Additional bids are a feature of the Protected Audience auction that provide buyers with a way to include server-constructed contextual bids in the auction, which allows negative targeting of those bids. We've identified a potential privacy risk with the current implementation, as well as a potential solution that addresses that risk. Additional bids come from buyers, but are transported to the auction by the auction's seller. To prevent replay of additional bids, additional bids rely on an auction nonce — a unique number created by and used by the browser to uniquely identify that auction. However, this introduces a privacy risk, in that all buyers see the same auction nonce, and could use that auction nonce as a key to join distinct bid requests for an auction. This proposal allows sellers to introduce an additional nonce that gets combined with the browser-provided one so that buyers see different combined nonces across bid requests, preventing the joining of bid requests. The combined nonce is generated through a one-way hash (SHA-256) to prevent the construction of a combined nonce that matches a previous combined nonce, which could otherwise be used to facilitate the replay of an additional bid.
Explainers: https://github.com/WICG/turtledove/pull/1322