Stronger than a promise: proving Oblivious HTTP privacy properties

The text discusses a formal security analysis conducted on Oblivious HTTP (OHTTP), a protocol that decouples who from what was sent in an HTTP request or response by using public key encryption and a proxy. The goal of the analysis is to ensure that the protocol meets its privacy goals, which include separating client identifying information from requests and preventing linking between future requests from the same client. The text delves into the design of OHTTP, its simplified model, and the use of Tamarin for formal analysis. It also explains how the attacker's capabilities are modeled in the context of this protocol. Finally, it outlines the security properties that were proven using the Tamarin prover, such as gateway authentication, request and response secrecy, relay connection security, AEAD nonce reuse resistance, and client unlinkability.