| (1) | tender: P inputs signed with |
| (2) | Smart contract forwards to , , |
| (3) | bid:, , receive |
| (4) | sample encryption randomness r |
| (5) | eprice := ENC (, r, $price) |
| (6) | := NIZK.prove((, eprice), ($price, r)) |
| (7) | , …, send (eprice, ) |
| (8) | Smart contract receives (eprice, ) from () |
| (9) | assert current time |
| (10) | assert this is the first bid input |
| (11) | assert NIZK.verify (, , (P, eprice)) |
| (12) | Smart contract sends (, eprice) to P |
| (13) | store eprice, to use later in |
| (14) | compute: on input (compute) as Supplier , …, |
| (15) | assert current time |
| (16) | P decrypts and stores($ price) := DEC(, eprice) |
| (17) | if this is the last compute received then |
| (18) | for such that has not called for compute |
| (19) | $price := + |
| (20) | end if |
| (21) | winsupplier := −1 |
| (22) | bestprice: = + |
| (23) | fordo |
| (24) | if.price < bestprice then |
| (25) | bestprice := .price |
| (26) | := |
| (27) | end if |
| (28) | end for |
| (29) | store and output |
| (30) | signs with |
| (31) | broadcasts |
| (32) | Relation (statement, witness) is defined as |
| (33) | parse statement as (P.eprice) |
| (34) | parse witness as ($price, r) |
| (35) | assert eprice = ENC(, r, $price) |
