3.2. Vickrey Price Sharing
The Vickrey Auction (Second-Price Sealed-Bid) model is widely recognized in economic theory as the most efficient mechanism for price discovery. It incentivizes rational participants to bid their true maximum valuation, knowing they will only pay the amount of the second-highest bid.
However, implementing Vickrey pricing on traditional blockchains is computationally prohibitive and economically dangerous. Sorting encrypted bids, calculating the second price, and distributing differential refunds requires O(n log n) on-chain operations, exposing plaintext values to validators and creating severe Out-of-Gas (OOG) risks.
Fhenix-FairMarket v2.0 resolves this by delegating the cryptographic sorting and Vickrey calculation to the FHEOS Off-Chain Coprocessor, then settling the differential via an Asynchronous Pull-Refund Architecture. This ensures mathematical fairness, zero plaintext leakage, and deterministic gas consumption regardless of participant count.
Core Design Principles
| Principle | Technical Implementation |
|---|---|
| Off-Chain FHE Sorting | FHEOS servers receive the batch of bytes32 ciphertext hashes and use FHE.select constant-time multiplexers to identify the highest and second-highest bids entirely in encrypted space. |
| Constant-Time Execution | FHE.select ensures comparison duration remains uniform regardless of input magnitude, neutralizing timing side-channel attacks that could infer price ranges. |
| Encrypted Differential Settlement | The coprocessor returns both the winnerCiphertext and secondPriceCiphertext. The smart contract debits the winner’s escrow by the second price, while non-winners claim full refunds. |
| Pull-Over-Push Compatibility | No automated distribution loops. Each participant invokes claimRefund() independently. The contract calculates exact payout based on encrypted settlement results. |
| AVS Cryptoeconomic Finality | The off-chain Vickrey result is cryptographically signed by EigenLayer AVS operators. submitResolution() rejects any mismatched proof, ensuring economic alignment over blind trust. |
️ Technical Implementation
1. Off-Chain FHEOS Vickrey Computation
The coprocessor executes homomorphic comparisons without decrypting values. FHE.select acts as a cryptographic multiplexer that routes results based on encrypted boolean conditions.
// Pseudo-architecture: FHEOS Off-Chain Vickrey Engine (cofheDispatcher.ts → FHEOS)
async function computeVickreyResult(ciphertexts: InEuint32[]): Promise<VickreyPayload> {
// 1. Initialize encrypted trackers
let highestBid = ciphertexts[0];
let secondHighest = FHE.asEuint32(0);
// 2. Constant-time FHE comparison loop
for (let i = 1; i < ciphertexts.length; i++) {
const isHigher = FHE.gt(ciphertexts[i], highestBid);
// FHE.select: Route values homomorphically without decryption
secondHighest = FHE.select(isHigher, highestBid, secondHighest);
highestBid = FHE.select(isHigher, ciphertexts[i], highestBid);
}
// 3. Return encrypted results + AVS operator signatures
return {
winnerCiphertext: highestBid,
secondPriceCiphertext: secondHighest,
avsProof: await aggregateAVSSignatures([highestBid, secondHighest])
};
}2. On-Chain Vickrey Settlement (submitResolution)
The smart contract acts as a state verifier and payout router. It accepts the AVS-verified result and configures the claimRefund() logic accordingly.
// packages/contracts/core/FhenixFairMarket.sol
function submitResolution(
uint256 auctionId,
bytes32 winnerCiphertext,
bytes32 secondPriceCiphertext,
bytes calldata avsProof
) external {
require(state == AuctionState.RESOLVING, "Invalid state");
// Cryptographic verification of AVS threshold signatures
_verifyAVSProof(auctionId, winnerCiphertext, avsProof);
// Record Vickrey settlement parameters
auctions[auctionId].winnerCiphertext = winnerCiphertext;
auctions[auctionId].secondPrice = FHE.getRawValue(secondPriceCiphertext); // Decrypted for settlement routing
auctions[auctionId].state = AuctionState.FINALIZED;
emit AuctionFinalized(auctionId, winnerCiphertext, secondPriceCiphertext);
}3. Pull-Refund Execution with Vickrey Deduction
Non-winning bidders receive their full escrowBalance. The winner receives escrowBalance - secondPrice. The difference is routed to the seller.
function claimRefund(uint256 _auctionId) external {
require(state == FINALIZED, "Auction not finalized");
require(!hasWithdrawn[msg.sender], "Already withdrawn");
uint256 balance = escrowBalances[msg.sender];
uint256 payout = balance;
// If claimant is the winner, deduct second price
if (msg.sender == auctions[_auctionId].winner) {
payout = balance - auctions[_auctionId].secondPrice;
// Route winner's payment to seller
(bool paidSeller, ) = auctions[_auctionId].seller.call{value: auctions[_auctionId].secondPrice}("");
require(paidSeller, "Seller payout failed");
}
// State mutation BEFORE transfer (Anti-Reentrancy)
escrowBalances[msg.sender] = 0;
hasWithdrawn[msg.sender] = true;
(bool success, ) = msg.sender.call{value: payout}("");
require(success, "Refund transfer failed");
emit RefundClaimed(_auctionId, msg.sender, payout);
}Architectural Impact & Comparison
| Metric | Traditional On-Chain Vickrey | Fhenix-FairMarket CoFHE Vickrey |
|---|---|---|
| Sorting Complexity | O(n log n) or O(n²) on-chain gas | O(n) off-chain; O(1) on-chain verification |
| Plaintext Exposure | High during sorting/settlement phases | Zero. All comparisons use FHE.select constant-time gates |
| Gas Consumption | Scales exponentially with bidder count | Flat < 45k gas for submitResolution() + individual claims |
| Refund Mechanism | Push-based loops (OOG vulnerable) | Pull-based individual claims (100% OOG immune) |
| Economic Finality | Relies on block confirmations | Backed by EigenLayer AVS economic staking + Fraud Proofs |
Vickrey Settlement Flow
️ Security & Economic Guarantees
- True Valuation Incentive: Participants maximize economic utility by bidding their exact upper limit. Overbidding carries no penalty; underbidding risks losing the asset. The encrypted nature guarantees no strategic gaming based on visible highest bids.
- Anti-Inference Protection:
FHE.selectexecution clocks remain identical for all input ranges. Attackers cannot measure response times to reverse-engineer the second price or winner margin beforeFINALIZEDstate transition. - AVS Economic Alignment: Operators staking ETH/LSTs via EigenLayer are financially penalized (
Slashing) if they submit manipulated Vickrey results. TheFraud Proofchallenge window ensures community verifiers can dispute incorrect off-chain computations. - Capital Preservation: The
Pull over Pushpattern ensures that even if a winner fails to claim their refund (paying the second price), the remaining escrow remains securely locked until claimed, never lost to failed loops or OOG reverts.
Audit Gate Compliance (P0/P1)
The protocol enforces strict Vickrey settlement verification gates. Progression is blocked until all items pass:
- [] Zero Plaintext Sorting: No
for/whileloops performing value comparisons exist on-chain. All sorting occurs off-chain via FHEOS. - [] Constant-Time Enforcement:
FHEOSendpoints validated forFHE.selectuniformity; timing variance< ±2msacross all bid ranges. - [] AVS Proof Requirement:
submitResolution()rejects any payload lacking valid aggregated operator signatures. - [] Pull-Refund Integrity:
claimRefund()updateshasWithdrawnbeforecall{value: amount}. Winner deduction logic is mathematically bounded. - [] Differential Routing: Seller payout executes atomically during winner claim; no orphaned funds or partial settlement states.
- [] Event Log Neutrality:
AuctionFinalizedemits only ciphertext hashes and state transitions. Zero plaintext bid values or exact prices are logged.
Next Steps
- Proceed to 3.3. MEV Front-Running Protection to understand how opaque ciphertext payloads neutralize validator reordering attacks.
- Review 3.4. Bid Sniping Prevention for hard-state closure mechanics and dynamic timeout integration.
- Explore Technical Components → SettlementEngine.sol for pull-refund routing, slasher integration, and payout mapping architecture.