Rapidly changing social norms and national, legal, and political conditions socially constrain people from discussing sensitive topics such as sexuality or religion. Such constrained, vulnerable minorities are often worried about inadvertent information disclosure and may be unsure about the extent to which their communications are being monitored in public or semi-public spaces like workplaces or cafes. Personal devices extend trust to the digital domain, making it desirable to have strictly private communication between trusted devices. Currently, messaging services like WhatsApp provide alternative means for exchanging sensitive private information, while personal safety apps such as Noonlight enable private signaling. However, these rely on third-party mechanisms for secure and private communication, which may not be accessible for justifiable reasons, such as insecure internet access or companion device connections. In these cases, it is challenging to achieve communication that is strictly private between two devices instead of user accounts without any dependency on third-party infrastructure. The goal of this paper is to support private communications by setting up a shared secret between two or more devices without sending any data on the network. We develop a method to create a shared secret between phones by shaking them together. Each device extracts the shared randomness from the shake, then conditions the randomness to 7.798 bits per byte of key material. This paper proposes three different applications of this generated shared secret: message obfuscation, trust delegation, and encrypted beacons. We have implemented the message obfuscation on Android as an independent app that can be used for private communication with trusted contacts. We also present research on the usability, design considerations, and further integration of these tools in mainstream services.

翻译：快速变化的社会规范以及国家、法律和政治环境，使人们在讨论性取向或宗教等敏感话题时受到社会性约束。这类受约束的脆弱少数群体常担忧信息无意泄露，并可能不确定在工作场所或咖啡馆等公共/半公共空间中其通信被监控的程度。个人设备将信任延伸至数字领域，使得在可信设备间建立严格私密的通信变得尤为重要。当前，WhatsApp等即时通讯服务为交换敏感私密信息提供了替代方案，而Noonlight等个人安全应用则支持私密信号传递。然而，这些方案均依赖第三方机制实现安全私密通信，可能因正当理由（如不安全的互联网接入或伴侣设备连接）而无法使用。在此类场景下，要实现完全不依赖第三方基础设施、严格限定于两台设备（而非用户账户）间的私密通信极具挑战性。本文旨在通过在不传输任何网络数据的前提下，建立两台或多台设备间的共享密钥来支持私密通信。我们开发了一种通过共同晃动手机生成共享密钥的方法：每台设备从晃动中提取共享随机性，随后将随机性调节至每字节密钥材料7.798比特的熵值。本文提出了该共享密钥的三种应用场景：消息混淆、信任委托和加密信标。我们已在Android平台实现消息混淆功能，将其开发为可与可信联系人进行私密通信的独立应用程序。此外，本文还探讨了这些工具的可用性、设计考量及其在主流服务中的进一步集成方案。