Abstract
Direct Anonymous Attestation (DAA) is an anonymous signature scheme designed for anonymous attestation of a Trusted Platform Module (TPM) while preserving the privacy of the device owner. In 2004, Brickell, Camenisch, and Chen provided the first DAA scheme based on the strong RSA assumption and decisional Diffie-Hellman assumption. This scheme was adopted by the Trusted Computing Group in the TPM 1.2 Specification and has been implemented in hundreds of millions of computer platforms. Since then, multiple DAA schemes have been developed, many of which are based on bilinear maps. In this paper, we discover that in a large number of DAA schemes, including the original one adopted in TPM 1.2, a malicious user can treat a TPM as a static Diffie-Hellman (DH) oracle, therefore security of these schemes are based on the hardness of the static DH problem. However, this security feature has not been analyzed in the security proofs of most of these schemes. Brown and Gallant showed that one can break the Static DH problem in a group of order ρ with only O(ρ1/3) oracle queries and O(ρ1/3) group operations. Our discovery means that the security level of these DAA schemes can be significantly weaken, only roughly 2/3 of the claimed security level. We discuss the impact of our discovery and present how to patch the affected DAA schemes to avoid this attack.