**Session Date/Time:** 23 Jul 2025 12:30

# privacypass

## Summary

The privacypass meeting covered several key topics, including updates on existing drafts, discussions on anonymous rate-limited credentials (ARC), new directions in rate limiting, and the presentation of anonymous credit tokens. Key discussions revolved around the privacy implications of ARC, the potential for public verifiability, and the integration of abuse control mechanisms. The meeting concluded with a plan to initiate an adoption call for ARC.

## Key Discussion Points

*   **Anonymous Rate-Limited Credentials (ARC):** Kathy presented ARC as an improvement over existing rate-limited privacy pass tokens, highlighting its per-client rate limiting built into the cryptography and the ability to create many tokens from one issuance. The trade-off is private key verifiability.
*   **Public Verifiability of ARC:**  The working group discussed the interest in a publicly verifiable version of ARC and whether it should be included in the current spec or a separate one.
*   **Nonce Privacy in ARC:** Concerns were raised about the privacy implications of the nonce being sent in the clear in ARC.  Options were discussed, including power-of-two rate limits and more complex cryptography to hide the nonce.
*   **New Directions in Rate Limiting:** Watson presented new approaches to rate limiting, including information-theoretic rate limiting using circuits, focusing on post-quantum security.
*   **Anonymous Credit Tokens:** Sam presented anonymous credit tokens, a concept for decoupling actions from actors for different-sized tasks and incorporating abuse control feedback loops.
*   **Integration of Abuse Control:** The session discussed how to integrate abuse counters and propagate abuse signals back to the issuer.

## Decisions and Action Items

*   **Action Item:** Chairs to initiate an adoption call for the ARC draft.
*   **Decision:** Explore integrating the best possible way to hide the nonce in the ARC protocol.
*   **Action Item:** Sam will work on a document explaining the interactions between the different roles for the Anonymous Credit Token System. This will specify how to deploy the system, work over HTTP, and manage the exchange of values.

## Next Steps

*   Proceed with the adoption call for the ARC draft.
*   Continue discussions on the list regarding ARC, nonce privacy, and public verifiability.
*   Further develop the Anonymous Credit Token specification, with focus on system interactions and deployment details.