Cryptology ePrint Archive: Report 2018/1094

Match Me if You Can: Matchmaking Encryption and its Applications

Giuseppe Ateniese and Danilo Francati and David Nuņez and Daniele Venturi

Abstract: We introduce a new form of encryption that we name matchmaking encryption (ME). Using ME, sender S and receiver R (each with its own attributes) can both specify policies the other party must satisfy in order for the message to be revealed. The main security guarantee is that of privacy-preserving policy matching: During decryption nothing is leaked beyond the fact that a match occurred/did not occur. ME opens up new ways of secretly communicating, and enables several new applications where both participants can specify fine-grained access policies to encrypted data. For instance, in social matchmaking, S can encrypt a file containing his/her personal details and specify a policy so that the file can be decrypted only by his/her ideal partner. On the other end, a receiver R will be able to decrypt the file only if S corresponds to his/her ideal partner defined through a policy. On the theoretical side, we define security for ME, as well as provide generic frameworks for constructing ME from functional encryption. These constructions need to face the technical challenge of simultaneously checking the policies chosen by S and R, to avoid any leakage. On the practical side, we construct an efficient identity-based scheme for equality policies, with provable security in the random oracle model under the standard BDH assumption. We implement and evaluate our scheme and provide experimental evidence that our construction is practical. We also apply identity-based ME to a concrete use case, in particular for creating an anonymous bulletin board over a Tor network.

Category / Keywords: foundations / Secret handshake, attribute-based encryption, social matchmaking, Tor

Original Publication (in the same form): IACR-JOC-2021

Date: received 12 Nov 2018, last revised 2 Feb 2021

Contact author: dfrancat at stevens edu

Available format(s): PDF | BibTeX Citation

Note: An abridged version of this paper appears in the Proceedings of the 39th International Cryptology Conference (CRYPTO 2019)

Version: 20210202:171210 (All versions of this report)

Short URL: ia.cr/2018/1094


[ Cryptology ePrint archive ]