Skip to content

SYSTEM Cited by 1 source

ACT — Anonymous Credit Tokens

ACT (Anonymous Credit Tokens) is an IETF Privacy Pass draft — draft-schlesinger-privacypass-act-01 — that extends Privacy Pass with credit-style credentials: a client contacts the issuer once and can later make multiple unlinkable scoped presentations against an origin.

What problem ACT solves

Base Privacy Pass is 1:1: one issued token, one redemption. If a client expects to interact with an origin many times, it has to round-trip to the issuer for each token. ACT changes the shape: the client obtains a credit-token credential representing a balance and presents scoped proofs derived from it many times against a specific origin context.

The post's framing:

"There's a 1:1 relationship between the number of tokens that an issuer provides, and the number of unlinkable presentations that can be made with those tokens when they are redeemed: one token per presentation. Ideally, we would like a system in which the client contacts an issuer once and can later make multiple presentations scoped to a particular origin context. That points toward user agents holding vouched credentials and presenting proofs derived from them, rather than repeatedly acquiring single-use tokens."

ACT is that design.

The example from the post

"With ACT, for instance, clients can prove something like 'I have a good history with this service' without revealing 'I am this user.' ACT preserves unlinkability between presentations at the protocol level, which is the key cryptographic property here. Even in the joint issuer-origin deployment model in Section 4.3 of RFC 9576, the protocol is designed so that token issuance and presentation are not directly linkable."

Two properties composed:

  • Behavior proof without identity proof — "good history with this service" without "I am this user" (see concepts/identity-vs-behavior-proof).
  • Unlinkability across multiple presentations from a single issuance — key to making the primitive usable for frequent client-origin interactions.

Cryptographic substrate

ACT rides on top of standardized primitives:

The "same properties can be provided using standardized VOPRF and BlindRSA primitives within the reverse flow framework that ACT implements."

What ACT doesn't fix

  • Correlation via other layers. Unlinkability is protocol- level; IP addresses, cookies, account state, and timing can still correlate presentations. (See concepts/unlinkability.)
  • Origin-issuer trust. The origin must choose to trust the issuer — a poor-quality issuer is still a quality problem, just a privacy-preserving one.
  • Rate-limit semantics. Where "how many presentations per window" is the primary question, the narrower primitive ARC is the closer fit.

Positioning relative to ARC

ACT and ARC are siblings in the Privacy Pass WG's 2026 agenda:

  • ACT — general credit-token primitive: many scoped presentations per issuance; broad framing ("I have good history with this service").
  • ARC — narrower rate-limit-specific primitive with redemption-budget semantics.

The 2026-04-21 post presents them as complementary: ACT generalizes the primitive class, ARC is the rate-limit specialization.

Deployment status

  • IETF draft, not yet final. No production deployment numbers disclosed in the post.
  • Cloudflare co-developing.
  • Rides the same cryptographic stack already deployed for base Privacy Pass (which is live at billion-token/day scale).

Seen in

Last updated · 200 distilled / 1,178 read