L-DAA: Lattice-Based Direct Anonymous Attestation

Direct Anonymous Attestation (DAA) is an anonymous digital signature that aims to provide both signer authentication and privacy. DAA was designed for the attestation service of the Trusted Platform Module (TPM). In this application, a DAA signer role is divided into two parts: the principal signer which is a TPM, and an assistant signer which is a standard computing platform in which the TPM is embedded, called the Host. A design feature of a DAA solution is to make the TPM workload as low as possible. This paper presents a lattice-based DAA (L-DAA) scheme to meet this requirement. Security of this scheme is proved in the Universally Composable (UC) security model under the hard assumptions of the Ring Inhomogeneous Short Integer Solution (Ring-ISIS) and Ring Learning With Errors (Ring-LWE) problems. Our L-DAA scheme includes two building blocks, one is a modification of the Boyen lattice based signature scheme and another is a modification of the Baum et al. lattice based commitment scheme. These two building blocks may be of independent interest.

[1]  Liqun Chen,et al.  On the Design and Implementation of an Efficient DAA Scheme , 2010, IACR Cryptol. ePrint Arch..

[2]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[3]  Huaxiong Wang,et al.  Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based , 2015, Public Key Cryptography.

[4]  Chris Peikert,et al.  A Decade of Lattice Cryptography , 2016, Found. Trends Theor. Comput. Sci..

[5]  Damien Stehlé,et al.  CRYSTALS - Dilithium: Digital Signatures from Module Lattices , 2017, IACR Cryptol. ePrint Arch..

[6]  Jiangtao Li,et al.  Simplified security notions of direct anonymous attestation and a concrete scheme from pairings , 2009, International Journal of Information Security.

[7]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[8]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[9]  Jiangtao Li,et al.  A Pairing-Based DAA Scheme Further Reducing TPM Resources , 2010, TRUST.

[10]  Chris Peikert,et al.  Pseudorandomness of ring-LWE for any ring and modulus , 2017, STOC.

[11]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[12]  Damien Stehlé,et al.  Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications , 2013, Public Key Cryptography.

[13]  Jan Camenisch,et al.  One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[14]  Jiangtao Li,et al.  Flexible and scalable digital signatures in TPM 2.0 , 2013, CCS.

[15]  Oded Regev,et al.  The Learning with Errors Problem (Invited Survey) , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[16]  Huaxiong Wang,et al.  Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions , 2016, ASIACRYPT.

[17]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[18]  Rachid El Bansarkhani,et al.  Direct Anonymous Attestation from Lattices , 2017, IACR Cryptol. ePrint Arch..

[19]  Avishek Adhikari,et al.  Introduction to Mathematical Cryptography , 2014 .

[20]  Xiaofeng Chen,et al.  A New Direct Anonymous Attestation Scheme from Bilinear Maps , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[21]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[22]  Ivan Damgård,et al.  Efficient Commitments and Zero-Knowledge Protocols from Ring-SIS with Applications to Lattice-based Threshold Cryptosystems , 2016, IACR Cryptol. ePrint Arch..

[23]  Jan Camenisch,et al.  Universally Composable Direct Anonymous Attestation , 2016, Public Key Cryptography.