eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2018/290

Direct Anonymous Attestation with Efficient Verifier-Local Revocation for Subscription System

Vireshwar Kumar, He Li, Noah Luther, Pranav Asokan, Jung-Min (Jerry) Park, Kaigui Bian, Martin B. H. Weiss, and Taieb Znati


In an anonymous subscription system (ASS), a subscribed user (SU) is able to access the services of a service provider without having to reveal its true identity. For a SU computing platform that is compliant with the Trusted Platform Module (TPM) standard, direct anonymous attestation (DAA) is an appropriate cryptographic protocol for realizing ASS, since DAA enables privacy-preserving authentication of the SU platform. This approach takes advantage of a cryptographic key that is securely embedded in the platform's hardware. Although the computing industry and academia have made significant strides in developing secure and sound DAA schemes, these schemes share a common drawback that may act as a major obstacle to their widespread deployment. In all of the existing schemes, the SU suffers from significant computational and communication costs that increase proportionally to the size of the revocation list. This drawback renders the existing schemes to be impractical when the size of the revocation list grows beyond a relatively modest size. In this paper, we propose a novel scheme called Lightweight Anonymous Subscription with Efficient Revocation (LASER) that addresses this very problem. In LASER, the computational and communication costs of the SU's signature are multiple orders of magnitude lower than the prior art. LASER achieves this significant performance improvement by shifting most of the computational and communication costs from the DAA's online procedure (i.e., signature generation) to its offline procedure (i.e., acquisition of keys/credentials). We have conducted a thorough analysis of LASER's performance-related features and compared the findings to the prior art. We have also conducted a comprehensive evaluation of LASER by implementing it on a laptop platform with an on-board TPM. To the best of our knowledge, the results presented in this paper represent the first implementation and analysis of a scheme using an actual TPM cryptoprocessor that is compliant with the most recent TPM specification version 2.0. We have thoroughly analyzed the security of LASER in the random oracle model.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. 2018 ACM Asia Conference on Computer and Communications Security
Contact author(s)
viresh @ vt edu
2018-03-30: revised
2018-03-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Vireshwar Kumar and He Li and Noah Luther and Pranav Asokan and Jung-Min (Jerry) Park and Kaigui Bian and Martin B.  H.  Weiss and Taieb Znati},
      title = {Direct Anonymous Attestation with Efficient Verifier-Local Revocation for Subscription System},
      howpublished = {Cryptology ePrint Archive, Paper 2018/290},
      year = {2018},
      doi = {10.1145/3196494.3196497},
      note = {\url{https://eprint.iacr.org/2018/290}},
      url = {https://eprint.iacr.org/2018/290}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.