{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,27]],"date-time":"2025-08-27T15:58:53Z","timestamp":1756310333139},"reference-count":31,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"3","license":[{"start":{"date-parts":[[2019,7,1]],"date-time":"2019-07-01T00:00:00Z","timestamp":1561939200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,7,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Reporting sexual assault and harassment is an important and difficult problem. Since late 2017, it has received increased attention as the viral #MeToo movement has brought about accusations against high-profile individuals and a wider discussion around the prevalence of sexual violence. Addressing occurrences of sexual assault requires a system to record and process accusations. It is natural to ask what security guarantees are necessary and achievable in such a system. In particular, we focus on detecting repeat offenders: only when a set number of accusations are lodged against the same party will the accusations be revealed to a legal counselor. Previous solutions to this privacy-preserving reporting problem, such as the Callisto Protocol of Rajan et al., have focused on the confidentiality of accusers. This paper proposes a stronger security model that ensures the confidentiality of the accuser and the accused as well as the traceability of false accusations. We propose the WhoToo protocol to achieve this notion of security using suitable cryptographic techniques. The protocol design emphasizes practicality, preferring fast operations that are implemented in existing software libraries. We estimate that an implementation would be suitably performant for real-world deployment.<\/jats:p>","DOI":"10.2478\/popets-2019-0054","type":"journal-article","created":{"date-parts":[[2019,7,20]],"date-time":"2019-07-20T09:31:31Z","timestamp":1563615091000},"page":"409-429","source":"Crossref","is-referenced-by-count":8,"title":["Cryptography for #MeToo"],"prefix":"10.56553","volume":"2019","author":[{"given":"Benjamin","family":"Kuykendall","sequence":"first","affiliation":[{"name":"Princeton University"}]},{"given":"Hugo","family":"Krawczyk","sequence":"additional","affiliation":[{"name":"Algorand Foundation"}]},{"given":"Tal","family":"Rabin","sequence":"additional","affiliation":[{"name":"Algorand Foundation"}]}],"member":"35752","published-online":{"date-parts":[[2019,7,12]]},"reference":[{"key":"2022061203185229503_j_popets-2019-0054_ref_001_w2aab3b7c22b1b6b1ab1ab1Aa","unstructured":"[1] Tor project, www.torproject.org"},{"key":"2022061203185229503_j_popets-2019-0054_ref_002_w2aab3b7c22b1b6b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143\u2013158. Springer, Heidelberg (Apr 2001)10.1007\/3-540-45353-9_12","DOI":"10.1007\/3-540-45353-9_12"},{"key":"2022061203185229503_j_popets-2019-0054_ref_003_w2aab3b7c22b1b6b1ab1ab3Aa","unstructured":"[3] Aranha, D.: Pairings are not dead, just resting. In: Workshop on Elliptic Curve Cryptography (2017)"},{"key":"2022061203185229503_j_popets-2019-0054_ref_004_w2aab3b7c22b1b6b1ab1ab4Aa","doi-asserted-by":"crossref","unstructured":"[4] Bar-Ilan, J., Beaver, D.: Non-cryptographic fault-tolerant computing in constant number of rounds of interaction. In: Rudnicki, P. (ed.) 8th ACM PODC. pp. 201\u2013209. ACM (Aug 1989)10.1145\/72981.72995","DOI":"10.1145\/72981.72995"},{"key":"2022061203185229503_j_popets-2019-0054_ref_005_w2aab3b7c22b1b6b1ab1ab5Aa","doi-asserted-by":"crossref","unstructured":"[5] Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614\u2013629. Springer, Heidelberg (May 2003)10.1007\/3-540-39200-9_38","DOI":"10.1007\/3-540-39200-9_38"},{"key":"2022061203185229503_j_popets-2019-0054_ref_006_w2aab3b7c22b1b6b1ab1ab6Aa","doi-asserted-by":"crossref","unstructured":"[6] Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: 20th ACM STOC. pp. 1\u201310. ACM Press (May 1988)10.1145\/62212.62213","DOI":"10.1145\/62212.62213"},{"key":"2022061203185229503_j_popets-2019-0054_ref_007_w2aab3b7c22b1b6b1ab1ab7Aa","doi-asserted-by":"crossref","unstructured":"[7] Bl\u00f6mer, J., Juhnke, J., L\u00f6ken, N.: Short group signatures with distributed traceability. In: Kotsireas, I.S., Rump, S.M., Yap, C.K. (eds.) MACIS. pp. 166\u2013180. Springer, Cham (2016)10.1007\/978-3-319-32859-1_14","DOI":"10.1007\/978-3-319-32859-1_14"},{"key":"2022061203185229503_j_popets-2019-0054_ref_008_w2aab3b7c22b1b6b1ab1ab8Aa","unstructured":"[8] Boneh, D.: personal communications (March 2019), see https:\/\/cryptobook.us\/"},{"key":"2022061203185229503_j_popets-2019-0054_ref_009_w2aab3b7c22b1b6b1ab1ab9Aa","doi-asserted-by":"crossref","unstructured":"[9] Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56\u201373. Springer, Heidelberg (May 2004)10.1007\/978-3-540-24676-3_4","DOI":"10.1007\/978-3-540-24676-3_4"},{"key":"2022061203185229503_j_popets-2019-0054_ref_010_w2aab3b7c22b1b6b1ab1ac10Aa","doi-asserted-by":"crossref","unstructured":"[10] Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41\u201355. Springer, Heidelberg (Aug 2004)10.1007\/978-3-540-28628-8_3","DOI":"10.1007\/978-3-540-28628-8_3"},{"key":"2022061203185229503_j_popets-2019-0054_ref_011_w2aab3b7c22b1b6b1ab1ac11Aa","unstructured":"[11] Bowe, S.: Bls12-381: New zk-snark elliptic curve construction (October 2018), https:\/\/z.cash\/blog\/new-snark-curve"},{"key":"2022061203185229503_j_popets-2019-0054_ref_012_w2aab3b7c22b1b6b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS. pp. 136\u2013145. IEEE Computer Society Press (Oct 2001)10.1109\/SFCS.2001.959888","DOI":"10.1109\/SFCS.2001.959888"},{"key":"2022061203185229503_j_popets-2019-0054_ref_013_w2aab3b7c22b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: 26th FOCS. pp. 383\u2013395. IEEE Computer Society Press (Oct 1985)10.1109\/SFCS.1985.64","DOI":"10.1109\/SFCS.1985.64"},{"key":"2022061203185229503_j_popets-2019-0054_ref_014_w2aab3b7c22b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme (extended abstract). In: 26th FOCS. pp. 372\u2013382. IEEE Computer Society Press (Oct 1985)10.1109\/SFCS.1985.2","DOI":"10.1109\/SFCS.1985.2"},{"key":"2022061203185229503_j_popets-2019-0054_ref_015_w2aab3b7c22b1b6b1ab1ac15Aa","unstructured":"[15] Donegan, M.: I started the media men list. The Cut (Jan 2018), https:\/\/www.thecut.com\/2018\/01\/moira-donegan-istarted-the-media-men-list.html"},{"key":"2022061203185229503_j_popets-2019-0054_ref_016_w2aab3b7c22b1b6b1ab1ac16Aa","doi-asserted-by":"crossref","unstructured":"[16] ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469\u2013472 (1985)10.1109\/TIT.1985.1057074","DOI":"10.1109\/TIT.1985.1057074"},{"key":"2022061203185229503_j_popets-2019-0054_ref_017_w2aab3b7c22b1b6b1ab1ac17Aa","doi-asserted-by":"crossref","unstructured":"[17] Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO\u201986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (Aug 1987)10.1007\/3-540-47721-7_12","DOI":"10.1007\/3-540-47721-7_12"},{"key":"2022061203185229503_j_popets-2019-0054_ref_018_w2aab3b7c22b1b6b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1\u201319. Springer, Heidelberg (May 2004)10.1007\/978-3-540-24676-3_1","DOI":"10.1007\/978-3-540-24676-3_1"},{"key":"2022061203185229503_j_popets-2019-0054_ref_019_w2aab3b7c22b1b6b1ab1ac19Aa","doi-asserted-by":"crossref","unstructured":"[19] Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U.M. (ed.) EUROCRYPT\u2019 96. LNCS, vol. 1070, pp. 354\u2013371. Springer, Heidelberg (May 1996)10.1007\/3-540-68339-9_31","DOI":"10.1007\/3-540-68339-9_31"},{"key":"2022061203185229503_j_popets-2019-0054_ref_020_w2aab3b7c22b1b6b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. Journal of Cryptology 20(1), 51\u201383 (Jan 2007)10.1007\/s00145-006-0347-3","DOI":"10.1007\/s00145-006-0347-3"},{"key":"2022061203185229503_j_popets-2019-0054_ref_021_w2aab3b7c22b1b6b1ab1ac21Aa","doi-asserted-by":"crossref","unstructured":"[21] Gennaro, R., Rabin, M.O., Rabin, T.: Simplified VSS and fact-track multiparty computations with applications to threshold cryptography. In: Coan, B.A., Afek, Y. (eds.) 17th ACM PODC. pp. 101\u2013111. ACM (Jun \/ Jul 1998)10.1145\/277697.277716","DOI":"10.1145\/277697.277716"},{"key":"2022061203185229503_j_popets-2019-0054_ref_022_w2aab3b7c22b1b6b1ab1ac22Aa","doi-asserted-by":"crossref","unstructured":"[22] Hoepman, J.H., Galindo, D.: Non-interactive distributed encryption: A new primitive for revocable privacy. In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. pp. 81\u201392. WPES \u201911, ACM, New York, NY, USA (2011), http:\/\/doi.acm.org\/10.1145\/2046556.2046567","DOI":"10.1145\/2046556.2046567"},{"key":"2022061203185229503_j_popets-2019-0054_ref_023_w2aab3b7c22b1b6b1ab1ac23Aa","doi-asserted-by":"crossref","unstructured":"[23] Jakobsson, M., Juels, A.: Mix and match: Secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162\u2013177. Springer, Heidelberg (Dec 2000)10.1007\/3-540-44448-3_13","DOI":"10.1007\/3-540-44448-3_13"},{"key":"2022061203185229503_j_popets-2019-0054_ref_024_w2aab3b7c22b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] Kiayias, A., Yung, M.: The vector-ballot e-voting approach. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 72\u201389. Springer, Heidelberg (Feb 2004)10.1007\/978-3-540-27809-2_9","DOI":"10.1007\/978-3-540-27809-2_9"},{"key":"2022061203185229503_j_popets-2019-0054_ref_025_w2aab3b7c22b1b6b1ab1ac25Aa","doi-asserted-by":"crossref","unstructured":"[25] Kissner, L., Song, D.X.: Privacy-preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241\u2013257. Springer, Heidelberg (Aug 2005)10.1007\/11535218_15","DOI":"10.1007\/11535218_15"},{"key":"2022061203185229503_j_popets-2019-0054_ref_026_w2aab3b7c22b1b6b1ab1ac26Aa","doi-asserted-by":"crossref","unstructured":"[26] Lueks, W., Hoepman, J.H., Kursawe, K.: Forward-secure distributed encryption. In: De Cristofaro, E., Murdoch, S.J. (eds.) Privacy Enhancing Technologies. pp. 123\u2013142. Springer International Publishing, Cham (2014)10.1007\/978-3-319-08506-7_7","DOI":"10.1007\/978-3-319-08506-7_7"},{"key":"2022061203185229503_j_popets-2019-0054_ref_027_w2aab3b7c22b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] Maurer, U.M.: Unifying zero-knowledge proofs of knowledge. In: Preneel, B. (ed.) AFRICACRYPT 09. LNCS, vol. 5580, pp. 272\u2013286. Springer, Heidelberg (Jun 2009)10.1007\/978-3-642-02384-2_17","DOI":"10.1007\/978-3-642-02384-2_17"},{"key":"2022061203185229503_j_popets-2019-0054_ref_028_w2aab3b7c22b1b6b1ab1ac28Aa","doi-asserted-by":"crossref","unstructured":"[28] Menezes, A., Sarkar, P., Singh, S.: Challenges with assessing the impact of nfs advances on the security of pairing-based cryptography. In: Mycrypt (2016)10.1007\/978-3-319-61273-7_5","DOI":"10.1007\/978-3-319-61273-7_5"},{"key":"2022061203185229503_j_popets-2019-0054_ref_029_w2aab3b7c22b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO\u201991. LNCS, vol. 576, pp. 129\u2013140. Springer, Heidelberg (Aug 1992)10.1007\/3-540-46766-1_9","DOI":"10.1007\/3-540-46766-1_9"},{"key":"2022061203185229503_j_popets-2019-0054_ref_030_w2aab3b7c22b1b6b1ab1ac30Aa","doi-asserted-by":"crossref","unstructured":"[30] Rajan, A., Qin, L., Archer, D.W., Boneh, D., Lepoint, T., Varia, M.: Callisto: A cryptographic approach to detecting serial perpetrators of sexual misconduct. In: Proceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies. pp. 49:1\u201349:4. COMPASS \u201918, ACM, New York, NY, USA (2018)10.1145\/3209811.3212699","DOI":"10.1145\/3209811.3212699"},{"key":"2022061203185229503_j_popets-2019-0054_ref_031_w2aab3b7c22b1b6b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161\u2013174 (1991)10.1007\/BF00196725","DOI":"10.1007\/BF00196725"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/content.sciendo.com\/view\/journals\/popets\/2019\/3\/article-p409.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2019-0054","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:30:35Z","timestamp":1658334635000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2019\/popets-2019-0054.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,7,1]]},"references-count":31,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2019,7,12]]},"published-print":{"date-parts":[[2019,7,1]]}},"alternative-id":["10.2478\/popets-2019-0054"],"URL":"https:\/\/doi.org\/10.2478\/popets-2019-0054","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,7,1]]}}}