CISPA
Browse

On the Security of Rate-limited Privacy Pass.

Download (837.6 kB)
preprint
posted on 2024-03-19, 10:47 authored by Hien Chu, Khue DoKhue Do, Lucjan HanzlikLucjan Hanzlik
The privacy pass protocol allows users to redeem anonymously issued cryptographic tokens instead of solving annoying CAPTCHAs. The issuing authority verifies the credibility of the user, who can later use the pass while browsing the web using an anonymous or virtual private network. Hendrickson et al. proposed an IETF draft (privacypass-rate-limit-tokens-00) for a rate-limiting version of the privacy pass protocol, also called rate-limited Privacy Pass (RlP). Introducing a new actor called a mediator makes both versions inherently different. The mediator applies access policies to rate-limit users’ access to the service while, at the same time, should be oblivious to the website/origin the user is trying to access. In this paper, we formally define the rate-limited Privacy Pass protocol and propose a game-based security model to capture the informal security notions introduced by Hendrickson et al.. We show a construction from simple building blocks that fulfills our security definitions and even allows for a post-quantum secure instantiation. Interestingly, the instantiation proposed in the IETF draft is a specific case of our construction. Thus, we can reuse the security arguments for the generic construction and show that the version used in practice is secure.

History

Primary Research Area

  • Algorithmic Foundations and Cryptography

BibTeX

@misc{Chu:Do:Hanzlik:2023, title = "On the Security of Rate-limited Privacy Pass.", author = "Chu, Hien" AND "Do, Khue" AND "Hanzlik, Lucjan", year = 2023, month = 11 }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC