diff --git a/benches/amortized.rs b/benches/amortized.rs
index 731efa5..707c512 100644
--- a/benches/amortized.rs
+++ b/benches/amortized.rs
@@ -3,23 +3,23 @@ use p384::NistP384;
 use tokio::runtime::Runtime;
 
 use privacypass::{
-    PPCipherSuite,
     amortized_tokens::{
         AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, AmortizedToken, server::Server,
     },
     auth::authenticate::TokenChallenge,
+    common::private::PrivateCipherSuite,
     test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf},
 };
 use voprf::Ristretto255;
 
-async fn create_amortized_keypair<CS: PPCipherSuite>(
+async fn create_amortized_keypair<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     server: Server<CS>,
 ) {
     let _public_key = server.create_keypair(&key_store).await.unwrap();
 }
 
-async fn issue_amortized_token_response<CS: PPCipherSuite>(
+async fn issue_amortized_token_response<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     server: Server<CS>,
     token_request: AmortizedBatchTokenRequest<CS>,
@@ -30,7 +30,7 @@ async fn issue_amortized_token_response<CS: PPCipherSuite>(
         .unwrap()
 }
 
-async fn redeem_amortized_token<CS: PPCipherSuite>(
+async fn redeem_amortized_token<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     nonce_store: MemoryNonceStore,
     token: AmortizedToken<CS>,
@@ -50,7 +50,7 @@ pub fn criterion_amortized_ristretto255_benchmark(c: &mut Criterion) {
     flow::<Ristretto255>(c);
 }
 
-pub fn flow<CS: PPCipherSuite>(c: &mut Criterion) {
+pub fn flow<CS: PrivateCipherSuite>(c: &mut Criterion) {
     const NR: u16 = 100;
     // Key pair generation
     c.bench_function(
diff --git a/benches/private.rs b/benches/private.rs
index 6a31d60..875509c 100644
--- a/benches/private.rs
+++ b/benches/private.rs
@@ -4,21 +4,21 @@ use p384::NistP384;
 use tokio::runtime::Runtime;
 
 use privacypass::{
-    PPCipherSuite,
     auth::{authenticate::TokenChallenge, authorize::Token},
+    common::private::PrivateCipherSuite,
     private_tokens::{TokenRequest, TokenResponse, server::Server},
     test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf},
 };
 use voprf::Ristretto255;
 
-async fn create_private_keypair<CS: PPCipherSuite>(
+async fn create_private_keypair<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     server: Server<CS>,
 ) {
     let _public_key = server.create_keypair(&key_store).await.unwrap();
 }
 
-async fn issue_private_token_response<CS: PPCipherSuite>(
+async fn issue_private_token_response<CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     server: Server<CS>,
     token_request: TokenRequest<CS>,
@@ -29,7 +29,7 @@ async fn issue_private_token_response<CS: PPCipherSuite>(
         .unwrap()
 }
 
-async fn redeem_private_token<Nk: ArrayLength<u8>, CS: PPCipherSuite>(
+async fn redeem_private_token<Nk: ArrayLength<u8>, CS: PrivateCipherSuite>(
     key_store: MemoryKeyStoreVoprf<CS>,
     nonce_store: MemoryNonceStore,
     token: Token<Nk>,
@@ -49,7 +49,7 @@ pub fn criterion_private_ristretto255_benchmark(c: &mut Criterion) {
     flow::<Ristretto255>(c);
 }
 
-pub fn flow<CS: PPCipherSuite>(c: &mut Criterion) {
+pub fn flow<CS: PrivateCipherSuite>(c: &mut Criterion) {
     // Key pair generation
     c.bench_function(
         &format!("PRIVATE SERVER ({}): Generate key pair", CS::ID),
diff --git a/src/amortized_tokens/request.rs b/src/amortized_tokens/request.rs
index c39a3aa..56489c1 100644
--- a/src/amortized_tokens/request.rs
+++ b/src/amortized_tokens/request.rs
@@ -7,24 +7,24 @@ use typenum::Unsigned;
 use voprf::{Group, Result, VoprfClient};
 
 use crate::{
-    ChallengeDigest, Nonce, PPCipherSuite, TokenInput, TokenType, TruncatedTokenKeyId,
+    ChallengeDigest, Nonce, TokenInput, TokenType, TruncatedTokenKeyId,
     auth::authenticate::TokenChallenge,
     common::{
         errors::IssueTokenRequestError,
-        private::{PublicKey, public_key_to_token_key_id},
+        private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id},
     },
     truncate_token_key_id,
 };
 
 /// State that is kept between the token requests and token responses.
-pub struct TokenState<CS: PPCipherSuite> {
+pub struct TokenState<CS: PrivateCipherSuite> {
     pub(crate) clients: Vec<VoprfClient<CS>>,
     pub(crate) token_inputs: Vec<TokenInput>,
     pub(crate) challenge_digest: ChallengeDigest,
     pub(crate) public_key: PublicKey<CS>,
 }
 
-impl<CS: PPCipherSuite> std::fmt::Debug for TokenState<CS> {
+impl<CS: PrivateCipherSuite> std::fmt::Debug for TokenState<CS> {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.debug_struct("TokenState")
             .field("clients", &self.clients.len())
@@ -43,7 +43,7 @@ impl<CS: PPCipherSuite> std::fmt::Debug for TokenState<CS> {
 /// } BlindedElement;
 /// ```
 #[derive(Debug)]
-pub struct BlindedElement<CS: PPCipherSuite> {
+pub struct BlindedElement<CS: PrivateCipherSuite> {
     pub(crate) _marker: std::marker::PhantomData<CS>,
     pub(crate) blinded_element: Vec<u8>,
 }
@@ -58,13 +58,13 @@ pub struct BlindedElement<CS: PPCipherSuite> {
 /// } AmortizedBatchTokenRequest;
 /// ```
 #[derive(Debug, TlsDeserialize, TlsSerialize, TlsSize)]
-pub struct AmortizedBatchTokenRequest<CS: PPCipherSuite> {
+pub struct AmortizedBatchTokenRequest<CS: PrivateCipherSuite> {
     pub(crate) token_type: TokenType,
     pub(crate) truncated_token_key_id: TruncatedTokenKeyId,
     pub(crate) blinded_elements: Vec<BlindedElement<CS>>,
 }
 
-impl<CS: PPCipherSuite> AmortizedBatchTokenRequest<CS> {
+impl<CS: PrivateCipherSuite> AmortizedBatchTokenRequest<CS> {
     /// Returns the number of blinded elements
     #[must_use]
     pub fn nr(&self) -> usize {
@@ -72,7 +72,7 @@ impl<CS: PPCipherSuite> AmortizedBatchTokenRequest<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> AmortizedBatchTokenRequest<CS> {
+impl<CS: PrivateCipherSuite> AmortizedBatchTokenRequest<CS> {
     /// Issue a new token request.
     ///
     /// # Errors
@@ -178,13 +178,13 @@ impl<CS: PPCipherSuite> AmortizedBatchTokenRequest<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Size for BlindedElement<CS> {
+impl<CS: PrivateCipherSuite> Size for BlindedElement<CS> {
     fn tls_serialized_len(&self) -> usize {
         <<CS::Group as Group>::ElemLen as Unsigned>::USIZE
     }
 }
 
-impl<CS: PPCipherSuite> Serialize for BlindedElement<CS> {
+impl<CS: PrivateCipherSuite> Serialize for BlindedElement<CS> {
     fn tls_serialize<W: std::io::Write>(
         &self,
         writer: &mut W,
@@ -194,7 +194,7 @@ impl<CS: PPCipherSuite> Serialize for BlindedElement<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Deserialize for BlindedElement<CS> {
+impl<CS: PrivateCipherSuite> Deserialize for BlindedElement<CS> {
     fn tls_deserialize<R: std::io::Read>(
         bytes: &mut R,
     ) -> std::result::Result<Self, tls_codec::Error>
diff --git a/src/amortized_tokens/response.rs b/src/amortized_tokens/response.rs
index 9c7a49d..859049f 100644
--- a/src/amortized_tokens/response.rs
+++ b/src/amortized_tokens/response.rs
@@ -5,9 +5,11 @@ use typenum::Unsigned;
 use voprf::{EvaluationElement, Group, Proof, Result, VoprfClient};
 
 use crate::{
-    PPCipherSuite,
     auth::authorize::Token,
-    common::errors::{IssueTokenError, SerializationError},
+    common::{
+        errors::{IssueTokenError, SerializationError},
+        private::PrivateCipherSuite,
+    },
 };
 
 use super::{AmortizedToken, TokenState};
@@ -21,7 +23,7 @@ use super::{AmortizedToken, TokenState};
 /// ```
 
 #[derive(Debug, PartialEq)]
-pub struct EvaluatedElement<CS: PPCipherSuite> {
+pub struct EvaluatedElement<CS: PrivateCipherSuite> {
     pub(crate) _marker: std::marker::PhantomData<CS>,
     pub(crate) evaluated_element: Vec<u8>,
 }
@@ -35,13 +37,13 @@ pub struct EvaluatedElement<CS: PPCipherSuite> {
 /// } AmortizedBatchTokenResponse;
 /// ```
 #[derive(Debug)]
-pub struct AmortizedBatchTokenResponse<CS: PPCipherSuite> {
+pub struct AmortizedBatchTokenResponse<CS: PrivateCipherSuite> {
     pub(crate) _marker: std::marker::PhantomData<CS>,
     pub(crate) evaluated_elements: Vec<EvaluatedElement<CS>>,
     pub(crate) evaluated_proof: Vec<u8>,
 }
 
-impl<CS: PPCipherSuite> AmortizedBatchTokenResponse<CS> {
+impl<CS: PrivateCipherSuite> AmortizedBatchTokenResponse<CS> {
     /// Create a new `TokenResponse` from a byte slice.
     ///
     /// # Errors
@@ -113,13 +115,13 @@ impl<CS: PPCipherSuite> AmortizedBatchTokenResponse<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Size for EvaluatedElement<CS> {
+impl<CS: PrivateCipherSuite> Size for EvaluatedElement<CS> {
     fn tls_serialized_len(&self) -> usize {
         <<CS::Group as Group>::ElemLen as Unsigned>::USIZE
     }
 }
 
-impl<CS: PPCipherSuite> Serialize for EvaluatedElement<CS> {
+impl<CS: PrivateCipherSuite> Serialize for EvaluatedElement<CS> {
     fn tls_serialize<W: std::io::Write>(
         &self,
         writer: &mut W,
@@ -129,7 +131,7 @@ impl<CS: PPCipherSuite> Serialize for EvaluatedElement<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Deserialize for EvaluatedElement<CS> {
+impl<CS: PrivateCipherSuite> Deserialize for EvaluatedElement<CS> {
     fn tls_deserialize<R: std::io::Read>(
         bytes: &mut R,
     ) -> std::result::Result<Self, tls_codec::Error>
@@ -145,14 +147,14 @@ impl<CS: PPCipherSuite> Deserialize for EvaluatedElement<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Size for AmortizedBatchTokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Size for AmortizedBatchTokenResponse<CS> {
     fn tls_serialized_len(&self) -> usize {
         let len = 2 * <<CS::Group as Group>::ScalarLen as Unsigned>::USIZE;
         self.evaluated_elements.tls_serialized_len() + len
     }
 }
 
-impl<CS: PPCipherSuite> Deserialize for AmortizedBatchTokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Deserialize for AmortizedBatchTokenResponse<CS> {
     fn tls_deserialize<R: std::io::Read>(
         bytes: &mut R,
     ) -> std::result::Result<Self, tls_codec::Error>
@@ -172,7 +174,7 @@ impl<CS: PPCipherSuite> Deserialize for AmortizedBatchTokenResponse<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Serialize for AmortizedBatchTokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Serialize for AmortizedBatchTokenResponse<CS> {
     fn tls_serialize<W: std::io::Write>(
         &self,
         writer: &mut W,
diff --git a/src/amortized_tokens/server.rs b/src/amortized_tokens/server.rs
index c843fd8..1788dbc 100644
--- a/src/amortized_tokens/server.rs
+++ b/src/amortized_tokens/server.rs
@@ -7,10 +7,10 @@ use typenum::Unsigned;
 use voprf::{BlindedElement, Group, Result, VoprfServer, VoprfServerBatchEvaluateFinishResult};
 
 use crate::{
-    NonceStore, PPCipherSuite, TokenInput,
+    NonceStore, TokenInput,
     common::{
         errors::{CreateKeypairError, IssueTokenResponseError, RedeemTokenError},
-        private::{PublicKey, public_key_to_token_key_id},
+        private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id},
         store::PrivateKeyStore,
     },
     truncate_token_key_id,
@@ -20,11 +20,11 @@ use super::{AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, AmortizedTo
 
 /// Server-side component of the batched token issuance protocol.
 #[derive(Default, Debug)]
-pub struct Server<CS: PPCipherSuite> {
+pub struct Server<CS: PrivateCipherSuite> {
     _marker: std::marker::PhantomData<CS>,
 }
 
-impl<CS: PPCipherSuite> Server<CS> {
+impl<CS: PrivateCipherSuite> Server<CS> {
     /// Create a new server. The new server does not contain any key material.
     #[must_use]
     pub const fn new() -> Self {
@@ -199,7 +199,7 @@ impl<CS: PPCipherSuite> Server<CS> {
 
 #[cfg(test)]
 mod tests {
-    use crate::PPCipherSuite;
+    use crate::common::private::PrivateCipherSuite;
     use p384::NistP384;
     use voprf::{Group, Ristretto255};
 
@@ -215,7 +215,7 @@ mod tests {
     }
 
     #[cfg(test)]
-    fn key_serialization_cs<CS: PPCipherSuite>(pk: <CS::Group as Group>::Elem)
+    fn key_serialization_cs<CS: PrivateCipherSuite>(pk: <CS::Group as Group>::Elem)
     where
         <<CS as voprf::CipherSuite>::Group as voprf::Group>::Elem: std::cmp::PartialEq,
         <<CS as voprf::CipherSuite>::Group as voprf::Group>::Elem: std::fmt::Debug,
diff --git a/src/common/private.rs b/src/common/private.rs
index 8e0e260..e85c005 100644
--- a/src/common/private.rs
+++ b/src/common/private.rs
@@ -1,21 +1,51 @@
 //! Types that used by private tokens
 
 use sha2::{Digest, Sha256};
+use std::fmt::Debug;
 use voprf::{CipherSuite, Error, Group};
 
-use crate::{PPCipherSuite, TokenKeyId, TruncatedTokenKeyId, truncate_token_key_id};
+use crate::{TokenKeyId, TokenType, TruncatedTokenKeyId, truncate_token_key_id};
+
+/// Trait for a cipher suite that can be used with the Privacy Pass protocol.
+pub trait PrivateCipherSuite:
+    CipherSuite<Group: Group<Elem: Send + Sync, Scalar: Send + Sync>>
+    + PartialEq
+    + Debug
+    + Clone
+    + Send
+    + Sync
+{
+    /// Returns the token type for the cipher suite.
+    fn token_type() -> TokenType {
+        match Self::ID {
+            "P384-SHA384" => TokenType::PrivateP384,
+            "ristretto255-SHA512" => TokenType::PrivateRistretto255,
+            _ => panic!("Unsupported token type"),
+        }
+    }
+}
+
+impl<C> PrivateCipherSuite for C where
+    C: CipherSuite<Group: Group<Elem: Send + Sync, Scalar: Send + Sync>>
+        + PartialEq
+        + Debug
+        + Clone
+        + Send
+        + Sync
+{
+}
 
 /// Public key alias
 pub type PublicKey<CS> = <<CS as CipherSuite>::Group as Group>::Elem;
 
 /// Convert a public key to a token key ID.
-pub fn public_key_to_truncated_token_key_id<CS: PPCipherSuite>(
+pub fn public_key_to_truncated_token_key_id<CS: PrivateCipherSuite>(
     public_key: &<CS::Group as Group>::Elem,
 ) -> TruncatedTokenKeyId {
     truncate_token_key_id(&public_key_to_token_key_id::<CS>(public_key))
 }
 
-pub(crate) fn public_key_to_token_key_id<CS: PPCipherSuite>(
+pub(crate) fn public_key_to_token_key_id<CS: PrivateCipherSuite>(
     public_key: &<CS::Group as Group>::Elem,
 ) -> TokenKeyId {
     let public_key = serialize_public_key::<CS>(*public_key);
@@ -25,7 +55,9 @@ pub(crate) fn public_key_to_token_key_id<CS: PPCipherSuite>(
 
 /// Serializes a public key.
 #[must_use]
-pub fn serialize_public_key<CS: PPCipherSuite>(public_key: <CS::Group as Group>::Elem) -> Vec<u8> {
+pub fn serialize_public_key<CS: PrivateCipherSuite>(
+    public_key: <CS::Group as Group>::Elem,
+) -> Vec<u8> {
     <CS::Group as Group>::serialize_elem(public_key).to_vec()
 }
 
@@ -34,6 +66,8 @@ pub fn serialize_public_key<CS: PPCipherSuite>(public_key: <CS::Group as Group>:
 /// # Errors
 ///
 /// This function will return an error if the slice is not a valid public key.
-pub fn deserialize_public_key<CS: PPCipherSuite>(slice: &[u8]) -> Result<PublicKey<CS>, Error> {
+pub fn deserialize_public_key<CS: PrivateCipherSuite>(
+    slice: &[u8],
+) -> Result<PublicKey<CS>, Error> {
     <CS::Group as Group>::deserialize_elem(slice)
 }
diff --git a/src/common/store.rs b/src/common/store.rs
index af7a152..ca833ed 100644
--- a/src/common/store.rs
+++ b/src/common/store.rs
@@ -2,14 +2,16 @@
 use async_trait::async_trait;
 use voprf::VoprfServer;
 
-use crate::{PPCipherSuite, TruncatedTokenKeyId};
+use crate::TruncatedTokenKeyId;
+
+use super::private::PrivateCipherSuite;
 
 /// Minimal trait for a key store to store key material on the server-side. Note
 /// that the store requires inner mutability.
 #[async_trait]
 pub trait PrivateKeyStore {
     /// The cipher suite used for the key store.
-    type CS: PPCipherSuite;
+    type CS: PrivateCipherSuite;
     /// Inserts a keypair with a given `truncated_token_key_id` into the key store.
     async fn insert(
         &self,
diff --git a/src/lib.rs b/src/lib.rs
index 3119e1d..665ae5f 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -29,40 +29,10 @@ pub mod test_utils;
 use async_trait::async_trait;
 use std::fmt::Debug;
 use tls_codec_derive::{TlsDeserialize, TlsSerialize, TlsSize};
-use voprf::CipherSuite;
 
 pub use tls_codec::{Deserialize, Serialize};
 pub use voprf::{Group, VoprfServer};
 
-/// Trait for a cipher suite that can be used with the Privacy Pass protocol.
-pub trait PPCipherSuite:
-    CipherSuite<Group: Group<Elem: Send + Sync, Scalar: Send + Sync>>
-    + PartialEq
-    + Debug
-    + Clone
-    + Send
-    + Sync
-{
-    /// Returns the token type for the cipher suite.
-    fn token_type() -> TokenType {
-        match Self::ID {
-            "P384-SHA384" => TokenType::PrivateP384,
-            "ristretto255-SHA512" => TokenType::PrivateRistretto255,
-            _ => panic!("Unsupported token type"),
-        }
-    }
-}
-
-impl<C> PPCipherSuite for C where
-    C: CipherSuite<Group: Group<Elem: Send + Sync, Scalar: Send + Sync>>
-        + PartialEq
-        + Debug
-        + Clone
-        + Send
-        + Sync
-{
-}
-
 /// Token type
 #[derive(TlsSize, TlsSerialize, TlsDeserialize, Copy, Clone, Debug, PartialEq, Eq)]
 #[repr(u16)]
diff --git a/src/private_tokens/request.rs b/src/private_tokens/request.rs
index 87b067f..2bc70b0 100644
--- a/src/private_tokens/request.rs
+++ b/src/private_tokens/request.rs
@@ -6,11 +6,11 @@ use typenum::Unsigned;
 use voprf::{Group, Result, VoprfClient};
 
 use crate::{
-    ChallengeDigest, Nonce, PPCipherSuite, TokenInput, TokenType, TruncatedTokenKeyId,
+    ChallengeDigest, Nonce, TokenInput, TokenType, TruncatedTokenKeyId,
     auth::authenticate::TokenChallenge,
     common::{
         errors::IssueTokenRequestError,
-        private::{PublicKey, public_key_to_token_key_id},
+        private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id},
     },
     truncate_token_key_id,
 };
@@ -25,7 +25,7 @@ use crate::{
 ///  } TokenRequest;
 /// ```
 #[derive(Debug, Clone, PartialEq)]
-pub struct TokenRequest<CS: PPCipherSuite> {
+pub struct TokenRequest<CS: PrivateCipherSuite> {
     pub(crate) _marker: std::marker::PhantomData<CS>,
     pub(crate) token_type: TokenType,
     pub(crate) truncated_token_key_id: u8,
@@ -33,14 +33,14 @@ pub struct TokenRequest<CS: PPCipherSuite> {
 }
 
 /// State that is kept between the token requests and token responses.
-pub struct TokenState<CS: PPCipherSuite> {
+pub struct TokenState<CS: PrivateCipherSuite> {
     pub(crate) token_input: TokenInput,
     pub(crate) challenge_digest: ChallengeDigest,
     pub(crate) client: VoprfClient<CS>,
     pub(crate) public_key: PublicKey<CS>,
 }
 
-impl<CS: PPCipherSuite> std::fmt::Debug for TokenState<CS> {
+impl<CS: PrivateCipherSuite> std::fmt::Debug for TokenState<CS> {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.debug_struct("TokenState")
             .field("client", &"client".to_string())
@@ -51,7 +51,7 @@ impl<CS: PPCipherSuite> std::fmt::Debug for TokenState<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> TokenRequest<CS> {
+impl<CS: PrivateCipherSuite> TokenRequest<CS> {
     /// Issue a new token request.
     ///
     /// # Errors
@@ -123,7 +123,7 @@ impl<CS: PPCipherSuite> TokenRequest<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Size for TokenRequest<CS> {
+impl<CS: PrivateCipherSuite> Size for TokenRequest<CS> {
     fn tls_serialized_len(&self) -> usize {
         let len = <<CS::Group as Group>::ElemLen as Unsigned>::USIZE;
         self.token_type.tls_serialized_len()
@@ -132,7 +132,7 @@ impl<CS: PPCipherSuite> Size for TokenRequest<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Serialize for TokenRequest<CS> {
+impl<CS: PrivateCipherSuite> Serialize for TokenRequest<CS> {
     fn tls_serialize<W: std::io::Write>(
         &self,
         writer: &mut W,
@@ -146,7 +146,7 @@ impl<CS: PPCipherSuite> Serialize for TokenRequest<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Deserialize for TokenRequest<CS> {
+impl<CS: PrivateCipherSuite> Deserialize for TokenRequest<CS> {
     fn tls_deserialize<R: std::io::Read>(
         bytes: &mut R,
     ) -> std::result::Result<Self, tls_codec::Error>
diff --git a/src/private_tokens/response.rs b/src/private_tokens/response.rs
index 469a29f..617f3d7 100644
--- a/src/private_tokens/response.rs
+++ b/src/private_tokens/response.rs
@@ -5,9 +5,11 @@ use typenum::Unsigned;
 use voprf::*;
 
 use crate::{
-    PPCipherSuite,
     auth::authorize::Token,
-    common::errors::{IssueTokenError, SerializationError},
+    common::{
+        errors::{IssueTokenError, SerializationError},
+        private::PrivateCipherSuite,
+    },
 };
 
 use super::{PrivateToken, request::TokenState};
@@ -21,13 +23,13 @@ use super::{PrivateToken, request::TokenState};
 ///  } TokenResponse;
 /// ```
 #[derive(Debug, Clone, PartialEq)]
-pub struct TokenResponse<CS: PPCipherSuite> {
+pub struct TokenResponse<CS: PrivateCipherSuite> {
     pub(crate) _marker: std::marker::PhantomData<CS>,
     pub(crate) evaluate_msg: Vec<u8>,
     pub(crate) evaluate_proof: Vec<u8>,
 }
 
-impl<CS: PPCipherSuite> TokenResponse<CS> {
+impl<CS: PrivateCipherSuite> TokenResponse<CS> {
     /// Create a new `TokenResponse` from a byte slice.
     ///
     /// # Errors
@@ -44,7 +46,7 @@ impl<CS: PPCipherSuite> TokenResponse<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Size for TokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Size for TokenResponse<CS> {
     fn tls_serialized_len(&self) -> usize {
         let len = <<CS::Group as Group>::ElemLen as Unsigned>::USIZE;
         let proof_len = <<CS::Group as Group>::ScalarLen as Unsigned>::USIZE;
@@ -52,7 +54,7 @@ impl<CS: PPCipherSuite> Size for TokenResponse<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Serialize for TokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Serialize for TokenResponse<CS> {
     fn tls_serialize<W: std::io::Write>(
         &self,
         writer: &mut W,
@@ -63,7 +65,7 @@ impl<CS: PPCipherSuite> Serialize for TokenResponse<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Deserialize for TokenResponse<CS> {
+impl<CS: PrivateCipherSuite> Deserialize for TokenResponse<CS> {
     fn tls_deserialize<R: std::io::Read>(
         bytes: &mut R,
     ) -> std::result::Result<Self, tls_codec::Error>
@@ -83,7 +85,7 @@ impl<CS: PPCipherSuite> Deserialize for TokenResponse<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> TokenResponse<CS> {
+impl<CS: PrivateCipherSuite> TokenResponse<CS> {
     /// Issue a token.
     ///
     /// # Errors
diff --git a/src/private_tokens/server.rs b/src/private_tokens/server.rs
index d5d87c3..7790a72 100644
--- a/src/private_tokens/server.rs
+++ b/src/private_tokens/server.rs
@@ -7,11 +7,11 @@ use typenum::Unsigned;
 use voprf::{BlindedElement, Group, Result, VoprfServer};
 
 use crate::{
-    NonceStore, PPCipherSuite, TokenInput,
+    NonceStore, TokenInput,
     auth::authorize::Token,
     common::{
         errors::{CreateKeypairError, IssueTokenResponseError, RedeemTokenError},
-        private::{PublicKey, public_key_to_token_key_id},
+        private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id},
         store::PrivateKeyStore,
     },
     truncate_token_key_id,
@@ -21,11 +21,11 @@ use super::{TokenRequest, TokenResponse};
 
 /// Server side implementation of Privately Verifiable Token protocol.
 #[derive(Default, Debug)]
-pub struct Server<CS: PPCipherSuite> {
+pub struct Server<CS: PrivateCipherSuite> {
     _marker: std::marker::PhantomData<CS>,
 }
 
-impl<CS: PPCipherSuite> Server<CS> {
+impl<CS: PrivateCipherSuite> Server<CS> {
     /// Creates a new server.
     #[must_use]
     pub const fn new() -> Self {
diff --git a/src/test_utils/private_memory_store.rs b/src/test_utils/private_memory_store.rs
index 78cdd0a..ccedb4b 100644
--- a/src/test_utils/private_memory_store.rs
+++ b/src/test_utils/private_memory_store.rs
@@ -4,15 +4,18 @@ use std::{collections::HashMap, fmt::Debug};
 use tokio::sync::Mutex;
 use voprf::*;
 
-use crate::{PPCipherSuite, TruncatedTokenKeyId, common::store::PrivateKeyStore};
+use crate::{
+    TruncatedTokenKeyId,
+    common::{private::PrivateCipherSuite, store::PrivateKeyStore},
+};
 
 /// Private key store that stores keys in memory.
-pub struct MemoryKeyStoreVoprf<CS: PPCipherSuite> {
+pub struct MemoryKeyStoreVoprf<CS: PrivateCipherSuite> {
     keys: Mutex<HashMap<TruncatedTokenKeyId, VoprfServer<CS>>>,
 }
 
 #[async_trait]
-impl<C: PPCipherSuite> PrivateKeyStore for MemoryKeyStoreVoprf<C> {
+impl<C: PrivateCipherSuite> PrivateKeyStore for MemoryKeyStoreVoprf<C> {
     type CS = C;
 
     async fn insert(&self, truncated_token_key_id: TruncatedTokenKeyId, server: VoprfServer<C>) {
@@ -25,7 +28,7 @@ impl<C: PPCipherSuite> PrivateKeyStore for MemoryKeyStoreVoprf<C> {
     }
 }
 
-impl<CS: PPCipherSuite> Debug for MemoryKeyStoreVoprf<CS> {
+impl<CS: PrivateCipherSuite> Debug for MemoryKeyStoreVoprf<CS> {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.debug_struct("MemoryKeyStoreVoprf")
             .field("keys", &"keys".to_string())
@@ -33,7 +36,7 @@ impl<CS: PPCipherSuite> Debug for MemoryKeyStoreVoprf<CS> {
     }
 }
 
-impl<CS: PPCipherSuite> Default for MemoryKeyStoreVoprf<CS> {
+impl<CS: PrivateCipherSuite> Default for MemoryKeyStoreVoprf<CS> {
     fn default() -> Self {
         Self {
             keys: Mutex::new(HashMap::new()),
diff --git a/tests/amortized_tokens.rs b/tests/amortized_tokens.rs
index b514251..f4dda87 100644
--- a/tests/amortized_tokens.rs
+++ b/tests/amortized_tokens.rs
@@ -1,9 +1,8 @@
 use p384::NistP384;
 use privacypass::{
-    PPCipherSuite,
     amortized_tokens::{AmortizedBatchTokenRequest, server::*},
     auth::authenticate::TokenChallenge,
-    common::errors::RedeemTokenError,
+    common::{errors::RedeemTokenError, private::PrivateCipherSuite},
     test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf},
 };
 use voprf::Ristretto255;
@@ -14,7 +13,7 @@ async fn amortized_tokens() {
     amortized_tokens_cycle_type::<Ristretto255>().await;
 }
 
-async fn amortized_tokens_cycle_type<CS: PPCipherSuite>() {
+async fn amortized_tokens_cycle_type<CS: PrivateCipherSuite>() {
     // Number of tokens to issue
     let nr = 10;
 
diff --git a/tests/kat_amortized.rs b/tests/kat_amortized.rs
index 5fb3666..05b86cc 100644
--- a/tests/kat_amortized.rs
+++ b/tests/kat_amortized.rs
@@ -9,10 +9,9 @@ use tls_codec::{Deserialize as _, Serialize as TlsSerializeTrait};
 use voprf::{Group, Mode, Ristretto255, derive_key};
 
 use privacypass::{
-    PPCipherSuite,
     amortized_tokens::{AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, server::*},
     auth::authenticate::TokenChallenge,
-    common::private::serialize_public_key,
+    common::private::{PrivateCipherSuite, serialize_public_key},
     test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf},
 };
 
@@ -69,7 +68,7 @@ async fn read_kat_amortized_token() {
     evaluate_kat::<Ristretto255>(list).await; */
 }
 
-async fn evaluate_kat<CS: PPCipherSuite>(list: Vec<AmortizedTokenTestVector>) {
+async fn evaluate_kat<CS: PrivateCipherSuite>(list: Vec<AmortizedTokenTestVector>) {
     for vector in list {
         // Make sure we have the same amount of nonces and blinds
         assert_eq!(vector.blinds.len(), vector.nonces.len());
@@ -170,7 +169,7 @@ async fn write_kat_amortized_token() {
     .await;
 }
 
-async fn write_kat_amortized_token_type<CS: PPCipherSuite>(file: &str) {
+async fn write_kat_amortized_token_type<CS: PrivateCipherSuite>(file: &str) {
     let mut elements = Vec::new();
 
     for _ in 0..5 {
@@ -188,7 +187,7 @@ async fn write_kat_amortized_token_type<CS: PPCipherSuite>(file: &str) {
     file.write_all(data.as_bytes()).unwrap();
 }
 
-async fn generate_kat_amortized_token<CS: PPCipherSuite>() -> AmortizedTokenTestVector {
+async fn generate_kat_amortized_token<CS: PrivateCipherSuite>() -> AmortizedTokenTestVector {
     let nr = 5u16;
     // Server: Instantiate in-memory keystore and nonce store.
     let key_store = MemoryKeyStoreVoprf::<CS>::default();
diff --git a/tests/kat_generic.rs b/tests/kat_generic.rs
index ef3d3a4..936408d 100644
--- a/tests/kat_generic.rs
+++ b/tests/kat_generic.rs
@@ -8,7 +8,8 @@ use tls_codec::{Deserialize as _, Serialize as TlsSerializeTrait};
 use voprf::Ristretto255;
 
 use privacypass::{
-    PPCipherSuite, TokenType,
+    TokenType,
+    common::private::PrivateCipherSuite,
     generic_tokens::{
         GenericBatchTokenRequest, GenericBatchTokenResponse, GenericTokenRequest,
         GenericTokenResponse, OptionalTokenResponse,
@@ -296,7 +297,7 @@ fn batch_generated_tokens(
     }
 }
 
-async fn generate_private_token<CS: PPCipherSuite>()
+async fn generate_private_token<CS: PrivateCipherSuite>()
 -> (Issuance, GenericTokenRequest, GenericTokenResponse) {
     let pv = generate_kat_private_token::<CS>().await;
 
diff --git a/tests/kat_private.rs b/tests/kat_private.rs
index 2fe2528..7c0d1d4 100644
--- a/tests/kat_private.rs
+++ b/tests/kat_private.rs
@@ -9,9 +9,8 @@ use tls_codec::{Deserialize as _, Serialize as TlsSerializeTrait};
 use voprf::{Group, Mode, Ristretto255, derive_key};
 
 use privacypass::{
-    PPCipherSuite,
     auth::authenticate::TokenChallenge,
-    common::private::serialize_public_key,
+    common::private::{PrivateCipherSuite, serialize_public_key},
     private_tokens::{TokenRequest, TokenResponse, server::*},
     test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf},
 };
@@ -55,13 +54,13 @@ async fn read_kat_private_token() {
     // TODO: Add Go KAT vectors
 }
 
-async fn evaluate_kat<CS: PPCipherSuite>(list: Vec<PrivateTokenTestVector>) {
+async fn evaluate_kat<CS: PrivateCipherSuite>(list: Vec<PrivateTokenTestVector>) {
     for vector in list {
         evaluate_vector::<CS>(vector).await;
     }
 }
 
-pub(crate) async fn evaluate_vector<CS: PPCipherSuite>(vector: PrivateTokenTestVector) {
+pub(crate) async fn evaluate_vector<CS: PrivateCipherSuite>(vector: PrivateTokenTestVector) {
     // Server: Instantiate in-memory keystore and nonce store.
     let key_store = MemoryKeyStoreVoprf::<CS>::default();
     let nonce_store = MemoryNonceStore::default();
@@ -135,7 +134,7 @@ async fn write_kat_private_token() {
         .await;
 }
 
-async fn write_kat_private_token_type<CS: PPCipherSuite>(file: &str) {
+async fn write_kat_private_token_type<CS: PrivateCipherSuite>(file: &str) {
     let mut elements = Vec::new();
 
     for _ in 0..5 {
@@ -153,7 +152,7 @@ async fn write_kat_private_token_type<CS: PPCipherSuite>(file: &str) {
     file.write_all(data.as_bytes()).unwrap();
 }
 
-pub(crate) async fn generate_kat_private_token<CS: PPCipherSuite>() -> PrivateTokenTestVector {
+pub(crate) async fn generate_kat_private_token<CS: PrivateCipherSuite>() -> PrivateTokenTestVector {
     // Server: Instantiate in-memory keystore and nonce store.
     let key_store = MemoryKeyStoreVoprf::<CS>::default();
     let nonce_store = MemoryNonceStore::default();
diff --git a/tests/private_tokens.rs b/tests/private_tokens.rs
index 9db01cd..c734cc4 100644
--- a/tests/private_tokens.rs
+++ b/tests/private_tokens.rs
@@ -1,8 +1,7 @@
 use p384::NistP384;
 use privacypass::{
-    PPCipherSuite,
     auth::authenticate::TokenChallenge,
-    common::errors::RedeemTokenError,
+    common::{errors::RedeemTokenError, private::PrivateCipherSuite},
     private_tokens::{TokenRequest, server::*},
     test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf},
 };
@@ -14,7 +13,7 @@ async fn private_tokens_cycle() {
     private_tokens_cycle_type::<Ristretto255>().await;
 }
 
-async fn private_tokens_cycle_type<CS: PPCipherSuite>() {
+async fn private_tokens_cycle_type<CS: PrivateCipherSuite>() {
     // Server: Instantiate in-memory keystore and nonce store.
     let key_store = MemoryKeyStoreVoprf::<CS>::default();
     let nonce_store = MemoryNonceStore::default();