A New Direct Anonymous Attestation Scheme from Bilinear Maps

  • Ernie Brickell
  • Liqun Chen
  • Jiangtao Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)


Direct Anonymous Attestation (DAA) is a cryptographic mechanism that enables remote authentication of a user while preserving privacy under the user’s control. The DAA scheme developed by Brickell, Camenisch, and Chen has been adopted by the Trust Computing Group (TCG) for remote anonymous attestation of Trusted Platform Module (TPM), a small hardware device with limited storage space and communication capability. In this paper, we propose a new DAA scheme from elliptic curve cryptography and bilinear maps. The lengths of private keys and signatures in our scheme are much shorter than the lengths in the original DAA scheme, with a similar level of security and computational complexity. Our scheme builds upon the Camenisch-Lysyanskaya signature scheme and is efficient and provably secure in the random oracle model under the LRSW (stands for Lysyanskaya, Rivest, Sahai and Wolf) assumption and the decisional Bilinear Diffie-Hellman assumption.


direct anonymous attestation elliptic curve cryptography bilinear map trusted platform module the Camenisch-Lysyanskaya signature scheme 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestaion protocol. Cryptology ePrint Archive, Report 2007/289 (2007),
  2. 2.
    Balfe, S., Lakhani, A.D., Paterson, K.G.: Securing peer-to-peer networks using trusted computing. In: Mitchell, C. (ed.) Trusted Computing, ch.10, pp. 271–298. IEE, London (2005)Google Scholar
  3. 3.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM Press, New York (2004)CrossRefGoogle Scholar
  7. 7.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation in context. In: Mitchell, C. (ed.) Trusted Computing, ch.5, pp. 143–174. IEE, London (2005)Google Scholar
  8. 8.
    Brickell, E., Chaum, D., Damgård, I., van de Graaf, J.: Gradual and verifiable release of a secret. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 156–166. Springer, Heidelberg (1988)Google Scholar
  9. 9.
    Camenisch, J., Groth, J.: Group signatures: Better efficiency and new theoretical aspects. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 120–133. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: CAIP 1997. LNCS, vol. 1296, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
  13. 13.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 13(1), 143–202 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Chaum, D.: Zero-knowledge undeniable signatures. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 458–464. Springer, Heidelberg (1991)Google Scholar
  15. 15.
    Chaum, D., Evertse, J.-H., van de Graaf, J.: An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 127–141. Springer, Heidelberg (1988)Google Scholar
  16. 16.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  17. 17.
    Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Proceedings of the 5th International Symposium on Algorithmic Number Theory, London, UK, pp. 324–337. Springer, London (2002)CrossRefGoogle Scholar
  18. 18.
    Ge, H., Tate, S.R.: A direct anonymous attestation scheme for embedded devices. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 16–30. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Leung, A., Mitchell, C.J.: Ninja: Non identity based, privacy preserving authentication for ubiquitous environments. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 73–90. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Lynn, B.: On the implementation of pairing-based cryptosystems. PhD thesis, Stanford University, Stanford, California (2007)Google Scholar
  21. 21.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  22. 22.
    Menezes, A., Vanstone, S., Okamoto, T.: Reducing elliptic curve logarithms to logarithms in a finite field. In: Proceedings of the 23rd annual ACM Symposium on Theory of Computing (STOC), pp. 80–89. ACM Press, New York (1991)Google Scholar
  23. 23.
    Pashalidis, A., Mitchell, C.J.: Single sign-on using TCG-conformant platforms. In: Mitchell, C. (ed.) Trusted Computing, ch. 6, pp. 175–193. IEE, London (2005)Google Scholar
  24. 24.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 184–200. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  25. 25.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  26. 26.
    Rudolph, C.: Covert identity information in direct anonymous attestation (DAA). In: Proceedings of the 22nd IFIP TC-11 International Information Security Conference (SEC 2007) (2007)Google Scholar
  27. 27.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. Journal of Cryptology 4(3), 161–174 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Smyth, B., Chen, L., Ryan, M.: Direct anonymous attestation (DAA): ensuring privacy with corrupt administrators. In: Stajano, F. (ed.) ESAS 2007. LNCS, vol. 4572, pp. 218–231. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  29. 29.
    Trusted Computing Group. TCG TPM specification 1.2 (2003),
  30. 30.
    Trusted Computing Group website,

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Ernie Brickell
    • 1
  • Liqun Chen
    • 2
  • Jiangtao Li
    • 1
  1. 1.Intel Corporation 
  2. 2.HP Laboratories 

Personalised recommendations