Non interactive Protocols for Secure and Anonymous Web browsing | Aayush Yadav, GMU

Описание: Abstract: Anonymous tokens are a powerful primitive that allow honest users to access a web resource or service securely while maintaining anonymity. They have found several applications, such as in Cloudflare’s Privacy Pass, Google’s Private State Tokens, and Apple’s Private Cloud Compute. In a typical anonymous token (AT) system, a user wishing to access some web resource, will request a token from an authorized AT issuer who, after performing necessary checks, furnishes said token. A crucial security property of AT is the unlinkability of a token to its corresponding issuance session and, by extension, to the requesting user even by the issuer. Thus, the user can anonymously present its token to a third-party resource server along with its request and the server is assured of the trustworthiness of the user. It was shown by Hanzlik (Eurocrypt '23) that a non-interactive protocol exists for many such modern AT applications that satisfy a simple property. Non-interactivity greatly improves the application experience by allowing for optimal round-trip time for user requests through offline pre-computation of tokens. The overarching theme of my talk is the non-interactive issuance of anonymous tokens. More specifically, with an eye towards application(s), I will present (i) a recent result on non-interactive and threshold issuance of anonymous tokens (Baldimtsi, Hanzlik and Yadav) from PS signatures (Pointcheval and Sanders; CT-RSA '16); and (ii) an extension of the non-interactive anonymous tokens that introduces additional user accountability via secret flags embedded into the token (Baldimtsi, Hanzlik, Nguyen and Yadav; ePrint: 2025/430).

Bio: Aayush Yadav is a PhD candidate in Computer Science at George Mason University where he is advised by Foteini Baldimtsi. Since 2023, he has also been a visiting fellow at the University of Wisconsin, Madison. His work focuses on designing practically efficient cryptographic protocols that address the dual concerns of privacy and accountability, with a particular emphasis on blind signature schemes, authentication schemes, zero-knowledge proof systems and threshold cryptosystems.