Skip to main content

Implementing Secure Reporting of Sexual Misconduct - Revisiting WhoToo

  • 285 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12912)

Abstract

Reporting sexual assault or harassment is notoriously difficult, and even though more victims are coming forward every year, a significant percentage of victims do not formally report it (Morgan and Oudekerk - U.S. Department of Justice). Studies have shown that most sexual assault episodes occur by repeat perpetrators and that people are more likely to report if they know that other victims of the same aggressor exist (Callisto Homepage). Recently, the WhoToo protocol (Kuykendall, Krawczyk and Rabin - POPETS 2019) presented a system in which the identities of the accuser and the accused are protected until a certain pre-specified number (quorum) of victims reports the same perpetrator. We revisit this protocol from an implementation perspective, shedding light on necessary clarifications and optimizations.

We first identify several key operations whose implementation was left unclear. One of such operations, if implemented in a straightforward fashion by using other WhoToo subroutines would compromise anonymity. Fixes for another were simple but required a new (but straightforward) security proof. Such fixes, although rather minor, are important for a system whose design emphasizes practicality and fast operations.

Our second contribution concerns efficiency. Using a Distributed Input PRF and a variant of Robust Anonymous IBE Encryption, we improve detection of duplicated and matching accusations. Given N accusations, our solution requires O(1) instead of O(N) distributed operations (the most expensive primitive in WhoToo) to detect duplicates and matching accusations once the quorum is reached. Our results give raise to \(\mathtt {WhoToo^+}\), a practical and more efficient variant of WhoToo that preserves the original security guarantees.

Keywords

  • Privacy-preserving reporting of sexual misconduct
  • Anonymity
  • Secure multiparty computation
  • Efficient implementations

I. Mergudich-Thal—Supported by ANID - Subdirección de Capital Humano/Magíster Nacional/2020.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-88238-9_17
  • Chapter length: 22 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   69.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-88238-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   89.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

Notes

  1. 1.

    Our protocol still takes O(N) local operations for goals (1) and (2) but they are local operations as opposed to distributed operations.

  2. 2.

    For this work, we slightly modify the semantics for the function SecShare.Encode(x) so all shares \(\{w\}\) are received by the party who invokes the function.

References

  1. Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45353-9_12

    CrossRef  Google Scholar 

  2. Abdalla, M., et al.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 205–222. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_13

    CrossRef  Google Scholar 

  3. Abdalla, M., Bellare, M., Neven, G.: Robust encryption. J. Cryptol. 31(2), 307–350 (2017). https://doi.org/10.1007/s00145-017-9258-8

    MathSciNet  CrossRef  MATH  Google Scholar 

  4. Arun, V., Kate, A., Garg, D., Druschel, P., Bhattacharjee, B.: Finding safety in numbers with secure allegation escrows. In: NDSS 2020. The Internet Society (2020)

    Google Scholar 

  5. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_38

    CrossRef  Google Scholar 

  6. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_3

    CrossRef  Google Scholar 

  7. Callisto Homepage. https://www.mycallisto.org/. Accessed 10 Mar 2021

  8. Cantor, D., et al.: Report on the AAU Campus Climate Survey on Sexual Assault and Misconduct. Westat for the Association of American Universities (AAU) (2020)

    Google Scholar 

  9. Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: FOCS, pp. 383–395. IEEE Computer Society (1985)

    Google Scholar 

  10. Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30580-4_28

    CrossRef  Google Scholar 

  11. Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

    MathSciNet  CrossRef  Google Scholar 

  12. Fiat, A., Shamir, A.: How To prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    CrossRef  Google Scholar 

  13. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_31

    CrossRef  Google Scholar 

  14. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2006). https://doi.org/10.1007/s00145-006-0347-3

    MathSciNet  CrossRef  MATH  Google Scholar 

  15. Gennaro, R., Rabin, M.O., Rabin, T.: Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In: PODC 1998, pp. 101–111. ACM (1998)

    Google Scholar 

  16. Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_27

    CrossRef  Google Scholar 

  17. Hevia, A., Mergudich-Thal, I.: Implementing Secure Reporting of Sexual Misconduct - Revisiting WhoToo (Full Version) (2021)

    Google Scholar 

  18. Ibáñez, M.J.: Universidad de Chile presenta primeros resultados de estudio de acoso sexual. https://www.uchile.cl/noticias/124410/u-de-chile-presenta-primeros-resultados-de-estudio-de-acoso-sexual. Accessed 18 May 2020

  19. Kissner, L., Song, D.: Privacy-preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_15

    CrossRef  Google Scholar 

  20. Kuykendall, B., Krawczyk, H., Rabin, T.: Cryptography for #MeToo. POPETS 2019(3), 409–429 (2019)

    Google Scholar 

  21. Lizama-Lefno, A., Hurtado-Quiñones, A.: Acoso Sexual en el Contexto Universitario: Estudio Diagnóstico Proyectivo de la Situación de Género en la Universidad de Santiago de Chile 2019. Pensamiento Educativo. Revista de Investigación Educacional Latinoamericana, pp. 1–14 (2019)

    Google Scholar 

  22. Okano, H., Emura, K., Ishibashi, T., Ohigashi, T., Suzuki, T.: Implementation of a strongly robust identity-based encryption scheme over type-3 pairings. IJNC 10(2), 174–188 (2020)

    CrossRef  Google Scholar 

  23. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9

    CrossRef  Google Scholar 

  24. Rajan, A., Qin, L., Archer, D.W., Boneh, D., Lepoint, T., Varia, M.: Callisto: a cryptographic approach to detecting serial perpetrators of sexual misconduct. In: COMPASS 2018, pp. 1–4 (2018)

    Google Scholar 

  25. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)

    CrossRef  Google Scholar 

  26. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    MathSciNet  CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Alejandro Hevia or Ilana Mergudich-Thal .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Hevia, A., Mergudich-Thal, I. (2021). Implementing Secure Reporting of Sexual Misconduct - Revisiting WhoToo. In: Longa, P., Ràfols, C. (eds) Progress in Cryptology – LATINCRYPT 2021. LATINCRYPT 2021. Lecture Notes in Computer Science(), vol 12912. Springer, Cham. https://doi.org/10.1007/978-3-030-88238-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88238-9_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88237-2

  • Online ISBN: 978-3-030-88238-9

  • eBook Packages: Computer ScienceComputer Science (R0)