On Proofs of Security for DAA Schemes

Liqun Chen, Paul Morrissey, Nigel Smart

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

16 Citations (Scopus)


Direct anonymous attestation (DAA) is a mechanism for a remote user to provide a verifier with some assurance it is using software and/or hardware from trusted sets of software and/or hardware respectively. In addition, the user is able to control if and when a verifier is able to link two signatures: to determine whether or not they were produced by the same platform. The verifier is never able to tell which which particular platform produced a given signature or pair of signatures. We first address a problem with the proof of security for the original DAA scheme of Brickell, Camenisch and Chen. In particular, we construct an adversary that can tell if its in a simulation or not. We then provide the necessary changes to the simulator such that the adversary can no longer do this and prove this fact, hence repairing the proof. Our main contribution is a security analysis of the Chen, Morrissey and Smart (CMS) DAA scheme. This scheme uses asymmetric bilinear pairings and was proposed without a proof of security. We use the well established simulation based security model of Brickell, Camenisch and Chen and also use a similar proof technique to theirs. We prove the CMS scheme is secure in the random oracle model relative to the bilinear Lysyanskaya, Rivest, Sahai and Wolf (LRSW) assumption, the hardness of discrete logarithms in the groups used and collision resistance of the hash functions used in the scheme.
Translated title of the contributionOn Proofs of Security for DAA Schemes
Original languageEnglish
Title of host publicationProvable Security - PROVSEC 2008
PublisherSpringer Berlin Heidelberg
Publication statusPublished - 2008

Bibliographical note

Other page information: 167-175
Conference Proceedings/Title of Journal: ProvSec 2008
Other identifier: 2000942


Dive into the research topics of 'On Proofs of Security for DAA Schemes'. Together they form a unique fingerprint.

Cite this