A New Direct Anonymous Attestation Scheme from Bilinear Maps

Direct Anonymous Attestation (DAA) is a cryptographic mechanism that enables remote authentication of a user while preserving privacy under the user's control. The DAA scheme developed by Brickell, Camenisch, and Chen has been adopted by the Trust Computing Group (TCG) for remote anonymous attestation of Trusted Platform Module (TPM), a small hardware device with limited storage space and communication capability. In this paper, we propose a new DAA scheme from elliptic curve cryptography and bilinear maps. The lengths of private keys and signatures in our scheme are much shorter than the lengths in the original DAA scheme, with a similar level of security and computational complexity. Our scheme builds upon the Camenisch-Lysyanskaya signature scheme and is efficient and provably secure in the random oracle model under the LRSW (stands for Lysyanskaya, Rivest, Sahai and Wolf) assumption and the decisional Bilinear Diffie-Hellman assumption.

[1]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[2]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[3]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[4]  Carsten Rudolph,et al.  Covert Identity Information in Direct Anonymous Attestation (DAA) , 2007, SEC.

[5]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[6]  Kenneth G. Paterson,et al.  Securing peer-to-peer networks usingtrusted computing , 2005 .

[7]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[8]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[9]  Jan Camenisch,et al.  The DAA scheme in context , 2005 .

[10]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[11]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[12]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[13]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[14]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[15]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[16]  Chris J. Mitchell,et al.  Single sign-on using TCG-conformant platforms , 2005 .

[17]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[18]  Kenneth G. Paterson,et al.  Trusted computing: providing security for peer-to-peer networks , 2005, Fifth IEEE International Conference on Peer-to-Peer Computing (P2P'05).

[19]  Chris J. Mitchell,et al.  Ninja: Non Identity Based, Privacy Preserving Authentication for Ubiquitous Environments , 2007, UbiComp.

[20]  Jiangtao Li,et al.  Simplified security notions of direct anonymous attestation and a concrete scheme from pairings , 2009, International Journal of Information Security.

[21]  Stephen R. Tate,et al.  A Direct Anonymous Attestation Scheme for Embedded Devices , 2007, Public Key Cryptography.

[22]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[23]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[24]  Jan Camenisch Protecting (Anonymous) Credentials with the Trusted Computing Group's TPM V1.2 , 2006, SEC.

[25]  Chris J. Mitchell,et al.  Single Sign-On Using Trusted Platforms , 2003, ISC.

[26]  Ernest F. Brickell,et al.  Gradual and Verifiable Release of a Secret , 1987, CRYPTO.

[27]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[28]  Jan Camenisch,et al.  Group Signatures: Better Efficiency and New Theoretical Aspects , 2004, SCN.

[29]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[30]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[31]  Ben Lynn,et al.  On the implementation of pairing-based cryptosystems , 2007 .

[32]  Jan Camenisch,et al.  Better Privacy for Trusted Computing Platforms: (Extended Abstract) , 2004, ESORICS.

[33]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[34]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[35]  Mark Ryan,et al.  Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators , 2007, ESAS.