Implementing Secure Reporting of Sexual Misconduct - Revisiting WhoToo.

Reporting sexual assault or harassment is notoriously difficult, and even though more victims are coming forward every year, a significant percentage of victims do not formally report it (Morgan and Oudekerk - U.S. Department of Justice). Studies have shown that most sexual assault episodes occur by repeat perpetrators and that people are more likely to report if they know that other victims of the same aggressor exist (Callisto Homepage). Recently, the WhoToo protocol (Kuykendall, Krawczyk and Rabin - POPETS 2019) presented a system in which the identities of the accuser and the accused are protected until a certain pre-specified number (quorum) of victims reports the same perpetrator. We revisit this protocol from an implementation perspective, shedding light on necessary clarifications and optimizations. We first identify several key operations whose implementation was left unclear. One of such operations, if implemented in a straightforward fashion by using other WhoToo subroutines would compromise anonymity. Fixes for another were simple but required a new (but straightforward) security proof. Such fixes, although rather minor, are important for a system whose design emphasizes practicality and fast operations. Our second contribution concerns efficiency. Using a Distributed Input PRF and a variant of Robust Anonymous IBE Encryption, we improve detection of duplicated and matching accusations. Given N accusations, our solution requires O(1) instead of O(N) distributed operations (the most expensive primitive in WhoToo) to detect duplicates and matching accusations once the quorum is reached. Our results give raise to WhoToo(+), a practical and more efficient variant of WhoToo that preserves the original security guarantees.