一种优化的直接匿名证言协议方案  被引量：5

作　　者：谭良[1,2] 孟伟明[1] 周明天[3] 

机构地区：[1]四川师范大学计算机科学学院,成都610068 [2]中国科学院计算技术研究所,北京100190 [3]电子科技大学计算机科学与工程学院,成都610054

出　　处：《计算机研究与发展》2014年第2期334-343,共10页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60970113;61373162);四川省杰出青年基金项目(2011JQ0038)

摘　　要：DAA(direct anonymous attestation)既解决了隐私CA(certificate authority)的瓶颈问题,又实现了对TPM(trusted platform module)芯片的认证和匿名,是当前可信计算平台身份证明最好的理论解决方案之一.但是该协议基于强RSA困难假设,实现过程中不仅涉及到多个实体,而且涉及大量的耗时运算.突出的性能问题制约了该协议的广泛应用.基于普通椭圆曲线离散对数的困难性假设,提出了一种较为优化的直接匿名证明方案TMZ-DAA.该方案仅依赖普通椭圆曲线离散对数的困难性假设,涉及到的主要运算是椭圆曲线的点加和标量乘,复杂性大大降低,不仅密钥长度和签名长度方案较短,而且在总性能方面得到较大提高,降低了Join协议、Sign协议以及Verify算法中TPM,Host,Issuer以及Verifier等各个参与实体的计算量,为基于椭圆曲线的TPM提供了可行的隐私性保护解决方案.利用理想系统?现实系统模型对该方案的安全性进行分析和证明.结果表明,该方案满足不可伪造性、可变匿名性和不可关联性.DAA （direct anonymous attestation）, which not only resolves the bottleneck of the privacy CA （certificate authority）, but also realizes anonymous and attestation, is one of the best schemes among all attestation of identity schemes currently. But due to complexity and time-consuming of the original DAA scheme, the application of DAA scheme is hindered largely. A new improved direct anonymous attestation based on the discrete logarithm problem of elliptic curves is presented. The scheme still belongs to ECC （elliptic curve cryptography）-DAA, and the scheme＇s process and framework are almost same as those of other schemes. But compared with other schemes, the scheme＇s main operations are point addition and scalar multiplication of elliptic curves system, the whole complexity is largely decreased, and the scheme＇s key and signature length are much shorter. Meanwhile, the scheme reduces the computational cost of each entity in Join protocol, Sign protocol and Verify algorithm, including TPM （trusted platform module）, Host, Issuer, Verifier. It gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. This paper gives a detailed security proof of the proposed scheme in ideal-system/real-system security model which shows that the scheme meets the security requirements of unforgeability, variable anonymity and unlinkability.

关 键 词：可信计算 直接匿名证明 隐私 强RSA困难假设 椭圆曲线离散对数困难假设 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]