Scrappy Extension for Counter based Rate‐Limiting

Although Scrappy mainly allows a periodic rate limit,
Scrappy can be easily extended to implement a counter-based rate limit.

Before(Original Scrappy):

This works by setting parameters as follows:

Sign : $\sigma = \texttt{DAA\_Sign}(\texttt{origin} || t, ...)$

Verify : $0|1 = \texttt{DAA\_Verify}(\sigma, \texttt{origin} || t, ...)$

where

• $\texttt{origin}$ is the origin
• t is time-windows

After(Extended Scrappy):

Sign : $\sigma = \texttt{DAA\_Sign}(\texttt{origin} || t || t', ...)$

Verify : $0|1 = \texttt{DAA\_Verify}(\sigma, \texttt{origin} || t || t', ...)$

where

• $\texttt{origin}$ is the origin
• $t'$ is the random number shorter than $k$ and not used before
• $t$ is time-windows
• $k$ is the max of rate-limit

Privacy Consideration

The verifier may attempt to track users by the $t'$,
e.g., a verifier tries to track users by remaining choices.

However, the verifier cannot do this.
This is because the verifier cannot know the remaining choice for the following reasons:

• Verifier cannot infer the $t'$.
  • This is because the signer chooses $t'$ randomly.
• Verifier cannot know the remaining choice $t$.
  • This is because it requires user tracking but is impossible (due to Scrappy's unlinkability).
    (Conversely, to know this, the verifier would need to track users with another scheme.)

Disclaimer

This is just Kosei Akama's note and does not represent the opinion of our team.