Collusion attacks against PuppyLove2.0

Who can compromise privacy ?

Throughout this blog, I will assume that only frontend can be trusted, what happens at the backend should not affect security of the system. If we had to assume that the backend can be trusted, then there’s not much reason to worry about privacy in the first place.

Anyone with direct or indirect access to the server should be able to perform the attack. Cordies, secies or their friends willing to share passwords with them. I’ll explain how such parties can get all the information about hearts if they want.

Its also worth noting similar attacks were also possible on the previous version of PuppyLove. For example last year, I think only offline database was sufficient to get the choices out.

PS: I didn’t have any access to the deployment or data at any point of time.

What and How of it ?

Read https://github.com/pclubiitk/puppylove2.0_backend for context.

1. Assuming code on server may be different from github; Server may store Me’s id along with (SHA(k1), enc(SHA(k1))). When My claims to know the decoding of enc(SHA(k1)), the server gets to know that Me sent a heart to My, irrespective of My’s choice. So choices are known to server even if there’s no match.

2. Assuming server doesn’t store Me’s id along with the pair (SHA(k1), enc(SHA(k1))), still there is a database insertion attack possible. Any server colluding party can insert pairs (SHA(k1), enc(SHA(k1))) as soon as a person signs up. During the publish phase after the match, colluding party can deny confirmation of the match knowledge to server. This gives colluding party the ability to know who all had him/her in their preference list.

3. Last but not the least, even if we assume no such insertions happening, any colluding party gets a chance to send infinite hearts. Limit is imposed only on the backend.

However, I guess pclub wont be trying so hard to attack everyone’s privacy, so don’t withhold your hearts! :P