On August 6, 2002, Lucky Green wrote a reply to Anonymous (whom I will now come clean and admit was none other than me), about the suggestion that TCPA (now called TCG) could incorporate anonymous cryptographic credentials to protect users' privacy, rather than the cumbersome "privacy CA" mechanism they actually adopted. I had written:
In any case, I agree that something like this would be an excellent enhancement to the technology. IMO it is very much in the spirit of TCPA. I suspect they would be very open to this suggestion.
Lucky Green replied:
Though routinely professing otherwise, evidently Anonymous knows nothing of the spirit of the TCPA: I proposed the use of blinding schemes to the TCPA as far back as 2 years ago as a substitute to the Privacy CAs schemes which are subject to potential collusion. I believe "unreceptive", rather than "very much open to this suggestion" would more accurately describe the TCPA's spirit Anonymous holds so high.
However, it now turns out that TCG has in fact incorporated exactly the kind of mechanism which Lucky predicted they would be unreceptive to. The new TCG 1.2 spec includes "Direct Anonymous Attestation" based on Camenisch credentials. See it described at http://www.hpl.hp.com/techreports/2004/HPL-2004-93.pdf. Here is the abstract: This paper describes the direct anonymous attestation scheme (DAA). This scheme was adopted by the Trusted Computing Group as the method for remote authentication of a hardware module, called trusted platform module (TPM), while preserving the privacy of the user of the platform that contains the module. Direct anonymous attestation can be seen as a group signature without the feature that a signature can be opened, i.e., the anonymity is not revocable. Moreover, DAA allows for pseudonyms, i.e., for each signature a user (in agreement with the recipient of the signature) can decide whether or not the signature should be linkable to another signature. DAA furthermore allows for detection of "known" keys: if the DAA secret keys are extracted from a TPM and published, a verifier can detect that a signature was produced using these secret keys. The scheme is provably secure in the random oracle model under the strong RSA and the decisional Diffie-Hellman assumption. This is a real cryptographic tour de force. It protects privacy, includes irrevocable anonymity, and yet if keys get pulled out of the system and published, they can be invalidated, even while fully protecting the anonymity of users of valid keys! It sounds impossible, but these guys are wizards. We haven't heard much from Lucky on TCG/TCPA lately. It would be interesting to get his reaction to the latest moves. One ironic trend is that although TCPA was claimed to be designed to kill open source, in fact all the work on the technology is happening on Linux! See enforcer.sourceforge.net for an example of using TCG to validate a Linux kernel and executables. IBM's work on tcgLinux is another project along these lines. Pretty exciting stuff.