This work addresses the weak privacy guarantees of existing wireless service discovery protocols, which often leak sensitive device information. The authors propose PriSrv, a novel protocol built upon a new cryptographic primitive—Anonymous Credential Matching Encryption (ACME)—and a constant-size Fast Anonymous Credential (FAC) scheme. PriSrv employs a two-layer matching architecture: an outer layer filters services using public attributes, while an inner layer enables mutual, fine-grained authentication through selective disclosure of private attributes. This design achieves policy enforcement, selective disclosure, and multi-round unlinkability in a single round and integrates seamlessly with mainstream frameworks such as EAP, mDNS, BLE, and AirDrop. Experimental results demonstrate that PriSrv enables sub-second secure service discovery across multiple platforms, offering strong privacy protection and high usability, with its security formally verified and comprehensively evaluated.

Service discovery is essential in wireless communications. However, existing protocols provide limited privacy protection, leaking sensitive device information and opening routes to network attacks. This paper proposes a private service discovery protocol, called PriSrv, which enables both service providers and clients to specify fine-grained authentication policies before establishing connections. PriSrv achieves this via a dual-layer matching architecture: an outer layer filters mismatched entities using public attributes, while an inner layer handles mutual authentication using selectively disclosed private attributes. As a core component, we introduce the primitive of anonymous credential-based matchmaking encryption (ACME), which enables dual-layer matching in a single step to achieve bilateral policy control, selective attribute disclosure, and multi-show unlinkability. To instantiate ACME, we design a fast anonymous credential (FAC) scheme providing constant-size credentials and efficient verification. We demonstrate PriSrv's interoperability by integrating it with popular wireless frameworks including EAP, mDNS, BLE, and AirDrop. Detailed formal security proofs and extensive performance evaluations across desktop, laptop, smartphone, and Raspberry Pi platforms demonstrate that PriSrv provides enhanced privacy guarantees with high usability, achieving secure discovery in less than one second on mainstream mobile devices.