International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities

Authors:
Ernie Brickell
Jiangtao Li
Download:
URL: http://eprint.iacr.org/2007/194
Search ePrint
Search Google
Abstract: Direct Anonymous Attestation (DAA) is a scheme that enables the remote authentication of a Trusted Platform Module (TPM) while preserving the user's privacy. A TPM can prove to a remote party that it is a valid TPM without revealing its identity and without linkability. In the DAA scheme, a TPM can be revoked only if the DAA private key in the hardware has been extracted and published widely so that verifiers obtain the corrupted private key. If the unlinkability requirement is relaxed, a TPM suspected of being compromised can be revoked even if the private key is not known. However, with the full unlinkability requirement intact, if a TPM has been compromised but its private key has not been distributed to verifiers, the TPM cannot be revoked. Furthermore, a TPM cannot be revoked from the issuer, if the TPM is found to be compromised after the DAA issuing has occurred. In this paper, we present a new DAA scheme called Enhanced Privacy ID (EPID) scheme that addresses the above limitations. While still providing unlinkability, our scheme provides a method to revoke a TPM even if the TPM private key is unknown. This expanded revocation property makes the scheme useful for other applications such as for driver's license. Our EPID scheme is efficient and provably secure in the same security model as DAA, i.e. in the random oracle model under the strong RSA assumption and the decisional Diffie-Hellman assumption.
BibTeX
@misc{eprint-2007-13475,
  title={Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / Anonymity, Privacy, Cryptographic Protocols, Trusted Computing},
  url={http://eprint.iacr.org/2007/194},
  note={A preliminary version of this paper will be presented at the 6th Workshop on Privacy in the Electronic Society (WPES), Alexandria, Virginia, October 2007 jiangtao.li@intel.com 13747 received 23 May 2007, last revised 22 Aug 2007},
  author={Ernie Brickell and Jiangtao Li},
  year=2007
}