Cryptographic privacy protection in TCPA

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Aug 29 22:35:07 PDT 2002


Nomen Nescio <nobody at dizum.com> writes:

>If a key is misused, i.e. "scraped" out of the TPM and used to create a
>virtualized, rule-breaking software TPM, it can be revoked.  This means that
>all the TPMs that share that one key lose the use of that key. But it doesn't
>matter much, because they each have many more they can use. Since it is
>expected that only a small percentage of TPMs will ever need their keys
>revoked, most TPMs should always have plenty of keys to use.

I designed something along these lines some years ago as a way of building a
fault-tolerant key management system.  The idea is that you create a pile of
keys, and these vote on key updates.  If a key is compromised, you sign its
replacement with a quorum of non-compromised keys, and replace the bad key.
You also periodically roll over keys as a preventive measure, limiting
exposure due to compromises.  No need for a PKI or anything else complex like
that, it's all automatic and transparent.

There can be slight problems if a device stays offline long enough that enough
keys have been rolled over to make reaching a quorum impossible, which was an
issue when I designed the thing but rather unlikely now.  I can dig up the
exact details in case anyone's interested.

Peter.





More information about the cypherpunks-legacy mailing list