Paper 2023/1805
On the Security of Rate-limited Privacy Pass
Abstract
The privacy pass protocol allows users to redeem anonymously issued cryptographic tokens instead of solving annoying CAPTCHAs. The issuing authority verifies the credibility of the user, who can later use the pass while browsing the web using an anonymous or virtual private network. Hendrickson et al. proposed an IETF draft (privacypass-rate-limit-tokens-00) for a rate-limiting version of the privacy pass protocol, also called rate-limited Privacy Pass (RlP). Introducing a new actor called a mediator makes both versions inherently different. The mediator applies access policies to rate-limit users’ access to the service while, at the same time, should be oblivious to the website/origin the user is trying to access. In this paper, we formally define the rate-limited Privacy Pass protocol and propose a game-based security model to capture the informal security notions introduced by Hendrickson et al.. We show a construction from simple building blocks that fulfills our security definitions and even allows for a post-quantum secure instantiation. Interestingly, the instantiation proposed in the IETF draft is a specific case of our construction. Thus, we can reuse the security arguments for the generic construction and show that the version used in practice is secure.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. ACM CCS 2023
- Keywords
- privacy passrate-limitingkey blinding signature
- Contact author(s)
-
hien chu @ fau de
khue do @ cispa de
hanzlik @ cispa de - History
- 2023-11-24: revised
- 2023-11-23: received
- See all versions
- Short URL
- https://ia.cr/2023/1805
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1805, author = {Hien Chu and Khue Do and Lucjan Hanzlik}, title = {On the Security of Rate-limited Privacy Pass}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1805}, year = {2023}, url = {https://eprint.iacr.org/2023/1805} }