“Blockchainify” tender processes

Calls for tenders, requests for proposals and sealed-bid auctions, while less frequent in the private sector, are common and necessary processes on government agencies. However, no matter the good intentions for implementing them, they are still a constant source of fraud and corruption.

Their procedures usually involve one of these alternatives:

• Safeguarded sealed envelopes: printed bids are delivered in sealed envelopes and kept in custody until deadline, when they are opened for evaluation. Old fashioned, but still used in many places.
• Software solutions: bids are submitted in digital form and managed using an eTendering/eProcurement/eGovernment platform.

Both methods require trusting that the ones receiving tender proposals won’t leak them to other bidders before the deadline (bribery, conflict of interest, nepotism), making it possible to outbid competitors by using inside information.

Ugandan anti-corruption sign. Photo by www.futureatlas.com.

Therefore, bid confidentiality requires trust to be placed in envelope custodians, sysadmins, developers, database administrators and any hierarchy position with enough power to have early access to received bids.

Digital signatures, encryption and trusted timestamping can help to some degree, while achieving bidder authentication, bid integrity and non-repudiation of tender proposals. But although they prevent some malicious intentions, they fall short on many counts, like providing insider threat mitigation (risk from trusted parties).

As an example, a fraudulent bidder could prepare multiple bids, all of them digitally signed and timestamped. Then, after the deadline and in collusion with auctioneer’s database administrator, see competitors’ proposals and set the bid that better fits his needs.

Trust in math

We evolved from trust in envelopes and their custodians, to trust in software solutions and their administrators. Likewise, blockchain technology could be a logical next step: trust in math.

The idea, brought to us by my friend Rodolfo Andragnes, aims to take advantage of blockchains’ immutability to solve some of the problems that traditional tender solutions can’t.

How it works

The basis is to employ a blockchain-based scheme to digitally sign and timestamp everything happening between parties, and never to send proposals before the deadline. Instead, bidders send the result of a cryptographic hash function applied to the proposal.

Proposal content is not exposed, and its resulting hash is blockchain-recorded, impeding any change on its timestamp or value. Updating proposals work in the same way, where the last signed and recorded hash is the valid one, as long as deadline is met.

Photo by ccPixs.com.

Later, after the bidding deadline, the complete proposals are finally sent, and their hash values are compared with the ones already recorded. Since changing anything in the proposal would result in a different hash, matching values act as proposal’s proof of authenticity.

Risk of bids getting in the wrong hands at the wrong time is eliminated, while trusting the individuals, organizations or third parties being part of the process is no longer needed.

Procedure

A more complete and streamlined procedure, preventing a few more attacks and simplifying its use, might be as follows:

1. Publish: request for tender is published and digitally signed, while proof of authenticity of it is blockchain-recorded to guarantee that tender conditions won’t be changed without notice.
2. Submit: bidders or suppliers submit their proposals, they are signed, client-side encrypted, and proof of authenticity of them is blockchain-recorded. Since the proposal is received in encrypted form, at this time no one other than the sender knows its contents.
3. Deadline and tender opening: after the deadline all proposals are decrypted and checked against their already recorded proof of authenticity, ensuring that they weren’t changed.
4. Evaluation and results: tender proposals are evaluated and results notified. Winning bid can be made public for anyone to verify its authenticity, or to make it possible for other bidders to prove they sent a better proposal.

Final thoughts

Procurement processes are susceptible to different types of tender fraud, many of them not falling under the scope of technology. Nonetheless, digital signatures, secure timestamps and permissionless blockchain notarization, all of them already combined and available in Bitcoin’s blockchain, can mitigate many of the common collusion, manipulation and fraud found in tender processes, providing real improvement.

Update: Tender processes follow-up.