Skip to main content

Implementing Secure Reporting of Sexual Misconduct - Revisiting WhoToo

  • Conference paper
  • First Online:
Progress in Cryptology – LATINCRYPT 2021 (LATINCRYPT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12912))


Reporting sexual assault or harassment is notoriously difficult, and even though more victims are coming forward every year, a significant percentage of victims do not formally report it (Morgan and Oudekerk - U.S. Department of Justice). Studies have shown that most sexual assault episodes occur by repeat perpetrators and that people are more likely to report if they know that other victims of the same aggressor exist (Callisto Homepage). Recently, the WhoToo protocol (Kuykendall, Krawczyk and Rabin - POPETS 2019) presented a system in which the identities of the accuser and the accused are protected until a certain pre-specified number (quorum) of victims reports the same perpetrator. We revisit this protocol from an implementation perspective, shedding light on necessary clarifications and optimizations.

We first identify several key operations whose implementation was left unclear. One of such operations, if implemented in a straightforward fashion by using other WhoToo subroutines would compromise anonymity. Fixes for another were simple but required a new (but straightforward) security proof. Such fixes, although rather minor, are important for a system whose design emphasizes practicality and fast operations.

Our second contribution concerns efficiency. Using a Distributed Input PRF and a variant of Robust Anonymous IBE Encryption, we improve detection of duplicated and matching accusations. Given N accusations, our solution requires O(1) instead of O(N) distributed operations (the most expensive primitive in WhoToo) to detect duplicates and matching accusations once the quorum is reached. Our results give raise to \(\mathtt {WhoToo^+}\), a practical and more efficient variant of WhoToo that preserves the original security guarantees.

I. Mergudich-Thal—Supported by ANID - Subdirección de Capital Humano/Magíster Nacional/2020.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. 1.

    Our protocol still takes O(N) local operations for goals (1) and (2) but they are local operations as opposed to distributed operations.

  2. 2.

    For this work, we slightly modify the semantics for the function SecShare.Encode(x) so all shares \(\{w\}\) are received by the party who invokes the function.


  1. Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001).

    Chapter  Google Scholar 

  2. Abdalla, M., et al.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 205–222. Springer, Heidelberg (2005).

    Chapter  Google Scholar 

  3. Abdalla, M., Bellare, M., Neven, G.: Robust encryption. J. Cryptol. 31(2), 307–350 (2017).

    Article  MathSciNet  MATH  Google Scholar 

  4. Arun, V., Kate, A., Garg, D., Druschel, P., Bhattacharjee, B.: Finding safety in numbers with secure allegation escrows. In: NDSS 2020. The Internet Society (2020)

    Google Scholar 

  5. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003).

    Chapter  Google Scholar 

  6. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004).

    Chapter  Google Scholar 

  7. Callisto Homepage. Accessed 10 Mar 2021

  8. Cantor, D., et al.: Report on the AAU Campus Climate Survey on Sexual Assault and Misconduct. Westat for the Association of American Universities (AAU) (2020)

    Google Scholar 

  9. Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: FOCS, pp. 383–395. IEEE Computer Society (1985)

    Google Scholar 

  10. Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005).

    Chapter  Google Scholar 

  11. Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

    Article  MathSciNet  Google Scholar 

  12. Fiat, A., Shamir, A.: How To prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).

    Chapter  Google Scholar 

  13. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996).

    Chapter  Google Scholar 

  14. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2006).

    Article  MathSciNet  MATH  Google Scholar 

  15. Gennaro, R., Rabin, M.O., Rabin, T.: Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In: PODC 1998, pp. 101–111. ACM (1998)

    Google Scholar 

  16. Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006).

    Chapter  Google Scholar 

  17. Hevia, A., Mergudich-Thal, I.: Implementing Secure Reporting of Sexual Misconduct - Revisiting WhoToo (Full Version) (2021)

    Google Scholar 

  18. Ibáñez, M.J.: Universidad de Chile presenta primeros resultados de estudio de acoso sexual. Accessed 18 May 2020

  19. Kissner, L., Song, D.: Privacy-preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005).

    Chapter  Google Scholar 

  20. Kuykendall, B., Krawczyk, H., Rabin, T.: Cryptography for #MeToo. POPETS 2019(3), 409–429 (2019)

    Google Scholar 

  21. Lizama-Lefno, A., Hurtado-Quiñones, A.: Acoso Sexual en el Contexto Universitario: Estudio Diagnóstico Proyectivo de la Situación de Género en la Universidad de Santiago de Chile 2019. Pensamiento Educativo. Revista de Investigación Educacional Latinoamericana, pp. 1–14 (2019)

    Google Scholar 

  22. Okano, H., Emura, K., Ishibashi, T., Ohigashi, T., Suzuki, T.: Implementation of a strongly robust identity-based encryption scheme over type-3 pairings. IJNC 10(2), 174–188 (2020)

    Article  Google Scholar 

  23. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992).

    Chapter  Google Scholar 

  24. Rajan, A., Qin, L., Archer, D.W., Boneh, D., Lepoint, T., Varia, M.: Callisto: a cryptographic approach to detecting serial perpetrators of sexual misconduct. In: COMPASS 2018, pp. 1–4 (2018)

    Google Scholar 

  25. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)

    Article  Google Scholar 

  26. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding authors

Correspondence to Alejandro Hevia or Ilana Mergudich-Thal .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hevia, A., Mergudich-Thal, I. (2021). Implementing Secure Reporting of Sexual Misconduct - Revisiting WhoToo. In: Longa, P., Ràfols, C. (eds) Progress in Cryptology – LATINCRYPT 2021. LATINCRYPT 2021. Lecture Notes in Computer Science(), vol 12912. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88237-2

  • Online ISBN: 978-3-030-88238-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics