Callisto Vault: A Cryptographic Approach for Detecting Victims of Serial Perpetrators of Sexual Assault

Scott MacDonald Lucy Qin Mayank Varia

July 13, 2023

Abstract

The nonprofit company Callisto has created a product known as Callisto Vault. Callisto Vault is designed to replace the “whisper network” on college campuses that has previously been the only way for survivors of sexual assault to find out if another survivor has been assaulted by the same perpetrator. Users of Callisto Vault are able to enter identifying information about the perpetrator of an assault. That information is encrypted in such a way that it can only be decrypted by a Legal Options Counselor (a third-party lawyer vetted by Callisto). If two or more survivors enter the same identifying information, each survivor is connected to a Legal Options Counselor (LOC) free of charge. The LOC provides the survivor with legal advice and helps the survivor determine their best path towards justice. That path may include connecting with the other survivors (if all parties agree to it). The design of Callisto Vault is such that relevant communication between a survivor and an LOC is covered by attorney-client privilege. Survivors’ entries in Callisto Vault are protected by a combination of client-side encryption, encrypted communication channels, oblivious pseudo-random functions, and key federation. Shamir Secret Sharing is used to identify perpetrator matches, at which point only the assigned LOC can access identifying information about the survivor and perpetrator. In this paper, we present an informal risk management assessment, a threat model, and an overview of the cryptographic solution used by Callisto Vault.