Open Research Questions of Privacy-Enhanced Event Scheduling

  • Benjamin Kellermann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6555)


Event-scheduling applications like Doodle have the problem of privacy relevant information leakage. A simple idea to prevent this would be to use an e-voting scheme instead.

However, this solution is not sufficient as we will show within this paper. Additionally we come up with requirements and several research questions related to privacy-enhanced event scheduling. These address privacy, security as well as usability of privacy-enhanced event scheduling.


event scheduling electronic voting superposed sending anonymity privacy-enhanced application design 


  1. 1.
    Näf, M.: Doodle homepage (April 2010),
  2. 2.
    Silaghi, M.C., Sam-Haroud, D., Faltings, B.: Asynchronous search with aggregations. In: Proceedings of the Seventeenth National Conference on Artificial Intelligence and Twelfth Conference on Innovative Applications of Artificial Intelligence, pp. 917–922. AAAI Press/The MIT Press (2000)Google Scholar
  3. 3.
    Yokoo, M., Hirayama, K.: Algorithms for distributed constraint satisfaction: A review. Autonomous Agents and Multi-Agent Systems 3(2), 185–207 (2000)CrossRefGoogle Scholar
  4. 4.
    Léauté, T., Faltings, B.: Privacy-preserving multi-agent constraint satisfaction. In: Conference on Information Privacy, Security, Risk and Trust (PASSAT 2009) [34], pp. 17–25 (2009)Google Scholar
  5. 5.
    Modi, P.J., Shen, W.M., Tambe, M., Yokoo, M.: Adopt: Asynchronous distributed constraint optimization with quality guarantees. Artificial Intelligence 161, 149–180 (2004)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Maheswaran, R.T., Tambe, M., Bowring, E., Pearce, J.P., Varakantham, P.: Taking dcop to the real world: Efficient complete solutions for distributed multi-event scheduling. In: AAMAS, pp. 310–317. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  7. 7.
    Mailler, R., Lesser, V.: Solving distributed constraint optimization problems using cooperative mediation. In: AAMAS 2004: Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, Washington, DC, USA, pp. 438–445. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  8. 8.
    Franzin, M.S., Freuder, E.C., Rossi, F., Wallace, R.: Multi-agent meeting scheduling with preferences: Efficiency, privacy loss, and solution quality. AAAI Technical Report WS-02-13 (2002)Google Scholar
  9. 9.
    Greenstadt, R., Pearce, J.P., Bowring, E., Tambe, M.: Experimental analysis of privacy loss in DCOP algorithms. In: Proc. of ACM AAMAS, pp. 1424–1426. ACM Press, New York (2006)Google Scholar
  10. 10.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. ACM Commun. 24(2), 84–90 (1981)CrossRefGoogle Scholar
  11. 11.
    Park, C., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/Nothing election scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  12. 12.
    Ogata, W., Kurosawa, K., Sako, K., Takatani, K.: Fault tolerant anonymous channel. In: Han, Y., Okamoto, T., Qing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 440–444. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  13. 13.
    Abe, M.: Universally verifiable mix-net with verification work independent of the number of mix-servers. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 437–447. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    Jakobsson, M.: A practical mix. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 448–461. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: SFCS 1985: Proceedings of the 26th Annual Symposium on Foundations of Computer Science (sfcs 1985), Washington, DC, USA, pp. 372–382. IEEE Computer Society, Los Alamitos (1985)CrossRefGoogle Scholar
  16. 16.
    Benaloh, J.C., Yung, M.: Distributing the power of a government to enhance the privacy of voters. In: PODC 1986: Proceedings of the Fifth Annual ACM Symposium on Principles of Distributed Computing, pp. 52–62. ACM, New York (1986)CrossRefGoogle Scholar
  17. 17.
    Sako, K., Kilian, J.: Secure voting using partially compatible homomorphisms. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 411–424. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  18. 18.
    Baudron, O., Fouque, P.A., Pointcheval, D., Stern, J., Poupard, G.: Practical multi-candidate election system. In: PODC 2001: Proceedings of the Twentieth Annual ACM Symposium on Principles of Distributed Computing, pp. 274–283. ACM, New York (2001)CrossRefGoogle Scholar
  19. 19.
    Chaum, D.: Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 177–182. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  20. 20.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  21. 21.
    Sako, K.: Electronic voting scheme allowing open objection to the tally. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 77(1), 24–30 (1994)Google Scholar
  22. 22.
    Ohkubo, M., Miura, F., Abe, M., Fujioka, A., Okamoto, T.: An improvement on a practical secret voting scheme. In: Mambo, M., Zheng, Y. (eds.) ISW 1999. LNCS, vol. 1729, pp. 225–234. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  23. 23.
    DuRette, B.W.: Multiple administrators for electronic voting. Bachelor’s thesis, Massachusetts Institute of Technology (May 1999)Google Scholar
  24. 24.
    Kellermann, B., Böhme, R.: Privacy-enhanced event scheduling. In: Conference on Information Privacy, Security, Risk and Trust, PASSAT 2009 [34], pp. 52–59 (2009)Google Scholar
  25. 25.
    Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. ACM Commun. 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  26. 26.
    Cranor, L., Cytron, R.: Sensus: A security-conscious electronic polling system for the internet (1997)Google Scholar
  27. 27.
    Herschberg, M.A.: Secure electronic voting over the world wide web. Master’s thesis, Massachusetts Institute of Technology (May 1997)Google Scholar
  28. 28.
    Herlea, T., Claessens, J., Preneel, B., Neven, G., Piessens, F., Decker, B.D.: On securely scheduling a meeting. In: Dupuy, M., Paradinas, P. (eds.) SEC. IFIP Conference Proceedings, vol. 193, pp. 183–198. Kluwer, Dordrecht (2001)Google Scholar
  29. 29.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1(1), 65–75 (1988)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Kellermann, B.: Datenschutzfreundliche Terminplanung. In: Mehldau, M.w. (ed.) Proceedings of the 26th Chaos Communication Congress, Marktstraße 18, 33602 Bielefeld, Chaos Computer Club, Art d’Ameublement, pp. 207–211 (December 2009)Google Scholar
  32. 32.
    Kellermann, B.: Dudle homepage (April 2010),
  33. 33.
    Greenstadt, R., Smith, M.D.: Collaborative scheduling: Threats and promises. In: Workshop on Economics and Information Security (2006)Google Scholar
  34. 34.
    IEEE/IFIP: Proceedings of IEEE International Conference on Computational Science and Engineering, Conference on Information Privacy, Security, Risk and Trust (PASSAT 2009), Los Alamitos, CA, USA, IEEE/IFIP, vol. 3. IEEE Computer Society (2009)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Benjamin Kellermann
    • 1
  1. 1.Institute of Systems ArchitectureTechnische Universität DresdenDresdenGermany

Personalised recommendations