Paper 2026/1259

Collaborative Rate Limiting Nullifier Signaling

Yağmur Gürel, Institute of Applied Mathematics, Middle East Technical University
Uğur Şen, Institute of Applied Mathematics, Middle East Technical University
Oğuz Yayla, Institute of Applied Mathematics, Middle East Technical University
Abstract

Rate Limiting Nullifier (RLN) is a privacy-preserving and decentralized spam-prevention mechanism for anonymous broadcast networks: each member can emit at most $r$ signals per epoch, and any violation reveals a secret that enables the member's stake to be slashed. The standard construction binds each membership to a single secret key $\mathsf{sk}_G$, so the unit of identity, the unit of authorization, and the unit of slashing all coincide with one party. This rules out settings in which a group should speak with one voice, share one rate budget, and stand behind one collective bond without any single member being able to act unilaterally. We introduce Collaborative RLN Signaling (coRLN), a protocol that lets $n$ parties register as a single RLN member and signal only by acting jointly. The group secret $\mathsf{sk}_G$ is held as additive shares under SPDZ and never reconstructed; the identity (or rate) commitment, the per-epoch RLN evaluation, and the broadcast proof are produced inside an MPC network using collaborative zk-SNARKs. The group occupies one leaf in the membership Merkle tree, locks one aggregated stake $\mathsf{stake}_G$, and is bound by one rate limit. We present the construction in both the rate-limit-1 and the general $r \geq 1$ settings, and we extend the protocol with a collaborative withdrawal procedure that lets the group exit without ever reconstructing $\mathsf{sk}_G$. We prove three security properties of coRLN by reduction to the collaborative-SNARK composition and the standard primitives underneath: (i) no PPT adversary corrupting up to $n-1$ parties recovers $\mathsf{sk}_G$ as long as one party is honest; (ii) two signals in the same epoch with the same $\mathsf{messageId}$ yield an efficient extractor that recovers $\mathsf{sk}_G$ and triggers forfeiture of $\mathsf{stake}_G$; and (iii) no strict subset of $G$ can produce a verifying signal. The verifier interface and signal shape match classical RLN at the byte level, so coRLN deploys on existing RLN-aware infrastructure with only the verification key updated.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Rate Limiting Nullifiercollaborative SNARKsgroup-authorized anonymous signalingsecure multi-party computation.
Contact author(s)
yagmurg @ metu edu tr
ugursen187 @ gmail com
oguz @ metu edu tr
History
2026-06-20: revised
2026-06-15: received
See all versions
Short URL
https://ia.cr/2026/1259
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2026/1259,
      author = {Yağmur Gürel and Uğur Şen and Oğuz Yayla},
      title = {Collaborative Rate Limiting Nullifier Signaling},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/1259},
      year = {2026},
      url = {https://eprint.iacr.org/2026/1259}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.