Private discovery of common social contacts

Abstract

Digital services that are offered, and consumed, on the basis of social relationships form the backbone of social clouds—an emerging new concept that finds its roots in online social networks. The latter have already taken an essential role in people’s daily life, helping users to build and reflect their social relationships to other participants. A key step in establishing new links entails the reconciliation of shared contacts and friends. However, for many individuals, personal relationships belong to the private sphere, and, as such, should be concealed from potentially prying eyes of strangers. Consequently, the transition toward social clouds cannot set aside mechanisms to control the disclosure of social links. This paper motivates and introduces the concept of Private Discovery of Common Social Contacts, which allows two users to assess their social proximity through interaction and learn the set of contacts (e.g., friends) that are common to both users, while hiding contacts that they do not share. We realize private contact discovery using a new cryptographic primitive, called contact discovery scheme (CDS), whose functionality and privacy is formalized in this work. To this end, we define a novel privacy feature, called contact-hiding, that captures our strong privacy goals. We also propose the concept of contact certification and show that it is essential to thwart impersonation attacks on social relationships. We build provably private and realistically efficient CDS protocols for private discovery of mutual contacts. Our constructions do not rely on a trusted third party (TTP)—all contacts are managed independently by the users. The practicality of our proposals is confirmed both analytically and experimentally on different computing platforms. We show that they can be efficiently deployed on smartphones, thus allowing ad hoc and ubiquitous contact discovery outside of existing social networks. Our CDS constructions allow users to select their (certified) contacts to be included in individual protocol executions. That is, users may perform context-dependent contact discovery using any subset (circle) of their contacts.