Cryptology ePrint Archive: Report 2018/401

Lattice-based Direct Anonymous Attestation (LDAA)

Nada EL Kassem and Liqun Chen and Rachid El Bansarkhani and Ali El Kaafarani and Jan Camenisch and Patrick Hough and Paulo Martins and Leonel Sousa

Abstract: The Cloud-Edges (CE) framework, wherein small groups of Internet of Things(IoT) devices are serviced by local edge devices, enables a more scalable solution to IoT networks. The trustworthiness of the network may be ensured with Trusted Platform Modules (TPMs). This small hardware chip is capable of measuring and reporting a representation of the state of an IoT device. When connecting to a network, the IoT platform might have its state signed by the TPM in an anonymous way to prove both its genuineness and secure state through the Direct Anonymous Attestation (DAA) protocol. Currently standardised DAA schemes have their security supported on the factoring and discrete logarithm problems. Should a quantum-computer become available in the next few decades, these schemes will be broken. There is therefore a need to start developing a post-quantum DAA protocol. This paper presents a Lattice-based DAA (LDAA) scheme to meet this requirement. The security of this scheme is proved in the Universally Composable (UC) security model under the hardness assumptions of the Ring Inhomogeneous Short Integer Solution (Ring-ISIS) and Ring Learning With Errors (Ring-LWE) problems. Compared to the only other post-quantum DAA scheme available in related art, the storage requirements of the TPM are reduced twofold and the signature sizes 5 times. Moreover, experimental results show that the signing and verification operations are accelerated 1.1 and 2.0 times, respectively.

Category / Keywords: Lattice based Cryptography, Direct Anonymous Attestation, Universally Composable Security Model

Date: received 1 May 2018, last revised 17 Jan 2019

Contact author: n elkassem at surrey ac uk

Available format(s): PDF | BibTeX Citation

Version: 20190117:210204 (All versions of this report)

Short URL: ia.cr/2018/401


[ Cryptology ePrint archive ]