HardCrypto

largeHardCryptoLogo

Inspiration

Dildo.io is a popular matchmaking website used by the MIT community, restricted to MIT members. The idea is simple: You select a subset of users you are interested it in, and if the interest is mutual, you both get notified. Hardened dildo.io is a a paper that describes how to build a similar system, with the additional property that the server can't know who you like and dislike.

Our goal for ICHack 17 was to implement the Hardened Dildo.io paper as a web application.

What it does

HardCrypto is a private and cryptographically secure matchmaking service, aimed at student communities, that can guarantee to keep your likes and preferences private without having to trust the server (and whoever hacks into it).

It's like Tinder, but only with verified people from your school, and nobody except for you can know who you like. Or philosophy is one where we put users preference first and assume all options are opt in and that no information (such as sexual orientation) is assumed.

How we built it

The core idea behind HardCrypto is Homomorphic Encryption, a form of encryption that allows computations to be carried out on the ciphertexts without revealing the plaintext. When every user joins, they create an RSA key pair for signing and encrypting messages and publish their public key. Then, for every other user in the system, a Paillier key pair is generated and sent to the other user encrypted with their public RSA key. The server can then perform operations on the numbers encrypted with the Paillier key pair.

Our stack is built in EcmaScript 6. We use node.js, express, mongo for the backend and React for the frontend, along with tons of libraries.

Challenges we ran into

Cryptographic algorithms
Security design

Accomplishments that we're proud of

Mostly working application.
The code we wrote in the first 12 hours was really good, the code we wrote in the next 6 hours was acceptable.
Implemented a complicated crypto scheme.