Home

Privacy Pass Protocol Specification

doc

Privacy Pass Protocol Specification

最初是用在TOR

client -> server 的匿名授权,生成token

server 无法基于 client 的 re-authorization , link 跟踪到初始的授权

intro

cookie 的问题就是token跟踪,跨域跟踪

privacy pass protocol:

  • unlinkability: client一次性获得多个cross-domain的授权token,不用重复认证,且确保匿名性
  • unforgeability: client无法伪造token,或者增加token个数

细节参考 voprf

phase: 1) server setup: skS, pkS

2) client setup: 
pkS, m 

3) issuance:  
client: m (input) -> req (blindToken)
server: resp (evaluation)
client: 
        redemption Token = { input.data, issued: issuedTokens }
与voprf的issuedTokens过程一致

4) redemption:
client:  token, info -> req
    tag = Finalize(token.data, token.issued, info) //info 加 timestamp,生成hash output
    req = redemption request = { data, tag, info }

server: 
    检查是否已遇到过该req.data,避免double spend;
    resp = VerifyFinalize(pkS, skS, req.data, req.info, req.tag) //相当于让server自己做一下签名校验
    如果resp.success,登记req.data

Published

29 March 2021

Tags


Share On