Cryptology ePrint Archive: Report 2018/1094

Match Me if You Can: Matchmaking Encryption and its Applications

Giuseppe Ateniese and Danilo Francati and David Nuņez and Daniele Venturi

Abstract: We introduce a new form of encryption that we name matchmaking encryption (ME). Using ME, sender S and receiver R, each characterized by its own attributes, can both specify policies the other party must satisfy in order for the message to be revealed. The main security guarantee is that of privacy-preserving policy matching: During decryption nothing is leaked beyond the fact that a match occurred/did not occur. ME opens up new and innovative ways of secretly communicating, and enables several new applications where both participants can specify fine-grained access policies to encrypted data. For instance, in social matchmaking, S can encrypt a file containing his/her personal details and specify a policy so that the file can be decrypted only by his/her ideal partner. On the other end, a receiver R will be able to decrypt the file only if S corresponds to his/her ideal partner defined through a policy. On the theoretical side, we put forward formal security definitions for ME, as well as generic frameworks for constructing ME from functional encryption. These constructions need to face the main technical challenge of simultaneously checking the policies established by S and R to avoid any leakage. On the practical side, we construct an efficient scheme for the identity-based setting, with provable security in the random oracle model under the standard BDH assumption. We implement and evaluate our scheme and provide experimental evidence that our construction is practical. We also apply identity-based ME to a concrete use case, in particular for creating an anonymous bulletin board over a Tor network.

Category / Keywords: foundations / Secret handshake, attribute-based encryption, social matchmaking, Tor

Date: received 12 Nov 2018

Contact author: dfrancat at stevens edu

Available format(s): PDF | BibTeX Citation

Version: 20181112:215717 (All versions of this report)

Short URL: ia.cr/2018/1094


[ Cryptology ePrint archive ]