Our solution is based on an advanced secure coprocessor environment such as IBM 4758, as discussed in Section 3.2.
The basic idea is that trusted software is loaded onto the secure coprocessor securely. The trusted software and the secure coprocessor together act as a secure auction marketplace (SAM). This SAM then becomes an authenticated computational entity, whose internal state and operations cannot be examined or altered by an adversary--even one with direct physical access to that hardware.
In our case, this ``trusted software'' would be a secure auction operating system (SAOS), which offers the following API:
A party (such as ourselves, once our work is finished) would obtain an application-developer certificate from the coprocessor manufacturer, and publish full information (source and signed executable) so that parties could both verify that this source matches this executable, and then install this executable in a virgin coprocessor.
This SAM could then use the coprocessor's outbound authentication API to obtain a pair of public/private keypairs (one for encryption, one for signatures) certified to belong to that SAM. These give SAM the ability to provide authorized advertisement before the auction opening time by publishing the signed auction advertisement. The auction advertisement contains an unique auction ID, and an auction specification which specifies the trading rules. During the auction, the bidders send their bids (or strategy programs) encrypted with SAM's public key to the marketplace which returns a signed receipt. By binding the bid or strategy to an auction ID, the bidder is assured that the bid is evaluated according to the auction specification, i.e. it is only evaluated after the auction closing time, and it is only evaluated for the intended auction by the specified trading rules. After the auction closing time, the SAM evaluates the bids according to the published auction specification, and outputs an authenticated result of the auction, in conformance with the result disclosure rules.