The growth of content delivery networks (CDNs) has engendered centralized control over the serving of internet content. An unwanted by-product of this growth is that CDNs are fast becoming global arbiters for which content requests are allowed and which are blocked in an attempt to stanch malicious traffic. In particular, in some cases honest users-especially those behind shared IP addresses, including users of privacy tools such as Tor, VPNs, and I2P - can be unfairly targeted by attempted ‘catch-all solutions’ that assume these users are acting maliciously. In this work, we provide a solution to prevent users from being exposed to a disproportionate amount of internet challenges such as CAPTCHAs. These challenges are at the very least annoying and at their worst - when coupled with bad implementations - can completely block access from web resources. We detail a 1-RTT cryptographic protocol (based on an implementation of an oblivious pseudorandom function) that allows users to receive a significant amount of anonymous tokens for each challenge solution that they provide. These tokens can be exchanged in the future for access without having to interact with a challenge. We have implemented our initial solution in a browser extension named “Privacy Pass”, and have worked with the Cloudflare CDN to deploy compatible server-side components in their infrastructure. However, we envisage that our solution could be used more generally for many applications where anonymous and honest access can be granted (e.g., anonymous wiki editing). The anonymity guarantee of our solution makes it immediately appropriate for use by users of Tor/VPNs/ I2P. We also publish figures from Cloudflare indicating the potential impact from the global release of Privacy Pass.
If the inline PDF is not rendering correctly, you can download the PDF file here.
 Dan Boneh Ben Lynn and Hovav Shacham. Short signatures from the Weil pairing. In Colin Boyd editor ASIACRYPT 2001 volume 2248 of LNCS pages 514-532. Springer Heidelberg December 2001.
 Jonathan Burns Daniel Moore Katrina Ray Ryan Speers and Brian Vohaska. EC-OPRF: Oblivious pseudorandom functions using elliptic curves. Cryptology ePrint Archive Report 2017/111 2017. http://eprint.iacr.org/2017/111.
 David Chaum. Blind signatures for untraceable payments. In David Chaum Ronald L. Rivest and Alan T. Sherman editors CRYPTO’82 pages 199-203. Plenum Press New York USA 1982.
 David Chaum. Blind signature system. In David Chaum editor CRYPTO’83 page 153. Plenum Press New York USA 1983.
 David Chaum Amos Fiat and Moni Naor. Untraceable electronic cash. In Shafi Goldwasser editor CRYPTO’88 volume 403 of LNCS pages 319-327. Springer Heidelberg August 1990.
 David Chaum and Torben P. Pedersen. Wallet databases with observers. In Ernest F. Brickell editor CRYPTO’92 volume 740 of LNCS pages 89-105. Springer Heidelberg August 1993.
 Cisco. The zettabyte era: Trends and analysis 2017. https://www.cisco.com/c/en/us/solutions/collateral/serviceprovider/visual-networking-index-vni/vni-hyperconnectivitywp.html. Accessed Sep 2017.
 Cloudflare. Personal communication 2017.
 Florian Dold and Christian Grothoff. GNU Taler: Ethical online payments for the internet age. ERCIM News 2016(106) 2016.
 Georg Fuchsbauer Christian Hanser Chethan Kamath and Daniel Slamanig. Practical round-optimal blind signatures in the standard model from weaker assumptions. Cryptology ePrint Archive Report 2016/662 2016. http://eprint.iacr.org/2016/662.
 Sanjam Garg and Divya Gupta. Efficient round optimal blind signatures. In Phong Q. Nguyen and Elisabeth Oswald editors EUROCRYPT 2014 volume 8441 of LNCS pages 477-495. Springer Heidelberg May 2014.
 Sanjam Garg Vanishree Rao Amit Sahai Dominique Schröder and Dominique Unruh. Round optimal blind signatures. In Phillip Rogaway editor CRYPTO 2011 volume 6841 of LNCS pages 630-648. Springer Heidelberg August 2011.
 Ryan Henry and Ian Goldberg. Extending Nymble-like systems. In 2011 IEEE Symposium on Security and Privacy pages 523-537. IEEE Computer Society Press May 2011.
 Ryan Henry and Ian Goldberg. Formalizing anonymous blacklisting systems. In 2011 IEEE Symposium on Security and Privacy pages 81-95. IEEE Computer Society Press May 2011.
 Ryan Henry and Ian Goldberg. Batch proofs of partial knowledge. In Michael J. Jacobson Jr. Michael E. Locasto Payman Mohassel and Reihaneh Safavi-Naini editors ACNS 13 volume 7954 of LNCS pages 502-517. Springer Heidelberg June 2013.
 Henry Ryan. Efficient Zero-Knowledge Proofs and Applications. PhD thesis University of Waterloo 2014. http://hdl.handle.net/10012/8621.
 Thomas S. Heydt-Benjamin Hee-Jin Chae Benessa Defend and Kevin Fu. Privacy for public transportation. In George Danezis and Philippe Golle editors Privacy Enhancing Technologies: 6th International Workshop (PET 2006) pages 1-19. Springer 2006.
 Stanislaw Jarecki Aggelos Kiayias and Hugo Krawczyk. Round-optimal password-protected secret sharing and TPAKE in the password-only model. In Palash Sarkar and Tetsu Iwata editors ASIACRYPT 2014 Part II volume 8874 of LNCS pages 233-253. Springer Heidelberg December 2014.
 Stanislaw Jarecki Aggelos Kiayias Hugo Krawczyk and Jiayu Xu. Highly-efficient and composable password-protected secret sharing (or: How to protect your bitcoin wallet online). In EuroS&P pages 276-291. IEEE 2016.
 Florian Kerschbaum Hoon Wei Lim and Ivan Gudymenko. Privacy-preserving billing for e-ticketing systems in public transportation. In Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society WPES ’13 pages 143-154 New York NY USA 2013. ACM.
 Zhuotao Liu Yushan Liu Philipp Winter Prateek Mittal and Yih-Chun Hu. Torpolice: Towards enforcing servicedefined access policies for anonymous communication in the tor network. In 25th IEEE International Conference on Network Protocols ICNP 2017 pages 1-10 2017.
 Peter Lofgren and Nicholas Hopper. BNymble: More anonymous blacklisting at almost no cost (a short paper). In George Danezis editor FC 2011 volume 7035 of LNCS pages 268-275. Springer Heidelberg February / March 2012.
 Dimitrios Papadopoulos Duane Wessels Shumon Huque Moni Naor Jan Vcelák Leonid Reyzin and Sharon Goldberg. Making NSEC5 practical for DNSSEC. Cryptology ePrint Archive Report 2017/099 2017. http: //eprint.iacr.org/2017/099.
 David Pointcheval and Jacques Stern. Provably secure blind signature schemes. In Kwangjo Kim and Tsutomu Matsumoto editors ASIACRYPT’96 volume 1163 of LNCS pages 252-265. Springer Heidelberg November 1996.
 Markus Rückert. Lattice-based blind signatures. In Masayuki Abe editor ASIACRYPT 2010 volume 6477 of LNCS pages 413-430. Springer Heidelberg December 2010.
 Ahmad-Reza Sadeghi Ivan Visconti and Christian Wachsmann. User privacy in transport systems based on RFID e-tickets. Proceedings of the 1st International Workshop on Privacy in Location-Based Applications (PilBA) 2008.
 Claus-Peter Schnorr. Efficient identification and signatures for smart cards. In Gilles Brassard editor CRYPTO’89 volume 435 of LNCS pages 239-252. Springer Heidelberg August 1990.
 Claus-Peter Schnorr and Markus Jakobsson. Security of signed ElGamal encryption. In Tatsuaki Okamoto editor ASIACRYPT 2000 volume 1976 of LNCS pages 73-89. Springer Heidelberg December 2000.
 Tor. List of services blocking Tor 2017. https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor. Accessed Sep 2017.