BISON: Blind Identification with Stateless scOped pseudoNyms

Delegating authentication to identity providers like Google or Facebook, while convenient, compromises user privacy. These identity providers can record users' every move; the global identifiers they provide also enable internet-wide tracking. We show that neither is a necessary evil by presenting the BISON pseudonym derivation protocol, inspired by Oblivious Pseudorandom Functions. It hides the service provider's identity from the identity provider yet produces a trusted, scoped, immutable pseudonym. Colluding service providers cannot link BISON pseudonyms; this prevents user tracking. BISON does not require a long-lived state on the user device and does not add additional actors to the authentication process. BISON is practical. It is easy to understand, implement, and reason about, and is designed to integrate into existing authentication protocols. To demonstrate this, we provide an OpenID Connect extension that allows OIDC's PPID pseudonyms to be derived using BISON while remaining fully backwards compatible. Additionally, BISON uses only lightweight cryptography. Pseudonym derivation requires a total of four elliptic curve scalar-point multiplications and four hash function evaluations, taking ≈ 3 ms in our proof of concept implementation. Thus, BISON's privacy guarantees can be realized in practice. This makes BISON a crucial stepping stone towards the privacy-preserving internet of tomorrow.