Skip to main content

Privacy Considerations

AI-Generated Content

This section contains AI-generated content that requires human review and validation.

Overview

While standard sealed-bid auctions hide bids during submission, they reveal all bid information during the reveal phase. For sensitive auctions involving high-value assets, strategic positions, or competitive markets, this level of transparency can be problematic.

Privacy-preserving auctions use advanced cryptographic techniques to enable bid verification and winner determination while keeping bid amounts private—even from the auction system itself.

Why privacy matters in auctions

Information leakage risks

During bidding:

  • Strategic position disclosure: Large bids reveal accumulation interest
  • Market impact: Visible demand can move prices in related markets
  • Front-running: MEV extractors can exploit visible high-value bids

After settlement:

  • Competitive intelligence: Losing bids reveal willingness to pay for similar assets
  • Future auctions: Past bid history influences future auction behavior
  • Market manipulation: Revealed valuations can be used to manipulate related markets

Real-world scenarios requiring privacy

Institutional participation:

  • Large funds don't want to reveal acquisition strategies
  • Competitive positioning in rare asset markets
  • Portfolio rebalancing that signals strategic shifts

Collection wind-down:

  • Token holders don't want to reveal desperation to exit
  • Large holders may face market impact if visible
  • Privacy enables honest valuation without fear of exploitation

Strategic acquisitions:

  • Collectors don't want to signal valuation of specific assets
  • Accumulating positions across multiple auctions
  • Avoiding collusion or targeting by other participants

Privacy techniques

Commit-reveal with hashing

Standard approach (provides limited privacy):

  1. Commit phase: Bidder submits h=hash(bid,salt,address)h = \text{hash}(bid, salt, address)
  2. Reveal phase: Bidder reveals (bid,salt)(bid, salt)
  3. Verification: System checks hash(bid,salt,address)=h\text{hash}(bid, salt, address) = h

Privacy level: Bids are private during commit phase, but fully revealed during reveal phase.

Use case: Prevents strategic bidding based on others' bids, but doesn't hide final valuations.

Zero-knowledge proofs (ZKPs)

Advanced approach using zero-knowledge proofs:

Bidder proves properties about their bid without revealing the bid itself:

  • "My bid is above the minimum threshold"
  • "I have sufficient balance to cover my bid"
  • "My bid commits to specific parameters"

ZK-SNARK auction flow

Bid submission:

  1. Bidder creates commitment: C=commit(bid,randomness)C = \text{commit}(bid, randomness)
  2. Bidder generates ZK proof π\pi proving:
    • CC commits to a valid bid bb where bbminb \geq b_{\min}
    • Bidder has balance b×q\geq b \times q (quantity)
    • Bid format is valid
  3. Bidder submits (C,π)(C, \pi) on-chain

Verification:

  • Contract verifies proof π\pi without learning bb
  • If valid, commitment CC is recorded

Winner determination (requires secure computation or trusted setup):

  • Use MPC (multi-party computation) or threshold decryption
  • Determine winners without revealing losing bids
  • Reveal only winning bid amounts (or just clearing price)

Privacy level: Bids remain encrypted. Only necessary information (winners, clearing price) is revealed.

Homomorphic encryption

Advanced approach enabling computation on encrypted data:

Bidders submit encrypted bids that can be compared and ranked without decryption.

Auction flow with homomorphic encryption

Setup:

  • Generate public encryption key pkpk and shared/threshold decryption setup
  • Auction contract holds pkpk

Bid submission:

  1. Bidder encrypts bid: c=Encpk(bid)c = \text{Enc}_{pk}(bid)
  2. Bidder submits ciphertext cc on-chain
  3. Optional: ZK proof that cc encrypts a valid bid

Winner determination (on encrypted bids):

Using homomorphic properties:

  • Comparison: Compute Enc(bidi>bidj)\text{Enc}(bid_i > bid_j) without decrypting either bid
  • Maximum: Find Enc(max(bid1,bid2,,bidn))\text{Enc}(\max(bid_1, bid_2, \ldots, bid_n))
  • Allocation: Determine winners based on encrypted comparisons

Reveal (selective decryption):

  • Decrypt only necessary information:
    • Winning bid(s)
    • Or just the clearing price
  • Losing bids remain encrypted forever

Privacy level: Strongest—bids can remain encrypted even after auction completion. Only clearingprice need be revealed.

Secure multi-party computation (MPC)

Advanced approach where computation is distributed across multiple parties:

No single party can see all bids. Winner is determined through collaborative computation.

MPC auction flow

Setup:

  • kk computation nodes (e.g., k=5k = 5)
  • Threshold scheme: need tt nodes to decrypt (e.g., t=3t = 3)

Bid submission:

  1. Bidder splits bid into kk shares: bid=s1+s2++skbid = s_1 + s_2 + \cdots + s_k
  2. Bidder sends share sis_i to computation node ii (privately)
  3. Each node records its share

Winner determination:

  • Nodes collaboratively compute maximum bid, winners, clearing price
  • Use secure MPC protocols (e.g., Shamir secret sharing, garbled circuits)
  • No single node ever sees any complete bid

Reveal:

  • Nodes collaboratively reveal only necessary outputs (winners, clearing price)
  • Individual bid shares remain private

Privacy level: Very strong—distributed trust model. Requires collusion of t\geq t nodes to breach privacy.

Comparison of techniques

TechniquePrivacy LevelComplexityOn-chain CostAssumptions
Commit-reveal (hash)Low (reveals all eventually)LowLowNone
Zero-knowledge proofsHighMedium-HighMediumTrusted setup (some schemes)
Homomorphic encryptionVery HighHighHighComputational overhead
MPCVery HighHighMediumDistributed trust (honest majority)

Implementation considerations

Trade-offs

Privacy vs. transparency:

  • More privacy → less transparency for verification
  • Need balance based on use case

Privacy vs. efficiency:

  • Advanced cryptography → higher gas costs
  • ZK proofs and homomorphic operations are expensive on-chain

Privacy vs. simplicity:

  • More privacy → more complex user experience
  • Need to educate users on privacy mechanisms

Gas cost implications

Approximate gas cost multipliers (vs. standard auction):

  • Commit-reveal (hash): ~1.5x (two transactions per bid)
  • ZK-SNARKs: ~3-5x (proof verification on-chain)
  • Homomorphic encryption: ~10-20x (expensive computations)
  • MPC: ~2-3x (off-chain computation, on-chain coordination)

User experience

Complexity for bidders:

  • Commit-reveal: Simple, just need to return for reveal
  • ZK proofs: Need client-side proof generation (may require specialized tools)
  • Homomorphic encryption: Need encryption library, but straightforward
  • MPC: Need to connect to MPC nodes, more complex

Trust model:

  • Commit-reveal: Trust the smart contract
  • ZK proofs: Trust the cryptographic setup (or use transparent schemes)
  • Homomorphic encryption: Trust the decryption key management
  • MPC: Trust that a threshold of MPC nodes are honest

When to use privacy-preserving auctions

High-value assets

  • Luxury collectibles worth $1M+
  • Institutional-scale token allocations
  • Strategic acquisitions with market impact

Competitive environments

  • Multiple sophisticated bidders with competing interests
  • Markets where information leakage affects related positions
  • Auctions with repeat participants across multiple rounds

Regulatory requirements

  • Jurisdictions requiring bid privacy
  • Auctions involving sensitive financial information
  • Compliance with data protection regulations

Strategic importance

  • Collection wind-down where holder privacy is critical
  • Rare asset acquisitions with long-term accumulation strategies
  • Situations where bid history could enable market manipulation

Tiered privacy model

Tier 1: Standard sealed-bid (commit-reveal with hash)

  • Use for: Most auctions, general token distributions
  • Privacy: Bids private during bidding, revealed at settlement
  • Cost: Low

Tier 2: ZK-SNARK auctions (zero-knowledge proofs)

  • Use for: High-value assets ($100K+), institutional auctions
  • Privacy: Bids remain private, only winners/clearing price revealed
  • Cost: Medium

Tier 3: MPC auctions (secure multi-party computation)

  • Use for: Extremely sensitive auctions, regulatory requirements
  • Privacy: Maximum privacy, distributed trust
  • Cost: Medium-High (off-chain coordination)

Configuration per collection

Allow curators to select privacy tier based on:

  • Asset value and sensitivity
  • Expected participant sophistication
  • Regulatory requirements
  • Budget for gas costs

Implementation roadmap

Phase 1: Foundation (Mainnet launch)

  • Implement standard commit-reveal sealed-bid auctions
  • Support basic privacy during bidding phase
  • Focus on UX and gas efficiency

Phase 2: ZK Integration (Post-launch enhancement)

  • Integrate ZK-SNARK bid verification
  • Support private bid amounts with public winner determination
  • Optimize proof generation and verification

Phase 3: Advanced Privacy (Future development)

  • Explore homomorphic encryption for specific use cases
  • Partner with MPC infrastructure providers
  • Support fully private auctions for institutional clients

Security considerations

Potential attacks

Bid extraction attacks:

  • Timing analysis: Observing bid submission patterns
  • Network analysis: Monitoring bidder IP addresses
  • Side-channel attacks: Extracting information from proof generation

Mitigation:

  • Use mixers or privacy networks for bid submission
  • Batch bid submissions to hide timing
  • Secure client-side proof generation environments

Collusion:

  • MPC node collusion to extract bid information
  • ZK setup ceremony compromise

Mitigation:

  • Threshold schemes requiring multiple colluders
  • Transparent ZK schemes (STARKs, Bulletproofs)
  • Regular security audits

Audit requirements

For privacy-preserving auctions:

  • Cryptographic security audit (proof systems, encryption)
  • Smart contract security audit (implementation vulnerabilities)
  • Economic mechanism design review (incentive compatibility)
  • Privacy analysis (information leakage, side channels)