Paper 2016/663

Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited

Jan Camenisch, Manu Drijvers, and Anja Lehmann

Abstract

Direct Anonymous Attestation (DAA) is a cryptographic protocol for privacy-protecting authentication. It is standardized in the TPM standard and implemented in millions of chips. A variant of DAA is also used in Intel's SGX. Recently, Camenisch et al.~(PKC 2016) demonstrated that existing security models for DAA do not correctly capture all security requirements, and showed a number of flaws in existing schemes based on the LRSW assumption. In this work, we identify flaws in security proofs of a number of qSDH-based DAA schemes and point out that none of the proposed schemes can be proven secure in the recent model by Camenisch et al.~(PKC 2016). We therefore present a new, provably secure DAA scheme that is based on the qSDH assumption. The new scheme is one of the most efficient DAA schemes, with support for DAA extensions to signature-based revocation and attributes. We rigorously prove the scheme secure in the model of Camenisch et al., which we modify to support the extensions. As a side-result of independent interest, we prove that the BBS+ signature scheme is secure in the type-3 pairing setting, allowing for our scheme to be used with the most efficient pairing-friendly curves.

Note: This revision slightly modifies the construction, achieving a more efficient scheme than the original publication.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.Trust and Trustworthy Computing 2016
Keywords
Direct Anonymous AttestationUniversal ComposabilityTrusted Platform Module
Contact author(s)
mdr @ zurich ibm com
History
2017-01-06: last of 3 revisions
2016-06-28: received
See all versions
Short URL
https://ia.cr/2016/663
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/663,
      author = {Jan Camenisch and Manu Drijvers and Anja Lehmann},
      title = {Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2016/663},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/663}},
      url = {https://eprint.iacr.org/2016/663}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.