Paper 2020/1450
Subversion-Resilient Enhanced Privacy ID
Abstract
Anonymous attestation for secure hardware platforms leverages tailored group signature schemes and assumes the hardware to be trusted. Yet, there is an ever increasing concern on the trustworthiness of hardware components and embedded systems. A subverted hardware may, for example, use its signatures to exfiltrate identifying information or even the signing key. In this paper we focus on Enhanced Privacy ID (EPID)---a popular anonymous attestation scheme used in commodity secure hardware platforms like Intel SGX. We define and instantiate a \emph{subversion resilient} EPID scheme (or SR-EPID). In a nutshell, SR-EPID provides the same functionality and security guarantees of the original EPID, despite potentially subverted hardware. In our design, a ``sanitizer'' ensures no covert channel between the hardware and the outside world both during enrollment and during attestation (i.e., when signatures are produced). We design a practical SR-EPID scheme secure against adaptive corruptions and based on a novel combination of malleable NIZKs and hash functions modeled as random oracles. Our approach has a number of advantages over alternative designs. Namely, the sanitizer bears no secret information---hence, a memory leak does not erode security. Further, the role of sanitizer may be distributed in a cascade fashion among several parties so that sanitization becomes effective as long as one of the parties has access to a good source of randomness. Also, we keep the signing protocol non-interactive, thereby minimizing latency during signature generation.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. CT-RSA 2022
- Keywords
- Groth-Sahai subversion EPID group signatures pairing-based cryptography
- Contact author(s)
-
faonio @ eurecom fr
dario fiore @ imdea org
luca @ protocol ai
claudio soriente @ neclab eu - History
- 2022-05-27: revised
- 2020-11-19: received
- See all versions
- Short URL
- https://ia.cr/2020/1450
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1450, author = {Antonio Faonio and Dario Fiore and Luca Nizzardo and Claudio Soriente}, title = {Subversion-Resilient Enhanced Privacy {ID}}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/1450}, year = {2020}, url = {https://eprint.iacr.org/2020/1450} }