Paper 2015/1246

Universally Composable Direct Anonymous Attestation

Jan Camenisch, Manu Drijvers, and Anja Lehmann


Direct Anonymous Attestation (DAA) is one of the most complex cryptographic algorithms that has been deployed in practice. In spite of this, and the long body of work on the subject, there is still no fully satisfactory security definition for DAA. This was already acknowledged by Bernard et al. (IJIC'13) who showed that in existing models even fully insecure protocols may be deemed secure. Bernard et al. therefore proposed an extensive set of security games, which however aimed only at a simplified setting, termed pre-DAA. In pre-DAA the host platform that runs the TPM is assumed to be trusted too. Consequently, their notion does not guarantee any security if the TPM is embedded in a potentially corrupt host, which is a significant restriction. In this paper, we give a comprehensive security definition for full DAA in the form of an ideal functionality in the Universal Composability model. Our definition considers the host and TPM to be individual entities that can be in different corruption states. None of the existing DAA schemes immediately satisfies our strong security notion, and we therefore also propose a realization that is based on a DAA scheme supported by the TPM 2.0 standard and rigorously prove it secure in our model.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in PKC 2016
Contact author(s)
mdr @ zurich ibm com
2016-06-10: revised
2016-01-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and Manu Drijvers and Anja Lehmann},
      title = {Universally Composable Direct Anonymous Attestation},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1246},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.