Abstract
Direct Anonymous Attestation (DAA) was designed for the Trusted Platform Module (TPM) and versions using RSA and elliptic curve cryptography have been included in the TPM specifications and in ISO/IEC standards. These standardised DAA schemes have their security based on the factoring or discrete logarithm problems and are therefore insecure against quantum attackers. Research into quantum-resistant DAA has resulted in several lattice-based schemes. Now in this paper, we propose the first post-quantum DAA scheme from symmetric primitives. We make use of a hash-based signature scheme, which is a slight modification of SPHINCS+, as a DAA credential. A DAA signature, proving the possession of such a credential, is a multiparty computation-based non-interactive zero-knowledge proof. The security of our scheme is proved under the Universal Composability (UC) model. While maintaining all the security properties required for a DAA scheme, we try to make the TPM’s workload as low as possible. Our DAA scheme can handle a large group size (up to \(2^{60}\) group members), which meets the requirements of rapidly developing TPM applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
It is an open problem for creating a validation check on keyRL that doesn’t take O(N) time, where N is the size of the list.
References
Bansarkhani, R.E., Kaafarani, A.E.: Direct anonymous attestation from lattices. IACR Cryptology ePrint Archive 2017, 1022 (2017)
Baum, C., de Saint Guilhem, C.D., Kales, D., Orsini, E., Scholl, P., Zaverucha, G.: Banquet: short and fast signatures from AES. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 266–297. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75245-3_11
Bernstein, D.J., Hülsing, A., Kölbl, S., Niederhagen, R., Rijneveld, J., Schwabe, P.: The SPHINCS\({}^{+}\) signature framework. In: ACM CCS, pp. 2129–2146 (2019)
Bhadauria, R., Fang, Z., Hazay, C., Venkitasubramaniam, M., Xie, T., Zhang, Y.: Ligero++: a new optimized sublinear IOP. In: ACM CCS, pp. 2025–2038 (2020)
Boneh, D., Eskandarian, S., Fisch, B.: Post-quantum EPID signatures from symmetric primitives. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 251–271. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_13
Boyen, X.: Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 499–517. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13013-7_29
Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM CCS, pp. 132–145 (2004)
Brickell, E., Chen, L., Li, J.: A new direct anonymous attestation scheme from bilinear maps. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 166–178. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68979-9_13
Brickell, E., Chen, L., Li, J.: Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. Int. J. Inf. Secur. 8, 315–300 (2009)
Brickell, E., Li, J.: A pairing-based DAA scheme further reducing TPM resources. Trust 6101, 181–195 (2010)
Brickell, E., Li, J.: Enhanced privacy ID: a direct anonymous attestation scheme with enhanced revocation capabilities. IEEE Trans. Dependable Secur. Comput. 9(3), 345–360 (2012)
Buser, M., Liu, J.K., Steinfeld, R., Sakzad, A., Sun, S.-F.: DGM: a dynamic and revocable group Merkle signature. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 194–214. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_10
Camenisch, J., Chen, L., Drijvers, M., Lehmann, A., Novick, D., Urian, R.: One TPM to bind them all: fixing TPM 2.0 for provably secure anonymous attestation. In: IEEE S&P, pp. 901–920 (2017)
Camenisch, J., Drijvers, M., Edgington, A., Lehmann, T.A., Urian, R.: FIDO ECDAA algorithm (2018). http://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html
Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45572-3_1
Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 234–264. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49387-8_10
Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation with subverted TPMs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 427–461. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_15
Casey, M., Chen, L., Giannetsos, T., Newton, C., Sasse, R., Whitefield, J.: Direct anonymous attestation in the wild. Presentation at Real World Crypto (2019). https://rwc.iacr.org/2019/slides/DAA.pdf
Chase, M., et al.: The Picnic signature scheme design document (2020). https://microsoft.github.io/Picnic/
Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: ACM CCS, pp. 1825–1842 (2017)
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_22
Chen, L., Tu, T., Yu, K., Zhao, M., Wang, Y.: V-LDAA: a new lattice-based direct anonymous attestation scheme for VANETs system. Secur. Commun. Netw. 2021, 1–13 (2021)
Chen, L.: A DAA scheme requiring less TPM resources. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 350–365. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16342-5_26
Chen, L., El Kassem, N., Lehmann, A., Lyubashevsky, V.: A framework for efficient lattice-based DAA. In: Proceedings of the 1st ACM Workshop on Cyber-Security Arms Race, pp. 23–34 (2019)
Chen, L., El Kassem, N., Newton, C.J.: How to bind a TPM’s attestation keys with its endorsement key. Comput. J. bxad037 (2023)
Chen, L., Li, J.: Flexible and scalable digital signatures in TPM 2.0. In: ACM CCS, pp. 37–48 (2013)
Chen, L., Morrissey, P., Smart, N.P.: On proofs of security for DAA schemes. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 156–175. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88733-1_11
Chen, L., Page, D., Smart, N.P.: On the design and implementation of an efficient DAA scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12510-2_16
Chen, L., Urian, R.: DAA-A: direct anonymous attestation with attributes. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 228–245. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22846-4_14
Dai, Y., Zhang, F., Zhao, C.A.: Fast hashing to \(G_2\) in direct anonymous attestation. Cryptology ePrint Archive (2022/996)
Dobraunig, C., Kales, D., Rechberger, C., Schofnegger, M., Zaverucha, G.: Shorter signatures based on tailor-made minimalist symmetric-key crypto. In: ACM CCS, pp. 843–857 (2022)
Ducas, L., et al.: Crystals-Dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptographic Hardw. Embed. Syst. 238–268 (2018)
El Bansarkhani, R., Misoczki, R.: G-Merkle: a hash-based group signature scheme from standard assumptions. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 441–463. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_21
El Kassem, N.: Lattice-based direct anonymous attestation. Ph.D. thesis, University of Surrey (2020)
El Kassem, N., et al.: More efficient, provably-secure direct anonymous attestation from lattices. Futur. Gener. Comput. Syst. 99, 425–458 (2019)
Fujisaki, E., Suzuki, K.: Traceable ring signature. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 181–200. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_13
Giacomelli, I., Madsen, J., Orlandi, C.: ZKBoo: faster zero-knowledge for Boolean circuits. In: USENIX Security, pp. 1069–1083 (2016)
Greveler, U., Justus, B., Loehr, D.: Direct anonymous attestation: enhancing cloud service user privacy. In: Meersman, R., et al. (eds.) OTM 2011. LNCS, vol. 7045, pp. 577–587. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25106-1_11
Hicks, C., Garcia, F.D.: A vehicular DAA scheme for unlinkable ECDSA pseudonyms in V2X. In: EuroS&P, pp. 460–473 (2020)
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: STOC, pp. 21–30 (2007)
ISO/IEC 10118-2:2010: Information technology - Security techniques - Hash-functions - Part 2: Hash-functions using an \(n\)-bit block cipher. Standard, International Organization for Standardization (2010)
ISO/IEC 20008-2: 2013: Information technology - Security techniques - Anonymous digital signatures - Part 2: Mechanisms using a group public key. Standard, International Organization for Standardization (2013)
Kales, D., Zaverucha, G.: Efficient lifting for shorter zero-knowledge proofs and post-quantum signatures. Cryptology ePrint Archive (2022/588)
Kassem, N.E., et al.: Lattice-based direct anonymous attestation (LDAA). Cryptology ePrint Archive (2018/401)
Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In: ACM CCS, pp. 525–537 (2018)
Kim, S., et al.: AIM: symmetric primitive for shorter signatures with stronger security. Cryptology ePrint Archive (2022/1387)
Lamport, L.: Constructing digital signatures from a one-way function. Technical report: SRI International Computer Science Laboratory (1979)
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_21
NIST: NIST announces first four quantum resistant cryptographic algorithms (2022). https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
de Saint Guilhem, C.D., De Meyer, L., Orsini, E., Smart, N.P.: BBQ: using AES in picnic signatures. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 669–692. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-38471-5_27
de Saint Guilhem, C.D., Orsini, E., Tanguy, T.: Limbo: efficient zero-knowledge MPCitH-based arguments. In: ACM CCS, pp. 3022–3036 (2021)
Shafieinejad, M., Esfahani, N.N.: A scalable post-quantum hash-based group signature. Des. Codes Crypt. 89(5), 1061–1090 (2021). https://doi.org/10.1007/s10623-021-00857-9
TCG: TPM 1.2 Main Specification. Rev 116, Trusted Computing Group (2011). https://trustedcomputinggroup.org/resource/tpm-main-specification/
TCG: Trusted Platform Module 2.0 Library Specification. Rev 01.59, Trusted Computing Group (2019). https://trustedcomputinggroup.org/resource/tpm-library-specification/
Wang, H.Z., Huang, L.S.: An improved trusted cloud computing platform model based on DAA and privacy CA scheme. In: 2010 International Conference on Computer Application and System Modeling (ICCASM 2010), pp. 13–33 (2010)
Wesemeyer, S., Newton, C.J., Treharne, H., Chen, L., Sasse, R., Whitefield, J.: Formal analysis and implementation of a TPM 2.0-based direct anonymous attestation scheme. In: AsiaCCS, pp. 784–798 (2020)
Whitefield, J., Chen, L., Giannetsos, T., Schneider, S., Treharne, H.: Privacy-enhanced capabilities for VANETs using direct anonymous attestation. In: IEEE Vehicular Networking Conference (VNC), pp. 123–130 (2017)
Whitefield, J., Chen, L., Sasse, R., Schneider, S., Treharne, H., Wesemeyer, S.: A symbolic analysis of ECC-based direct anonymous attestation. In: EuroS &P, pp. 127–141 (2019)
Yang, K., Chen, L., Zhang, Z., Newton, C.J.P., Yang, B., Xi, L.: Direct anonymous attestation with optimal TPM signing efficiency. IEEE Trans. Inf. Forensics Secur. 16, 2260–2275 (2021). https://doi.org/10.1109/TIFS.2021.3051801
Yehia, M., AlTawy, R., Gulliver, T.A.: \({GM}^{MT}\): a revocable group Merkle multi-tree signature scheme. In: Conti, M., Stevens, M., Krenn, S. (eds.) CANS 2021. LNCS, vol. 13099, pp. 136–157. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92548-2_8
Yehia, M., AlTawy, R., Gulliver, T.A.: Security analysis of DGM and GM group signature schemes instantiated with XMSS-T. In: Yu, Yu., Yung, M. (eds.) Inscrypt 2021. LNCS, vol. 13007, pp. 61–81. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88323-2_4
Zaverucha, G.: The Picnic signature algorithm specification. Supporting Documentation (2020). https://github.com/Microsoft/Picnic
Acknowledgments
We thank the European Union’s Horizon research and innovation program for support under grant agreement numbers: 101069688 (CONNECT), 101070627 (REWIRE), 779391 (FutureTPM), 952697 (ASSURED), 101019645 (SECANT) and 101095634 (ENTRUST). These projects are funded by the UK government’s Horizon Europe guarantee and administered by UKRI. We also thank the National Natural Science Foundation of China for support under grant agreement numbers: 62072132 and 62261160651. We would like to thank Qingju Wang and Scott Fluhrer for helpful discussions. We also thank the anonymous reviewers from PQCrypto for their valuable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, L., Dong, C., El Kassem, N., Newton, C.J.P., Wang, Y. (2023). Hash-Based Direct Anonymous Attestation. In: Johansson, T., Smith-Tone, D. (eds) Post-Quantum Cryptography. PQCrypto 2023. Lecture Notes in Computer Science, vol 14154. Springer, Cham. https://doi.org/10.1007/978-3-031-40003-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-40003-2_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40002-5
Online ISBN: 978-3-031-40003-2
eBook Packages: Computer ScienceComputer Science (R0)