skip to main content
10.1145/1030083.1030103acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Direct anonymous attestation

Published: 25 October 2004 Publication History
  • Get Citation Alerts
  • Abstract

    This paper describes the direct anonymous attestation scheme (DAA). This scheme was adopted by the Trusted Computing Group (TCG) as the method for remote authentication of a hardware module, called Trusted Platform Module (TPM), while preserving the privacy of the user of the platform that contains the module. DAA can be seen as a group signature without the feature that a signature can be opened, i.e., the anonymity is not revocable. Moreover, DAA allows for pseudonyms, i.e., for each signature a user (in agreement with the recipient of the signature) can decide whether or not the signature should be linkable to another signature. DAA furthermore allows for detection of "known" keys: if the DAA secret keys are extracted from a TPM and published, a verifier can detect that a signature was produced using these secret keys. The scheme is provably secure in the random oracle model under the strong RSA and the decisional Diffie-Hellman assumption.

    References

    [1]
    G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik. A practical and provably secure coalition-resistant group signature scheme. In M. Bellare, editor, Advances in Cryptology --- CRYPTO2000, volume 1880 of LNCS, pages 255--270. Springer Verlag, 2000.]]
    [2]
    M. Bellare, J. A. Garay, and T. Rabin. Fast batch verification for modular exponentiation and digital signatures. In K. Nyberg, editor, Advances in Cryptology --- EUROCRYPT '98, volume 1403 of LNCS, pages 236--250. Springer Verlag, 1998.]]
    [3]
    D. Boneh, E. Brickell, L. Chen, and H. Shacham. Set signatures. Manuscript, 2003.]]
    [4]
    F. Boudot. Efficient proofs that a committed number lies in an interval. In B. Preneel, editor, Advances in Cryptology --- EUROCRYPT 2000, volume 1807 of LNCS, pages 431--444. Springer Verlag, 2000.]]
    [5]
    E. Brickell. An efficient protocol for anonymously providing assurance of the container of a private key. Submitted to the Trusted Computing Group, Apr. 2003.]]
    [6]
    E. F. Brickell, D. Chaum, I. B. Damgård, and J. van de Graaf. Gradual and verifiable release of a secret. In C. Pomerance, editor, Advances in Cryptology --- CRYPTO '87, volume 293 of LNCS, pages 156--166. Springer-Verlag, 1988.]]
    [7]
    J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In B. Pfitzmann, editor, Advances in Cryptology --- EUROCRYPT 2001, volume 2045 of LNCS, pages 93--118. Springer Verlag, 2001.]]
    [8]
    J. Camenisch and A. Lysyanskaya. Dynamic accumulators and application to efficient revocation of anonymous credentials. In M. Yung, editor, Advances in Cryptology --- CRYPTO 2002, volume 2442 of LNCS, pages 61--76. Springer Verlag, 2002.]]
    [9]
    J. Camenisch and A. Lysyanskaya. A signature scheme with efficient protocols. In S. Cimato, C. Galdi, and G. Persiano, editors, Security in Communication Networks, Third International Conference, SCN 2002, volume 2576 of LNCS, pages 268--289. Springer Verlag, 2003.]]
    [10]
    J. Camenisch and M. Michels. A group signature scheme with improved efficiency. In K. Ohta and D. Pei, editors, Advances in Cryptology --- ASIACRYPT '98, volume 1514 of LNCS, pages 160--174. Springer Verlag, 1998.]]
    [11]
    J. Camenisch and M. Michels. Proving in zero-knowledge that a number $n$ is the product of two safe primes. In J. Stern, editor, Advances in Cryptology --- EUROCRYPT '99, volume 1592 of LNCS, pages 107--122. Springer Verlag, 1999.]]
    [12]
    J. Camenisch and M. Michels. Separability and efficiency for generic group signature schemes. In M. Wiener, editor, Advances in Cryptology --- CRYPTO '99, volume 1666 of LNCS, pages 413--430. Springer Verlag, 1999.]]
    [13]
    J. Camenisch and V. Shoup. Practical verifiable encryption and decryption of discrete logarithms. In D. Boneh, editor, Advances in Cryptology --- CRYPTO 2003, volume 2729 of LNCS, pages 126--144, 2003.]]
    [14]
    J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In B. Kaliski, editor, Advances in Cryptology --- CRYPTO '97, volume 1296 of LNCS, pages 410--424. Springer Verlag, 1997.]]
    [15]
    R. Canetti. Studies in Secure Multiparty Computation and Applications. PhD thesis, Weizmann Institute of Science, Rehovot 76100, Israel, June 1995.]]
    [16]
    R. Canetti. Security and composition of multi-party cryptographic protocols. Journal of Cryptology, 13(1):143--202, 2000.]]
    [17]
    D. Chaum. Blind signatures for untraceable payments. In D. Chaum, R. L. Rivest, and A. T. Sherman, editors, Advances in Cryptology --- Proceedings of CRYPTO '82, pages 199--203. Plenum Press, 1983.]]
    [18]
    D. Chaum. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28(10):1030--1044, Oct. 1985.]]
    [19]
    D. Chaum. Zero-knowledge undeniable signatures. In I. B. Damgard, editor, Advances in Cryptology --- EUROCRYPT '90, volume 473 of LNCS, pages 458--464. Springer-Verlag, 1991.]]
    [20]
    D. Chaum, J.-H. Evertse, and J. van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In D. Chaum and W. L. Price, editors, Advances in Cryptology ---EUROCRYPT '87, volume 304 of LNCS, pages 127--141. Springer-Verlag, 1988.]]
    [21]
    D. Chaum and T. P. Pedersen. Wallet databases with observers. In E. F. Brickell, editor, Advances in Cryptology --- CRYPTO'92, volume 740 of LNCS, pages 89--105. Springer-Verlag, 1993.]]
    [22]
    D. Chaum and E. van Heyst. Group signatures. In D. W. Davies, editor, Advances in Cryptology --- EUROCRYPT '91, volume 547 of LNCS, pages 257--265. Springer-Verlag, 1991.]]
    [23]
    R. Cramer and V. Shoup. Signature schemes based on the strong RSA assumption. ACM Transactions on Information and System Security, 3(3):161--185, 2000.]]
    [24]
    I. Damgård and M. Koprowski. Practical threshold RSA signatures without a trusted dealer. In B. Pfitzmann, editor, Advances in Cryptology --- EUROCRYPT 2001, volume 2045 of LNCS, pages 152--165. Springer Verlag, 2001.]]
    [25]
    A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. M. Odlyzko, editor, Advances in Cryptology --- CRYPTO '86, volume 263 of LNCS, pages 186--194. Springer Verlag, 1987.]]
    [26]
    E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In B. Kaliski, editor, Advances in Cryptology --- CRYPTO '97, volume 1294 of LNCS, pages 16--30. Springer Verlag, 1997.]]
    [27]
    R. Gennaro, S. Halevi, and T. Rabin. Secure hash-and-sign signatures without the random oracle. In J. Stern, editor, Advances in Cryptology --- EUROCRYPT '99, volume 1592 of LNCS, pages 123--139. Springer Verlag, 1999.]]
    [28]
    S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281--308, Apr. 1988.]]
    [29]
    J. Kilian and E. Petrank. Identity escrow. In H. Krawczyk, editor, Advances in Cryptology --- CRYPTO '98, volume 1642 of LNCS, pages 169--185, Berlin, 1998. Springer Verlag.]]
    [30]
    A. K. Lenstra and E. K. Verheul. Selecting cryptographic key sizes. Journal of Cryptology, 14(4):255--293, 2001.]]
    [31]
    A. Lysyanskaya. Signature schemes and applications to cryptographic protocol design. PhD thesis, Massachusetts Institute of Technology, Cambridge, Massachusetts, Sept. 2002.]]
    [32]
    B. Pfitzmann and M. Waidner. Composition and integrity preservation of secure reactive systems. In Proc. 7th ACM Conference on Computer and Communications Security, pages 245--254. ACM press, Nov. 2000.]]
    [33]
    B. Pfitzmann and M. Waidner. A model for asynchronous reactive systems and its application to secure message transmission. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 184--200. IEEE Computer Society, IEEE Computer Society Press, 2001.]]
    [34]
    D. Pointcheval and J. Stern. Security proofs for signature schemes. In U. Maurer, editor, Advances in Cryptology --- EUROCRYPT '96, volume 1070 of LNCS, pages 387--398. Springer Verlag, 1996.]]
    [35]
    Trusted Computing Group. Trusted computing platform alliance (TCPA) main specification, version 1.1a. Republished as Trusted Computing Group (TCG) main specifcation, Version 1.1b, Available at www.trustedcomputinggroup.org, 2001.]]
    [36]
    Trusted Computing Group. TCG TPM specification 1.2. Available at www.trustedcomputinggroup.org, 2003.]]
    [37]
    Trusted Computing Group website. www.trustedcomputinggroup.org.]]

    Cited By

    View all
    • (2024)Extent of spending behavior, problems encountered, and financial knowledge across generational cohorts among state universities and colleges employeesInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2024.02.02411:2(230-237)Online publication date: Feb-2024
    • (2024)Secure and Lightweight Vehicular Privacy Preservation Scheme Under Fog Computing-Based IoVsIEEE Transactions on Intelligent Vehicles10.1109/TIV.2023.33033129:2(4115-4129)Online publication date: Feb-2024
    • (2024)Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat IntelligenceIEEE Transactions on Engineering Management10.1109/TEM.2023.3279274(1-20)Online publication date: 2024
    • Show More Cited By

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '04: Proceedings of the 11th ACM conference on Computer and communications security
    October 2004
    376 pages
    ISBN:1581139616
    DOI:10.1145/1030083
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 25 October 2004

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. anonymous credential systems
    2. cryptographic protocols
    3. integrity based computing
    4. privacy
    5. trusted computing

    Qualifiers

    • Article

    Conference

    CCS04
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '24
    ACM SIGSAC Conference on Computer and Communications Security
    October 14 - 18, 2024
    Salt Lake City , UT , USA

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)139
    • Downloads (Last 6 weeks)14

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Extent of spending behavior, problems encountered, and financial knowledge across generational cohorts among state universities and colleges employeesInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2024.02.02411:2(230-237)Online publication date: Feb-2024
    • (2024)Secure and Lightweight Vehicular Privacy Preservation Scheme Under Fog Computing-Based IoVsIEEE Transactions on Intelligent Vehicles10.1109/TIV.2023.33033129:2(4115-4129)Online publication date: Feb-2024
    • (2024)Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat IntelligenceIEEE Transactions on Engineering Management10.1109/TEM.2023.3279274(1-20)Online publication date: 2024
    • (2024)Formal Specification and Verification of Architecturally-Defined Attestation Mechanisms in Arm CCA and Intel TDXIEEE Access10.1109/ACCESS.2023.334650112(361-381)Online publication date: 2024
    • (2024)A novel architecture to virtualise a hardware-bound trusted platform moduleFuture Generation Computer Systems10.1016/j.future.2023.08.012150:C(21-36)Online publication date: 1-Jan-2024
    • (2024)A blockchain-based platform for decentralized trusted computingPeer-to-Peer Networking and Applications10.1007/s12083-024-01668-017:3(1499-1513)Online publication date: 2-Mar-2024
    • (2024)A New Hash-Based Enhanced Privacy ID Signature SchemePost-Quantum Cryptography10.1007/978-3-031-62743-9_2(37-71)Online publication date: 11-Jun-2024
    • (2024)Breaking Parallel ROS: Implication for Isogeny and Lattice-Based Blind SignaturesPublic-Key Cryptography – PKC 202410.1007/978-3-031-57718-5_11(319-351)Online publication date: 13-Apr-2024
    • (2024)Towards a Privacy-Preserving Attestation for Virtualized NetworksComputer Security – ESORICS 202310.1007/978-3-031-51482-1_18(351-370)Online publication date: 11-Jan-2024
    • (2023)Securing an Authenticated Privacy Preserving Protocol in a Group Signature Scheme Based on a Group RingMathematics10.3390/math1118391811:18(3918)Online publication date: 14-Sep-2023
    • Show More Cited By

    View Options

    Get Access

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media