[Cryptography] Secret Handshake problem.

[Peter Gutmann]

James A. Donald <jamesd at echeque.com> writes:

>Also known as the "Are you also a Soviet Spy?" problem.

I've got a variant of this which is an actual real-world problem in pressing
need of a solution, rather than a theoretical one created to justify
publishing a crypto idea.  And since it's a real-world problem, there are also
real-world constraints...

The problem involves sex workers identifying dangerous customers in a manner
in which it won't end up as another Ashley Madison.  Currently this is done
via printed blacklists that can be consulted in centralised locations (many of
the street workers don't have phones, this part is a bit out-of-scope for a
technical solution).  The blacklists are printed off from a database that,
depending on who's set it up, probably isn't secure against a concerted
attack, so having a catalogue of clients in electronically lootable form is
another problem to be solved.

Clients are identified by phone numbers and/or car plates, so the question is
"is it safe to get in this car" or "should I take a call from this number"?
The average lifetime of a sex worker's phone is about three weeks, so they
tend to buy the cheapest feature phone they can get rather than any kind of
smart phone.  In other words high-powered crypto protocols aren't going to cut
it.

Finally, the checking mechanism should be done in a manner that makes
enumeration ("which of these car license places in the parliamentary car park
is on a blacklist of people who abuse sex workers?") difficult.  The UK used
to have a rather neat system where you could do live checking, but when a
client threatened legal action claiming that the fact that their name was on a
blacklist was defamatory, it was shut down, or at least reverted to offline
checks only (it seems unlikely that they would have actually pursued the case,
but the threat was enough to get it shut down).  So this aspect doesn't have
to be cryptographically secure, merely good enough that it can't be misused by
the media to say "politician X is definitely confirmed to be someone who
abuses sex workers".  This is also something that makes it slightly unusual
for a crypto protocol, none of it is black-and-white, both the problems and
the solutions are fuzzy and more tied to social factors rather than hard
maths.

In any case, that's the problem.  The purpose of this post isn't so much to
try and point out a solution but to publish details of an actual real-world
problem that crypto could be applied to.

Peter.