[blink-dev] PSA: Private Proof API Explainer

[Ari Chivukula]

Contact Emails

ari...@chromium.org, samschl...@chromium.org, phil...@chromium.org, sau...@chromium.org, erict...@chromium.org

Explainer
https://explainers-by-googlers.github.io/private-proof/

Cryptography Whitepaper

https://github.com/SamuelSchlesinger/authenticated-pseudonyms/blob/dev/design/Range.pdf

Summary

This API uses Zero-Knowledge Proofs (ZKPs) to allow analysis of potentially identifiable signals while providing only a limited verdict output. For example, it empowers anti-fraud services to verify whether a user possesses an unmodified stored timestamp older than some provided timestamp without disclosing any additional user data. This approach strikes a balance between user privacy and anti-fraud capabilities by enabling websites to request a reputation signal (such as profile age) on which the user agent can enforce meaningful privacy constraints, while making the signal useful enough to remove the need for other burdensome or invasive checks, and allowing the user to clear said signal at will.

Motivation

Protecting users from online fraud and abuse is a shared responsibility between websites and user agents. Historically, unpartitioned storage and third-party cookies (3PC) enabled services to recall when a client was first seen (as well as tracking subsequent events for examining “normal” behavior). This helped established users distinguish themselves from novel clients during Sybil attacks (multiple fake identities) or other spammy behavior, granting established users frictionless access to online services. However, the reduced availability of 3PC and limitations on unpartitioned local storage necessitate a paradigm shift in anti-fraud mechanisms.