TCG(TCPA) anonymity and Lucky Green

An Metet anmetet at freedom.gmsociety.org
Tue Jun 29 13:18:38 PDT 2004 

On August 6, 2002, Lucky Green wrote a reply to Anonymous (whom I will
now come clean and admit was none other than me), about the suggestion
that TCPA (now called TCG) could incorporate anonymous cryptographic
credentials to protect users' privacy, rather than the cumbersome
"privacy CA" mechanism they actually adopted.

I had written:

> In any case, I agree that something like this would be an 
> excellent enhancement to the technology.  IMO it is very much 
> in the spirit of TCPA. I suspect they would be very open to 
> this suggestion.

Lucky Green replied:

> Though routinely professing otherwise, evidently Anonymous knows nothing
> of the spirit of the TCPA: I proposed the use of blinding schemes to the
> TCPA as far back as 2 years ago as a substitute to the Privacy CAs
> schemes which are subject to potential collusion. I believe
> "unreceptive", rather than "very much open to this suggestion" would
> more accurately describe the TCPA's spirit Anonymous holds so high.

However, it now turns out that TCG has in fact incorporated
exactly the kind of mechanism which Lucky predicted they would be
unreceptive to.  The new TCG 1.2 spec includes "Direct Anonymous
Attestation" based on Camenisch credentials.  See it described at
http://www.hpl.hp.com/techreports/2004/HPL-2004-93.pdf.  Here is the
abstract:

   This paper describes the direct anonymous attestation scheme (DAA).
   This scheme was adopted by the Trusted Computing Group as the method
   for remote authentication of a hardware module, called trusted platform
   module (TPM), while preserving the privacy of the user of the platform
   that contains the module. Direct anonymous attestation can be seen
   as a group signature without the feature that a signature can be
   opened, i.e., the anonymity is not revocable. Moreover, DAA allows for
   pseudonyms, i.e., for each signature a user (in agreement with the
   recipient of the signature) can decide whether or not the signature
   should be linkable to another signature. DAA furthermore allows for
   detection of "known" keys: if the DAA secret keys are extracted
   from a TPM and published, a verifier can detect that a signature
   was produced using these secret keys. The scheme is provably secure
   in the random oracle model under the strong RSA and the decisional
   Diffie-Hellman assumption.

This is a real cryptographic tour de force.  It protects privacy,
includes irrevocable anonymity, and yet if keys get pulled out of
the system and published, they can be invalidated, even while fully
protecting the anonymity of users of valid keys!  It sounds impossible,
but these guys are wizards.

We haven't heard much from Lucky on TCG/TCPA lately.  It would be
interesting to get his reaction to the latest moves.  One ironic
trend is that although TCPA was claimed to be designed to kill open
source, in fact all the work on the technology is happening on Linux!
See enforcer.sourceforge.net for an example of using TCG to validate a
Linux kernel and executables.  IBM's work on tcgLinux is another project
along these lines.  Pretty exciting stuff.

More information about the cypherpunks-legacy mailing list