Direct Anonymous Attestation - a Signature Scheme Designed for
TCG
Liqun Chen
HP Labs, Bristol
This talk will give an introduction to a signature scheme
called DAA (direct anonymous attestation) which is concerned with both
security and privacy issues. A DAA signature convinces a verifier that
the corresponding message was signed by a qualified signer. It does this
without revealing the identity of the signer. Compared with some
existing signature schemes, such as group signatures, ring signatures
etc, this scheme provides a variety of balances between security and
privacy. Users are allowed to choose whether or not a particular
verifier is able to link different signatures from the same signer for
this verifier. The scheme has a security proof in the random oracle
model based on the strong RSA assumption and the decision Diffie-Hellman
assumption.
The scheme was designed for the Trusted Computing Group (TCG), formerly
known as the Trusted Computing Platform Alliance (TCPA). Each TCG
platform has a Trusted Platform Module (TPM). The TPM is a
tamper-resistant piece of hardware. The scheme offers assurance to an
external partner that an attestation came from a genuine TPM without
identifying the TPM. The scheme has been used in TCG TPM specification
version 1.2. This is available at https://www.trustedcomputinggroup.org.
The content of the talk is joint work with Ernie Brickell and Jan
Camenisch.