To address the problem of malicious users evading bans in anonymous instant messaging by frequently rotating pseudonyms, this paper proposes the Federated Anonymous Blocklist (FAB) mechanism. FAB operates across decentralized, small-scale trusted domains; before joining a group, a user must prove—via zero-knowledge proofs—to the current domain that they are not blocked by any trusted domain, eliminating the need for global synchronization or centralized coordination. Unlike existing Ethereum-dependent approaches, FAB employs a distributed architecture and inter-domain trust chains, ensuring that blocklist verification overhead is independent of list size, thereby significantly improving scalability. The mechanism has been integrated into the Messaging Layer Security (MLS) protocol and validated through deployment in real-world group chat environments, demonstrating its security and practicality under large-scale, low-latency conditions.

Instant messaging has become one of the most used methods of communication online, which has attracted significant attention to its underlying cryptographic protocols and security guarantees. Techniques to increase privacy such as End-to-End Encryption and pseudonyms have been introduced. However, online spaces such as messaging groups still require moderation to prevent misbehaving users from participating in them, particularly in anonymous contexts.. In Anonymous Blocklisting (AB) schemes, users must prove during authentication that none of their previous pseudonyms has been blocked, preventing misbehaving users from creating new pseudonyms. In this work we propose an alternative extit{Federated Anonymous Blocklisting} (FAB) in which the centralised Service Provider is replaced by small distributed Realms, each with its own blocklist. Realms can establish trust relationships between each other, such that when users authenticate to a realm, they must prove that they are not banned in any of its trusted realms. We provide an implementation of our proposed scheme; unlike existing AB constructions, the performance of ours does not depend on the current size of the blocklist nor requires processing new additions to the blocklist. We also demonstrate its applicability to real-world messaging groups by integrating our FAB scheme into the Messaging Layer Security protocol.