Why your information is private? PuppyLove2.0 under the hood
Puppy Love is a platform developed by the Programming Club for the campus community of IIT Kanpur. It goes live a week before Valentine’s Day each year. We aim to strengthen connectivity among the students. This year, we’ve made significant improvements to make your experience even better. Our algorithm has been fine-tuned to offer you more control and privacy. Users can select up to four individuals to send hearts to and will remain anonymous as the sender.
On Valentine’s Day, those with mutual hearts will get to know their matches, starting new connections and conversations. And in the spirit of discretion, Puppy Love ensures that privacy of individuals remains preserved in cases of unreciprocated hearts.
The breakdown of our algorithm is detailed below.
Registration
During the registration process, students input their Institute Roll Number and receive a One-Time Password (OTP) via email. When their password is successfully set and registration is completed, the algorithm generates RSA-2048 Private and Public Keys and SHA256 Hash of the password for the user. These are then sent to the server and stored in the “users” table.
For added security, the Private Key undergoes AES Encryption using the user’s password. This prevents potential decryption of encrypted hashes by the admin and comparing them with the original hash after users submit their choices (elaborated upon below).
Login
During the login process, the client retrieves AES Encrypted Private Key, Public Key, and all the encrypted SHA values with the sender’s gender from the “sent_heart” table. Decryption of these encrypted SHA values with the user’s private key is attempted, and successful decryption indicates that the user has received a heart from someone. In such cases, the count of hearts received by the user from that specific gender is incremented, and the heart is officially claimed by the user (explained later).
Submitting Hearts
Then, the SHA256 hash of this string is calculated and encrypted using the recipient’s Public key. The SHA, encrypted SHAs, and the sender’s gender are sent to the server and stored in the “sent_hearts” table.
No Hearts will be submited after the deadline
Claiming Hearts
If the fetched encrypted SHAs are successfully decrypted by the receiver’s private key, the decrypted SHA is forwarded to the server for verification.
If the decrypted value matches the original SHA, then the verification is successful. This SHA is then claimed, sent to the server, and stored in the “claim_hearts” table.
Return Hearts
For instance, if a user receives n hearts (where 0 <= n <= 4) and submits m hearts (where 0 <= m <= 4), the return_hearts table would encompass n*m entries associated with that particular user.
Matching Hearts
Explanation: Initially, the user sent a heart to their crush, storing it in the “sent_hearts” table. The crush fetches and decrypts the encrypted SHA in the “sent_hearts” table and claims the SHA. Now if the crush reciprocates by sending a heart back to the user, the claimed SHA is encrypted using the user’s public key and sent to the “return_heart” table. The user then fetches and decrypts the returned SHA from the “return_heart” table and compares the decrypted return SHA to his sent SHA’s. If the comparison is successful then we get a match.
The user then transmits the SHA value to the server for verification. Upon successful verification, the roll numbers of both the user and the crush are stored in the “match_table” in preparation for publishing the results on Valentine’s Day.
Publishing
Post the heart submission deadline, users are prompted to provide consent for publishing their results to their respective matches.
Only in cases where both individuals within a matched couple agree to the publication of results, the match is revealed to them on Valentine’s Day.
Note
Puppy Love is a fun and lighthearted initiative, and users should approach it with a sense of enjoyment and openness to various outcomes. The platform cannot guarantee the outcome of any romantic endeavors or connections made through its services. Participants should be aware that the nature of anonymous interactions adds an element of unpredictability to the process. Also note that this is a very high level view of the system, further security measures are applied where needed.
You may view the source code here:
Credits:
Editors: Pratham Sahu
Authors: Gill.Singh.A , Sameer Yadv, Yash, Shreya Shree
