The Prom Problem: Fair and Privacy-Enhanced Matchmaking with Identity Linked Wishes

In the Prom Problem (TPP), Alice wishes to attend a school dance with Bob and needs a risk-free, privacy preserving way to find out whether Bob shares that same wish. If not, no one should know that she inquired about it, not even Bob. TPP represents a special class of matchmaking challenges, augmenting the properties of privacy-enhanced matchmaking, further requiring fairness and support for identity linked wishes (ILW) – wishes involving specific identities that are only valid if all involved parties have those same wishes. The Horne-Nair (HN) protocol was proposed as a solution to TPP along with a sample pseudo-code embodiment leveraging an untrusted matchmaker. Neither identities nor pseudo-identities are included in any messages or stored in the matchmaker’s database. Privacy relevant data stay within user control. A security analysis and proof-of-concept implementation validated the approach, fairness was quantified, and a feasibility analysis demonstrated practicality in real-world networks and systems, thereby bounding risk prior to incurring the full costs of development. The SecretMatch™ Prom app leverages one embodiment of the patented HN protocol to achieve privacy-enhanced and fair matchmaking with ILW. The endeavor led to practical lessons learned and recommendations for privacy engineering in an era of rapidly evolving privacy legislation. Next steps include design of SecretMatch™ apps for contexts like voting negotiations in legislative bodies and executive recruiting. The roadmap toward a quantum resistant SecretMatch™ began with design of a Hybrid Post-Quantum Horne-Nair (HPQHN) protocol. Future directions include enhancements to HPQHN, a fully Post Quantum HN protocol, and more

Secure Matchmaking Protocol

Abstract. Matchmaking protocol is a procedure to find matched pairs in registered groups of participants depending on their choices, while preserving their privacy. In this study we define the concept of matchmaking and construct a simple and efficient matchmaking protocol under the simple rule that two members become a matched pair only when they have chosen each other. In matchmaking protocol, participant's privacy is of prime concern, specially losers' choices should not be opened. Our basic approach to achieve privacy is finding collisions among multiple secure commitments without decryption. For this purpose we build a protocol to find collisions in ElGamal ciphertexts without decryption using Michels and Stadler's protocol [MS97] of proving the equality or inequality of two discrete logarithms. Correctness is guaranteed because all procedures are universally verifiable. Keywords: matchmaking, secure multiparty computation, proof of knowledge, proving the equality or inequality of two discrete logarithms, finding collisions without decryption, public commitment