raphaelrobert · raphaelrobert · May 16, 2025 · May 16, 2025 · May 16, 2025
diff --git a/benches/amortized.rs b/benches/amortized.rs
@@ -3,23 +3,23 @@ use p384::NistP384;
 use tokio::runtime::Runtime;
 
 use privacypass::{
-    PPCipherSuite,
     amortized_tokens::{
         AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, AmortizedToken, server::Server,
     },
     auth::authenticate::TokenChallenge,
+    common::private::PrivateCipherSuite,
     test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf},
 };
 use voprf::Ristretto255;
 
-async fn create_amortized_keypair<CS: PPCipherSuite>(
+async fn create_amortized_keypair<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     server: Server<CS>,
 ) {
     let _public_key = server.create_keypair(&key_store).await.unwrap();
 }
 
-async fn issue_amortized_token_response<CS: PPCipherSuite>(
+async fn issue_amortized_token_response<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     server: Server<CS>,
     token_request: AmortizedBatchTokenRequest<CS>,
@@ -30,7 +30,7 @@ async fn issue_amortized_token_response<CS: PPCipherSuite>(
         .unwrap()
 }
 
-async fn redeem_amortized_token<CS: PPCipherSuite>(
+async fn redeem_amortized_token<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     nonce_store: MemoryNonceStore,
     token: AmortizedToken<CS>,
@@ -50,7 +50,7 @@ pub fn criterion_amortized_ristretto255_benchmark(c: &mut Criterion) {
     flow::<Ristretto255>(c);
 }
 
-pub fn flow<CS: PPCipherSuite>(c: &mut Criterion) {
+pub fn flow<CS: PrivateCipherSuite>(c: &mut Criterion) {
     const NR: u16 = 100;
     // Key pair generation
     c.bench_function(

diff --git a/benches/private.rs b/benches/private.rs
@@ -4,21 +4,21 @@ use p384::NistP384;
 use tokio::runtime::Runtime;
 
 use privacypass::{
-    PPCipherSuite,
     auth::{authenticate::TokenChallenge, authorize::Token},
+    common::private::PrivateCipherSuite,
     private_tokens::{TokenRequest, TokenResponse, server::Server},
     test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf},
 };
 use voprf::Ristretto255;
 
-async fn create_private_keypair<CS: PPCipherSuite>(
+async fn create_private_keypair<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     server: Server<CS>,
 ) {
     let _public_key = server.create_keypair(&key_store).await.unwrap();
 }
 
-async fn issue_private_token_response<CS: PPCipherSuite>(
+async fn issue_private_token_response<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     server: Server<CS>,
     token_request: TokenRequest<CS>,
@@ -29,7 +29,7 @@ async fn issue_private_token_response<CS: PPCipherSuite>(
         .unwrap()
 }
 
-async fn redeem_private_token<Nk: ArrayLength<u8>, CS: PPCipherSuite>(
+async fn redeem_private_token<Nk: ArrayLength<u8>, CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     nonce_store: MemoryNonceStore,
     token: Token<Nk>,
@@ -49,7 +49,7 @@ pub fn criterion_private_ristretto255_benchmark(c: &mut Criterion) {
     flow::<Ristretto255>(c);
 }
 
-pub fn flow<CS: PPCipherSuite>(c: &mut Criterion) {
+pub fn flow<CS: PrivateCipherSuite>(c: &mut Criterion) {
     // Key pair generation
     c.bench_function(
         &format!("PRIVATE SERVER ({}): Generate key pair", CS::ID),

diff --git a/src/amortized_tokens/request.rs b/src/amortized_tokens/request.rs
@@ -7,24 +7,24 @@ use typenum::Unsigned;
 use voprf::{Group, Result, VoprfClient};
 
 use crate::{
-    ChallengeDigest, Nonce, PPCipherSuite, TokenInput, TokenType, TruncatedTokenKeyId,
+    ChallengeDigest, Nonce, TokenInput, TokenType, TruncatedTokenKeyId,
     auth::authenticate::TokenChallenge,
     common::{
         errors::IssueTokenRequestError,
-        private::{PublicKey, public_key_to_token_key_id},
+        private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id},
     },
     truncate_token_key_id,
 };
 
 /// State that is kept between the token requests and token responses.
-pub struct TokenState<CS: PPCipherSuite> {
+pub struct TokenState<CS: PrivateCipherSuite> {
     pub(crate) clients: Vec<VoprfClient<CS>>,
     pub(crate) token_inputs: Vec<TokenInput>,
     pub(crate) challenge_digest: ChallengeDigest,
     pub(crate) public_key: PublicKey<CS>,
 }
 
-impl<CS: PPCipherSuite> std::fmt::Debug for TokenState<CS> {
+impl<CS: PrivateCipherSuite> std::fmt::Debug for TokenState<CS> {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.debug_struct("TokenState")
             .field("clients", &self.clients.len())
@@ -43,7 +43,7 @@ impl<CS: PPCipherSuite> std::fmt::Debug for TokenState<CS> {
 /// } BlindedElement;
 /// ```
 #[derive(Debug)]
-pub struct BlindedElement<CS: PPCipherSuite> {
+pub struct BlindedElement<CS: PrivateCipherSuite> {
     pub(crate) _marker: std::marker::PhantomData<CS>,
     pub(crate) blinded_element: Vec<u8>,
 }
@@ -58,21 +58,21 @@ pub struct BlindedElement<CS: PPCipherSuite> {
 /// } AmortizedBatchTokenRequest;
 /// ```
 #[derive(Debug, TlsDeserialize, TlsSerialize, TlsSize)]
-pub struct AmortizedBatchTokenRequest<CS: PPCipherSuite> {
+pub struct AmortizedBatchTokenRequest<CS: PrivateCipherSuite> {
     pub(crate) token_type: TokenType,
     pub(crate) truncated_token_key_id: TruncatedTokenKeyId,
     pub(crate) blinded_elements: Vec<BlindedElement<CS>>,
 }
 
-impl<CS: PPCipherSuite> AmortizedBatchTokenRequest<CS> {
+impl<CS: PrivateCipherSuite> AmortizedBatchTokenRequest<CS> {
     /// Returns the number of blinded elements
     #[must_use]
     pub fn nr(&self) -> usize {
         self.blinded_elements.len()
     }
 }
 
-impl<CS: PPCipherSuite> AmortizedBatchTokenRequest<CS> {
+impl<CS: PrivateCipherSuite> AmortizedBatchTokenRequest<CS> {
     /// Issue a new token request.
     ///
     /// # Errors
@@ -178,13 +178,13 @@ impl<CS: PPCipherSuite> AmortizedBatchTokenRequest<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Size for BlindedElement<CS> {
+impl<CS: PrivateCipherSuite> Size for BlindedElement<CS> {
     fn tls_serialized_len(&self) -> usize {
         <<CS::Group as Group>::ElemLen as Unsigned>::USIZE
     }
 }
 
-impl<CS: PPCipherSuite> Serialize for BlindedElement<CS> {
+impl<CS: PrivateCipherSuite> Serialize for BlindedElement<CS> {
     fn tls_serialize<W: std::io::Write>(
         &self,
         writer: &mut W,
@@ -194,7 +194,7 @@ impl<CS: PPCipherSuite> Serialize for BlindedElement<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Deserialize for BlindedElement<CS> {
+impl<CS: PrivateCipherSuite> Deserialize for BlindedElement<CS> {
     fn tls_deserialize<R: std::io::Read>(
         bytes: &mut R,
     ) -> std::result::Result<Self, tls_codec::Error>

diff --git a/src/amortized_tokens/response.rs b/src/amortized_tokens/response.rs
@@ -5,9 +5,11 @@ use typenum::Unsigned;
 use voprf::{EvaluationElement, Group, Proof, Result, VoprfClient};
 
 use crate::{
-    PPCipherSuite,
     auth::authorize::Token,
-    common::errors::{IssueTokenError, SerializationError},
+    common::{
+        errors::{IssueTokenError, SerializationError},
+        private::PrivateCipherSuite,
+    },
 };
 
 use super::{AmortizedToken, TokenState};
@@ -21,7 +23,7 @@ use super::{AmortizedToken, TokenState};
 /// ```
 
 #[derive(Debug, PartialEq)]
-pub struct EvaluatedElement<CS: PPCipherSuite> {
+pub struct EvaluatedElement<CS: PrivateCipherSuite> {
     pub(crate) _marker: std::marker::PhantomData<CS>,
     pub(crate) evaluated_element: Vec<u8>,
 }
@@ -35,13 +37,13 @@ pub struct EvaluatedElement<CS: PPCipherSuite> {
 /// } AmortizedBatchTokenResponse;
 /// ```
 #[derive(Debug)]
-pub struct AmortizedBatchTokenResponse<CS: PPCipherSuite> {
+pub struct AmortizedBatchTokenResponse<CS: PrivateCipherSuite> {
     pub(crate) _marker: std::marker::PhantomData<CS>,
     pub(crate) evaluated_elements: Vec<EvaluatedElement<CS>>,
     pub(crate) evaluated_proof: Vec<u8>,
 }
 
-impl<CS: PPCipherSuite> AmortizedBatchTokenResponse<CS> {
+impl<CS: PrivateCipherSuite> AmortizedBatchTokenResponse<CS> {
     /// Create a new `TokenResponse` from a byte slice.
     ///
     /// # Errors
@@ -113,13 +115,13 @@ impl<CS: PPCipherSuite> AmortizedBatchTokenResponse<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Size for EvaluatedElement<CS> {
+impl<CS: PrivateCipherSuite> Size for EvaluatedElement<CS> {
     fn tls_serialized_len(&self) -> usize {
         <<CS::Group as Group>::ElemLen as Unsigned>::USIZE
     }
 }
 
-impl<CS: PPCipherSuite> Serialize for EvaluatedElement<CS> {
+impl<CS: PrivateCipherSuite> Serialize for EvaluatedElement<CS> {
     fn tls_serialize<W: std::io::Write>(
         &self,
         writer: &mut W,
@@ -129,7 +131,7 @@ impl<CS: PPCipherSuite> Serialize for EvaluatedElement<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Deserialize for EvaluatedElement<CS> {
+impl<CS: PrivateCipherSuite> Deserialize for EvaluatedElement<CS> {
     fn tls_deserialize<R: std::io::Read>(
         bytes: &mut R,
     ) -> std::result::Result<Self, tls_codec::Error>
@@ -145,14 +147,14 @@ impl<CS: PPCipherSuite> Deserialize for EvaluatedElement<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Size for AmortizedBatchTokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Size for AmortizedBatchTokenResponse<CS> {
     fn tls_serialized_len(&self) -> usize {
         let len = 2 * <<CS::Group as Group>::ScalarLen as Unsigned>::USIZE;
         self.evaluated_elements.tls_serialized_len() + len
     }
 }
 
-impl<CS: PPCipherSuite> Deserialize for AmortizedBatchTokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Deserialize for AmortizedBatchTokenResponse<CS> {
     fn tls_deserialize<R: std::io::Read>(
         bytes: &mut R,
     ) -> std::result::Result<Self, tls_codec::Error>
@@ -172,7 +174,7 @@ impl<CS: PPCipherSuite> Deserialize for AmortizedBatchTokenResponse<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Serialize for AmortizedBatchTokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Serialize for AmortizedBatchTokenResponse<CS> {
     fn tls_serialize<W: std::io::Write>(
         &self,
         writer: &mut W,

diff --git a/src/amortized_tokens/server.rs b/src/amortized_tokens/server.rs
@@ -7,10 +7,10 @@ use typenum::Unsigned;
 use voprf::{BlindedElement, Group, Result, VoprfServer, VoprfServerBatchEvaluateFinishResult};
 
 use crate::{
-    NonceStore, PPCipherSuite, TokenInput,
+    NonceStore, TokenInput,
     common::{
         errors::{CreateKeypairError, IssueTokenResponseError, RedeemTokenError},
-        private::{PublicKey, public_key_to_token_key_id},
+        private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id},
         store::PrivateKeyStore,
     },
     truncate_token_key_id,
@@ -20,11 +20,11 @@ use super::{AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, AmortizedTo
 
 /// Server-side component of the batched token issuance protocol.
 #[derive(Default, Debug)]
-pub struct Server<CS: PPCipherSuite> {
+pub struct Server<CS: PrivateCipherSuite> {
     _marker: std::marker::PhantomData<CS>,
 }
 
-impl<CS: PPCipherSuite> Server<CS> {
+impl<CS: PrivateCipherSuite> Server<CS> {
     /// Create a new server. The new server does not contain any key material.
     #[must_use]
     pub const fn new() -> Self {
@@ -199,7 +199,7 @@ impl<CS: PPCipherSuite> Server<CS> {
 
 #[cfg(test)]
 mod tests {
-    use crate::PPCipherSuite;
+    use crate::common::private::PrivateCipherSuite;
     use p384::NistP384;
     use voprf::{Group, Ristretto255};
 
@@ -215,7 +215,7 @@ mod tests {
     }
 
     #[cfg(test)]
-    fn key_serialization_cs<CS: PPCipherSuite>(pk: <CS::Group as Group>::Elem)
+    fn key_serialization_cs<CS: PrivateCipherSuite>(pk: <CS::Group as Group>::Elem)
     where
         <<CS as voprf::CipherSuite>::Group as voprf::Group>::Elem: std::cmp::PartialEq,
         <<CS as voprf::CipherSuite>::Group as voprf::Group>::Elem: std::fmt::Debug,

diff --git a/src/common/private.rs b/src/common/private.rs
@@ -1,21 +1,51 @@
 //! Types that used by private tokens
 
 use sha2::{Digest, Sha256};
+use std::fmt::Debug;
 use voprf::{CipherSuite, Error, Group};
 
-use crate::{PPCipherSuite, TokenKeyId, TruncatedTokenKeyId, truncate_token_key_id};
+use crate::{TokenKeyId, TokenType, TruncatedTokenKeyId, truncate_token_key_id};
+
+/// Trait for a cipher suite that can be used with the Privacy Pass protocol.
+pub trait PrivateCipherSuite:
+    CipherSuite<Group: Group<Elem: Send + Sync, Scalar: Send + Sync>>
+    + PartialEq
+    + Debug
+    + Clone
+    + Send
+    + Sync
+{
+    /// Returns the token type for the cipher suite.
+    fn token_type() -> TokenType {
+        match Self::ID {
+            "P384-SHA384" => TokenType::PrivateP384,
+            "ristretto255-SHA512" => TokenType::PrivateRistretto255,
+            _ => panic!("Unsupported token type"),
+        }
+    }
+}
+
+impl<C> PrivateCipherSuite for C where
+    C: CipherSuite<Group: Group<Elem: Send + Sync, Scalar: Send + Sync>>
+        + PartialEq
+        + Debug
+        + Clone
+        + Send
+        + Sync
+{
+}
 
 /// Public key alias
 pub type PublicKey<CS> = <<CS as CipherSuite>::Group as Group>::Elem;
 
 /// Convert a public key to a token key ID.
-pub fn public_key_to_truncated_token_key_id<CS: PPCipherSuite>(
+pub fn public_key_to_truncated_token_key_id<CS: PrivateCipherSuite>(
     public_key: &<CS::Group as Group>::Elem,
 ) -> TruncatedTokenKeyId {
     truncate_token_key_id(&public_key_to_token_key_id::<CS>(public_key))
 }
 
-pub(crate) fn public_key_to_token_key_id<CS: PPCipherSuite>(
+pub(crate) fn public_key_to_token_key_id<CS: PrivateCipherSuite>(
     public_key: &<CS::Group as Group>::Elem,
 ) -> TokenKeyId {
     let public_key = serialize_public_key::<CS>(*public_key);
@@ -25,7 +55,9 @@ pub(crate) fn public_key_to_token_key_id<CS: PPCipherSuite>(
 
 /// Serializes a public key.
 #[must_use]
-pub fn serialize_public_key<CS: PPCipherSuite>(public_key: <CS::Group as Group>::Elem) -> Vec<u8> {
+pub fn serialize_public_key<CS: PrivateCipherSuite>(
+    public_key: <CS::Group as Group>::Elem,
+) -> Vec<u8> {
     <CS::Group as Group>::serialize_elem(public_key).to_vec()
 }
 
@@ -34,6 +66,8 @@ pub fn serialize_public_key<CS: PPCipherSuite>(public_key: <CS::Group as Group>:
 /// # Errors
 ///
 /// This function will return an error if the slice is not a valid public key.
-pub fn deserialize_public_key<CS: PPCipherSuite>(slice: &[u8]) -> Result<PublicKey<CS>, Error> {
+pub fn deserialize_public_key<CS: PrivateCipherSuite>(
+    slice: &[u8],
+) -> Result<PublicKey<CS>, Error> {
     <CS::Group as Group>::deserialize_elem(slice)
 }