Skip to content

CONCEPT Cited by 1 source

Anonymous credential

An anonymous credential is a cryptographic primitive that lets a client prove the result of a check (e.g. "I solved a challenge", "I have good standing with this service", "I have not exceeded a rate limit") without turning the result into a stable identifier.

The core property

Given an issuer, a client, and an origin:

  • The issuer mints tokens to the client after the client passes a check (performed by the issuer or a trusted attester).
  • The client later presents a token to an origin as proof that the check was passed.
  • Neither the issuer nor the origin can correlate a specific issuance event with a specific redemption — this is concepts/unlinkability.

The combination — proof of a past check, unlinkable to the original check event — is what makes it possible to move toward the third corner of the rate-limit trilemma (anonymous + accountable + decentralized) without forcing users to choose between privacy and access.

Primitive stack

Modern anonymous-credential deployments build on a small set of cryptographic primitives:

  • VOPRF (Verifiable Oblivious PRF) — standardized in RFC 9497; used in Privacy Pass's privately-verifiable issuance.
  • Blind RSA signatures — used in Privacy Pass's publicly- verifiable issuance (RFC 9578 §5.5).
  • Batch issuance + blinding — client obtains N tokens at once without the issuer learning which specific token will be presented where.
  • Tag-based scoping — tokens carry a scope identifier so a token valid against origin A cannot be replayed against origin B.

All of these feed into Privacy Pass (RFC 9576 architecture; RFC 9578 protocols), which is the canonical wiki instance of the primitive class at deployed scale.

Beyond basic tokens: ARC and ACT

Base Privacy Pass tokens are 1:1 — one issued token, one redemption. Two structural limitations motivate successors:

  • No dynamic rate limiting. Once tokens are issued, an issuer cannot revoke remaining ones if the client begins to abuse. Handled by ARC (Anonymous Rate-Limit Credentials).
  • Excessive issuance round-trips. Each redemption requires a new issuance call. Handled by ACT (Anonymous Credit Tokens): client contacts issuer once and can make multiple unlinkable scoped presentations against an origin.

Both ride on the same VOPRF / BlindRSA primitives inside the reverse-flow framework.

What anonymous credentials don't do

Cloudflare explicitly names two classes of residual risk:

  1. End-to-end anonymity is broader than unlinkability. Anonymous credentials preserve unlinkability at the protocol level. Correlation via IP addresses, cookies, account state, or timing can still re-identify clients. Anonymous credentials are one property in a full deployment — they remove one attack vector; other vectors remain.
  2. Infrastructure for proving any attribute is infrastructure for requiring any attribute. A system that proves "I solved a CAPTCHA" can, with the same machinery, prove "I have device attestation from manufacturer X". Good designs must guard against requiring exclusionary attributes (see patterns/open-issuer-ecosystem and the open-Web guardrail).

Mitigation vs. tracking lens

Anonymous credentials are the mitigation answer to the tracking failure mode of fingerprinting: both schemes give the origin a decision signal, but fingerprinting conflates mitigation with persistent identification, while anonymous credentials separate them. See concepts/fingerprinting-vector for the contrast.

Seen in

Last updated · 200 distilled / 1,178 read