UDM: Private user discovery with minimal information disclosure

Abstract

We present and analyze User Discovery with Minimal information disclosure (UDM), a new protocol for user discovery in anonymous communication systems that minimizes the information disclosed to the system and users. UDM solves the following user-discovery problem. User Alice wishes to communicate with Bob over an anonymous communication system, such as cMix or Tor. Initially, each party knows each other’s public contact identifier (e.g., email address or phone number), but neither knows the other’s private platform identifier in the communication system. If both parties wish to communicate with each other, UDM enables them to establish a shared secret and learn each other’s private platform identifier. Unlike existing systems, including those based on private set intersection, UDM learns nothing about the social contacts of the users, is not vulnerable to off-line dictionary attacks that expose contact lists, does not reveal platform identifiers to users without the owner’s explicit permission, and enjoys low computation and communication complexity. Using the anonymous communication system, each pair of users who wish to communicate with each other uploads to the user-discovery system their private platform identifier, encrypted with a key derived from their shared secret. Indexing their request by a cryptographic tag derived from their shared secret, each user can then download each other’s encrypted private platform identifier. In doing so, UDM uses an untrusted user-discovery system, which processes and stores only public information or values encrypted with keys it does not know. Therefore, from the data values it processes, UDM cannot learn any information about the social contacts of its users.