Direct Anonymous Attestation

Ernie Brickell, Jan Camenisch, and Liqun Chen

Abstract

This paper describes the direct anonymous attestation scheme (DAA). This scheme was adopted by the Trusted Computing Group as the method for remote authentication of a hardware module, called trusted platform module (TPM), while preserving the privacy of the user of the platform that contains the module. Direct anonymous attestation can be seen as a group signature without the feature that a signature can be opened, i.e., the anonymity is not revocable. Moreover, DAA allows for pseudonyms, i.e., for each signature a user (in agreement with the recipient of the signature) can decide whether or not the signature should be linkable to another signature. DAA furthermore allows for detection of known'' keys: if the DAA secret keys are extracted from a TPM and published, a verifier can detect that a signature was produced using these secret keys. The scheme is provably secure in the random oracle model under the strong RSA and the decisional Diffie-Hellman assumption.

Available format(s)
Category
Cryptographic protocols
Publication info
Published elsewhere. Full version of ACM CCS 04 paper.
Keywords
digital signaturesprivacygroup signatures
Contact author(s)
jca @ zurich ibm com
History
Short URL
https://ia.cr/2004/205

CC BY

BibTeX

@misc{cryptoeprint:2004/205,
author = {Ernie Brickell and Jan Camenisch and Liqun Chen},
title = {Direct Anonymous Attestation},
howpublished = {Cryptology ePrint Archive, Paper 2004/205},
year = {2004},
note = {\url{https://eprint.iacr.org/2004/205}},
url = {https://eprint.iacr.org/2004/205}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.