Match Me if You Can: Matchmaking Encryption and its Applications

Giuseppe Ateniese, Danilo Francati, David Nuñez, and Daniele Venturi

Abstract

We introduce a new form of encryption that we name matchmaking encryption (ME). Using ME, sender S and receiver R (each with its own attributes) can both specify policies the other party must satisfy in order for the message to be revealed. The main security guarantee is that of privacy-preserving policy matching: During decryption nothing is leaked beyond the fact that a match occurred/did not occur. ME opens up new ways of secretly communicating, and enables several new applications where both participants can specify fine-grained access policies to encrypted data. For instance, in social matchmaking, S can encrypt a file containing his/her personal details and specify a policy so that the file can be decrypted only by his/her ideal partner. On the other end, a receiver R will be able to decrypt the file only if S corresponds to his/her ideal partner defined through a policy. On the theoretical side, we define security for ME, as well as provide generic frameworks for constructing ME from functional encryption. These constructions need to face the technical challenge of simultaneously checking the policies chosen by S and R, to avoid any leakage. On the practical side, we construct an efficient identity-based scheme for equality policies, with provable security in the random oracle model under the standard BDH assumption. We implement and evaluate our scheme and provide experimental evidence that our construction is practical. We also apply identity-based ME to a concrete use case, in particular for creating an anonymous bulletin board over a Tor network.

Note: An abridged version of this paper appears in the Proceedings of the 39th International Cryptology Conference (CRYPTO 2019)

Available format(s)
Category
Foundations
Publication info
Keywords
Secret handshakeattribute-based encryptionsocial matchmakingTor
Contact author(s)
dfrancat @ stevens edu
History
2021-02-02: last of 3 revisions
See all versions
Short URL
https://ia.cr/2018/1094

CC BY

BibTeX

@misc{cryptoeprint:2018/1094,
author = {Giuseppe Ateniese and Danilo Francati and David Nuñez and Daniele Venturi},
title = {Match Me if You Can: Matchmaking Encryption and its Applications},
howpublished = {Cryptology ePrint Archive, Paper 2018/1094},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/1094}},
url = {https://eprint.iacr.org/2018/1094}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.