Auctions are now central to blockchain markets, settling NFT sales, token launches, DeFi liquidations, and arbitrage opportunities. Each on-chain bid is a public transaction whose inclusion is decided by a single consensus proposer per block. The proposer can observe pending bids, exclude competitors, and submit bids of their own, breaking the fairness guarantees of classical sealed-bid auctions. To enable latency-sensitive sealed-bid auctions in blockchain settings, we formalize four properties -- each necessary to prevent a concrete attack -- and design a protocol achieving all four: hiding bid contents, existence, and bidder identity until reveal (Hiding); counting all timely honest bids and rejecting late adversarial bids (Simultaneous Release); preventing silent withdrawal of committed bids (No Free Bid Withdrawal); and charging on-chain fees only to winners (Auction Participation Efficiency). Our protocol uses a timestamping oracle (instantiated with a committee of 2f_ts+1 timestampers) and a censorship-resistant inclusion predicate (instantiated using a FOCIL-based inclusion list), with only the winning bid settled on-chain. Our construction relies on two zero-knowledge proofs: an eligibility proof that anonymously proves deposit membership to the timestamping committee, and an auction proof that binds a bid to a specific auction for the inclusion list committee. We implement both using Groth16 over BN254 with Poseidon hashing in arkworks/Rust: the auction proof generates in 13 ms and verifies in under 1 ms; eligibility proofs for Merkle trees up to 2^32 bidders generate in 47-159 ms and verify in about 1 ms. Together, this yields a sealed-bid auction primitive practical for high-value, time-sensitive blockchain settings.

翻译：拍卖现已成为区块链市场的核心，用于结算NFT销售、代币发行、DeFi清算及套利机会。每笔链上竞价均为公开交易，其包含与否由每个区块内单一的共识提议者决定。提议者可观察待处理竞价、排除竞争对手并提交自身竞价，从而破坏了经典密封竞价拍卖的公平性保障。为在区块链场景中实现延迟敏感的密封竞价拍卖，我们形式化了四项属性——每项属性均用于防范特定攻击——并设计了同时满足四项属性的协议：在揭晓前隐藏竞价内容、存在性及竞标者身份（隐藏性）；统计所有准时诚实的竞价并拒绝延迟的对抗性竞价（同时发布）；防止已提交竞价被静默撤销（无免费竞价撤销）；仅向获胜者收取链上费用（拍卖参与效率）。我们的协议使用时间戳预言机（由2f_ts+1个时间戳服务者组成的委员会实例化）和抗审查包含谓词（基于FOCIL的包含列表实例化），仅将获胜竞价结算至链上。该构建依赖两种零知识证明：匿名证明存款成员身份以访问时间戳委员会的资格证明，以及将竞价绑定至特定拍卖以供包含列表委员会验证的拍卖证明。我们使用arkworks/Rust框架中基于BN254曲线与Poseidon哈希函数的Groth16方案实现了二者：拍卖证明生成耗时13毫秒，验证时间不足1毫秒；针对含2^32竞标者的默克尔树，资格证明生成耗时47-159毫秒，验证时间约1毫秒。综上，该密封竞价拍卖原语适用于高价值、时间敏感的区块链场景。