IACR News item: 22 January 2014
Li Xi
ePrint Reportport various signature schemes including Direct Anonymous Attestation
(DAA), U-Prove and Schnorr signature. This signature primitive is im-
plemented by several APIs. In this paper, we show these DAA-related
APIs can be used as a static Diffie-Hellman oracle thus the security
strength of these signature schemes can be weakened by 14-bit. We pro-
pose a novel property of DAA called forward anonymity and show how
to utilize these DAA-related APIs to break forward anonymity. Then we
propose new APIs which not only remove the Static Diffie-Hellman oracle
but also support the forward anonymity, thus significantly improve the
security of DAA and the other signature schemes supported by TPM2.0.
We prove the security of our new APIs under the discrete logarithm
assumption in the random oracle model. We prove that DAA satisfy for-
ward anonymity using the new APIs under the Decision Diffie-Hellman
assumption. Our new APIs are almost as efficient as the original APIs
in TPM2.0 specification and can support LRSW-DAA and SDH-DAA
together with U-Prove as the original APIs.
Additional news items may be found on the IACR news page.