Direct Anonymous AttestationPRE-DAA To simplify the security model and the constructions, we proceed...

DIRECT ANONYMOUS ATTESTATION

Essam Ghadafi

[email protected] of Computer Science,

University of Bristol

Brown Univeristy – 14th March - 2013


OUTLINE

1 WHAT IS DAA?

2 SECURITY MODEL OF DAA

3 A BLUEPRINT FOR DAA

4 ROM INSTANTIATIONS

5 STANDARD-MODEL CONSTRUCTIONS

6 EFFICIENCY COMPARISON

7 SUMMARY

8 OPEN PROBLEMS


WHAT IS DAA?

A protocol standardized by TCG (Trusted Computing Group) thatallows a user possessing a TPM (Trusted Platform Module) to attestto this fact to a verifier, i.e. the TPM anonymously authenticates itselfto the verifier.

I Direct: Without a third party.I Anonymous: The identity of the user is not revealed.I Attestation: A proof, i.e. convinces the verifier.

TPM delegates the non-critical operations to its more powerful host.

DIRECT ANONYMOUS ATTESTATION 1 / 46

DAA

User 2

Verifier

User 1

User 4User 3

Group

User x

Manager

Join DAA Signature


THE TPM

Random Number Generator

Cryptographic Processor

RSA Key Generator

SHA-1 Hash Generator

Enc-Dec-Sign Engine

Endorsement Key (EK)

Persistent Memory

Storage Root Key (SRK)

Versatile MemoryPlatform Configuration

Registers (PCR)

Attestation Identity Key (AIK)

Storage Keys

Sec

ured

Inpu

t - O

utpu

t


FEATURES OF DAA

I The user remains anonymous, i.e. verifiers do not know whichTPM produced the signature.

I Rogue (i.e. compromised) TPMs can be traced.

I The user can opt to have some of his transactions (targeted at thesame verifier, i.e. on the same basename bsn) to be linkable.However, anonymity is still preserved.


A BIT OF HISTORY

The first DAA protocol (RSA-based) was proposed by Brickell,Camenisch and Chen [BCC04] in 2004 and was standardized by TCGas TPM 1.2.

Other (Pairing-based) constructions followed:I Brickell, Chen and Li [BCL08] 2008.I Chen [C09] 2009.I Chen, Morrissey and Smart [CMS09] 2009.I Chen, Page and Smart [CPS10] 2010.I Bernhard, Fuchsbauer, Ghadafi, Smart and Warinschi [BFG+11]

2011.


PRE-DAA

To simplify the security model and the constructions, we proceed intwo steps:

1 Consider a pre-DAA scheme: a fully functional DAA but theuser is regarded as one entity (i.e. not split into a powerfuluntrusted Host and a computationally-constrained trusted TPM).

2 Convert the pre-DAA into a DAA by delegating non-criticaloperations to the Host without compromising the security.


HOW TO TRACE?

Unlike in group signatures, users do not have public keys bound totheir identities!

Q: So how to trace users?

A: We use the join transcript as a public key for the user “UniquelyIdentifying Transcripts”.I ⇒ Each completed transcript T traces to at most one secret key

sk.


SYNTAX OF A PRE-DAA SCHEME

I Setup(1λ): Creates common public parameters param.

I GKg(param): Creates a key pair (gmpk,gmsk) for the issuer.

I UKg(param): Creates a secret key sk for a user.

I 〈Join(gmpk, sk), Issue(gmsk)〉: If completed successfully, theuser obtains a group signing key gsk.

I GSig(sk,gsk,bsn,m): Creates a signature σ on message m andbasename bsn. bsn could be empty, i.e. bsn =⊥.

I Verify(gmpk, σ,m,bsn): Verifies a signature.

I Link(gmpk,m0, σ0,m1, σ1,bsn): Checks if σ0 on (m0 and bsn)and σ1 on (m1 and bsn) where bsn 6=⊥ are by the same user.


SYNTAX OF A PRE-DAA SCHEME

I *IdentifyT(gmpk, T , sk): Checks if transcript T matchs thesecret key sk.

I *IdentifyS(gmpk, σ,m,bsn, sk): Checks if σ was produced bythe owner of sk.


SECURITY OF PRE-DAA

The security requirements are:

I Correctness.

I Anonymity.

I Traceability.

I Non-frameability.


SECURITY OF PRE-DAA

I Correctness: If all parties are honest, we have that:

Signatures are accepted by the Verify algorithm.

Signatures can be traced.

Signatures that are linkable link.


SECURITY OF PRE-DAA

I Anonymity: Signatures do not reveal who signed them andunlinkable signatures do not link even if the Issuer is corrupt.

σ←GSig(gskb,sk

b,m,bsn)

gmpk,gmskAddUAddU

USKUSK

GSKGSK

SignSign

CrptUCrptU

SndToUSndToU

...i0, i1, bsn, m

b←0,1

...

b*

i0, i1, bsn, m

Adversary wins if: b = b∗, both i0 and i1 are honest and he neverasked for a signature on bsn by i0 or i1.


SECURITY OF PRE-DAA

I Traceability-1: The adversary cannot output an untraceablesignature.

gmpk

SndToISndToI

CrptUCrptU

...

σ, m, bsn, sk'1, ..., sk'

n

Adversary wins if all the following holds:σ verifies on m and bsn.∀T ∈ T∃ i ∈ 1, n s.t. T traces to ski. T is the set of all Jointranscripts.σ does not trace to any ski.


SECURITY OF PRE-DAA

I Traceability-2: The adversary cannot output two signatureswhich should link but they do not.

gmpk, gmsk

...

σ0, m

0, σ

1, m

1, bsn,

sk'

Adversary wins if all the following holds:σ0 verifies on m0 and bsn, and σ1 verifies on m1 and bsn.Both σ0 and σ1 trace to sk′.σ0 and σ1 do not link.


SECURITY OF PRE-DAA

I Non-Frameability-1: The adversary cannot output a signaturethat traces to an honest user who did not produce it.

gmpk,gmskAddUAddU

USKUSK

GSKGSK

SignSign

CrptUCrptU

SndToUSndToU

...

σ, m, i, bsn

Adversary wins if all the following holds:σ verifies on m and bsn.User i is honest and has not signed (m,bsn).σ traces to ski.


SECURITY OF PRE-DAA

I Non-Frameability-2: The adversary cannot output signaturesthat link but they should not.

gmpk,gmskAddUAddU

USKUSK

GSKGSK

SignSign

CrptUCrptU

SndToUSndToU

...

σ0, m

0, bsn

0 ,σ

1, m

1, bsn

1, sk

Adversary wins if all the following holds:σ0 verifies on m0 and bsn0, and σ1 verifies on m1 and bsn1.σ0 and σ1 link on either bsn0 or bsn1.bsn0 6= bsn1, bsn0 =⊥, bsn1 =⊥, or only one signature tracesto sk.


GENERIC CONSTRUCTION OF PRE-DAA

All previous DAA constructions require the following tools:

I Randomizable Weakly Blind Signatures (RwBS)Used by the Issuer to issue certificates as credentials when usersjoin the group.

I Linkable Indistinguishable Tags (LIT)Needed to provide the linkability of signatures when the samebasename is signed by the same user.

I Signatures of Knowledge (SoK)Used by users to prove they have a credential and that thesignature on the basename verifies w.r.t. thier certified secret key.


BLIND SIGNATURES

USER SIGNER

skpk


BLIND SIGNATURES

USER SIGNER

skpk

Sig

...


BLIND SIGNATURES

USER SIGNER

skpk

Sig

Sig

...

Security Requirements:I Blindness: An adversary (i.e. a signer) who chooses two

messages does not learn the order in which the messages weresigned.

I Unforgeability: An adversary (i.e. a user) cannot forge newsignatures.


RANDOMIZABLE WEAKLY BLIND SIGNATURES (RWBS)

Similar to blind signatures but:I Randomizability: Given a signature σ, anyone can produce a

new signature σ′ on the same message.

I Weak Blindness: Same as blindness but the adversary neversees the messages⇒ The adversary cannot tell if he was given asignature on a different message or a re-randomization of asignature on the same message.


LINKABLE INDISTINGUISHABLE TAGS (LIT)

Alice Bob

sksk

m

τ←LITTag(sk,m)m, τ

Accept if LITTag(sk,m)=τ

Security Requirements:I Indistinguishability: An adversary cannot distinguish between

a tag on a message of his choice and a tag produced under arandom key.

I Linkability: Two tags are identical iff both produced using thesame key and are on the same message.


SIGNATURES OF KNOWLEDGE (SOK)

Signer Verifier

I know ws.t. (w,x)∈RL

m

σ←SoKSign(RL,w,x,m)

m, σ

Accept iff SoKVerify(σ,R

L,x,m)=1

Security Requirements [CL06]:I Simulatability: There is a simulator who can produce signatures

without knowing a witness. Those are indistinguishable fromreal signatures.

I Extractability: There is an extractor who can extract a validwitness w for the statement x from a signature σ output by theadversary (who can ask for simulated signatures).


(PRIME-ORDER) BILINEAR GROUPS

G1, G2, GT are finite cyclic groups of prime order q, whereG1 =< P1 > and G2 =< P2 >.

Pairing (e : G1 ×G2 −→ GT) :The function e must have the following properties:

I Bilinearity: ∀Q1 ∈ G1 , Q2 ∈ G2 x, y ∈ Z, we have

e([x]Q1, [y]Q2) = e(Q1,Q2)xy.

I Non-Degeneracy: The value e(P1,P2) 6= 1 generates GT .I The function e is efficiently computable.

Type-3 [GPS08]: G1 6= G2 and no efficiently computableisomorphism between G1 and G2.


RWBS IN THE ROM

Based on the CL signature scheme [CL04]:

I KeyGen: Choose x, y← Zq, set sk := (x, y) andpk := (X := [x]P2,Y := [y]P2).

I Sign: To sign m ∈ Zq, computeσ := (A := [a]P1, B := [y]A, C := [x]A + [mxy]A).

I Verify: Check that

e(B,P2) = e(A,Y)

e(C,P2) = e(A,X)e(B,X)m


RWBS IN THE ROM

The ideaI To get a signature on m, user sends [m]P1.I The signer needs to provide a NIZK proof that the signature is

valid (so that we can simulate signatures).Security:I Weak-Blindness: ⇒ DDH assumption + NIZK soundness.I Unforgeability⇒ B-LRSW assumption.I Simulatability⇒ Zero-knowledge of the NIZK proof.

DEFINITION (B-LRSW ASSUMPTION)

Given ([x]P2, [y]P2) for x, y← Zq and an oracle that on inputM := [m]P1 ∈ G1 outputs:I A LRSW tuple ([a]P1, [ay]P1, [ax]P1 + [axy]M) for a← Zq.

, it is hard to compute a new LRSW tuple for a new m′ ∈ Zq that wasnever queried to the oracle.


LIT IN THE ROM

We use the BLS signature scheme [BLS04]:

I LITKeyGen(1λ): Choose sk← Zq.I LITTag(sk,m): To produce a tag on m ∈ 0, 1∗, compute

τ := [sk]H(m).

Security:

I Indistinguishability⇒ DDH assumption.I Linkability⇒ Collision-resistance of H + DL assumption.


INSTANTIATIONS IN THE STANDARD MODEL - THE MOTIVATION

All previous constructions require random oracles!

Using Random Oracles

The Pros: Makes constructions/security proofs much simpler ...

The Cons: Cannot be securely realized in practice [CGH98] ...


THE CHALLENGES

The challenges in the Standard Model:I LITs are much harder to construct in the standard model

especially for large domain space.⇒ more subtle than VRFs because they need to be deterministic.

I Signatures of Knowledge are harder to construct in the standardmodel.

⇒ Require simulation and extraction at the same time (currentPoK techniques do not provide both simultaneously).


LIT IN THE STANDARD MODEL

We use the weakly secure signature scheme by Boneh and Boyen[BB04] (used by Dodis and Yampolskiy [DY05] to construct a VRF ):

I KeyGen: Select sk← Zq and compute pk := [sk]P2.I Sign: To sign m ∈ Zq where m 6= −sk, compute σ := [ 1

sk+m ]P1.I Verify: Return 1 if e(σ, pk + [m]P2) = e(P1,P2).

The Idea: Without knowing the public key pk, σ is indistinguishablefrom another signature by a random key.

The Limitation: Either:I Weak-Ind: Adversary has to declare all his queries and challenge

in advance ...I Polynomial Domain Space: ⇒ so that we can guess the

challenge ...


LIT IN THE STANDARD MODEL

Security: Our LIT is secure under the q-DDHI assumption [BB04]:

DEFINITION (q-DDHI ASSUMPTION)

Given (Pi, [x]Pi, [x2]Pi, . . . , [xq]Pi) for x← Zq, it is hard todistinguish [1

x ]Pi from a random element of group Gi.

We can overcome the limitation by using an interactive variant of theq-DDHI assumption [Khl10] ...


SOK IN THE STANDARD MODEL

Our SoK is based on Groth-Sahai proofs [GS08]:

G1 × G2f→ GT

ι1 ↓↑ ρ1 ι2 ↓↑ ρ2 ιT ↓↑ ρT

H1 × H2F−→ HT

The proofs work by first committing to (encrypting) the witness andthen producing a proof for the statement.

The system can be instantiated in either:I The simulation setting⇒ perfectly hiding proofs.I The extraction setting⇒ perfectly sound proofs.

The issues:1 Can only extract one-way function (i.e. [w]Pi) of an exponent

witness w.2 Cannot simulate and extract at the same time.


SOK IN THE STANDARD MODEL

To produce a SoK on a message m w.r.t. a statement x ∈ L, the signerproves the following modified statement:

1 x ∈ L OR2 He has a signature on x||m that verifies w.r.t. some public key pk.

* The key sk corresponding to pk is only known to the simulator.

The SoK construction is secureI Extractability: Instantiate Groth-Sahai proofs in the extraction

setting (so that we can extract).I Simulatability: The simulator has sk so he can satisfy the

predicate by proving he has a signature on x||m.


INSTANTIATING THE SOK

Need a signature scheme that is compatible with Groth-Sahai proofs,i.e. all the variables we need to hide are groups elements ...⇒We use Waters Signature [W05] (Secure under the CDH+)

I Setup: To sign messages of the formm = (m1, . . . ,mN) ∈ 0, 1N , choose (Q,U0, . . . ,UN)← GN+2

1 .I KeyGen: Choose sk← Zq and compute pk := [sk]P2.I Sign: To sign (m1, . . . ,mN) using sk, choose r ← Zq and output

(W1 := [pk]Q+[r](U0+

N∑i=1

[mi]Ui),W2 := [−r]P1,W3 := [−r]P2)

I Verify: Check that

e(W1,P2)e(U0 +

N∑i=1

[mi]Ui,W3) = e(Q,pk)

e(W2,P2) = e(P1,W3)


RWBS IN THE STANDARD MODEL (INSTANTIATION I)

Based on the NCL signature scheme by Ghadafi [G11]:

I KeyGen: Choose x, y← Zq, set sk := (x, y) andpk := (X := [x]P2,Y := [y]P2).

I Sign: To sign (M1,M2) ∈ G1 ×G2, return ⊥ ife(M1,P2) 6= e(P1,M2), otherwise computeσ := (A := [a]P1, B := [y]A, C := [ay]M1, D := [x](A + C)).

I Verify: Check that A 6= 0 and

e(B,P2) = e(A,Y)

e(C,P2) = e(B,M2)

e(D,P2) = e(A + C,X)

e(M1,P2) = e(P1,M2)


RWBS IN THE STANDARD MODEL (INSTANTIATION I)

Properties of the NCL scheme:I Only M1 is needed in signing⇒ in the RwBS we hide M2 and

produce a PoK for it.I Fully re-randomizable⇒ more efficient RwBS (need not hide

the signature).

NCL is secure under the (interactive) DH-LRSW assumption

DEFINITION (DH-LRSW ASSUMPTION)

Given ([x]P2, [y]P2) for x, y← Zq and an oracle that on input a pair(M1,M2) ∈ G1 ×G2 outputs:I ⊥ if e(M1,P2) 6= e(P1,M2).I A DH-LRSW tuple ([a]P1, [ay]P1, [ay]M1, [ax]P1 + [axy]M1) for

a← Zq otherwise.

, it is hard to compute a DH-LRSW tuple for ([m′]P1, [m′]P2) that wasnever queried to the oracle.


RWBS IN THE STANDARD MODEL (INSTANTIATION II)

Is partially re-randomizable and based on the AHO signature by Abeet al. [AHO10].I KeyGen:

GR,FU ← G×2 , a, b← Z×

q .For i = 1, . . . , k : ci, di ← Z×

q ,Gi := [ci]GR,Fi := [di]FU .cZ , dZ ← Z×

q , GZ := [cZ ]GR,FZ := [dZ ]FU .Pick (A0,A1, A0, A1) s.t. e(A0, A0)e(A1, A1) = e([a]P1,GR).Pick (B0,B1, B0, B1) s.t. e(B0, B0)e(B1, B1) = e([b]P1,FU).sk := (a, b, cz, dz, (ci, di)

ki=1).

pk := (GZ ,FZ ,GR,FU, (Gi,Fi)ki=1,A0,A1, A0, A1,B0,B1, B0, B1).

I Sign: To sign ~M = (Mi)ki=1 ∈ Gk

1, choose z, r, t, u,w← Z×q , andcompute

Z := [z]P1, R := [r − czz]P1∑k

i:=1[−ci]Mi,S := [t]GR, T := [(a− r)/t]P1,U := [u− dzz]P1

∑ki:=1[−di]Mi,

V := [w]FU , W := [(b− u)/w]P1σ := (Z,R, S,T,U,V,W).



I Verify:Parse σ as (Z,R, S,T,U,V,W), ~M as (Mi)

ki=1, and pk as

(GZ ,FZ ,GR,FU, (Gi,Fi)ki=1,A0,A1, A0, A1,B0,B1, B0, B1).

Check that

e(Z,GZ)e(R,GR)e(T, S)∏

i

e(Mi,Gi) = e(A0, A0)e(A1, A1)

e(Z,FZ)e(U,FU)e(W,V)∏

i

e(Mi,Fi) = e(B0, B0)e(B1, B1)

Properties of the AHO scheme:I The six elements R, S,T,U,V,W are re-randomizable⇒ in the

RwBS we need to hide R,Z,U.



AHO is secure under the (non-interactive) q-SFP assumption

DEFINITION (q-SFP ASSUMPTION)

Given GZ,FZ,GR,FU ∈ G2, (A, A), (B, B) ∈ G1 ×G2 and q randomtuples (Z,R, S,T,U,V,W) each satisfying

e(A, A) = e(Z,GZ) e(R,GR) e(T, S)

e(B, B) = e(Z,FZ) e(U,FU) e(W,V)

, it is hard to find another such tuple for which Z is neither 0 nor equalto any of the given Z-values.


A MORE EFFICIENT CONSTRUCTION IN THE STANDARD MODEL

The intuition:

I Use the NCL-based RwBS instead of the AHO-based RwBS.I Replace SoKs with standard PoKs (which are more efficient).I Use the weak Boneh-Boyen signature scheme as a LIT and a

standard signature scheme.



I Setup(1λ)

(P, crs1, crs2)← BSSetup(1λ).Return param := (P, crs1, crs2).

I GKg(param)

(gmpk,gmsk)← BSKeyGen(param).Return (gmpk,gmsk).

I UKg(param)

ski ← LITKeyGen(P).Return ski.

I 〈Join, Issue〉Run (BSRequest,BSIssue) for message(f1(ski), f2(ski)) ∈MBS.User has input ((f1(ski), f2(ski)),gmpk).Issuer has input gmsk.User’s output is gski = cred.



I GSig(gski, ski,m,bsn)

cred← BSRandomize(gski).(pkots, skots)← OTSKeyGen(1λ).σw ← BBSign(ski, 1||pkots).If bsn 6=⊥

τ ← LITTag(ski, 0||bsn).ϕ := (gmpk, cred, bsn, τ, pkots, σw) .Σ← GSProve

(crs1, (f1(ski), f2(ski)) : ϕ ∈ L

).

Elseτ := ∅; ϕ := (gmpk, cred, pkots, σw).Σ← GSProve

(crs1, (f1(ski), f2(ski)) : ϕ ∈ L′).

σots ← OTSSign(skots, (m, τ, bsn)).σ := (cred, τ, σw,pkots,Σ, σots).

I Verify(gmpk,m,bsn, σ)

Parse σ as (cred, τ, σw,pkots,Σ, σots).If OTSVerify(pkots, (m, τ, bsn), σots) = 0, return 0.If bsn 6=⊥ then

ϕ := (gmpk, cred, bsn, τ, pkots, σw).Return GSVerify

(crs1, ϕ ∈ L,Σ

).

If τ = ∅ thenϕ := (gmpk, cred, pkots, σw).Return GSVerify

(crs1, ϕ ∈ L′,Σ

).

Return 0.



I IdentifyT(gmpk, ski, T )

If T is a valid transcript then check if the user message inJoin0 =BSRequest0 is (f1(ski),Ω), for some Ω.If so return 1, otherwise return 0.

I IdentifyS(gmpk, ski,m,bsn, σ)

Parse σ as (cred, τ, σw,pkots,Σ, σots).If BSVerify(gmpk, (f1(ski), f2(ski)), cred) = 0 then return 0.If OTSVerify(pkots, (m, τ, bsn), σots) = 0 then return 0.Return 1 iff one of the following hold

bsn = ⊥, τ = ∅ and BBVerify(f2(ski), 1||pkots, σw) = 1.bsn 6= ⊥, LITVerify(f2(ski), 0||bsn, τ) = 1 andBBVerify(f2(ski), 1||pkots, σw) = 1.

I Link(gmpk, σ0,m0, σ1,m1,bsn)

If bsn =⊥ return 0.For b = 0, 1:

If Verify(gmpk,mb,bsn, σb) = 0, return ⊥.Parse σb as (credb, τb, σwb ,pkotsb

,Σb, σotsb).Return 1 if and only if τ0 = τ1.


EFFICIENCY COMPARISON

Scheme Setting Join\IssueIssuer Host TPM

[BCC04] RSA E4 + 4E + E2Γ E2 + E + EΓ 2E3 + 3EΓ

[BCL08] Sym 2EG + 2E2G 6P 3EG

[C09] Asym E2G1

+ EG1 EG2 + 2P 2EG1

[CMP09] Asym 2EG1 + 2E2G1

4P 3EG1

[CPS10] Asym 2E2G1

+ 3EG1 4P 3EG1

Ours (ROM) Asym E2G1

+ 5EG1 2E2G1

+ 4P EG1

TABLE: Efficiency comparison

I E: (modular) exponentiation.I En: n simultaneous exponentiations.I P: Pairing evaluations.


EFFICIENCY COMPARISON

SchemeSigning

VerificationHost TPM

[BCC04] E4 + 2E3 + E2 + E + EΓ E3 + 3EΓ E6 + 2E4 + E2Γ + EΓ

[BCL08] 3EG + EGT + 3P E2GT + 2EGT E3

GT+ E2

GT + 5P[C09] EG1 + E3

GT2EG1 + EGT E2

G1+ E2

G2+ E4

GT + P[CMP09] 3EG1 + P 2EG1 + EGT E3

GT+ E2

G1+ 5P

[CPS10] 4EG1 3EG1 2E2G1

+ EG1 + 4POurs (ROM) 4EG1 3EG1 2E2

G1+ 4P

TABLE: Efficiency comparison

Scheme Setting Signature SizeOurs (ROM) Asym 5|G1|+ 2 log(q)

Ours (SM) Asym 25|G1|+ 11|G2|Groth’s GS [G07]† Asym 24|G1|+ +15|G2|Groth’s GS [G07]† Asym-2 25|G1|+ 19|G2|

TABLE: Size of the signature


SUMMARY

I A rigorous security model that overcomes the shortcomings ofprevious models.

I A generic construction for DAA.I More efficient instantiations in the random oracle model.I The first efficient SoK in the standard model.I The first DAA instantiations in the standard model.


OPEN PROBLEMS

I A LIT for large domain space which is based on non-interactiveintractability assumptions or finding alternative means to realizeindistinguishability and linkability needed for DAA.

I More efficient constructions in the standard model.


MORE DETAILS

1 D. Bernhard, G. Fuchsbauer, E. Ghadafi, N.P. Smart and B.Warinschi. Anonymous attestation with user-controlledlinkability. Int. Journal of Information Security, 1615–5262,1–31, February 2013.

2 D. Bernhard, G. Fuchsbauer and E. Ghadafi. Efficient Signaturesof Knowledge and DAA in the Standard Model. CryptologyePrint Archive, Report 2012/475. August 2012.http://eprint.iacr.org/2012/475.pdf .


http://eprint.iacr.org/2012/475.pdf

THE END

Thank you for your attention!Questions?


Direct Anonymous AttestationPRE-DAA To simplify the security model and the constructions, we proceed...

Documents

Transcript of Direct Anonymous AttestationPRE-DAA To simplify the security model and the constructions, we proceed...