Privacy Preserving Advertising

Today's online advertising landscape involves various stakeholders—advertisers, publishers, platforms, and users—who have conflicting interests and needs. Advertisers want their ads to reach interested users, publishers need to monetize their content, and users want to maintain their privacy. This creates a complex ecosystem with mutual distrust among parties. Privacy Preserving Advertising (PPA) aims to bridge this gap by designing cryptographic protocols and systems that facilitate a privacy-preserving ad ecosystem.

What is your role in this?

I started working on this project my senior year of college advised by two Professors at Brown University, Malte Schwarzkopf and Anna Lysyanskaya. I helped design the core cryptographic protocol and developed a prototype simulating interactions between advertisers, publishers, platforms, and users. I recruited and supervised an undergraduate collaborator. The project is ongoing and I continue to work in an advisor capacity.

The Protocol Explained

Our protocol leverages a series of cryptographic tokens to enable anonymous interactions among key stakeholders in the online advertising ecosystem. An overview of the protocol can be seen below, followed by a step by step explanation.

PPA protocol diagram
ACL protocol diagram

🔑 User Token: The Anonymous Credential (0)

We begin with a User Token, a digital credential that validates genuine users. Using Direct Anonymous Attestation, the platform pre-seeds a user's device with this token, certifying that it is not a sybil.

PlatformUserPlatformUseruser_token: hidden_user_id, not_sybilpre-seeds user_token

🎯 Ad Impression: The Anonymous Encounter (Blue 1-5)

When a user accesses content from a publisher, the platform issues a Publisher Token. This token helps prevent fraudulent activity on the part of the user by detecting if the identity of the publisher has been fabricated or otherwise tampered with.

PlatformPublisherUserPlatformPublisherUserpublisher_token: hidden_publisher_idissue publisher_tokenvisitssend publisher_token

The user then submits their User and Publisher Tokens to the platform and receives both an Ad for display and an Ad Impression Token signed by the platform. This token serves as evidence that the ad was issued for the publisher, who may later seek payment. In the process, the platform transfers the publisher's identity, which was stored as a hidden attribute, from the Publisher Token to the Ad Impression Token.

PlatformUserPlatformUserad_impression_token: hidden_publisher_id, adsend publisher_token & user_tokenissue ad_impression_token, send Ad

🖥️ Click & Conversion: The Anonymous Transaction (Green 6-7)

Post ad engagement, the user's browser redirects to the advertiser's domain. Importantly, the ad's origin, i.e., the publisher, remains undisclosed to the advertiser. While the platform stays uninformed about user interactions with the ad, the user device forwards the Ad Impression Token to the advertiser, which verifies the platform's signature on it. A Conversion Token is then generated, capturing the essence of the Ad Impression Token, and is signed by the advertiser. The user's client browser receives this Conversion Token, which is sent to the platform for validation, confirming that a legitimate transaction has occurred.

PlatformAdvertiserUserPlatformAdvertiserUserconversion_token: hidden_publisher_id, adsend ad_impression_tokenissue conversion_tokensend conversion_token for validation

💰 IOU Token: The Payment Promise (Purple 8-10, Amber 11-14)

Upon validation of a Conversion Token, the platform issues an IOU token to the client browser. The IOU token embodies the platform's commitment to pay the publisher upon redemption. The publisher's identity is inherited from the Conversion Token and embedded into the IOU token.

PublisherPlatformUserPublisherPlatformUseriou_token: publisher_idsend conversion_tokenissue iou_tokensend iou_token

After receiving the IOU token from the user, the publisher can redeem it with the platform for payment. The platform then charges the advertiser using the previously received Conversion Token, completing the payment cycle.

AdvertiserPlatformPublisherAdvertiserPlatformPublishersend iou_token for redemptionsend conversion_tokenpays three_coinspays two_coins

🛡 Achieving Privacy Objectives

Throughout this process, the identity of the user is never fully disclosed to the platform or advertiser, thanks to the use of cryptographic tokens. Moreover, publishers and advertisers remain anonymous to each other, and the platform can only identify broad events (like ad impressions or conversions), not the specific details (like which user or content was involved). This architecture achieves robust privacy protection for all parties involved. Note that the code for this project is currently private, as it still in the early research stages.

Previous

Scroll to top

Next