Attribute-based Privacy-Preserving Confidential Reporting Framework to Multiple Auditors

In today's strict corporate hierarchies, rigid structures and strict disciplinary rules make employees hesitant to report mistakes, especially involving their superiors, due to fear of blame, punishment, or career setbacks. Despite various concerns, protecting privacy remains the reporters' top priority. In this paper, we present an attribute-based privacy-preserving confidential reporting system with support for multiple reporters (AP-CRS) to ensure the protection of report confidentiality and the preservation of reporter privacy. The proposed AP-CRS offers several notable features: (1) for a given event, multiple auditors can be designated for a report; (2) the system operates without a centralized authority for key distribution, enhancing reporters' trust; and (3) in the absence of an auditor, their superiors within the hierarchy can access and review reports on their behalf. We present a detailed framework and formalize both the security model and its proof for our AP-CRS. The implementation demonstrates its efficiency effectively.