Practical Verifiable & Privacy-Preserving Double Auctions

Abstract

Double auctions are procedures to trade commodities such as electricity or parts of the wireless spectrum at optimal prices. Buyers and sellers inform the auctioneer what quantity they want to buy or sell at specific prices. The auctioneer aggregates these offers into demand and supply curves and finds the intersection representing the optimal price. In this way, commodities exchange owners in an economically-efficient manner. Ideally, the auctioneer is a trusted third party that does not abuse the information they gain. However, the offers reveal sensitive information about the traders, which the auctioneer may use for economic gain as insider information. These concerns are not theoretical; investigations against auctioneers in electricity and advertisement auctions for manipulating auctions are ongoing. These concerns call for solutions that conduct double auctions in a privacy-preserving and verifiable way. However, current solutions are impractical: To the best of our knowledge, the only solutions satisfying these properties require full interaction of all participants. In this work, we design a more practical solution. We propose the first privacy-preserving and verifiable double auction scheme that does not require traders to interact actively, tailored to electricity trading on (inter)national exchanges. Our solution relies on homomorphic encryption, commitments, and zero-knowledge proofs. In a simulated auction with 256 traders, we observe that traders take up to 10 seconds to generate their order, the auctioneer takes 10 seconds to verify an order, and the auction result is computed and verified in 30 seconds. We extrapolate these results to larger auctions to show the practical potential.