Paper 2018/1128

Direct Anonymous Attestation with Optimal TPM Signing Efficiency

Kang Yang, Liqun Chen, Zhenfeng Zhang, Christopher J. P. Newton, Bo Yang, and Li Xi

Abstract

Direct Anonymous Attestation (DAA) is an anonymous signature scheme, which allows the Trusted Platform Module (TPM), a small chip embedded in a host computer, to attest to the state of the host system, while preserving the privacy of the user. DAA provides two signature modes: fully anonymous signatures and pseudonymous signatures. One main goal of designing DAA schemes is to reduce the TPM signing workload as much as possible, as the TPM has only limited resources. In an optimal DAA scheme, the signing workload on the TPM will be no more than that required for a normal signature like ECSchnorr. To date, no scheme has achieved the optimal signing efficiency for both signature modes. In this paper, we propose the first DAA scheme which achieves the optimal TPM signing efficiency for both signature modes. In this scheme, the TPM takes only a single exponentiation to generate a signature, and this single exponentiation can be pre-computed. Our scheme can be implemented using the existing TPM 2.0 commands, and thus is compatible with the TPM 2.0 specification. We benchmarked the TPM 2.0 commands needed for three DAA use cases on an Infineon TPM 2.0 chip, and also implemented the host signing and verification algorithm for our scheme on a laptop with 1.80GHz Intel Core i7-8550U CPU. Our experimental results show that our DAA scheme obtains a total signing time of about 144 ms for either of two signature modes (compared to an online signing time of about 65 ms). Based on our benchmark results for the pseudonymous signature mode, our scheme is roughly 2x (resp., 5x) faster than the existing DAA schemes supported by TPM 2.0 in terms of total (resp., online) signing efficiency. In addition, our DAA scheme supports selective attribute disclosure, which can satisfy more application require- ments. We also extend our DAA scheme to support signature-based revocation and to guarantee privacy against subverted TPMs. The two extended DAA schemes keep the TPM signing efficiency optimal for both of two signa- ture modes, and outperform existing related schemes in terms of signing performance.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. IEEE Transactions on Information Forensics & Security (TIFS)
Keywords
Direct anonymous attestationTPM 2.0 implementationAnonymous signaturesProvable security
Contact author(s)
yangk @ sklc org
History
2021-07-11: last of 7 revisions
2018-11-29: received
See all versions
Short URL
https://ia.cr/2018/1128
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1128,
      author = {Kang Yang and Liqun Chen and Zhenfeng Zhang and Christopher J. P.  Newton and Bo Yang and Li Xi},
      title = {Direct Anonymous Attestation with Optimal {TPM} Signing Efficiency},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/1128},
      year = {2018},
      url = {https://eprint.iacr.org/2018/1128}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.