Abstract
In this paper, we present new important privacy goals for on-line matchmaking protocols, which are resistance to off-line dictionary attacks and forward privacy of users' identities and matching wishes. We enhance traditional privacy requirements (e.g., user anonymity, matching-wish authenticity) with our new privacy goals and define the notion of privacy-enhanced matchmaking. We show that previous solutions for on-line matchmaking do not satisfy the new privacy goals and argue that privacy-enhanced matchmaking cannot be provided by solutions to seemingly related problems such as secret handshakes, set intersection, and trust negotiation. We define an adversary model, which captures the key security properties of privacy-enhanced matchmaking, and show that a simple, practical protocol derived by a two-step transformation of a password-based authenticated key exchange counters adversary attacks in a provable manner (in the standard model of cryptographic security).
