Abstract
Direct Anonymous Attestation (DAA) is a cryptographic mechanism that enables remote authentication of a user while preserving privacy under the user’s control. The DAA scheme developed by Brickell, Camenisch, and Chen has been adopted by the Trust Computing Group for remote anonymous attestation of Trusted Platform Module, which is a small hardware device with limited storage space and communication capability. In this paper, we provide two contributions to DAA. We first introduce simplified security notions of DAA including the formal definitions of user controlled anonymity and traceability. We then propose a new DAA scheme from elliptic curve cryptography and bilinear maps. The lengths of private keys and signatures in our scheme are much shorter than the lengths in the original DAA scheme, with a similar level of security and computational complexity. Our scheme builds upon the Camenisch–Lysyanskaya signature scheme and is efficient and provably secure in the random oracle model under the LRSW (stands for Lysyanskaya, Rivest, Sahai and Wolf) assumption and the decisional Bilinear Diffie–Hellman assumption.
Similar content being viewed by others
References
Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestaion protocol. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 202–215. IEEE Computer Society (2008)
Balfe S., Lakhani A.D., Paterson K.G.: Securing peer-to-peer networks using trusted computing. In: Mitchell, C. (eds) Chapter 10 of Trusted Computing, pp. 271–298. IEE, London (2005)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Advances in Cryptology—CRYPTO’02, Lecture Notes in Computer Science, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Advances in Cryptology—EUROCRYPT’03, Lecture Notes in Computer Science, vol. 2656, pp. 614–629. Springer, Heidelberg (2003)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press, New York (1993)
Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: Advances in Cryptology—EUROCRYPT’04, Lecture Notes in Computer Science, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Advances in Cryptology—CRYPTO’01, Lecture Notes in Computer Science, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM Press, New York (2004)
Brickell E., Camenisch J., Chen L.: Direct anonymous attestation in context. In: Mitchell, C. (eds) Chapter 5 of Trusted Computing, pp. 143–174. IEE, London (2005)
Brickell, E., Chen, L., Li, J.: A new direct anonymous attestation scheme from bilinear maps. In: Trusted Computing—Challenges and Applications—TRUST 2008, Lecture Notes in Computer Science, vol. 4968, pp. 166–178. Springer, Heidelberg (2008)
Brickell, E., Li, J.: Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. In: Proceedings of the Sixth ACM Workshop on Privacy in the Electronic Society. ACM Press, New York (2007)
Brickell, E.F., Chaum, D., Damgård, I., van de Graaf, J.: Gradual and verifiable release of a secret. In: Advances in Cryptology—CRYPTO’87, Lecture Notes in Computer Science, vol. 293, pp. 156–166. Springer, Heidelberg (1987)
Camenisch, J., Groth, J.: Group signatures: Better efficiency and new theoretical aspects. In: Blundo, C., Cimato, S. (eds.) Proceedings of Forth International Conference on Security in Communication Networks, SCN 2004, Lecture Notes in Computer Science, vol. 3352, pp. 122–135. Springer, Heidelberg (2005)
Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Proceedings of the Third Conference on Security in Communication Networks, Lecture Notes in Computer Science, vol. 2576, pp. 268–289. Springer, Heidelberg (2002)
Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Advances in Cryptology—CRYPTO’04, Lecture Notes in Computer Science, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)
Camenisch, J., Michels, M.: Separability and efficiency for generic group signature schemes. In: In Advances in Cryptology—CRYPTO’99, Lecture Notes in Computer Science, vol. 1666, pp. 413–430. Springer, Heidelberg (1999)
Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Advances in Cryptology—CRYPTO’03, Lecture Notes in Computer Science, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)
Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Advances in Cryptology—CRYPTO’97, Lecture Notes in Computer Science, vol. 1296, pp. 410–424. Springer, Heidelberg (1997)
Canetti R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
Chaum, D.: Zero-knowledge undeniable signatures. In: Advances in Cryptology—EUROCRYPT’90, Lecture Notes in Computer Science, vol. 473, pp. 458–464. Springer, Heidelberg (1990)
Chaum, D., Evertse, J.H., van de Graaf, J.: An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In: Advances in Cryptology—EUROCRYPT’87, Lecture Notes in Computer Science, vol. 304, pp. 127–141. Springer, Heidelberg (1987)
Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Advances in Cryptology—CRYPTO’92, Lecture Notes in Computer Science, vol. 740, pp. 89–105. Springer, Heidelberg (1992)
Chen, L., Morrissey, P., Smart, N.P.: On proofs of security of DAA schemes. In: Proceedings of the Second International Conference on Provable Security—ProvSec 2008, Lecture Notes in Computer Science, vol. 5324, pp. 167–175. Springer, Heidelberg (2008)
Chen, L., Morrissey, P., Smart, N.P.: Pairings in trusted computing. In: Proceedings of the Second International Conference on Pairing-Based Cryptography, Lecture Notes in Computer Science, vol. 5209, pp. 1–17. Springer, Heidelberg (2008)
Damgård, I., Fujisaki, E.: An integer commitment scheme based on groups with hidden order. In: Advances in Cryptology—ASIACRYPT’02, Lecture Notes in Computer Science, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)
Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Advances in Cryptology—CRYPTO’86, Lecture Notes in Computer Science, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Advances in Cryptology—CRYPTO’97, Lecture Notes in Computer Science, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)
Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Proceedings of the Fifth International Symposium on Algorithmic Number Theory, Lecture Notes of Computer Science, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)
Ge, H., Tate, S.R.: A direct anonymous attestation scheme for embedded devices. In: Proceedings of Public Key Cryptography—PKC 2007, Lecture Notes in Computer Science, vol. 4450. Springer, Heidelberg (2007)
Leung, A., Chen, L., Mitchell, C.J.: On a possible privacy flaw in direct anonymous attestation (DAA). In: Trusted Computing—Challenges and Applications—TRUST 2008, Lecture Notes in Computer Science, vol. 4968, pp. 179–190. Springer, Heidelberg (2008)
Leung, A., Mitchell, C.J.: Ninja: Non identity based, privacy preserving authentication for ubiquitous environments. In: Proceedings of Ninth International Conference on Ubiquitous Computing, Lecture Notes in Computer Science, vol. 4717, pp. 73–90. Springer, Heidelberg (2007)
Lynn, B.: On the implementation of pairing-based cryptosystems. PhD. thesis, Stanford University, Stanford (2007)
Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Proceedings of the Sixth Workshop on Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 1758, pp. 184–199. Springer, Heidelberg (1999)
Menezes, A., Vanstone, S., Okamoto, T.: Reducing elliptic curve logarithms to logarithms in a finite field. In: Proceedings of the 23rd annual ACM Symposium on Theory of Computing (STOC), pp. 80–89. ACM Press, New York (1991)
Pashalidis A., Mitchell C.J.: Single sign-on using TCG-conformant platforms. In: Mitchell, C. (eds) Trusted Computing, Chap 6, pp. 175–193. IEE, London (2005)
Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 184–200. IEEE Computer Society Press (2001)
Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Advances in Cryptology—EUROCRYPT’96, Lecture Notes in Computer Science, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)
Rudolph, C.: Covert identity information in direct anonymous attestation (DAA). In: Proceedings of the 22nd IFIP TC-11 International Information Security Conference (SEC2007), IFIP International Federation for Information Processing, vol. 232, pp. 443–448. Springer, Boston (2007)
Schnorr C.P.: Efficient identification and signatures for smart cards. J. Cryptol. 4(3), 161–174 (1991)
Smyth, B., Chen, L., Ryan, M.: Direct anonymous attestation (DAA): ensuring privacy with corrupt administrators. In: Stajano, F. (ed.) Proceedings of Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS 2007), Lecture Notes in Computer Science, vol. 4572, pp. 218–231. Springer, Heidelberg (2007)
Trusted Computing Group: TCG TPM specification 1.2 (2003). Available at http://www.trustedcomputinggroup.org
Trusted Computing Group website: http://www.trustedcomputinggroup.org
Author information
Authors and Affiliations
Corresponding author
About this article
Cite this article
Brickell, E., Chen, L. & Li, J. Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. Int. J. Inf. Secur. 8, 315–330 (2009). https://doi.org/10.1007/s10207-009-0076-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-009-0076-3