Paper 2008/104

Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings

Ernie Brickell, Liqun Chen, and Jiangtao Li


Direct Anonymous Attestation (DAA) is a cryptographic mechanism that enables remote authentication of a user while preserving privacy under the user's control. The DAA scheme developed by Brickell, Camenisch, and Chen has been adopted by the Trust Computing Group (TCG) for remote anonymous attestation of Trusted Platform Module (TPM), a small hardware device with limited storage space and communication capability. In this paper, we provide two contributions to DAA. We first introduce simplified security notions of DAA including the formal definitions of user controlled anonymity and traceability. We then propose a new DAA scheme from elliptic curve cryptography and bilinear maps. The lengths of private keys and signatures in our scheme are much shorter than the lengths in the original DAA scheme, with a similar level of security and computational complexity. Our scheme builds upon the Camenisch-Lysyanskaya signature scheme and is efficient and provably secure in the random oracle model under the LRSW (stands for Lysyanskaya, Rivest, Sahai and Wolf) assumption and the decisional Bilinear Diffie-Hellman assumption.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
direct anonymous attestationtrusted computinguser-controlled-anonymityuser-controlled-traceabilitybilinear maps.
Contact author(s)
liqun chen @ hp com
2008-03-12: received
Short URL
Creative Commons Attribution


      author = {Ernie Brickell and Liqun Chen and Jiangtao Li},
      title = {Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings},
      howpublished = {Cryptology ePrint Archive, Paper 2008/104},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.