Publications

Stats

View publication

Title Implementing Secure Reporting of Sexual Misconduct - Revisiting WhoToo
Authors Alejandro Hevia, Ilana Mergudich-Thal
Publication date 2021
Abstract Reporting sexual assault or harassment is notoriously
difficult,
and even though more victims are coming forward every year, a significant
percentage of victims do not formally report it (Morgan and Oudekerk - U.S.
Department of Justice). Studies have shown that most sexual assault episodes
occur by repeat perpetrators and that people are more likely to report if
they know that other victims of the same aggressor exist (Callisto
Homepage). Recently, the WhoToo protocol (Kuykendall, Krawczyk and Rabin -
POPETS 2019) presented a system in which the identities of the accuser and
the accused are protected until a certain pre-specified number (quorum) of
victims reports the same perpetrator. We revisit this protocol from an
implementation perspective, shedding light on necessary clarifications and
optimizations.
\n\n
We first identify several key operations whose implementation was left
unclear. One of such operations, if implemented in a straightforward fashion
by using other WhoToo subroutines would compromise anonymity. Fixes for
another were simple but required a new (but straightforward) security proof.
Such fixes, although rather minor, are important for a system whose design
emphasizes practicality and fast operations.
\n\n
Our second contribution concerns efficiency. Using a Distributed Input PRF
and a variant of Robust Anonymous IBE Encryption, we improve detection of
duplicated and matching accusations. Given N accusations, our solution
requires O(1) instead of O(N) distributed operations (the most expensive
primitive in WhoToo) to detect duplicates and matching accusations once the
quorum is reached. Our results give raise to WhoToo+ a
practical and more efficient variant of WhoToo that preserves the original
security guarantees.
Downloaded 10 times
Pages 341-362
Conference name International Conference on Cryptology and Information Security in Latin America
Publisher Springer-Verlag (Berlin/Heidelberg, Germany)
PDF View PDF
Reference URL View reference page