OTFcreds: Activity 2.6 Collect feedback and present the library

[jbonisteel]

We will attend relevant security and cryptography conferences to present the outcome of our work and to collect feedback on how to improve it. These conferences might include Usenix, IEEE S&P, CCS, and Real World Crypto. Mainly the cryptographer (and potentially the CTO) will travel to present the library and collect feedback about it.

Output: a blog post about our work (outlining the outcome of the project) to collect further feedback from the internet freedom community.

[agrabeli]

On 14th October 2205, Michele Orrù, the cryptographer of this project, presented the academic paper for the core anonymous credential system at ACM CCS 2025 in Taiwan: https://www.sigsac.org/ccs/CCS2025/accepted-papers/

Throughout 2025, the cryptographer also presented this work at many universities and research institutions:

• MIT presentation about the anonymous credential system
• Stanford University presentation about draft-irtf-cfrg-fiat-shamir
• Kings College presentation about draft-irtf-cfrg-fiat-shamir
• Permutation-Based Crypto 2025 presentation about draft-irtf-cfrg-fiat-shamir
• CWI presentation about draft-irtf-cfrg-fiat-shamir

In early November 2025, the core library was announced on the IETF mailing list: https://mailarchive.ietf.org/arch/msg/cfrg/w5iB58BCOrEE8w0A2OoGOPOzDSo/

[agrabeli]

The cryptographic library was developed as a separate component and is now available on GitHub (https://github.com/sigma-rs/). OONI has a wrapper (https://github.com/ooni/userauth) over it that limits the use of the library to OONI-specific use cases.

Notably, this project received lots of feedback from internationally renowned cryptographers, Ian Goldberg (University of Waterloo) and Lindsey Tulloch (Tor Project), who helped find bugs, assisted in the development of some of the layers, and made the tool usable also by other projects. The project also received feedback and advice on best practices from Victor Graf (RISC0, listed now as a co-author) and Christopher Patton (Cloudflare, cf. #80).

In parallel, two specifications for zero-knowledge proofs used by OONI are now part of the IETF CFRG:
https://datatracker.ietf.org/doc/draft-irtf-cfrg-sigma-protocols/
https://datatracker.ietf.org/doc/draft-irtf-cfrg-fiat-shamir/

This generated lots of interest from the wider community. Some example threads with big community engagement include:
https://mailarchive.ietf.org/arch/msg/cfrg/0fIvgCRRq8bV4L5taY-el8YgRt0/
https://mailarchive.ietf.org/arch/msg/cfrg/nOguhB374sipC5tbP8wUn96KdGE/

Feedback – mostly from Apple, Google, and Cloudflare – resulted in GitHub issues (see, for example, the API framing and the reasoning behind some decisions: #79).

We also received a free audit from Open Zeppelin: https://www.openzeppelin.com/news/interactive-sigma-proofs-and-fiat-shamir-transformation-proof-of-concept-implementation-audit

All issues found will be integrated into the next release of the cryptographic library.

[agrabeli]

The only thing missing before completing this deliverable and closing this ticket is the publication of this blog post: ooni/ooni.org#1857