Romantic Cryptography

What if you desire to express your love to someone, but fear the consequences if he or she does not return your feelings?

It’s an age old problem – how many of us know someone who asks a friend to go talk to so-and-so to “see if she likes me?”

Just in time for Valentines day, I found this reference to this research paper, Romantic Cryptography, on Light Blue Touchpaper:

Abstract. We show how Alice and Bob can establish whether they love
each other, but without the embarrassment of revealing that they do if
the other party does not share their feelings.
This is a “secure multiparty computation” of the AND function, where
the participants cooperate in producing the result of the AND, but without
learning the input bit contributed by the other party unless the result
implies it.

It’s an interesting algorithm involving scales and “voting” with weighted balls such that no information is revealed unless both parties indicate interest.


They provide some interesting variations using Love/Don’t Love images that only produce an image if both parties fancy the other:


The paper is short, and is certainly worth a skim at the least.

The comments are also interesting.

“Just Dumped” comments that

The protocol fails to anticipate the emotion exhibited by A when she discovers that B does not reciprocate her love. It should of course therefore be apparent that B can launch an “emotional side-channel attack” when the participants execute the protocol in physical proximity of each other.

In addition, JD points out that information is revealed when party “A” requests that the protocol be run.

The problem of information leakage is addressed in the paper:

Another basic objection to the very idea of romantic cryptography is that
whoever starts the protocol probably fancies the other — why would they bother
otherwise? One solution to this is to make it socially acceptable to run the protocol
between randomly chosen pairs of participants. For example, the school
could have a “love day” in which, by decree, everyone runs the protocol against
everyone else. Before our patient readers dismiss all this as silly fantasies unworthy
of their honourable attention, let us just point out that something similar
has already been organized at Cambridge in at least two independent efforts.

Another commenter, “Frank Stejano” points out another  academic paper along the same lines , A Private Matchmaking Protocol.

Abstract: In this paper, we introduce the problem of private matchmaking. Private matchmaking is interesting because it has conflicting requirements for anonymity and authentication. A private matchmaking protocol allows two or more mutually suspicious parties with matching credentials to locate and authenticate each other without revealing their credentials or identities to anyone including the matchmaker. Private matchmaking is more than mutual authentication of suspicious parties in that it has further requirements on privacy and efficient locating. We present a simple and efficient solution to the private matchmaking problem without using public-key cryptography or a trusted matchmaker. Extensions and open problems are also discussed. 1 Introduction With the Internet growing at ever-increasing speeds and people using the Internet for both business and personal activities, privacy issues have become a major concern [9]. In this paper, we consider the problem of Private Matchmaking. Private…

  Who says programmers, cryptographers, and academics are not romantic?

Comments are closed.