Matchmaking problems such as coupling for a school dance, voting negotiations in legislative bodies, and recruiting of high level executives involve identity linked wishes (ILW), which are wishes that involve specific identities and are only valid if those particular entities share the common wishes. The challenge of fair and privacy-enhanced matchmaking with ILW, with conflicting goals of anonymity and authentication, was coined the prom problem (TPP). In this paper, we detail phases of the privacy engineering process used for development of a novel privacy-enhanced technology (PET) for TPP. Early stages consisted of problem framing, definition of security and privacy requirements, protocol development, and theoretical security and complexity analyses. A proof-of-concept implementation and feasibility evaluation including performance testing with real-world systems and networks demonstrated the correctness and practicality of the approach, thereby limiting risk prior to incurring the full costs of production system development. We highlight the system architecture, risks, and the regulatory environment. We conclude with lessons learned and recommendations for privacy engineering. In the rapidly evolving landscape of privacy regulations, PETs can afford competitive advantage, while simultaneously limiting compliance risks.

中文翻译：

---

一种新的增强隐私的技术，通过身份关联的愿望进行公平的婚介

婚介问题，例如学校舞会联席会议，立法机构的投票谈判以及招募高管人员，都涉及身份关联的愿望（ILW），这些愿望涉及特定的身份，并且仅在这些特定实体具有共同愿望的情况下才有效。带有匿名和身份验证目标冲突的ILW对公平和增强隐私的婚介的挑战被称为舞会问题（TPP）。在本文中，我们详细介绍了用于TPP的新型隐私增强技术（PET）开发的隐私工程流程的各个阶段。早期阶段包括问题框架，安全性和隐私要求的定义，协议开发以及理论上的安全性和复杂性分析。概念验证的实施和可行性评估（包括使用实际系统和网络的性能测试）证明了该方法的正确性和实用性，从而在产生生产系统的全部成本之前限制了风险。我们重点介绍系统架构，风险和监管环境。我们以总结的经验教训和有关隐私工程的建议作为结束。在隐私法规迅速发展的格局中，PET可以提供竞争优势，同时限制合规风险。我们以总结的经验教训和有关隐私工程的建议作为结束。在隐私法规迅速发展的格局中，PET可以提供竞争优势，同时限制合规风险。我们以总结的经验教训和有关隐私工程的建议作为结束。在隐私法规迅速发展的格局中，PET可以提供竞争优势，同时限制合规风险。