Anonymous credentials are a critical building block for privacy-preserving systems, from EU digital wallets to privacy-respecting authentication schemes. At the IETF, however, they address efficient rate limiting in the presence of CAPTCHA-based human verification.
Current rate limiting systems use blind signatures or OPRFs to issue batches of rate-limiting tokens post-CAPTCHA. While cryptographically sound, this approach incurs communication complexity linear in the number of tokens issued, a significant bottleneck when handling large token batches.
The talk presents two proposals to reduce the token issuance to constant-size communication regardless of batch size, and shows how to combine them to get parallel, revocable tokens
The talk will cover the cryptographic foundations, discuss trade-offs between revocation expressiveness and issuance efficiency, and examine deployment challenges. We'll also explore an interesting secondary application: extending rate limiting to adaptive systems (LLMs, bots) that must solve CAPTCHAs, where the same credential mechanism enables fine-grained behavioral constraints beyond simple token budgets.