Federated Anonymous Blocklisting across Service Providers and its Application to Group Messaging

TL;DR

The paper addresses moderation in privacy-preserving group messaging by introducing Federated Anonymous Blocklisting (FAB), a distributed framework where many Realms maintain independent blocklists and enforce trust-based cross-Realm blocking during authentication. It combines deterministic per-Realm pseudonyms, negative accumulators for non-membership proofs, and zk-SNARKs to achieve Blocklistability, Unlinkability, and Non-Frameability, with efficiency that scales logarithmically with the maximum blocklist size and without requiring offline synchronization. A concrete FAB construction is provided, along with formal security proofs and a full Rust implementation that integrates FAB with the MLS protocol, enabling practical deployment in messaging groups. The evaluation shows FAB outperforming state-of-the-art AB schemes in key efficiency metrics while maintaining strong privacy and moderation guarantees, highlighting its potential for federated, privacy-preserving moderation in real-world group settings.

Abstract

Instant messaging has become one of the most used methods of communication online, which has attracted significant attention to its underlying cryptographic protocols and security guarantees. Techniques to increase privacy such as End-to-End Encryption and pseudonyms have been introduced. However, online spaces such as messaging groups still require moderation to prevent misbehaving users from participating in them, particularly in anonymous contexts.. In Anonymous Blocklisting (AB) schemes, users must prove during authentication that none of their previous pseudonyms has been blocked, preventing misbehaving users from creating new pseudonyms. In this work we propose an alternative \textit{Federated Anonymous Blocklisting} (FAB) in which the centralised Service Provider is replaced by small distributed Realms, each with its own blocklist. Realms can establish trust relationships between each other, such that when users authenticate to a realm, they must prove that they are not banned in any of its trusted realms. We provide an implementation of our proposed scheme; unlike existing AB constructions, the performance of ours does not depend on the current size of the blocklist nor requires processing new additions to the blocklist. We also demonstrate its applicability to real-world messaging groups by integrating our FAB scheme into the Messaging Layer Security protocol.

Figures (4)

• Figure 1: System model of the FAB scheme. Each Realm has a randomly-generated seed and its own blocklist, and can form trust relationships between them. Users possess a signed credential with their identity. The pseudonym of a user in a specific Realm is calculated deterministically using their respective identity and seed.
• Figure 2: Authentication flow of the FAB scheme. The User $U$ first registers its identity with the Identity Provider and then obtains the list of realms trusted by $R$. $U$ then executes $\mathsf{Auth}$ to prove they are not banned, which is later verified by $R$.
• Figure 3: Description of the relations $R^{ban}$ and $R^{block}$.
• Figure 4: Performance evaluation of our FAB scheme and comparison with state-of-the-art Anonymoust Blocklisting scheme SNARKBlock and ALPACA. We represent our FAB scheme for multiple amounts of trusted realms. The measurements combine the cost of $R^{auth}$ and $R^{ban}$, the latter being executed once for every trusted realm.

Theorems & Definitions (9)

• Definition 4.1
• Definition 4.2
• Definition 4.3
• Theorem 1
• proof
• Theorem 2
• proof
• Theorem 3
• proof