Computing without Revealing: A Cryptographic Approach to eProcurement

Abstract

In typical eProcurement processes, sensitive data such as prices, intellectual property, and customer information often flow across enterprise boundaries. Such sharing amplifies the risk of the data breach due to exposure to the potential security flaws of eProcurement partners. Threats of information leakage inhibit enterprises from sharing sensitive data; thus, enterprises cannot take full advantage of the eProcurement process. Existing cryptography-based data sharing protocols impose a high computational burden for maintaining data confidentiality in the procurement process. This additional burden makes existing cryptographic approaches unsuitable for real-time applications. With this motivation, we address the following research question: How can procurers and suppliers securely conduct their business transactions without revealing their confidential information?

The technical approach for addressing the research question consists of developing foundational protocols for secure lightweight computations. The approach enables procurers and suppliers to perform computations while preserving their confidential information. In this report, we show how Computing-without-Revealing (CWR)-based data sharing protocols can be used as building blocks to execute auctions in the procurement process for standard products and innovative technologies. The design of a software embodiment of these protocols as a web-based platform is described. The platform is used to conduct experiments for measuring the performance of the developed protocols against competing techniques. Experimental results corroborate the efficiency of the developed protocols, making them suitable for real-time applications. The application of the protocols is demonstrated for different eProcurement scenarios, including first and second-price auctions for standard products. Pilot laboratory experiments were conducted to understand the behavioral implications of using these protocols in eProcurement scenarios. Results from the pilot experiment are discussed.