 Hey, so this is some work I did at IBM with some people there over the summer and our alternate title is Cryptography for hashtag me too So what problem in particular are we looking at? Well statistics show that most sexual assault is perpetrated by repeat offenders So what happens when the victims of a given perpetrator can get together? They can corroborate their accusations and they can try to bring their perpetrator to justice This is what we want to try to achieve through a cryptographic protocol What would our ideal functionality look like? Well, if we had a trusted third party each victim could give their accusations of the trusted third party the third party could match Accusations which named the same perpetrator and it could alert the victims It could send them to a lawyer do all sorts of things But the main point is it has to match the victims who have the same perpetrator So of course a natural question is how do we remove the trusted third party and before we look at our solution? We're gonna look at some existing Tools that people use to report sexual assault So the first solution and this is something people use in the real world uses no cryptography This is a Google spreadsheet where people list perpetrators in each row and so there's kind of limited security here There's a bit of anonymity because you can log out of your Google account, but other than that there's not a whole lot going for it more recently we have this work called Callisto where we Try to implement a function where a group implements a functionality very similar to what I was describing and They have a lot of features in their system and they seem to do a good job protecting the anonymity of the accuser But one thing we should also look at is how it protects the Accused so to go a little bit technical in their system when they have to match the name of a perpetrator They do this by computing an OPRF. That's an oblivious pseudorandom function on the perpetrator with a fixed key So that gives this value. We're calling pi So the main point of this is that an OPRF is deterministic So if you have two Ps you can compute their pies and compare them to see if they're the same now in some settings This could also be viewed as a weakness. Imagine we compromise the database Then it would be easy to see if the given person had ever been accused You just compute their pie and check if it's in the database. We want a system. That's kind of robust to Attacks like this. So what are we looking for? Specifically we want you to learn if someone's been accused only when you yourself submit an accusation Now we're also worried about the privacy of the accuser So nothing should be revealed about a victim until their record is matched Also, we need to make sure that each record actually has a real accuser attached to it So how do we achieve this? Well, the first thing is we need a new private comparison protocol And once we have that we throw a couple other things together We have group signatures We have proofs of plain sex knowledge and we throw some threshold cryptography on top of all that to kind of Remove the need for central trust So to give you a flavor of our protocol. I have a slide with some math on it So the basic idea is to compare two perpetrator names. We compute additively homomorphic encryptions We subtract them and we multiply by a random value. What do we get when we decrypt that? Well, for the same it should still be zero even though we multiply by a random value and if it's not zero Then it should look kind of random. So that's kind of the basics of our scheme So once we get that working and add the rest of our cryptography We want something that can actually be a practical protocol So we have a proof of concept implementation and we're actually seeing some reasonable run times and we hope this could actually be deployed So what we need we need people to act as Centers in this distributed threshold protocol and once we had that we hope that this could be a practical implementation Thank you so much