Algorithm Agility – Discussion on TPM 2.0 ECC Functionalities

  • Liqun Chen
  • Rainer Urian
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10074)


The TPM 2.0 specification has been designed to support a number of Elliptic Curve Cryptographic (ECC) primitives, such as key exchange, digital signatures and Direct Anonymous Attestation (DAA). In order to meet the requirement that different TPM users may favor different cryptographic algorithms, each primitive can be implemented from multiple algorithms. This feature is called Algorithm Agility. For the purpose of performance efficiency, multiple algorithms share a small set of TPM commands. In this paper, we review all the TPM 2.0 ECC functionalities, and discuss on whether the existing TPM commands can be used to implement new cryptographic algorithms which have not yet been addressed in the specification. We demonstrate that four asymmetric encryption schemes specified in ISO/IEC 18033-2 can be implemented using a TPM 2.0 chip, and we also show on some ECDSA variants that the coverage of algorithm agility from TPM 2.0 is limited. Security analysis of algorithm agility is a challenge, which is not responded in this paper. However, we believe that this paper will help future researchers analyze TPM 2.0 in more comprehensive methods than it has been done so far.


Algorithm Agility Elliptic Curve Cryptography Trusted Platform Module 


  1. 1.
    ISO/IEC 11889:2009 (all parts) Information technology - Trusted platform moduleGoogle Scholar
  2. 2.
    ISO/IEC 11889:2015 (all parts) Information technology - Trusted platform module libraryGoogle Scholar
  3. 3.
    ISO/ IEC 14888–3:2016 Information technology - Security techniques - Digital signatures with appendix - Part 3: Discrete logarithm based mechanismsGoogle Scholar
  4. 4.
    ISO/IEC 18033–2:2006 Information technology - Security techniques - Encryption algorithms - Part 2: Asymmetric ciphersGoogle Scholar
  5. 5.
    ISO/IEC 18033–2, amd1 Encryption algorithms - Part 2: Asymmetric ciphers - Amendment 1Google Scholar
  6. 6.
    ISO/IEC 20008–2:2013 Information technology - Security techniques - Anonymous digital signatures - Part 2: Mechanisms using a group public keyGoogle Scholar
  7. 7.
    Abdalla, M., Bellare, M., Rogaway, P.: DHAES: an encryption scheme based on the Diffie-Hellman problem. Cryptology ePrint Archive, Report 1999/007 (1999).
  8. 8.
    Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001). doi: 10.1007/3-540-45353-9_12 CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_4 CrossRefGoogle Scholar
  10. 10.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM Press (2004)Google Scholar
  11. 11.
    Brickell, E., Li, J.: A pairing-based DAA scheme further reducing TPM resources. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) Trust 2010. LNCS, vol. 6101, pp. 181–195. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13869-0_12 CrossRefGoogle Scholar
  12. 12.
    BSI: Technical Guideline TR-03111, Elliptic Curve Cryptography, v2.0. BSI (2012).
  13. 13.
    Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 234–264. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49387-8_10 CrossRefGoogle Scholar
  14. 14.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_4 CrossRefGoogle Scholar
  15. 15.
    Chen, L., Lee, M.-F., Warinschi, B.: Security of the enhanced TCG privacy-CA solution. In: Bruni, R., Sassone, V. (eds.) TGC 2011. LNCS, vol. 7173, pp. 121–141. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-30065-3_8 CrossRefGoogle Scholar
  16. 16.
    Chen, L., Li, J.: Flexible and scalable digital signatures in TPM 2.0. In: Proceedings of the 2013 ACM Conference on Computer and Communications Security, pp. 37–48. ACM Press (2013)Google Scholar
  17. 17.
    Chen, L., Page, D., Smart, N.P.: On the design and implementation of an efficient DAA scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-12510-2_16 CrossRefGoogle Scholar
  18. 18.
    Chen, L., Urian, R.: DAA-A: direct anonymous attestation with attributes. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 228–245. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-22846-4_14 CrossRefGoogle Scholar
  19. 19.
    Chen, L., Warinschi, B.: Security of the TCG privacy-CA solution. In: Proceedings of the 6th IEEE/IFIP International Symposium on Trusted Computing and Communications (TrustCom 2010), pp. 609–616. IEEE Press (2010)Google Scholar
  20. 20.
    Cramer, R., Shoup, V.: Design, analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. Cryptology ePrint Archive, Report 2001/108 (2001).
  21. 21.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). doi: 10.1007/BFb0055717 Google Scholar
  22. 22.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_34 Google Scholar
  23. 23.
    Gallagher, P.: Deputy Director Foreword, Cita Furlani Director: Fips pub 186–3 federal information processing standards publication digital signature standard (dss) (2009)Google Scholar
  24. 24.
    Kurosawa, K., Trieu Phong, L.: Kurosawa-Desmedt key encapsulation mechanism, revisited. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 51–68. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-06734-6_4 CrossRefGoogle Scholar
  25. 25.
    Microsoft U-Prove Community Technology: U-Prove cryptographic specification version 1.1 (2013).
  26. 26.
    National Institute of Standards and Technology: Recommendation for pair-wise key estabishment schemes using discrete logarithm cryptography. Special Publication 800-56A, March 2007Google Scholar
  27. 27.
    Chinese National Standards: Public key cryptographic algorithm SM2 based on elliptic curves - Part 2: digital signature algorithmGoogle Scholar
  28. 28.
    TCG: TCG algorithm registry. Committee Draft, 7 January 2016Google Scholar
  29. 29.
    Trusted Computing Group: TCG TPM specification 1.2 (2003).
  30. 30.
    Trusted Computing Group: TCG TPM library 2.0 (2014).
  31. 31.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005). doi: 10.1007/11535218_2 CrossRefGoogle Scholar
  32. 32.
    Wooten, D.: Final schnorr algorithm (2016). (email to TCG TPMWG)Google Scholar
  33. 33.
    Xi, L., Yang, K., Zhang, Z., Feng, D.: DAA-related APIs in TPM 2.0 revisited. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 1–18. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-08593-7_1 Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Hewlett Packard LaboratoriesPalo AltoUSA
  2. 2.University of SurreyGuildfordUK
  3. 3.Infineon Technologies AGNeubibergGermany

Personalised recommendations