Auctions are ubiquitous in crypto. From Maker collateral auctions, to Flashbots’ sealed-bid blockspace auctions and NFT auctions on OpenSea, auctions are suitable for a wide array of situations where price discovery, liquidity, or allocation of scarce resources is needed, both on and off-chain –a16zcrypto
Sealed-bid first-price: Each bidder submits a sealed bid (e.g. in a sealed envelope) to the auctioneer/organizer. Once all bids are submitted, the auctioneer privately reads them and announces the winner (the highest bidder).
Most common auctions that occur onchain are English or Dutch auctions which sometimes lead to bidding wars and gas wars. With sealed bid auctions a user has no incentive to bid multiple times or use bots. Were as marketplace like opensea performs auction off-chain to save gas but there is trust involved.
Web2 version
Main challenges to solve this problem:
Shadow Vault
commitments are like shielded UTXOs
When a user bids for a auction, there is no way for others to find out how many commitments he has locked for a particular auction. So its not trivial to estimated an upper bound for a bid as One needs to know exactly how many addresses the bidders owns/controls. One can deposit from multiple addresses to the vault.
The vault contract store the root of the merkel tree off all the commitments and the mina deposited along with them.
Note
That the vault is not intented to be used as a mixer(tornado cash) as burning the commitments reveals which address deposited/created those commitments.
Proof of collateral
Users will lock funds in the vault and prove it to participate in the bidding process.
This contract is responsible for managaing the auction process.
modified commit reveal scheme.
Cons:
Using VDFs for reveal.
Pros:
Cons:
Using DKG, where a network of nodes share the private key, for example with a 7/11 system one needs to corrupt atleast 7 nodes to gain access to the key.
This is similar to option 2, but the network of nodes publishes a public key, with which, every user will encrypt then after the time limit the network will work together to decrypt every bids and compute the final price. For example, with a 7/11 system as long as alteast 5 nodes are honest the system with work.
To make the network more decentralized and secure, we might need tokenomics incentive, slashing mechanics and the ability to join/leave the network permissionlessly.
Some projects already provide DKG as a service like.
Pros:
Cons:
Using homo-morphic encryption(Elgamal) the idea is taken from this paper.
A rough idea of how this scheme works,
First the bids are encoded into vectors,
for example, 2 => [0,1,0,0,..0]
, 4 => [0,0,0,1,..0]
Then it's encryted using elgamal, with the private key is shared between a group of participants.
Elgamal is a partially homomorphic encryption scheme that enables computations on encrypted data with either addition OR multiplication
After the bids are encrypted no one can figure out the bids, But all encrypted bid vectors can be added. Now, the idea is, if we multiply the summation of the bid vectors with a lower triangular matrix of all 1's the resultant vector will have 1 in the position of the highest bid and 2 in the position of the second highest bid and so on. The paper builds and imporoves on this idea such that only the winner of the auction can figure out the final selling price.
Pros:
Cons: