
ワーク上に分散配置された入札者が電子的手段によって
競争入札する場合の入札プロトコルでは、入札額を他の
入札者に秘密裏に開札者に届ける必要がある。この対策
として、暗号化の手法が利用されている。また、通常の
入札では、入札者と開札者が一同に会して入札・開孔を
行うので、開札者の不正は困難であると考えられている
。しかしながら、電気通信を利用するときには、開札者
と入札者が物理的に離れているので、開札者がその立場
を悪用して落札額を不正に操作する恐れがある。この対
策として、入札額に署名するディジタル署名の手法が利
用されている。(Prior Art) In electronic bidding using a telecommunications system, that is, bidding protocols in which bidders distributed over a network bid competitively by electronic means, bid amounts are secretly disclosed to other bidders. It must be delivered to the bidder. As a countermeasure against this problem, encryption methods are used. In addition, in normal bidding, bidders and bid openers come together to bid and open bids, so it is considered difficult for bid openers to commit fraud. However, when telecommunications are used, the bidder and the bidder are physically separated, so there is a risk that the bidder may abuse his position and fraudulently manipulate the winning bid amount. As a countermeasure to this problem, a digital signature method is used to sign the bid amount.

従来、提案されている電子式入札方式としては、例えば
山村三朗による「ネットワーク上における入札の一手法
J  (1988年暗号色情報セキュリティワークショ
ップ講演論文集、WCl588−5.9p、4l−50
)に開示されたものがある。Electronic bidding methods that have been proposed so far include, for example, Saburo Yamamura's ``A Bidding Method on the Network J'' (Proceedings of the 1988 Encrypted Color Information Security Workshop, WCl588-5.9p, 4l-50).
) has been disclosed.

コノ山村民の方式では、暗号通信とディジタル署名と同
報通信とを組み合わせることにより上述した問題を解決
している。Konoyama Villager's method solves the above-mentioned problems by combining encrypted communication, digital signatures, and broadcast communication.

(発明が解決しようとする課題) 通常の入札では、入札額は開札者のみが知っており、他
人に知られることはない。落札額以外の入札額は後日の
商活動などに影響するので、知られる範囲を必要最小限
にとどめることが好ましいものであるが、上述した山村
民の方法では、入札額が全員に知られてしまう問題があ
る。(Problem to be Solved by the Invention) In normal bidding, the bid amount is known only to the bidder and is not known to others. Bid amounts other than the winning bid will affect future commercial activities, so it is preferable to keep the amount known to the minimum necessary. There is a problem with it.

本発明は、上記に鑑みてなされたもので、その目的とす
るところは、入札の主催者側である身元確認者と開札者
とが結託したとしても落札額以外の入札額と入札者との
対応関係を秘密にできる電子式入札方式を提供すること
にある。The present invention has been made in view of the above, and its purpose is that even if there is collusion between the identification person who is the organizer of the bid and the bid opener, the bid amount other than the winning bid amount and the bidder's The object of the present invention is to provide an electronic bidding method that can keep correspondence relationships secret.

[発明の構成] (課題を解決するための手段) 上記目的を達成するため、本発明の電子式入札方式は、
開札者に対する複数の入札者からの入札を通信ネットワ
ークを利用して電子的に行う電子式入札方式であって、
入札者は入札額mの圧縮値αをα=H(m)で作成して
開札者に送信し、開札者はすべての入札者から圧縮値α
を受信して公開し、入札者は圧縮値αの公開後に入札額
mを開札者に送信し、開札者はすべての入札者から入札
額mを受信すると、入札額mに対する圧縮値H(m)を
算出してα=H(m)が満たされることを検査してから
受信したすべての入札額mを公開して落札額を決定し、
これにより入札額用を公開する前に前記圧縮値H(m)
を公開することで開札者が入札額用を見た後に入札でき
ないようにしたことを要旨とする。[Structure of the invention] (Means for solving the problem) In order to achieve the above object, the electronic bidding system of the present invention has the following features:
An electronic bidding method in which multiple bidders submit bids to a bid opener electronically using a communication network,
The bidder creates a compressed value α for the bid amount m using α=H(m) and sends it to the bid opener, and the bid opener receives the compressed value α from all bidders.
The bidder receives and publishes the compressed value α, and then transmits the bid amount m to the bid opener after publishing the compressed value α. When the bid opener receives the bid amount m from all bidders, the compressed value H(m ) and check that α=H(m) is satisfied, then publish all received bid amounts m and determine the successful bid amount,
As a result, the compressed value H(m) is
The gist is that by making the information public, bid openers are prevented from placing bids after viewing the bid amount.

また、本発明の電子式入札方式は、身元確認者によって
身元を確認された複数の入札者からの開札者に対する入
札を通信ネットワークを介して電子的に行う電子式入札
方式であって、入札者は乱数発生器からの乱数成分およ
び入札額mを撹乱器によって攪乱した入札額mに対応す
る通信文mを作成して身元確認者に送信し、身元確認者
は入札者の身元を確証した後に、攪乱された前記通信文
m゛を証明器に人力し署名付き通信文D (m’ )を
作成して入札者に返送し、入札者は前記署名付き通信文
D (m” )から乱数成分の影響を除去して入札額m
に署名を施した署名値D (m)を求めた後、入札額m
に対応する圧縮値αをα=H(m)で作成して開札者に
送信し、開札者はすべての入札者からの圧縮値αを受信
して公開し、入札者は圧縮値αの公開後に入札額mを開
札者に送信し、開札者はすべての入札者から入札額mを
受信すると、該入札額mに対する圧縮値H(m)を算出
してα=H(m)が満たされていることを検査してから
受信したすべての入札額mを公開して落札額moを決定
し、落札額moを入札した入札者は落札額moに署名を
施した署名値D(mo)を開札者に送信し、開札者は該
署名値D(mo)が落札額moに対する正しい署名であ
ることを検査して落札者の身元が身元確認者によって承
認され、かつ落札者が真に落札額moを入札したことを
確認し、これにより身元確認者と開札者とが結託しても
開札者が落札者以外の入札額と入札者との対応関係を知
ることができないようにしたことを要旨とする。Further, the electronic bidding method of the present invention is an electronic bidding method in which a plurality of bidders whose identities have been confirmed by an identification person make bids to a bid opener electronically via a communication network. creates a message m corresponding to the bid amount m obtained by disrupting the random number component from the random number generator and the bid amount m by a disruptor, and sends it to the identity verifier, and after the identity verifier verifies the bidder's identity, , the scrambled message m'' is manually input into a proving device to create a signed message D (m') and returned to the bidder, and the bidder extracts a random number component from the signed message D (m''). Bid amount m after removing the influence of
After obtaining the signature value D (m), the bid amount m
Create a compressed value α corresponding to α=H(m) and send it to the bid opener, the bid opener receives and publishes the compressed value α from all bidders, and the bidder publishes the compressed value α. Later, the bid amount m is sent to the bid opener, and when the bid opener receives the bid amount m from all bidders, it calculates the compression value H(m) for the bid amount m and satisfies α=H(m). The winning bid amount mo is determined by disclosing all the received bid amounts m after inspecting that the winning bid amount m is the same, and the bidder who bid the winning bid amount mo receives the signature value D(mo) that is the signed value of the winning bid amount mo. The bid opener verifies that the signature value D(mo) is the correct signature for the winning bid amount mo, so that the successful bidder's identity is approved by the identity verifier and the successful bidder is truly aware of the winning bid amount. The summary is that the bidder confirms that the bidder has placed a bid, and thereby prevents the bidder from knowing the correspondence between the bid amount and the bidder other than the successful bidder, even if the person confirming the identity colludes with the bidder. shall be.

更に、本発明の電子式入札方式は、身元確認者によって
身元を確認された複数の入札者からの開札者に対する入
札を通信ネットワークを介して電子的に行う電子式入札
方式であって、身元確認者は初期応答文を入札者に送信
し、入札者は該受信した初期応答文、乱数発生器からの
乱数成分および入札額mに対する問い合わせ文β、β゛
を作成して身元確認者に送信し、身元確認者は前記初期
応答文および前記受信した問い合わせ文に対応する応答
文を証明器を用いて生成して入札者に返送し、入札者は
前記応答文、前記乱数成分および前記問い合わせ文から
乱数成分の影響を除去して入札額mに対応する署名値2
゛を求めた後に、入札額mに対する圧縮値αをα=H(
m)で作成して開札者に送信し、開札者はすべての入札
者から圧縮値αを受信して公開し、入札者は圧縮値αの
公開後に入札額mを開札者に送信し、開札者はすべての
入札者からの入札額mを受信すると、入札額mに対する
圧縮値H(m)を算出してα=H(m)を満たすことを
検査した後、受信したすべての入札額用を公開して落札
額moを決定し、落札額moを入札した入札者は落札額
moに対応する署名2 、βを開札者に送信し、開札者
は該署名2゛βが落札額moに対する正しい署名である
ことを検査して、落札者の身元が身元確認者によって承
認され、かつ落札者が落札額moを入札したことを確認
し、これにより身元確認者と開札者とが結託しても開札
者が落札者以外の入札額と入札者との対応関係を知るこ
とができないようにしたことを要旨とする。Furthermore, the electronic bidding system of the present invention is an electronic bidding system in which a plurality of bidders whose identities have been verified by an identity verifier electronically bid to a bid opener via a communication network, The bidder sends the initial response text to the bidder, and the bidder creates query texts β and β′ for the received initial response text, the random number component from the random number generator, and the bid amount m, and sends them to the identity verifier. , the identity confirmer generates a response text corresponding to the initial response text and the received inquiry text using a proving device and sends it back to the bidder, and the bidder generates a response text corresponding to the initial response text and the received inquiry text, and sends it back to the bidder, and the bidder generates a response text corresponding to the initial response text and the received inquiry text, and sends it back to the bidder. Signature value 2 corresponding to bid amount m after removing the influence of random number component
After calculating the compression value α for the bid amount m, α=H(
m) and send it to the bidder, the bidder receives the compressed value α from all bidders and publishes it, and the bidder sends the bid amount m to the bidder after publishing the compressed value α, and When the bidder receives the bid amount m from all bidders, he calculates the compression value H(m) for the bid amount m, checks that α=H(m) is satisfied, and then calculates the compressed value H(m) for the bid amount m, and after checking that α=H(m) is satisfied, The bidder who made the successful bid amount mo sends the signature 2 and β corresponding to the successful bid amount mo to the bidder, and the bid opener confirms that the signature 2 β corresponds to the successful bid amount mo. Verify that the signature is correct to ensure that the successful bidder's identity is authorized by the identity verifier and that the successful bidder has bid the winning bid amount mo, thereby confirming that the identity verifier and the bid opener colluded. The gist of this system is that the bid opener is prevented from knowing the correspondence between the bid amount and the bidder other than the successful bidder.

(作用) 本発明の電子式入札方式においては、入札者から入札額
mに対する圧縮値を作成して開札者に送信し、開札者が
すべての入札者から圧縮値を受信して公開した後、入札
者は入札額mを開札者に送信し、これにより開札者が入
札額mを見た後に不正に入札できないようにしている。(Operation) In the electronic bidding system of the present invention, a bidder creates a compressed value for the bid amount m and sends it to the bid opener, and after the bid opener receives and publishes the compressed values from all bidders, The bidder transmits the bid amount m to the bid opener, thereby preventing the bid opener from making a fraudulent bid after seeing the bid amount m.

開札者はすべての入札額mを受信して落札額moを決定
する。The bid opener receives all the bid amounts m and determines the successful bid amount mo.

また、入札者は圧縮値を開札者に送信する前に身元確認
者に身元を確認してもらい、入札額mの署名値を求めて
おき、落札者は前記署名値を開札者に送信し、開札者は
落札者の身元が身元確認者によって承認されていること
を確認する。身元確認者が署名するのは入札額そのもの
でなく、入札者のみが知る乱数成分を付加した値であり
、入札者はこの乱数成分の影響を除去して入札額に対す
る署名値を求めている。In addition, before transmitting the compressed value to the bidder, the bidder has an identity checker confirm his identity and obtains a signature value of the bid amount m, and the successful bidder transmits the signature value to the bidder, The Bid Opener verifies that the Successful Bidder's identity is approved by the Identifier. What the identity certifier signs is not the bid amount itself, but a value added with a random number component known only to the bidder, and the bidder removes the influence of this random number component to obtain a signature value for the bid amount.

(実施例) 以下、図面を用いて本発明の詳細な説明する。(Example) Hereinafter, the present invention will be explained in detail using the drawings.

第1図、第2図および第3図は、本発明の一実施例に係
わる電子式入札方式に使用される入札者用装置100、
身元確認者用装置200および開札者用装置300の構
成を示すブロック図をそれぞれ示している。これらの入
札者用装置100、身元確認者用装置200および開札
者用装置300はそれぞれ第4図に示すように通信回線
を介して接続されている。1, 2, and 3 show a bidder device 100 used in an electronic bidding system according to an embodiment of the present invention;
Block diagrams showing the configurations of an identification person device 200 and a bid opener device 300 are shown, respectively. These bidder devices 100, identification person devices 200, and bid opener devices 300 are each connected via communication lines as shown in FIG.

本実施例に示す電子式入札方式においては、身元確認者
が入札者の身元を確認し、この確認を証明する署名を入
札者に送信し、入札者が入札額mから求めたデータ圧縮
値H(m)を開札者に送信し、開札者がすべての圧縮値
H(m)を公開した後に、入札者が入札額mを開札者に
送信し、開札者がその値を公開して落札額moを決定し
、落札者が落札額moに対する署名値を開札者に提示し
て、開札者が落札者の正当性を認定する。ここで、身元
確認者と開札者とが結託しても入札者と入札額の対応を
秘密にできるようにするために身元確認者に対して入札
額を秘密にしたまま身元確認者に署名されるようにして
いる。In the electronic bidding method shown in this embodiment, an identity checker confirms the bidder's identity, sends a signature proving this confirmation to the bidder, and the bidder obtains a data compression value H from the bid amount m. (m) to the bidder, and after the bidder discloses all compressed values H(m), the bidder transmits the bid amount m to the bidder, and the bidder discloses the value and the successful bid amount. mo is determined, the successful bidder presents the signature value for the successful bid amount mo to the bidder, and the bidder certifies the legitimacy of the successful bidder. Here, in order to keep the correspondence between the bidder and the bid amount secret even if the ID verification person and the bid opener collude, the identification ID is signed by the ID verification person while keeping the bid amount secret from the ID verification person. I try to do that.

身元確認者は、f (g (x) ) =g (f (
x) )=x、g (xXy)=g (x)Xg (y
) 、かつfからgを求めるのが困難な2つの関数の組
(f。The identity checker uses f (g (x) ) = g (f (
x) )=x, g (xXy)=g (x)Xg (y
), and a set of two functions (f.

g)を選択して、関数〔を公開し、関数gを秘密にする
g) to make the function [ public and make the function g secret.

この性質を満たす関数として、例えばR8A暗号の暗号
化関数と復号化関数がある。R8A暗号(Rlvest
 、 R,L、etal、  −A  Method 
f’orObtaining  Digital  S
ignatures and Publlc −Key
  Cryptosystems  、 Com5+u
nlcatlonsof’ the  ACM、 Vo
l、 21. No 、  2. pp、  120−
126.  (1978))を用いた(f、  g)の
構成例は以下の通りである。Functions that satisfy this property include, for example, an encryption function and a decryption function of the R8A encryption. R8A cipher (Rlvest
, R,L,etal, -A Method
f'or Obtaining Digital S
ignatures and publlc-Key
Cryptosystems, Com5+u
nlcatlonsof' the ACM, Vo
l, 21. No, 2. pp, 120-
126. (1978)) is as follows.

身元確認者は暗号化鍵(e、N)と復号化鍵(d、 N
)を N=PXQ eXdEl (modL) 但しL−LCM + (P−1)、  (Q−1))を
満たすように生成し、暗号化鍵を公開し、復号化鍵を秘
密に管理する。The person confirming the identity has an encryption key (e, N) and a decryption key (d, N).
) is generated to satisfy N=PXQ eXdEl (modL) where L-LCM + (P-1), (Q-1)), the encryption key is made public, and the decryption key is secretly managed.

ここで、LCM (a、b)は整数aとbの最小公倍数
を表して、PとQは相異なる2つの大きな素数とする。Here, LCM (a, b) represents the least common multiple of integers a and b, and P and Q are two different large prime numbers.

また、a=b (mod L)はa−bがLの倍数であ
ることを表す。Further, a=b (mod L) represents that a−b is a multiple of L.

R8A暗号は、Nが大きいときNの素因数分解が困難な
ことに安全性の根拠を持つ暗号であり、公開された暗号
化鍵(N、e)から秘密の復号化鍵のd成分を求めるこ
とは困難である。The R8A cipher is a cipher whose security is based on the fact that it is difficult to decompose N into prime factors when N is large. It is difficult.

暗号化関数fと復号化関数gを f (M)−M@(mod N) g (C) =C’  (+++od N)で定義する
と、O≦x<Nを満たす整数Xに対して g  (f  (x) )  −f  (g  (x)
 )  =xが成り立つことを示せる。ここで、a (
mod N)は、aをNで割ったときの余りを表す。更
に、0≦x、y<Nを満たす整数x、  yに対してg
 (xXy)−g (x)Xg (y)が成り立つこと
が示せる。If we define the encryption function f and the decryption function g as f (M) - M@ (mod N) g (C) = C' (+++od N), then g ( f (x) ) −f (g (x)
) = x can be shown to hold true. Here, a (
mod N) represents the remainder when a is divided by N. Furthermore, for integers x and y satisfying 0≦x, y<N, g
It can be shown that (xXy)-g (x)Xg (y) holds true.

以下では、関数gを署名関数として使用し、関数fを認
証関数として使用する。fおよびgとしてR3A暗号を
用いる場合のf計算器とg計算器の効率のよい計算方法
は、例えば池野、小山による「現代暗号理論」、電子通
信学会、pp、16−17、(1986)に示されてい
る。In the following, function g is used as a signature function and function f is used as an authentication function. Efficient calculation methods for f and g calculators when using R3A encryption as f and g are described, for example, in Ikeno and Koyama, "Modern Cryptography Theory," Institute of Electronics and Communication Engineers, pp. 16-17, (1986). It is shown.

次に、第5図に示す交信順序例および第1図〜第4図を
参照して詳細に説明する。Next, a detailed explanation will be given with reference to the example communication order shown in FIG. 5 and FIGS. 1 to 4.

まず、入札者は入札者用装置100の乱数発生器110
を使用して乱数Rを生成し、撹乱器120に供給する。First, the bidder uses the random number generator 110 of the bidder device 100
is used to generate a random number R and supply it to the disruptor 120.

該撹乱器120では、関数fを計算するf計算器121
を用いて、乱数Rに対するf (R)を算出し、乗算器
122に供給する。それから、この乗算器122には入
札額mが入力される。乗算器122は、入札額mおよび
f (R)を整数と見なし、公開されたNを用いて撹乱
された通信文m°を次式により計算する。The disrupter 120 includes an f calculator 121 that calculates a function f.
is used to calculate f (R) for the random number R and supply it to the multiplier 122. Then, the bid amount m is input to this multiplier 122 . The multiplier 122 considers the bid amounts m and f (R) to be integers, and uses the published N to calculate the disturbed message m° according to the following equation.

m’ =mX f (R)  (mod N)そして、
この計算された通信文m°を身元確認者用装置200に
送信する(第5図のステ・ツブ110)。なお、この時
、入札者−身元確認者間は署名通信を行うとよい。m' = mX f (R) (mod N) and
This calculated message m° is transmitted to the identification person device 200 (step 110 in FIG. 5). In addition, at this time, it is preferable that a signature communication is performed between the bidder and the person confirming the identity.

身元確認者用装置200における身元確認者は入札者用
装置100から送信されてきた通信文mを受信すると、
入札者の身元を確認し、それから入札者用装置100か
らの通信文m゛を証明器210に供給する。証明器21
0は、関数gを計算するg計算器211を用いて通信文
m°に対応する署名付き通信文S°を次式により計算す
る。When the identification person in the identification person device 200 receives the message m transmitted from the bidder device 100,
The bidder's identity is verified and the message m' from the bidder device 100 is then provided to the certifier 210. Prover 21
0 uses the g calculator 211 that calculates the function g to calculate the signed communication S° corresponding to the communication m° using the following equation.

s’  =g  (m’ ) それから、この計算した署名付き通信文S°を入札者用
装置100に送信する(ステ・ツブ120)。s' = g (m') Then, this calculated signed message S° is transmitted to the bidder device 100 (step 120).

入札者は、入札者用装置100によって身元確認者用装
置200からの署名付き通信文S゛を乱数成分除去器1
30で受信する。また、この乱数成分除去器130には
、前記乱数発生器110からの乱数Rおよび前記公開さ
れたNが供給されているので、乱数成分除去器130は
身元確認者用装置200から受信した署名付き通信文S
゛、乱数Rおよび公開されたNから次式によって入札額
mに対応する署名値Sを計算する。The bidder uses the bidder device 100 to send the signed message S from the identification person device 200 to the random number component remover 1.
Received at 30. Furthermore, since the random number component remover 130 is supplied with the random number R from the random number generator 110 and the publicized N, the random number component remover 130 receives the signed information from the identification person device 200. Correspondence S
A signature value S corresponding to the bid amount m is calculated from the random number R and the disclosed N using the following formula.

Sそs ’ /R(shod N) そして、この計算した署名値Sをメモリ140に記憶す
る。Ss'/R(shod N) Then, this calculated signature value S is stored in the memory 140.

また、入札者は、入札額mをデータ圧縮器150に供給
し、次式により入札額mに対応する圧縮値αを計算する
Further, the bidder supplies the bid amount m to the data compressor 150, and calculates the compression value α corresponding to the bid amount m using the following equation.

α=H(m) この計算された圧縮値αを開札者に送信する(ステップ
130)。α=H(m) This calculated compression value α is transmitted to the bidder (step 130).

開札者は、開札者用装置300によって入札者用装置1
00から送信された圧縮値αを順次受信し、すべての入
札者からの圧縮値αを受信すると、その値を公開ファイ
ル310に登録して公開する(ステップ140)。The bid opener uses the bid opener device 300 to access the bidder device 1.
The compressed value α transmitted from 00 is sequentially received, and when the compressed value α from all bidders is received, the value is registered in the public file 310 and made public (step 140).

入札者は、すべての圧縮値αが公開された後、入札額m
を開札者用装置300に送信する(ステップ150)。After all the compressed values α have been published, the bidder must make a bid of m
is transmitted to the bid opener device 300 (step 150).

開札者は、開札者用装置300によって入札者からの入
札額mを受信すると、該入札者をデータ圧縮器320に
供給し、該データ圧縮器320で圧縮された出力結果が
前記公開ファイル310に登録されたいずれかの圧縮値
αと一致するか否かを比較器325で比較して検査し、
それから入札額用を公開する(ステップ160)。そし
て、登録されたすべての入札額mがら落札額moを決定
する。When the bid opener receives the bid amount m from the bidder using the bid opener device 300, the bid opener supplies the bid amount to the data compressor 320, and the output result compressed by the data compressor 320 is stored in the public file 310. A comparator 325 compares and checks whether it matches any of the registered compression values α;
The bid amount is then published (step 160). Then, the winning bid amount mo is determined from all the registered bid amounts m.

落札額moを決定された入札者(以下、落札者と称する
)は、落札額moに対応する署名値Sを前記メモリ14
0から読み出して開札者用装置300に送信する(ステ
ップ170)。The bidder whose winning bid amount mo has been determined (hereinafter referred to as the successful bidder) stores the signature value S corresponding to the winning bid amount mo in the memory 14.
0 and transmits it to the bid opener device 300 (step 170).

開札者は、開札者用装置300によって入札者からの署
名値Sを受信すると、該署名値Sを検査器330に供給
し、検査値330のf計算器331で該署名値Sに対応
するf (s)を計算し、この計算されたf (s)を
比較器332に供給し、該比較器332において前記落
札額moと比較して一致することを検査し、署名値Sが
落札額moに対応した署名値であることを認定する。When the bid opener receives the signature value S from the bidder using the bid opener device 300, the bid opener supplies the signature value S to the tester 330, and calculates the f corresponding to the signature value S using the f calculator 331 of the test value 330. (s), this calculated f (s) is supplied to a comparator 332, and the comparator 332 compares it with the winning bid amount mo to check that they match, and the signature value S is the winning bid amount mo. certify that the signature value corresponds to

第6図、第7図および第8図は、本発明の他の実施例に
係わる電子式入札方式に使用される入札者用装置101
、身元確認者用装置201および開札者用装置301の
構成を示すブロック図をそれぞれ示している。なお、こ
れらの装置101゜201.301はそれぞれ前述した
第1図〜第3図に示した装置100,200.300に
対応するものであり、該装置100,200.300と
共通の構成要素は省略して図示されている。また、前述
した第1図〜第3図に示す実施例はR8A暗号を利用す
るのに対して、この第6図〜第8図に示す実施例は、F
iatとShamirの認証方式を利用している。6, 7, and 8 show a bidder device 101 used in an electronic bidding system according to another embodiment of the present invention.
, block diagrams showing the configurations of the identification person device 201 and the bid opener device 301, respectively. Note that these devices 101, 201, and 301 correspond to the devices 100, 200, and 300 shown in FIGS. 1 to 3, respectively, and the common components with these devices are as follows. The illustration is omitted. Further, while the embodiment shown in FIGS. 1 to 3 described above uses the R8A encryption, the embodiment shown in FIGS. 6 to 8 uses the F
It uses the iat and Shamir authentication methods.

このF i a t−3hamt r法は、信頼できる
センタが個人識別情報としてIDを用いる利用者に対し
て、次の手順でに個の秘密情報5i(1≦j≦k)を生
成する。ここで、kは安全性を定めるパラメータであり
、1以上の値である。また、Nは公開情報であり、秘密
の素数PとQとを用いて、N=PXQと表せる。fは一
方向性関数であり、公開されている。In this Fiat-3hamtr method, a reliable center generates secret information 5i (1≦j≦k) for a user who uses an ID as personal identification information in the following steps. Here, k is a parameter that determines safety, and has a value of 1 or more. Further, N is public information and can be expressed as N=PXQ using secret prime numbers P and Q. f is a one-way function and is public.

すなわち、まず、一方向性関数fを用いて、v j=f
 (ID、J)    (1≦j≦k)を計算する。That is, first, using the one-way function f, v j=f
Calculate (ID, J) (1≦j≦k).

それから、各vjに対してNの素因数PとQを用いて、 Sj=  1/vj    (modN)を計算する。Then, using the prime factors P and Q of N for each vj, Calculate Sj=1/vj (modN).

すなわち、S j2=1/v j  (modN)とな
る。That is, S j2 = 1/v j (modN).

更に、利用者に対してに個のsjを秘密に発行し、一方
向性関数fと合成数Nを公開する。Furthermore, sj is secretly issued to the user, and the one-way function f and composite number N are made public.

(mod N)における平方根の計算は、Nの素因数(
PとQ)がわかっているときのみ実行できる。Calculation of the square root in (mod N) is the calculation of the square root in (mod N), which is a prime factor of N (
It can only be executed when P and Q) are known.

その方法は、例えばRabin、M、O,:“Dlgl
 tallzedSignature and Pub
lic−Key Functlons as 1nLr
actable as F’actorIzaLIo”
 、 Tech、Rep、旧T/LC3/TR−212
HIT Lab、Comput、Sc1.1979に示
されている。The method is described, for example, by Rabin, M.O.: “Dlgl
tallzedSignature and Pub
lic-Key Functionlons as 1nLr
“actable as F’actorIzaLIo”
, Tech, Rep, old T/LC3/TR-212
HIT Lab, Comput, Sc1.1979.

平方根の計算装置の具体的な構成例は特願昭61−16
9350 (公開鍵暗号システム)に開示されている。A specific example of the configuration of a square root calculation device is provided in the patent application filed in 1986-16.
9350 (Public Key Cryptography System).

また、F i a t−8hami r法による利用者
の認定方式は次の通りである。Further, the user authentication method using the Fiat-8hamir method is as follows.

証明者Aは検証者Cに対して、Aが本物であることを次
の手順で証明する。Prover A proves to verifier C that A is genuine using the following procedure.

まず、AがIDをCに送る。First, A sends an ID to C.

それから、Cは次式を計算する。Then, C calculates the following equation.

vj=f (ID、j)    (1≦j≦k)次に、
i−1,・・・・・・、tについて以下の手順を繰り返
す(tは安全性を定めるパラメータであり、1以上の値
である)。vj=f (ID, j) (1≦j≦k) Next,
The following procedure is repeated for i-1, . . . , t (t is a parameter that determines safety and has a value of 1 or more).

まず、乱数r、を生成して、 xi−ri2    (modN) を計算して、Cに送る。First, generate a random number r, xi-ri2 (modN) Calculate and send to C.

それから、Cが0. 1のビット列(ell+ ・・・
・・・el、)を生成して、Aに送る。Then C is 0. Bit string of 1 (ell+...
...el,) is generated and sent to A.

更に、Aが署名文yiを yi=ri  U  sj   (modN)elj=
1 で生成して、Cに送る。Furthermore, A writes the signature yi as yi=ri U sj (modN)elj=
1 and send it to C.

また、Cは、 xi=y12U  vj    (mod N)elj
=1 が成り立つことを検査する。Moreover, C is xi=y12U vj (mod N)elj
Check that =1 holds true.

yiの作り方よりy 12IIv i=r 12II 
(seij=l    elj−1 ら、を回の検査にすべて合格した場合、検証者CはAが
本物あると認める。From how to make yi y 12IIv i=r 12II
(seij=l elj-1, etc.), if all tests are passed, verifier C recognizes that A is genuine.

以上では、利用者の認証方式について説明したが、メツ
セージの認証方式は上記の手順を次のように変更して実
現できる。The user authentication method has been described above, but the message authentication method can be realized by changing the above procedure as follows.

メツセージ(m)と(Xl、・・・・・・、X、)に一
方向性関数fを施して得たf(m、x、、・・・・・・
x、)の先頭のkxtビットを上記手順のビット列(e
、+)とみなして、署名文として、(ID。The message (m) and (Xl,...,X,) are given a one-way function f(m, x,...
The first kxt bits of x, ) are converted into the bit string (e
, +), and as a signature sentence, (ID.

rT1+  (e II) +  V l * ・・・
・・・、y+)を署名つき通信文として検証者に送信す
る。rT1+ (e II) + V l *...
..., y+) to the verifier as a signed message.

次に、第9図に示す交信順序例および第6図〜第8図を
参照して詳細に説明する。なお、本実施例では、身元確
認者−入札者間ではFiat−8hamir法の利用者
認証法を利用し、入札者−開札者間ではF ia t−
3hami r法のメツセージ認証法を利用している。Next, a detailed explanation will be given with reference to an example of the communication order shown in FIG. 9 and FIGS. 6 to 8. In this embodiment, the Fiat-8hamir user authentication method is used between the identity confirmer and the bidder, and the Fiat-8hamir method is used between the bidder and the bid opener.
It uses the 3hamir message authentication method.

2つの認証法を対応づける情報を入札者において秘密に
することで、身元確認者と開札者が結託しても入札者と
入札額の対応を秘密にしている。By keeping the information that correlates the two authentication methods secret from the bidder, even if the identity verifier and bid opener collude, the correspondence between the bidder and the bid amount can be kept secret.

i2 xV、)=r、  2 =x (modN)であるか F i a t−3hami r法の場合と同様に、信
頼できるセンタが合成数Mと一方向性関数fを公開し、
更に証明者Aの識別情報IDに対応する秘密情報Sを計
算して、SをAに配送する。以下の説明では、k=1の
場合について説明する。i2
Furthermore, secret information S corresponding to the identification information ID of prover A is calculated and S is delivered to A. In the following explanation, the case where k=1 will be explained.

入札者は、身元確認者の力を借りて、次の手順で入札額
mに署名する。The bidder, with the help of the identity certifier, signs the bid amount m in the following steps.

まず、身元確認者は、IDを入札者用装置101および
開札者用装置301に送信する(第9図のステップ21
0)。First, the identity confirmer transmits the ID to the bidder device 101 and the bid opener device 301 (step 21 in FIG. 9).
0).

それから、身元確認者、入札者および開札者は、それぞ
れ身元確認者用装置201、入札者用装置101および
開札者用装置301のデータ圧縮器220.160およ
び350を用いて、x=f(ID)を計算する。The identity verifier, bidder and bid opener then use the data compressors 220, 160 and 350 of the identity verifier device 201, bidder device 101 and bid opener device 301, respectively, to ).

更に、身元確認者は、初期応答文発生器230を用いて
t個の初期応答文x’ 、(i=1.2゜・・・・・・
、BからなるX“を計算し、この初期応答文X°を入札
者用装置101に送信する(ステップ220)。Furthermore, the identity verifier uses the initial response sentence generator 230 to generate t initial response sentences x', (i=1.2°...
, B, and transmits this initial response sentence X° to the bidder device 101 (step 220).

なお、初期応答文発生器230は、乱数発生器231お
よび剰余付き乗算器232から構成され、乱数発生器2
31からt個のriを発生し、剰余付き乗算器232を
用いて、 x’  =XXr l      (god N)(i
=1.2.・・・・・・、1) で、を個のX’ lを計算する。Note that the initial response sentence generator 230 is composed of a random number generator 231 and a multiplier with remainder 232, and the random number generator 2
31, and using the multiplier with remainder 232, x' = XXr l (god N) (i
=1.2. ......, 1) Calculate X'l.

前記初期応答文X°が入札者用装置101で受信される
と、乱数発生器170を用いてt組のビットe1と乱数
u1のペアを発生し、その値を受信したt個のX”1と
先に生成したXとともに初期応答文撹乱器175に入力
し、を個の撹乱された初期応答文x°°1を計算してX
 ”w (X t+1゜・・・・・・T  X”t)を
問い合わせ文発生器180に供給する。When the initial response text X° is received by the bidder device 101, the random number generator 170 is used to generate t pairs of bits e1 and random numbers u1, and the values are transmitted to the received t pieces of X''1. is input to the initial response sentence disrupter 175 along with the previously generated X, and the disturbed initial response sentences x°°1 are calculated and
“w (X t+1° . . . T X”t) is supplied to the query statement generator 180.

例えば、初期応答文撹乱器175を剰余付き乗算器で構
成し、乱数発生器170が生成したt組のelとul、
受信したt個の初期応答文XおよびXを剰余付き乗算器
175に入力し、X”i =u+ 2xX−” xX’
 l  (a+od N)(i−1,2,・・・・・・
、  B でt個のx”iを計算する。For example, if the initial response sentence disruptor 175 is configured with a multiplier with a remainder, t sets of el and ul generated by the random number generator 170,
The received t initial response sentences X and X are input to the multiplier with remainder 175, and
l (a+od N)(i-1,2,...
, B calculate t x"i.

次に入札者は、入札額mとt個のx ”、入札者用装置
101の問い合わせ文発生器180に入力して、問い合
わせ文β、β′を作成し、β′を身元確認者用装置20
1に送信しくステップ230)、βを乱数成分除去器1
90に供給する。Next, the bidder inputs the bid amount m and t pieces of x'' into the inquiry sentence generator 180 of the bidder device 101 to create inquiry sentences β and β', and β' is input to the inquiry sentence generator 180 of the bidder device 101. 20
1 (step 230), β is sent to the random number component remover 1.
Supply to 90.

例えば、問い合わせ文発生器180をデータ圧縮器18
1および排他的論理和計算器182で構成し、これによ
り (β1.・・・・・・、βl) ”” f  (m、X  1.”””、X’ + )β
 1=β+ +e、    (mod N)(i=1.
2. ・・・・・・、B で、β=(β1.・・・・・・、β1)とβ′=(β゛
1.・・・・・・、β′、)を求める。For example, query statement generator 180 is
1 and an exclusive OR calculator 182, thereby (β1....., βl) ``'' f (m, X 1.'''''', X' + )β
1=β+ +e, (mod N)(i=1.
2. ......, B, find β=(β1.....,β1) and β'=(β゛1.....,β',).

それから、身元確認者用装置201は入札者用装置10
1から問い合わせ文β′を受信すると、証明器240を
用いて、先に発生した乱数riと受信した問い合わせ文
β゛から、応答文2を計算して入札者用装置101に送
信する(ステップ240)。Then, the identity verifier device 201 is connected to the bidder device 10.
When the inquiry sentence β' is received from the bidder 1, the proving device 240 calculates the response sentence 2 from the previously generated random number ri and the received inquiry sentence β', and sends it to the bidder device 101 (step 240 ).

例えば、証明器240を秘密情報格納器241および剰
余付き乗算器242で構成し、秘密情報格納器241か
ら秘密情報Sを読み出し、初期応答文発生器230から
供給された乱数rと受信した応答文β”を剰余付き乗算
器242に人力し、z、=r、xs”’    (mo
d N)(i=1.2.・・・・・・、1) で計算したzlを用いて、z= (zl 、・・川・ 
21)を求める。For example, the prover 240 is configured with a secret information storage 241 and a multiplier with remainder 242, reads the secret information S from the secret information storage 241, and uses the random number r supplied from the initial response sentence generator 230 and the received response sentence. β'' is manually input to the multiplier with remainder 242, and z,=r,xs''' (mo
d N) (i=1.2......,1) Using zl calculated as
21).

入札者用装置101が前記応答文2を受信すると、該応
答文2と先に生成したXとt組の(eいu、)を乱数成
分除去器190に入力し、応答文z′を計算し、応答文
2°と問い合わせ分βを入札額mに対する署名としてメ
モリ140に記憶する。When the bidder device 101 receives the response sentence 2, it inputs the response sentence 2 and the previously generated X and t pair (eu,) to the random number component remover 190, and calculates the response sentence z'. Then, the response sentence 2° and the inquiry amount β are stored in the memory 140 as a signature for the bid amount m.

例えば、乱数成分除去器190を条件判定器191およ
び剰余付き乗算器192で構成し、) u Ix z 
1 x x −’   (ffiod N)で計算した
Z’lを用いて、Z””(Z’t+ ・・・・・・、Z
’+)を求める。For example, the random number component remover 190 is configured with a condition determiner 191 and a multiplier with remainder 192, and
1 x x -' (ffiod N)
'+).

次は、前述したステップ130〜160と同様に、第9
図のステップ250〜280で示すように、入札者は入
札額mに対応する圧縮値αを開札者用装置301に送信
しくステップ250)、開札者はすべての圧縮値αを公
開する(ステップ260)。それから、入札者はすべて
の圧縮値αが公開された後、入札額mを開札者用装置3
01に送信する(ステップ270)。入札者は入札額m
を受信すると、前記公開した圧縮値αと一致するか否か
を比較検査し、それからすべての入札額mを公開する(
ステップ280)。そして、すべての入札額mから落札
額moを決定する。Next, similar to steps 130 to 160 described above, the ninth
As shown in steps 250 to 280 in the figure, the bidder transmits the compressed value α corresponding to the bid amount m to the bidder device 301 (step 250), and the bidder publishes all compressed values α (step 260). ). Then, after all the compressed values α have been published, the bidder can enter the bid amount m on the bidder device 3.
01 (step 270). The bidder bids m
When it receives, it compares and checks whether it matches the published compression value α, and then publishes all bid amounts m (
step 280). Then, the successful bid amount mo is determined from all the bid amounts m.

落札者moを決定された入札者、すなわち落札者は、落
札額moに対する署名β、z°を前記メモリ140から
読み出し、開札者用装置301に送信する(ステップ2
90)。The bidder for whom the successful bidder mo has been determined, that is, the successful bidder, reads the signature β, z° for the successful bid amount mo from the memory 140 and transmits it to the bid opener device 301 (step 2
90).

開札者は該通信文β、z′を受信すると、該通信文およ
び落札額moを検査器360に供給して、これらの正当
性を検査する。When the bid opener receives the messages β and z', he supplies the messages and the successful bid amount mo to the tester 360 to test their validity.

この検査器360は、例えば剰余付き乗算器361、デ
ータ圧縮器362および比較器363で構成され、 X”、=Z’ 、 2XXIβ’  (mod N)で
x゛°1を求めて、 β−f (m、 X”1 、・・・・・・、X”t)が
成立するかを検査する。This tester 360 is composed of, for example, a multiplier with remainder 361, a data compressor 362, and a comparator 363, and calculates x゛°1 using X'', = Z', 2XXIβ' (mod N), and It is checked whether (m, X"1, . . . , X"t) holds true.

以上の実施例では、F i a t−3hami r法
をベースにした認証方法について説明したが、Fi a
 t−3hami r法はNの素因数分解が困難な場合
に(sod N)での平方根の計算が困難なことに基づ
いている。離散対数問題などの困難性を利用した認証法
をベースにしても同様の方式を構成できる。In the above embodiment, an authentication method based on the Fiat-3hamir method was explained.
The t-3hamir method is based on the fact that it is difficult to calculate the square root of (sod N) when it is difficult to factorize N into prime factors. A similar system can also be constructed based on an authentication method that takes advantage of the difficulty of discrete logarithm problems.

[発明の効果] 以上説明したように、本発明によれば、入札者は入札額
mから圧縮値を作成して開札者に送信し、開札者がすべ
ての入札者から圧縮値を受信して公開した後に開札者が
入札額mを開札者に送信しているので、開札者が入札額
mを見た後に不正に入札できない。また、落札者のみが
署名値を開札者に送信して、落札者の身元を承認するの
で、落札額以外の入札額と入札者との対応関係を秘密に
できる。特に、身元確認者が署名するのは、入札額その
ものでなく、入札者のみが知る乱数成分を付加した値で
あり、入札者はその乱数成分の影響を除去して入札値に
対する署名値を求めるので、入札の主催者である身元確
認者と開札者とが結託しても落札者と落札額以外の入札
額mと入札者との対応関係を秘密にすることができ、入
札主催者による不正行為、入札額の漏洩などを防止する
ことができる。[Effects of the Invention] As explained above, according to the present invention, a bidder creates a compressed value from the bid amount m and sends it to the bid opener, and the bid opener receives compressed values from all bidders. Since the bid opener transmits the bid amount m to the bidder after the bid is made public, the bid opener cannot make a fraudulent bid after seeing the bid amount m. Further, since only the successful bidder sends the signature value to the bidder to approve the successful bidder's identity, the correspondence between the bid amount other than the winning bid amount and the bidder can be kept secret. In particular, what the identity verifier signs is not the bid amount itself, but a value with a random number component known only to the bidder, and the bidder removes the influence of the random number component to obtain the signature value for the bid value. Therefore, even if the identity confirmer who is the organizer of the bid colludes with the bid opener, the correspondence between the successful bidder, the bid amount m other than the winning bid amount, and the bidder can be kept secret, and fraud by the bid organizer can be prevented. It is possible to prevent acts, leakage of bid amounts, etc.

【図面の簡単な説明】[Brief explanation of drawings]

第1図、第2図および第3図は本発明の一実施例に係わ
る電子式入札方式に使用される入札者用装置、身元確認
者用装置および開札者用装置の構成をそれぞれ示すブロ
ック図、第4図は電子式入札方式において通信ネットワ
ークを介して接続される身元確認者、入札者および開札
者を示す図、第5図は第1図〜第3図の実施例における
交信順序を示す説明図、第6図、第7図および第8図は
本発明の他の実施例に係わる電子式入札方式に使用され
る入札者用装置、身元確認者用装置および開札者用装置
の構成をそれぞれ示すブロック図、第9図は第6図〜第
8図の実施例における交信順序を示す説明図である。 100.101・・・入札者用装置 11.0・・・乱数発生器 120・・・撹乱器 170・・・乱数成分除去器 140・・・めもり 150・・・データ圧縮器 200.201・・・身元確認者用装置210・・・証
明器 300゜ 301・・・開札者用装置 310・・・公開ファイル 320・・・データ圧縮器 330・・・検査器FIG. 1, FIG. 2, and FIG. 3 are block diagrams showing the configurations of a bidder device, an identification person device, and a bid opener device, respectively, used in an electronic bidding system according to an embodiment of the present invention. , FIG. 4 is a diagram showing an identification person, a bidder, and a bid opener connected via a communication network in an electronic bidding system, and FIG. 5 is a diagram showing the communication order in the embodiment of FIGS. 1 to 3. The explanatory diagrams, FIG. 6, FIG. 7, and FIG. 8 show the configurations of a bidder device, an identification person device, and a bid opener device used in an electronic bidding system according to other embodiments of the present invention. The respective block diagrams and FIG. 9 are explanatory diagrams showing the communication order in the embodiments of FIGS. 6 to 8. 100.101...Bidder device 11.0...Random number generator 120...Disturber 170...Random number component remover 140...Memori 150...Data compressor 200.201...・Identification person device 210...Certification device 300゜301...Bid opener device 310...Public file 320...Data compressor 330...Testing device

Claims (3)

【特許請求の範囲】[Claims] (1)開札者に対する複数の入札者からの入札を通信ネ
ットワークを利用して電子的に行う電子式入札方式であ
って、入札者は入札額mの圧縮値αをα=H(m)で作
成して開札者に送信し、開札者はすべての入札者から圧
縮値αを受信して公開し、入札者は圧縮値αの公開後に
入札額mを開札者に送信し、開札者はすべての入札者か
ら入札額mを受信すると、入札額mに対する圧縮値H(
m)を算出してα=H(m)が満たされることを検査し
てから受信したすべての入札額mを公開して落札額を決
定し、これにより入札額mを公開する前に前記圧縮値H
(m)を公開することで開札者が入札額mを見た後に入
札できないようにしたことを特徴とする電子式入札方式
(1) An electronic bidding system in which multiple bidders submit bids to a bidder electronically using a communication network, in which the bidder sets the compressed value α of the bid amount m by α=H(m). The bid opener receives the compressed value α from all bidders and publishes it. After the bidder publishes the compressed value α, the bidder sends the bid amount m to the bid opener, and all bid openers receive the compressed value α. When a bid amount m is received from a bidder, the compression value H(
m) and check that α=H(m) is satisfied, then publish all received bids m to determine the winning bid, and thereby apply the compression method before publishing the bid m. value H
An electronic bidding system characterized by disclosing (m) so that a bid opener cannot bid after seeing the bid amount m. (2)身元確認者によって身元を確認された複数の入札
者からの開札者に対する入札を通信ネットワークを介し
て電子的に行う電子式入札方式であって、入札者は乱数
発生器からの乱数成分および入札額mを撹乱器によって
撹乱した入札額mに対応する通信文m′を作成して身元
確認者に送信し、身元確認者は入札者の身元を確証した
後に、撹乱された前記通信文m′を証明器に入力し署名
付き通信文D(m′)を作成して入札者に返送し、入札
者は前記署名付き通信文D(m′)から乱数成分の影響
を除去して入札額mに署名を施した署名値D(m)を求
めた後、入札額mに対応する圧縮値αをα=H(m)で
作成して開札者に送信し、開札者はすべての入札者から
の圧縮値αを受信して公開し、入札者は圧縮値αの公開
後に入札額mを開札者に送信し、開札者はすべての入札
者から入札額mを受信すると、該入札額mに対する圧縮
値H(m)を算出してα=H(m)が満たされているこ
とを検査してから受信したすべての入札額mを公開して
落札額moを決定し、落札額moを入札した入札者は落
札額moに署名を施した署名値D(mo)を開札者に送
信し、開札者は該署名値D(mo)が落札額moに対す
る正しい署名であることを検査して落札者の身元が身元
確認者によって承認され、かつ落札者が真に落札額mo
を入札したことを確認し、これにより身元確認者と開札
者とが結託しても開札者が落札者以外の入札額と入札者
との対応関係を知ることができないようにしたことを特
徴とする電子式入札方式。(2) An electronic bidding method in which multiple bidders, whose identities have been confirmed by an identity certifier, make bids to a bid opener electronically via a communication network, in which the bidder receives a random number component from a random number generator. and creates a message m' corresponding to the bid amount m that has been disturbed by the disrupter, and sends it to the identity verifier, and after confirming the identity of the bidder, the identity verifier confirms the bidder's identity and then m' is input into the prover, a signed message D(m') is created and sent back to the bidder, and the bidder removes the influence of the random number component from the signed message D(m') and bids. After obtaining the signature value D(m) that is a signature on the bid amount m, create a compressed value α corresponding to the bid amount m using α=H(m) and send it to the bid opener. The bidder receives and publishes the compressed value α from the bidder, and after publishing the compressed value α, the bidder sends the bid amount m to the bidder. When the bidder receives the bid amount m from all bidders, the bidder receives the bid amount After calculating the compression value H(m) for m and checking that α=H(m) is satisfied, all received bid amounts m are disclosed to determine the winning bid amount mo, and the winning bid amount mo The bidder who made a bid sends the signature value D(mo) signed on the winning bid amount mo to the bid opener, and the bid opener checks that the signature value D(mo) is the correct signature for the winning bid amount mo. The successful bidder's identity is verified by the identity certifier, and the successful bidder is truly responsible for the winning bid amount mo.
The bidder confirms that the bidder has placed a bid, thereby preventing the bidder from knowing the correspondence between the bid amount of a person other than the successful bidder and the bidder even if there is collusion between the person confirming the identity and the bidder. Electronic bidding method. (3)身元確認者によって身元を確認された複数の入札
者からの開札者に対する入札を通信ネットワークを介し
て電子的に行う電子式入札方式であって、身元確認者は
初期応答文を入札者に送信し、入札者は該受信した初期
応答文、乱数発生器からの乱数成分および入札額mに対
する問い合わせ文β、β′を作成して身元確認者に送信
し、身元確認者は前記初期応答文および前記受信した問
い合わせ文に対応する応答文を証明器を用いて生成して
入札者に返送し、入札者は前記応答文、前記乱数成分お
よび前記問い合わせ文から乱数成分の影響を除去して入
札額mに対応する署名値z′を求めた後に、入札額mに
対する圧縮値αをα=H(m)で作成して開札者に送信
し、開札者はすべての入札者から圧縮値αを受信して公
開し、入札者は圧縮値αの公開後に入札額mを開札者に
送信し、開札者はすべての入札者からの入札額mを受信
すると、入札額mに対する圧縮値H(m)を算出してα
=H(m)を満たすことを検査した後、受信したすべて
の入札額mを公開して落札額moを決定し、落札額mo
を入札した入札者は落札額moに対応する署名z′、β
を開札者に送信し、開札者は該署名z′、βが落札額m
oに対する正しい署名であることを検査して、落札者の
身元が身元確認者によって承認され、かつ落札者が落札
額moを入札したことを確認し、これにより身元確認者
と開札者とが結託しても開札者が落札者以外の入札額と
入札者との対応関係を知ることができないようにしたこ
とを特徴とする電子式入札方式。(3) An electronic bidding method in which multiple bidders whose identities have been confirmed by an identity certifier make bids to a bid opener electronically via a communication network, in which the identity certifier sends an initial response to the bidder. and the bidder creates inquiry sentences β and β′ for the received initial response text, the random number component from the random number generator, and the bid amount m, and sends them to the identity verification person, and the identity verification person and a response sentence corresponding to the received inquiry sentence are generated using a proving device and sent back to the bidder, and the bidder removes the influence of the random number component from the response sentence, the random number component, and the inquiry sentence. After finding the signature value z' corresponding to the bid amount m, create a compressed value α for the bid amount m using α=H(m) and send it to the bid opener, who then collects the compressed value α from all bidders. is received and published, and the bidder sends the bid amount m to the bid opener after publishing the compressed value α. When the bid opener receives the bid amount m from all bidders, the compressed value H( m) and α
After checking that =H(m) is satisfied, all received bid amounts m are disclosed to determine the winning bid amount mo, and the winning bid amount mo
The bidder who bids the signature z′, β corresponding to the winning bid amount mo.
is sent to the bid opener, and the bid opener receives the signatures z′ and β as the winning bid amount m.
verifying that the successful bidder's identity is authorized by the identity verifier and that the successful bidder bid the winning bid amount mo, thereby preventing collusion between the identity verifier and the bid opener. This electronic bidding method is characterized in that the bid opener cannot know the correspondence between the bid amount and the bidder other than the successful bidder even if the bidder bids the successful bidder.
JP27260888A 1988-10-28 1988-10-28 Electronic bidding system Expired - Lifetime JP2697876B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP27260888A JP2697876B2 (en) 1988-10-28 1988-10-28 Electronic bidding system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP27260888A JP2697876B2 (en) 1988-10-28 1988-10-28 Electronic bidding system

Publications (2)

Publication Number Publication Date
JPH02118876A true JPH02118876A (en) 1990-05-07
JP2697876B2 JP2697876B2 (en) 1998-01-14

Family

ID=17516301

Family Applications (1)

Application Number Title Priority Date Filing Date
JP27260888A Expired - Lifetime JP2697876B2 (en) 1988-10-28 1988-10-28 Electronic bidding system

Country Status (1)

Country Link
JP (1) JP2697876B2 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6078906A (en) * 1995-08-23 2000-06-20 Xerox Corporation Method and system for providing a document service over a computer network using an automated brokered auction
JP2001034682A (en) * 1999-07-19 2001-02-09 Nippon Telegr & Teleph Corp <Ntt> Method and device for, electronic bidding, and program recording medium
KR20010076762A (en) * 2000-01-28 2001-08-16 오길록 On-line bidding system with high secrecy and attestation
US7181405B1 (en) 1998-12-28 2007-02-20 Nec Corporation Electronic tender system
WO2007094043A1 (en) * 2006-02-14 2007-08-23 Fujitsu Limited Electronic bidding/bidding opening program, electronic bidding/bidding opening system, and electronic bidding/bidding opening method
US7567933B1 (en) 1999-07-19 2009-07-28 Nippon Telegraph And Telephone Corporation System and method for quantitative competition and recording medium having recorded thereon program for implementing them

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6026387A (en) * 1983-07-22 1985-02-09 日本電信電話株式会社 Digital signature system
JPS613254A (en) * 1984-06-15 1986-01-09 Nippon Telegr & Teleph Corp <Ntt> User certification system
JPS6253042A (en) * 1985-09-02 1987-03-07 Nippon Telegr & Teleph Corp <Ntt> Distributing system for cryptographic key
JPS6265150A (en) * 1985-09-17 1987-03-24 Fujitsu Ltd Method for storing privacy information
JPS62190943A (en) * 1986-02-18 1987-08-21 Nippon Telegr & Teleph Corp <Ntt> Certification system for distribution of cryptographic key
JPS62245747A (en) * 1986-04-18 1987-10-27 Hitachi Ltd Electronic stamping system
JPS6339230A (en) * 1986-08-04 1988-02-19 Nippon Telegr & Teleph Corp <Ntt> Destination aggregation recognition system in multiaddress cipher communication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6026387A (en) * 1983-07-22 1985-02-09 日本電信電話株式会社 Digital signature system
JPS613254A (en) * 1984-06-15 1986-01-09 Nippon Telegr & Teleph Corp <Ntt> User certification system
JPS6253042A (en) * 1985-09-02 1987-03-07 Nippon Telegr & Teleph Corp <Ntt> Distributing system for cryptographic key
JPS6265150A (en) * 1985-09-17 1987-03-24 Fujitsu Ltd Method for storing privacy information
JPS62190943A (en) * 1986-02-18 1987-08-21 Nippon Telegr & Teleph Corp <Ntt> Certification system for distribution of cryptographic key
JPS62245747A (en) * 1986-04-18 1987-10-27 Hitachi Ltd Electronic stamping system
JPS6339230A (en) * 1986-08-04 1988-02-19 Nippon Telegr & Teleph Corp <Ntt> Destination aggregation recognition system in multiaddress cipher communication

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6078906A (en) * 1995-08-23 2000-06-20 Xerox Corporation Method and system for providing a document service over a computer network using an automated brokered auction
US7181405B1 (en) 1998-12-28 2007-02-20 Nec Corporation Electronic tender system
JP2001034682A (en) * 1999-07-19 2001-02-09 Nippon Telegr & Teleph Corp <Ntt> Method and device for, electronic bidding, and program recording medium
US7567933B1 (en) 1999-07-19 2009-07-28 Nippon Telegraph And Telephone Corporation System and method for quantitative competition and recording medium having recorded thereon program for implementing them
US7941361B2 (en) 1999-07-19 2011-05-10 Nippon Telegraph And Telephone Corporation System and method for quantitative competition and recording medium having recorded thereon program for implementing the method
KR20010076762A (en) * 2000-01-28 2001-08-16 오길록 On-line bidding system with high secrecy and attestation
WO2007094043A1 (en) * 2006-02-14 2007-08-23 Fujitsu Limited Electronic bidding/bidding opening program, electronic bidding/bidding opening system, and electronic bidding/bidding opening method
JP4739404B2 (en) * 2006-02-14 2011-08-03 富士通株式会社 Electronic bidding / bid opening program, electronic bidding / bid opening system, and electronic bidding / bid opening method

Also Published As

Publication number Publication date
JP2697876B2 (en) 1998-01-14

Similar Documents

Publication Publication Date Title
CN110224993B (en) Responsibility pursuing anonymous electronic voting method and system based on block chain
CN110391911B (en) System and method for anonymously voting block chain
US8650403B2 (en) Crytographic method for anonymous authentication and separate identification of a user
US6377688B1 (en) Cryptographic communication method and system
JP4082717B2 (en) Anonymous signature method and apparatus using shared private key
JP5205398B2 (en) Key authentication method
US7730319B2 (en) Provisional signature schemes
US7444512B2 (en) Establishing trust without revealing identity
JP2020502857A (en) Information protection system and method
US7167985B2 (en) System and method for providing trusted browser verification
US20030074330A1 (en) Efficient electronic auction schemes with privacy protection
WO2008048713A2 (en) Practical secrecy-preserving, verifiably correct and trustworthy auctions
AU7202698A (en) Initial secret key establishment including facilities for verification of identity
US20160359633A1 (en) System and method for publicly certifying data
CN111242453A (en) Financial evaluation method and system based on block chain
JP2004030121A (en) Electronic contract system
Wu et al. New sealed-bid electronic auction with fairness, security and efficiency
JPH02118876A (en) Electronic bidding system
Liao et al. A trustworthy Internet auction model with verifiable fairness
Pasupathinathan et al. A fair e-tendering Protocol
JP4560004B2 (en) Information certification method
JP5159752B2 (en) Communication data verification device and computer program therefor
JP2001101316A (en) Electronic bidding method, digital subscribing method, recording medium and information proving method
KR20010017358A (en) Method for making the fair blind signatures
Chen et al. A secure and fair joint e-lottery protocol

Legal Events

Date Code Title Description
FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20070919

Year of fee payment: 10

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20080919

Year of fee payment: 11

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20080919

Year of fee payment: 11

EXPY Cancellation because of completion of term
FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20090919

Year of fee payment: 12

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20090919

Year of fee payment: 12