Pairings in Trusted Computing

Pairings have now been used for constructive applications in cryptography for around eight years. In that time the range of applications has grown from a relatively narrow one of identity based encryption and signatures, through to more advanced protocols. In addition implementors have realised that pairing protocols once presented can often be greatly simplified or expanded using the mathematical structures of different types of pairings. In this paper we consider another advanced application of pairings, namely to the Direct Anonymous Attestation (DAA) schemes as found in the Trusted Computing Group standards. We show that a recent DAA proposal can be further optimized by transferring the underlying pairing groups from the symmetric to the asymmetric settings. This provides a more efficient and scalable solution than the existing RSA and pairing based DAA schemes. External Posting Date: June 21, 2008 [Fulltext] Approved for External Publication Internal Posting Date: June 21, 2008 [Fulltext] To be published in The Second International Conference on Pairing Cryptography Proceedings, Sept 1-3, 2008 © Copyright 2008 The Second International Conference on Pairing Cryptography Proceedings Pairings in Trusted Computing L. Chen, P. Morrissey and N.P. Smart 1 Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol, BS34 8QZ, United Kingdom. [email protected] 2 Computer Science Department, Woodland Road, University of Bristol, Bristol, BS8 1UB, United Kingdom. {paulm, nigel}@cs.bris.ac.uk Abstract. Pairings have now been used for constructive applications in cryptography for around eight years. In that time the range of applicaPairings have now been used for constructive applications in cryptography for around eight years. In that time the range of applications has grown from a relatively narrow one of identity based encryption and signatures, through to more advanced protocols. In addition implementors have realised that pairing protocols once presented can often be greatly simplified or expanded using the mathematical structures of different types of pairings. In this paper we consider another advanced application of pairings, namely to the Direct Anonymous Attestation (DAA) schemes as found in the Trusted Computing Group standards. We show that a recent DAA proposal can be further optimized by transferring the underlying pairing groups from the symmetric to the asymmetric settings. This provides a more efficient and scalable solution than the existing RSA and pairing based DAA schemes.