Paper 2023/1805

On the Security of Rate-limited Privacy Pass

Hien Chu, Friedrich-Alexander-Universität Erlangen-Nürnberg
Khue Do, CISPA Helmholtz Center for Information Security
Lucjan Hanzlik, CISPA Helmholtz Center for Information Security
Abstract

The privacy pass protocol allows users to redeem anonymously issued cryptographic tokens instead of solving annoying CAPTCHAs. The issuing authority verifies the credibility of the user, who can later use the pass while browsing the web using an anonymous or virtual private network. Hendrickson et al. proposed an IETF draft (privacypass-rate-limit-tokens-00) for a rate-limiting version of the privacy pass protocol, also called rate-limited Privacy Pass (RlP). Introducing a new actor called a mediator makes both versions inherently different. The mediator applies access policies to rate-limit users’ access to the service while, at the same time, should be oblivious to the website/origin the user is trying to access. In this paper, we formally define the rate-limited Privacy Pass protocol and propose a game-based security model to capture the informal security notions introduced by Hendrickson et al.. We show a construction from simple building blocks that fulfills our security definitions and even allows for a post-quantum secure instantiation. Interestingly, the instantiation proposed in the IETF draft is a specific case of our construction. Thus, we can reuse the security arguments for the generic construction and show that the version used in practice is secure.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. ACM CCS 2023
Keywords
privacy passrate-limitingkey blinding signature
Contact author(s)
hien chu @ fau de
khue do @ cispa de
hanzlik @ cispa de
History
2023-11-24: revised
2023-11-23: received
See all versions
Short URL
https://ia.cr/2023/1805
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1805,
      author = {Hien Chu and Khue Do and Lucjan Hanzlik},
      title = {On the Security of Rate-limited Privacy Pass},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1805},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1805}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.