English

BISON: Blind Identification with Stateless scOped pseudoNyms

Cryptography and Security 2025-07-14 v3

Abstract

Delegating authentication to identity providers like Google or Facebook, while convenient, compromises user privacy. These identity providers can record users' every move; the global identifiers they provide also enable internet-wide tracking. We show that neither is a necessary evil by presenting the BISON pseudonym derivation protocol, inspired by Oblivious Pseudorandom Functions. It hides the service provider's identity from the identity provider yet produces a trusted, scoped, immutable pseudonym. Colluding service providers cannot link BISON pseudonyms; this prevents user tracking. BISON does not require a long-lived state on the user device and does not add additional actors to the authentication process. BISON is practical. It is easy to understand, implement, and reason about, and is designed to integrate into existing authentication protocols. To demonstrate this, we provide an OpenID Connect extension that allows OIDC's PPID pseudonyms to be derived using BISON while remaining fully backwards compatible. Additionally, BISON uses only lightweight cryptography. Pseudonym derivation requires a total of four elliptic curve scalar-point multiplications and four hash function evaluations, taking \approx3 ms in our proof of concept implementation. Thus, BISON's privacy guarantees can be realized in practice. This makes BISON a crucial stepping stone towards the privacy-preserving internet of tomorrow.

Keywords

Cite

@article{arxiv.2406.01518,
  title  = {BISON: Blind Identification with Stateless scOped pseudoNyms},
  author = {Jakob Heher and Stefan More and Lena Heimberger},
  journal= {arXiv preprint arXiv:2406.01518},
  year   = {2025}
}

Comments

Paper artifacts (Source code, Firefox extension, etc) available at https://github.com/iaik-jheher/BISON | Previous paper name: "BISON: Blind Identification through Stateless scOpe-specific derivatioN"

R2 v1 2026-06-28T16:51:33.240Z