DAA-Related APIs in TPM 2.0 Revisited

In TPM 2.0, a single signature primitive is proposed to support various signature schemes including Direct Anonymous Attestation DAA, U-Prove and Schnorr signature. This signature primitive is implemented by several APIs which can be utilized as a static Diffie-Hellman SDH oracle. In this paper, we measure the practical impact of the SDH oracle in TPM 2.0 and show the security strength of these signature schemes can be weakened by 13-bit. We propose a novel property of DAA called forward anonymity and show how to utilize these DAA-related APIs to break forward anonymity. Then we propose new APIs which not only remove the SDH oracle but also support the forward anonymity, thus significantly improve the security of DAA and the other signature schemes supported by TPM 2.0. We prove the security of our new APIs under the discrete logarithm assumption in the random oracle model. We prove that the proposed DAA schemes satisfied the forward anonymity property using the new APIs under the Decision Diffie-Hellman assumption. Our new APIs are almost as efficient as the original APIs in TPM 2.0 specification and can support LRSW-DAA and SDH-DAA together with U-Prove as the original APIs.

[1]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[2]  Jiangtao Li,et al.  Simplified security notions of direct anonymous attestation and a concrete scheme from pairings , 2009, International Journal of Information Security.

[3]  Jiangtao Li,et al.  A Static Diffie-Hellman Attack on Several Direct Anonymous Attestation Schemes , 2012, INTRUST.

[4]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[5]  Ahmad-Reza Sadeghi,et al.  Trusted Computing - Challenges and Applications, First International Conference on Trusted Computing and Trust in Information Technologies, Trust 2008, Villach, Austria, March 11-12, 2008, Proceedings , 2008, TRUST.

[6]  Liqun Chen,et al.  DAA: Fixing the pairing based protocols , 2009, IACR Cryptol. ePrint Arch..

[7]  Liqun Chen,et al.  On the Design and Implementation of an Efficient DAA Scheme , 2010, IACR Cryptol. ePrint Arch..

[8]  Xiaofeng Chen,et al.  A New Direct Anonymous Attestation Scheme from Bilinear Maps , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[9]  Daniel R. L. Brown,et al.  The Static Diffie-Hellman Problem , 2004, IACR Cryptology ePrint Archive.

[10]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[11]  Liqun Chen,et al.  A DAA Scheme Requiring Less TPM Resources , 2009, Inscrypt.

[12]  Jiangtao Li,et al.  A (Corrected) DAA Scheme Using Batch Proof and Verification , 2011, INTRUST.

[13]  Tolga Acar,et al.  A TPM Die-Hellman Oracle , 2013 .

[14]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[15]  Jiangtao Li,et al.  Flexible and scalable digital signatures in TPM 2.0 , 2013, CCS.

[16]  Jiangtao Li,et al.  A Pairing-Based DAA Scheme Further Reducing TPM Resources , 2010, TRUST.

[17]  Tolga Acar,et al.  A TPM Diffie-Hellman Oracle , 2013, IACR Cryptol. ePrint Arch..

[18]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[19]  Xiaofeng Chen,et al.  Direct Anonymous Attestation for Next Generation TPM , 2008, J. Comput..

[20]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.