Paper 2010/454

Key Exchange with Anonymous Authentication using DAA-SIGMA Protocol

Jesse Walker and Jiangtao Li


Anonymous digital signatures such as Direct Anonymous Attestation (DAA) and group signatures have been a fundamental building block for anonymous entity authentication. In this paper, we show how to incorporate DAA schemes into a key exchange protocol between two entities to achieve anonymous authentication and to derive a shared key between them. We propose a modification to the SIGMA key exchange protocol used in the Internet Key Exchange (IKE) standards to support anonymous authentication using DAA. Our key exchange protocol can be also extended to support group signature schemes instead of DAA. We present a secure model for key exchange with anonymous authentication derived from the Canetti-Krawczyk key-exchange security model. We prove that our DAA-SIGMA protocol is secure under our security model.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
privacydirect anonymous attestationanonymous authentication
Contact author(s)
jiangtao li @ intel com
2010-09-03: revised
2010-08-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jesse Walker and Jiangtao Li},
      title = {Key Exchange with Anonymous Authentication using DAA-SIGMA Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2010/454},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.