Paper 2016/663

Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited

Jan Camenisch, Manu Drijvers, and Anja Lehmann


Direct Anonymous Attestation (DAA) is a cryptographic protocol for privacy-protecting authentication. It is standardized in the TPM standard and implemented in millions of chips. A variant of DAA is also used in Intel's SGX. Recently, Camenisch et al.~(PKC 2016) demonstrated that existing security models for DAA do not correctly capture all security requirements, and showed a number of flaws in existing schemes based on the LRSW assumption. In this work, we identify flaws in security proofs of a number of qSDH-based DAA schemes and point out that none of the proposed schemes can be proven secure in the recent model by Camenisch et al.~(PKC 2016). We therefore present a new, provably secure DAA scheme that is based on the qSDH assumption. The new scheme is one of the most efficient DAA schemes, with support for DAA extensions to signature-based revocation and attributes. We rigorously prove the scheme secure in the model of Camenisch et al., which we modify to support the extensions. As a side-result of independent interest, we prove that the BBS+ signature scheme is secure in the type-3 pairing setting, allowing for our scheme to be used with the most efficient pairing-friendly curves.

Note: This revision slightly modifies the construction, achieving a more efficient scheme than the original publication.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.Trust and Trustworthy Computing 2016
Direct Anonymous AttestationUniversal ComposabilityTrusted Platform Module
Contact author(s)
mdr @ zurich ibm com
2017-01-06: last of 3 revisions
2016-06-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and Manu Drijvers and Anja Lehmann},
      title = {Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2016/663},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.