Cryptology ePrint Archive: Report 2016/663
Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited
Jan Camenisch and Manu Drijvers and Anja Lehmann
Abstract: Direct Anonymous Attestation (DAA) is a cryptographic protocol for privacy-protecting authentication. It is standardized in the TPM standard and implemented in millions of chips. A variant of DAA is also used in Intel's SGX. Recently, Camenisch et al.~(PKC 2016) demonstrated that existing security models for DAA do not correctly capture all security requirements, and showed a number of flaws in existing schemes based on the LRSW assumption. In this work, we identify flaws in security proofs of a number of qSDH-based DAA schemes and point out that none of the proposed schemes can be proven secure in the recent model by Camenisch et al.~(PKC 2016). We therefore present a new, provably secure DAA scheme that is based on the qSDH assumption. The new scheme is one of the most efficient DAA schemes, with support for DAA extensions to signature-based revocation and attributes. We rigorously prove the scheme secure in the model of Camenisch et al., which we modify to support the extensions. As a side-result of independent interest, we prove that the BBS+ signature scheme is secure in the type-3 pairing setting, allowing for our scheme to be used with the most efficient pairing-friendly curves.
Category / Keywords: cryptographic protocols / Direct Anonymous Attestation, Universal Composability, Trusted Platform Module
Original Publication (with major differences): Trust and Trustworthy Computing 2016
Date: received 28 Jun 2016, last revised 6 Jan 2017
Contact author: mdr at zurich ibm com
Available format(s): PDF | BibTeX Citation
Note: This revision slightly modifies the construction, achieving a more efficient scheme than the original publication.
Version: 20170106:132727 (All versions of this report)
Short URL: ia.cr/2016/663
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]