Cryptology ePrint Archive: Report 2018/290

Direct Anonymous Attestation with Efficient Verifier-Local Revocation for Subscription System

Vireshwar Kumar and He Li and Noah Luther and Pranav Asokan and Jung-Min (Jerry) Park and Kaigui Bian and Martin B. H. Weiss and Taieb Znati

Abstract: In an anonymous subscription system (ASS), a subscribed user (SU) is able to access the services of a service provider without having to reveal its true identity. For a SU computing platform that is compliant with the Trusted Platform Module (TPM) standard, direct anonymous attestation (DAA) is an appropriate cryptographic protocol for realizing ASS, since DAA enables privacy-preserving authentication of the SU platform. This approach takes advantage of a cryptographic key that is securely embedded in the platform's hardware. Although the computing industry and academia have made significant strides in developing secure and sound DAA schemes, these schemes share a common drawback that may act as a major obstacle to their widespread deployment. In all of the existing schemes, the SU suffers from significant computational and communication costs that increase proportionally to the size of the revocation list. This drawback renders the existing schemes to be impractical when the size of the revocation list grows beyond a relatively modest size. In this paper, we propose a novel scheme called Lightweight Anonymous Subscription with Efficient Revocation (LASER) that addresses this very problem. In LASER, the computational and communication costs of the SU's signature are multiple orders of magnitude lower than the prior art. LASER achieves this significant performance improvement by shifting most of the computational and communication costs from the DAA's online procedure (i.e., signature generation) to its offline procedure (i.e., acquisition of keys/credentials). We have conducted a thorough analysis of LASER's performance-related features and compared the findings to the prior art. We have also conducted a comprehensive evaluation of LASER by implementing it on a laptop platform with an on-board TPM. To the best of our knowledge, the results presented in this paper represent the first implementation and analysis of a scheme using an actual TPM cryptoprocessor that is compliant with the most recent TPM specification version 2.0. We have thoroughly analyzed the security of LASER in the random oracle model.

Category / Keywords: cryptographic protocols / anonymity

Original Publication (with major differences): 2018 ACM Asia Conference on Computer and Communications Security

Date: received 24 Mar 2018, last revised 29 Mar 2018

Contact author: viresh at vt edu

Available format(s): PDF | BibTeX Citation

Version: 20180330:012756 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]