Privacy Pass - “The Math”

In this guest post by Alex Davidson, a PhD student in Cryptography at Royal Holloway, University of London, he discusses the development of an open-source browser extension named ‘Privacy Pass’. The extension works with the Cloudflare edge to help honest users reduce the number of CAPTCHA pages they see when browsing the web. It uses cryptographically blinded tokens that can be signed by supporting servers following some receipt of authenticity, such as a CAPTCHA solution. The browser extension then uses these tokens to prove honesty in future communications with the server without having to solve more authenticity challenges. The post also covers how they developed the protocol and the security considerations taken into account, including using elliptic curve cryptography for efficiency benefits.