DEV Community

akakou
akakou

Posted on • Edited on

DAA: Direct Anonymous Attestation

This article explains DAA(Direct Anonymous Attestation)[1,2], privacy-friendly platform attestation scheme(e.g. proving CPU manufactual information).

Background

With the increase of the internet, insecure users' environments may become a risk of leaking the servicers' information on the internet. So the servicer needs to ensure the user environment security.

Remote attestation technologies are proposed for this purpose. Remote attestation is that it proves the users' platform (e.g., providing information on CPU manufactured), so the servicer can limit the platform users use. Remote attestation is implemented with authentication using a vendor certificate and the secret key stored in a tamper-resistance chip. Therefore, it ensures the unforgeability of proof under the assumption that it has never leaked a private key. It is difficult to destroy the assumption because of tamper-resistance chip features.

However, it has issues with user privacy, and it causes the risk that allows the servicer to be enabled to track users. In particular, malicious servicers can collude to track users between multi-service. Because the vendor certificate for attestation is unique for a platform, and servicer can identify the CPU with the certificate.

DAA: Direct Anonymous Attestation

DAA(Direct Anonymous Attestation), a privacy-conscious signature scheme, is proposed to solve this challenge. DAA ensures unforgeability like normal remote attestation but also prevents tracking and identification. The relation of the number of public and secret keys realizes these features. In DAA, all private keys can be used for signing, but only identical public used for verifying. Thus, the verifier can't track the user because the verifier obtains only signatures and an identical public key for all signers, not a public key unique to the user.

DAA supports the requirements as follows;

Req A. Unforgeability.
Anyone can't forge signatures.
So uneligible signer can't generate valid signatures.

Req B. Anonymity
Anyone can't find out who generate the signature.
Because it is the use of the same public key for verifying.

Req C. Unlinkability
Anyone can't know if multiple signatures are signed by the identical signer. Because it is the use of the same public key for verifying.

Conclusion

This article explains DAA, a technology privacy-enhancing platform attestation. DAA(Direct Anonymous Attestation) is privacy-enhanced signing scheme. It can use to prove manufacture but prevents tracking.

References

[1] Brickell, Ernie, Jan Camenisch, and Liqun Chen. "Direct anonymous attestation." Proceedings of the 11th ACM conference on Computer and communications security. 2004.
[2] Camenisch, Jan, et al. "FIDO ECDAA Algorithm." (2013).

Top comments (0)