[Cryptography] ZK meeting scheduling protocol?

[Jerry Leichter]

> At the end of the protocol, either no such common date is available -- ever -- or a common date is secured.  Everyone then knows the date.  However, no one ever learns (at least from the protocol itself) which non-selected dates matched on any subset of the peoples' calendars.  Thus, for example, no one can figure out who is the busiest (or least busy) person by studying all the messages from the protocol.
Ray Dillinger already pointed out some of the ambiguities in the problem definition.  But let's consider a simpler one:  A useful scheduling algorithm can be iterated, and applied to arbitrary sets of users.  But then to determine whether you are free at time X, I need merely fill my schedule from now to X, then propose a meeting with you and see what the system comes back with!

Yes, this might expose what I'm doing.  But there are "inverse" methods like trying to set up an appointment with you and n-1 others, then with just the n-1; if the resulting appointment changes, you were the one who had a problem with it.

This feels like the problem of trackers in databases - which turned out not to have any simple solutions, only statistical ones (and even those are tricky).

Pinning down the exact definition of a "secure anonymous meeting protocol" in such a way that it actually *has* any interesting solutions seems quite difficult....
                                                        -- Jerry